Note: Descriptions are shown in the official language in which they were submitted.
CA 02324100 2008-01-15
TAMPER RESISTANT POSTAL SECURITY DEVICE WITH LONG BATTERY LIFE
f-5
Background
In recent years it has been proposed to print postal indicia by means of
conventional
nonsecure printers such as laser printers, ink-jet printers, and thermal
transfer printers. Such
printers are termed "nonsecure" because the printer itself is not in a secure
housing and
because the communications channel linking the printer to other apparatus is
nonsecure.
Under such a proposal, the question naturally arises what would prevent a user
from printing
the same postal indicium repeatedly, thereby printing postal indicia for which
no money has
been paid to the post office. The proposed anti-fraud measure is to store
information within
the indicia which would permit detecting fraud. The indicium would include not
only
human-readable text such as a date and a postage amount, but would also
include machine-
readable information, for example by means of a two-dimensional bar code. The
machine-
readable information would be cryptographically signed, and would include
within it some
information intended to make fraud more difficult. The information would
typically include
an identification of the postage meter license (granted by the meter
manufacturer or by the
postal authorities, depending on the country), an indication of the number of
mail pieces
franked, the postage amount, a postal security device identifier about which
more will be said
later, the date and time, and a zip code or post code of the mail piece
addressee.
The typical apparatus for printing such "encrypted indicia" postage includes
what is called a
postal security device or PSD. The PSD has a secure housing, and within the
secure housing
are the accounting registers as well as a cryptographic engine. The engine
permits
cryptographic authentication and signing for communication with an external
device such as
CA 02324100 2000-09-15
WO 99/48055 PCT/US99/05891
the computer of the meter manufacturer or of the post office. The engine also
permits
creation of postal indicia which contain specified information and which are
cryptographically signed. The PSD may well be physically small as compared to
traditional
postage meters. The PSD may be the size of a PCMCIA card or the size of a
smart card.
Within the PSD the memory must be protected against inadvertent damage due to
malfunction of the processor of the PSD, for example as set forth in US Pat.
No. 5668973,
Protection system for critical memory information owned by the same assignee
as the
assignee of the present application. The PSD must handle power failure in a
graceful fashion,
for example as set forth in US Pat. No. 5712542, Postage meter with improved
handling of
power failure, also owned by the same assignee as the assignee of the present
application.
To reduce smudging, the printer may preferably be that described in PCT
publication no.
97-46389, Printing apparatus, also owned by the same assignee as the assignee
of the present
application. While it has been proposed that the PSD contain a real-time clock
which is
keeping time continuously, desirably this requirement may be avoided as
described in PCT
publication no. 98-08325, Printing postage with cryptographic clocking
security, also owned
by the same assignee as the assignee of the present application. PSDs can form
part of a
network with multiple printers as described in PCT publication no. 98-13790,
Proof of
postage digital franking, also owned by the same assignee as the assignee of
the present
application.
The postal authorities face the question how the PSD can be protected from
tampering. For
example, the entire system of PSDs depends on the use of cryptographic keys.
The keys are
used for authenticating communications between the PSD and the manufacturer's
system or
the postal authority's system. Such communications are used to set up and
maintain the
PSDs, and are used to refill or "reset" the PSDs to reflect the ability to
print more postage.
The keys are also used to cryptographically "sign" information printed in the
postal indicia. If
the cryptographic keys were compromised, a user might be able to defraud the
post office or
the PSD manufacturer or both.
2
CA 02324100 2000-09-15
WO 99/48055 PCTIUS99/05891
Many approaches have been proposed for protection of such cryptographic keys
from
compromise. The usual approach is to place the cryptographic keys in a RAM
(random
access memory) of a type which keeps its contents only so long as the RAM
receives power
from a battery. The secure housing of the PSD is designed to include a tamper
switch, so that
if the secure housing is tampered with, the switch opens. The switch
interrupts power to the
RAM (and, in particular, interrupts battery power to the RAM) and its contents
are lost. In
this way the information in the RAM (for example, the cryptographic keys) is
protected from
tampering. Another proposed approach is to employ commercial memory chips
(such as the
Dallas Semiconductor DS1283 and Benchmarq bq3283) offer a pin on the package
which
will clear the memory based on a predetermined input voltage level. The tamper
switch is set
up to apply the predetermined voltage upon detection of tampering.
