Patent Application
20070094153
The present invention relates to a postal infrastructure that provides communication to one or more postal security devices (PSD). More particularly a system is provided for authorizing access to the infrastructure by the user of the PSD through a service provider.
A high volume postal customer may use a Postal Security Device (PSD) to secure the proof of payment of postal indicia. In an exemplary application, indicia may be applied to mailing items that identifies the value of the postage applied and other information. A customer may purchase postage and the purchased value may be stored in the PSD. As the postage indicia are applied to items, the value applied may be deducted from the stored value. Once postage indicia are applied, the item may then be dropped into the collection stream of the particular postal system and subsequently processed for delivery. The account identification, history and status for a particular PSD may be stored at a remote data center that is part of a postal infrastructure.
In various countries, for example the United States, PSDs may communicate with a remote data center to exchange information related to customer usage and funding for billing purposes and to have postage funds replenished. In the United States, a postal customer generally may add postage to the PSD in two ways. The first is to physically take the PSD to the postal authority, where postage is purchased and added to the PSD.
The second is to remotely add postage over a network, for example, a telephone line with a modem, or the Internet, where the added postage is deducted from an account usually maintained at a remote data center with a meter vendor or a trusted third party administrator, for example, a financial institution. In this case, customer or postal authority access to a meter's accounting system or memory system generally is not possible. Meters or PSDs with this type of communication capability may communicate with a data center or other service providers through a postal infrastructure where the PSD initiates communication.
Since postal security devices are available through distributors other than an original equipment (OEM) meter vendor, related services, such as postal funds downloading, advertisements, software and others may be provided through such distributors and other third party service providers, as well as directly from the meter vendor. In prior art systems, the customer needed to go through the OEM postal infrastructure to be authenticated and authorized and then obtain services from a third party vendor. This requires a separate server to generate and control security keys and to authenticate users coming into infrastructure.
It would be advantageous for a third party service provider to have the ability to authenticate a communication with one or more PSD's and authorize access to the postal infrastructure. By allowing this channel of authorized communication, the infrastructure may be simplified and transactions with the infrastructure are facilitated.
With the security scheme of this application, a separate security server to authenticate users coming into infrastructure is not needed. The service provider has their own set of keys that has been assigned by the infrastructure and this key is used to generate a session key.
In one aspect of this invention, a system for providing postal services includes one or more networks, associated with one or more postal security devices (PSD), and a postal infrastructure connected to the PSDs through the one or more of the networks, wherein service providers are provided with the means to authorize access to the postal infrastructure and central data center and establish communication with the one or more PSDs as required for supplying postal services.
In another aspect of this invention, a PSD may initiate a communication by accessing a postal services provider server over the Internet. A vendor infrastructure server provides the security identifiers or keys for a particular customer and PSD to the service provider server. In addition a security algorithm is also provided to the service provider from the infrastructure.
In another aspect of this invention, when a customer initiates communication to obtain postal services from the service provider, a security algorithm directs the service provider server to generate a session key. The session key includes the user name, the user service provider name, the time that this key was generated, and a digital signature over these items. The session key also includes a time limit, after which the session key expires and no further use of that particular session key may used. As part of this process, a common time reference is provided for the cooperating computer servers.
Once a session key is issued, the customer is allowed to order services, including the downloading of funds, PSD account servicing, software, advertising and others. Once a transaction is completed and the appropriate account billed through the data center, the customer may activate the purchased service at its convenience at the service provider.
The foregoing aspects and other features of the disclosed embodiments are explained in the following description, taken in connection with the accompanying drawings, wherein:
System 100 includes one or more funding devices, shown in
The franking functions performed by PSD 115 typically include providing an indication, funds, or other authorization to produce indicia, and reporting the number of items, value marked and other parameters to the accounting functions. Such indication, funds, or other authorization are referred to herein as indicia services.
As shown in
Communications may be provided through an air interface, a wired interface, a wireless interface, or an electrical, electromagnetic, radio, infrared, or other suitable facility for communication.
The data center 130 generally has the capability to communicate with one or more of the PSDs 115 to exchange information as required. For example, to download additional features, updates, upgrades, programs, diagnostic functions, delivery confirmation or other types of information or further to retrieve information including accounting data, status data, etc.
In some instances a customer operator of a network of PSDs 115 may require services in addition to indicia related services, for example, a vendor may make available advertising, software, order processing, funds downloading and other types of services. Such services may be provided by the original equipment manufacture (OEM) or other third party vendors and distributors, referred to herein as vendors. In such instances it is advantageous to have a system through which the vendors may authorize access to the communication infrastructure 150 for accounting at the data center 130.