Many approaches have also been proposed for detection of the tampering. In EP
820 041, for
example, it is suggested that the secure housing of an old-style mechanical or
electromechanical postage meter be set up to contain an air pressure that is
distinctively
higher than or lower than normal atmospheric pressure. If the secure housing
is violated, the
pressure within the secure housing changes to match the ambient pressure. A
sensor within
the housing detects the pressure change and thus the violation. The sensor
disables further
function of the postage meter.
The approach of cutting power to a volatile memory such as the RAM discussed
above has a
drawback in that during periods of power-down, the RAM depends on an internal
battery to
avoid loss of the information in the RAM. Depending on the requirements of the
postal
authority, and on design decisions made by the PSD manufacturer, the quantity
of data
requiring protection may be quite large. The data to be protected may include
cryptographic
keys used for PSD configuration, keys used for remote resetting (refilling),
keys used for
signing postal indicia, and keys used for the management of the other keys. In
addition it may
be desired to protect the bit-images used to generate the human-readable
portion of the
printed indicia. A RAM big enough to hold all of these important items of data
will also
draw a non-negligible current from the internal battery. This may lead to a
limited and
commercially unacceptable battery life.
3
CA 02324100 2000-09-15
~i'/iJtS 9 9 / 0 5 8 9 1
P%W 2 9 MAR 2000
It would thus be desirable to have a PSD design which protects the many
important items of data
stored within, and yet which does not draw very much battery power and so
permits a
connnercially acceptable battery life.
Summary of the invention
In accordance with the invention, a postal security device (PSD) contains a
nonvolatile memory
which does not depend on battery power, such as an EEPROM, and contains a
nonvolatile
memory which does depend on battery power, such as a static RAM. The PSD also
contains an
encryption engine. An encryption key is developed and is stored in the static
RAM, which is sized
to be only large enough to contain the encryption key. A large body of data,
too large to fit in the
static RAM, is encrypted by means of the encryption engine and with reference
to the encryption
key, and is stored in the EEPROM. This body of data typically includes
cryptographic keys and
sensitive bit-images. When the PSD is powered, a large RAM (typically a
dynamic RAM) is
available to receive the large body of data, decrypted using the encryption
key. A-tamper sw'rtch
cuts power to both RAMs in the event of tampering. In this way, the battery
power required to
maintain the PSD during power-off periods is minimal, and yet the large body
of data will be
inaccessible in the event of tampering.
Description of the drawing
The uivention will be described with respect to a drawulg, of which:
Fig. 1 is a schematic functional block diagram of a system according to the
invention.
Detailed description
Fig. 1 shows a postal security device (PSD) in accordance with the invention.
The PSD has a
secure liousulg 11, a inicroprocessor 12 wluch conunuiucates on a bus 23 with
an input/output
(I/O) device 18, a memory which does uot require battery backup 13 wluch may
be for example an
EEPROM or
4
4MENDED S-~EEZ
CA 02324100 2000-09-15
WO 99/48055 PCT/US99/05891
flash memory, a relatively small RAM 14, a ROM 22, and a larger RAM 16. The
I/O device
18 communicates with external apparatus by means of communications channel 19
which
may be a serial asynchronous data line. External power 21 and ground 20 are
also defined.
The larger RAM 16, and most of the other active components, receive external
power. The
smaller RAM 14 is additionally able to receive power from a backup battery 15,
preferably a
lithium cell with a very long (e.g. ten year) life. A tamper switch 17 is
provided which, when
triggered, can cut power to both the small RAM 14 and the large RAM 16.