To accomplish this, in one embodiment of this invention, a service provider server 140, at the vendor, is constructed for receiving customer inquiries from customer server 120 through network 125 and relating to a particular PSDs 115. As shown in
According to an embodiment of this invention, a customer, in order to obtain services, may logon or establish a connection through a particular communications network 125 to Internet server 110 by addressing a message specifically to the service provider.
Communication network 125 may include any suitable communications network, for example, the Public Switched Telephone Network (PSTN), a wireless network, a wired network, a Local Area Network (LAN), a Wide Area Network (WAN), virtual private network (VPN), an air interface, etc. The air interface may include any suitable wireless communication protocols or signaling techniques or standards, for example TDMA, CDMA, IEEE 802.11, Bluetooth, close range RF, optical, any appropriate satellite communication standards, etc.
Infrastructure server 150 is constructed to provide user services for customers via a service provider 140. As indicated above, in the illustrated embodiment, a web browser is used to connect via Internet server 110 to the infrastructure 150, via the customer's respective service provider server 140. The service provider is likely to be the vendor or distributor of the PSD 115. Once the access to the infrastructure 150 is obtained, the customer will have access to account information for obtaining funds, authorizing the application of postal indicia, and additional services as available. This requires a security scheme executed by the service provider to identify whoever is accessing the infrastructure 150. It is, therefore, the responsibility of the service provider to authenticate its customers and permit access to the infrastructure 150. Infrastructure 150 need only verify the authenticity of the service provider to permit the connection.
To accomplish this, the connection between the customer server 120 and service provider server 140 is accomplished via communication network 125 and the Internet server 110 and routed to the infrastructure 150 through a virtual private network (VPN) 160 comprising software module 160 operating on the service provider server 110. VPN 160 provides encryption for point to point connections. Authentication of the “end user” is accomplished by executing a security algorithm 145. This provides the interface between the customer 120 and the service provider 140 via the postal infrastructure 150.
In the system of this application, a requested connection is identified by a certificate at the service provider server 140 using public/private key algorithms which are part of a security algorithm 145. As part of this process, the service provider generates a session key so that the user can get into the infrastructure 150 for access to data center 130. The session key includes a time limit, for example, 10 minutes, after which the session key expires. This prevents an unauthorized user from gaining access to the infrastructure 150 by reusing a session key.
The session key includes the user name, the user service provider name, the time that this key was generated, and a digital signature on these items. This enables the authentication of the customer via the credentials provided (user name, service provider name, time stamp, digital signature). At the service provider server 140, the validation of a signature is based on the service provider's public key. The infrastructure server 150 generates the keys which the service provider uses to generate the session key.
With the security scheme of this application, a separate server to marshal the keys and to authenticate users coming into infrastructure server 140 is not needed. The service provider has their own set of keys that has been assigned by the infrastructure server 150 and these keys are used to generate a session key. Once a user is authenticated by the service provider, the session key within the session identification is passed back and forth during the session communications.
As part of this scheme, all the participating processors and servers must be in time synchronization. This is accomplished by using Greenwich Mean Time (GMT) relative to the session time limit. The security algorithm 145 is, therefore, adaptable to any service provider or user location. In this manner fraudulent alteration of the timing reference is prevented, since the system clock is supplied by a separate entity. The clock reference may be obtained through a government generated system available from several sources, for example the Global Position Satellite constellation. In this manner, the integrity of the session key time limit remains secure.
In operation the service provider 140 receives a request from a customer 120 and initiates authentication of the request by checking the customer identification and applying related security keys. This is accomplished by executing a security algorithm 145 within a VPN 160 on the service provider server 140. If the request is authenticated the service provider generates a session key, including a time limit after which the session key will expire. Conditioned on authentication, the customer request is transmitted, with the session key, to the postal infrastructure connected to a data center. If the session key time limit has not expired, the service provider is validated based on a public key assigned to the service provider. If validation is successfully completed, the customer request is processed in cooperation with data center 130.
It should be understood that the foregoing description is only illustrative of the disclosed embodiments. Various alternatives and modifications can be devised by those skilled in the art without departing from the disclosed embodiments. Accordingly, the disclosed embodiments is intended to embrace all such alternatives, modifications and variances which fall within the scope of the appended claims.