A large body of data is assumed to require protection from a tampering user.
The EEPROM
is selected to be large enough to hold this body of data after it has been
encrypted. When
power is applied and the system is stable, the body of data (or selected
portions thereof) is
decrypted and transferred to RAM 16. This decryption is performed by the
microprocessor
12 executing a decryption routine stored in the ROM 22, and the decryption is
done with
respect to a decryption key in the RAM 14. Alternatively the decryption may be
performed
by an optional engine omitted for clarity in Fig. 1. The decrypted data in RAM
16 are used as
needed for the ordinary functions of the PSD, which include communicating via
the
communications channel 19 with a user computer, with a manufacturer's system,
or with a
postal authority system, and can include generating postal indicia which are
to be printed by
means of a printer.
When external power 21 is cut off, or when the PSD undergoes a normal power-
down
routine, the information in the RAM 16 is lost. In contrast, the information
in the RAM 14 is
preserved even when external power 21 is lost, because of battery 15.
During normal operation the body of data that requires protection from a
tampering user (or
some portion of it) may be located "in the clear", that is, unencrypted, in
the RAM 16. In the
event that this data has changed, it may be necessary to encrypt the data and
to store it again
in the memory 13. This encryption is performed by the processor 12 executing
encryption
software in the ROM 22, or may optionally be performed by an encryption engine
omitted for
clarity in Fig. 1.
5
CA 02324100 2000-09-15
WO 99/48055 PCT/US99/05891
The power-down condition for the PSD 10 assumes that no power is present at
line 21. In
that event, the only powered device is RAM 14. RAM 14 was purposefully
selected to be
large enough to hold the encryption key but not much larger, and in any event
is smaller than
the large body of data that is understood to require protection from a
tampering user. Because
of the limited size of the RAM 14, it does not draw as much current from the
battery 15 as
would be drawn by a larger RAM such as RAM 16. Thus, the battery life is
optimized,
especially as compared with the shorter battery life that would result if the
large body of data
were all in battery-backed-up RAM.
Tampering may happen during a time when external power 21 is present. At a
minimum, the
tamper switch should cut power to the RAM 14. (Or, alternatively, the tamper
switch should
apply to RAM 14 the predetermined voltage that clears the RAM.) Preferably the
tamper
switch will also cut power to the RAM 16 (or clear the RAM 16), for the reason
that some of
the body of sensitive data may be present "in the clear" in the RAM 16, and
should not fall
into the hands of the tampering user. Alternatively the tamper switch might
trigger an
interrupt in the processor 12 which would cause the processor 12 to clear the
sensitive
portions of the RAM 16.
Tampering may also happen during a time when external power 21 is absent. In
such a case,
the RAM 16 is already, by definition, empty, as it is unpowered. The tamper
switch causes
the RAM 14 to be cleared. If the tampering user extracts the contents of the
memory 13, this
is of little significance, because the contents are useless unless decrypted
with the assistance
of the key that is no longer present in the RAM 14. If the PSD 10 is powered
up again after
the tampering, the decryption routine will not work because the key of RAM 14
is gone. In
addition, desirably the processor 12, under program control, will note the
fact that RAM 14 is
empty and will inunediately attempt to send a message via communications
channel 19 to the
manufacturer or to the postal authority.
Those skilled in the art will readily appreciate that design considerations
may prompt the use
of electrical components in addition to or instead of those shown in Fig. 1,
none of which
depart in any way from the invention. For example, dedicated cryptographic
chips may be
6
CA 02324100 2000-09-15
WO 99/48055 PCT/US99/05891
employed which take some of the computational burden from the microprocessor.
As another
example, the particular way in which the tamper switch cuts power to the RAM
may be
varied, and the particular type of tamper switch may be selected among several
types, all
without departing in any way from the invention. Those skilled in the art will
indeed have no
difficulty devising obvious variations and improvements to the invention, all
of which are
intended to be encompassed by the claims that follow.
7