The invention relates to a method for providing mailpieces with postage indicia, whereby a customer system loads a monetary amount from a value transfer center via a data line, whereby the customer system controls the printing of postage indicia onto mailpieces and whereby the value transfer center transmits a data packet to the customer system.
A method of this generic type is known from international patent application WO 98 14907.
Another method is known from German Patent No. DE 31 26785 C1. With this method, a reloading signal intended for the franking of mailpieces is generated in a separate area of a value transfer center operated by a postal service provider.
The invention is based on the objective of creating a method for applying postage to letters that is suitable for applying postage to individual letters as well as for applying postage to bulk mail.
According to the invention, this objective is achieved in that data is generated in the customer system and encrypted in such a manner that the value transfer center is able to decrypt this data, in that the data is transmitted from the customer system to the value transfer center and in that the value transfer center decrypts the data and then re-encrypts the data with a key that is not known to the customer system and subsequently transmits the data thus encrypted to the customer system.
The customer system is preferably configured in such a way that it is not capable of completely decrypting data transmitted by the value transfer center, but a mail center in which the mailpieces are checked for correct franking, however, can decrypt this data.
The value transfer center can be configured in various ways. The term value transfer center encompasses known value transfer centers as well as new forms of value transfer centers.
The invention relates especially to those value transfer centers that can be directly accessed via a data communication line such as the Internet or telephone lines of connected data servers.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the encryption takes place in the customer system using a random number.
It is advantageous for the random number to be generated in a security module to which a user of the customer system has no access.
A preferred embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the random number is encrypted together with a session key issued by the value transfer center and with a public key of the value transfer center.
It is advantageous for the customer system to sign the data with a private key.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the private key is stored in the security module.
It is advantageous for the data to be transmitted from the customer system to the value transfer center at the time of each request for a monetary amount.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the value transfer center identifies the customer system on the basis of the transmitted data.
It is advantageous for the value transfer center to transmit the data it has encrypted to the customer system.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the data transmitted by the value transfer center to the customer system has a first component that cannot be decrypted by the customer system and in that the data also has a second component that can be decrypted by the customer system.
It is advantageous for the part of the data that can be decrypted by the customer system to contain information about the identity of the customer system.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the part of the data that can be decrypted by the customer system contains information about the actual monetary amount.
It is advantageous for a transmission of data from the customer system to the value transfer center to only take place when a minimum amount is to be loaded into the customer system.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that a hash value is formed in the customer system.
It is advantageous for the hash value to be formed with the inclusion of information about mailing data.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the hash value is formed with the inclusion of a temporarily stored random number.
It is advantageous for the hash value to be formed with the inclusion of a loading procedure identification number.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the postage indicium contains logical data.
It is advantageous for the postage indicium to contain information about mailing data.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the logical data contains information about the encrypted random number.
It is advantageous for the logical data to contain information about the encrypted loading procedure identification number.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the logical data contains information about the hash value.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the postage indicium contains information transmitted by the value transfer center as well as data entered by the document producer.
It is advantageous to carry out the method or to configure the customer system or the value transfer center in such a way that the postage indicium contains a hash value that is formed on the basis of a combination of a value transmitted by the specification center and of values entered by the document producer.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that they comprise the following process steps: in the customer system or in a security module connected to the customer system, a secret is generated and subsequently transmitted to the value transfer center, together with information about the identity of the document producer and/or of the customer system he/she is using.
It is advantageous to carry out the method or to configure the customer system or the value transfer center in such a way that the value transfer center decrypts the encrypted random number and then re-encrypts it again in such a way that only the mail center can decrypt it and subsequently, the value transfer center generates a loading procedure identification number.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are character in that the encrypted random number enters into the generation of the loading procedure identification number.
It is advantageous to carry out the method or to configure the customer system or the value transfer center in such a way that the loading procedure identification number is transmitted to the security module.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that, in the security module, a hash value is formed on the basis of the loading procedure identification number and additional data.
It is advantageous to carry out the method or to configure the customer system or the value transfer center in such a way that the postage indicium is created so as to contain the hash value.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the validity of postage indicia is verified in the mail center.
It is advantageous to carry out the method or to configure the customer system or the value transfer center in such a way that the verification in the mail center is performed by an analysis of data contained in the postage indicium.
An advantageous embodiment of the method, a preferred configuration of the customer system and of the value transfer center are characterized in that the verification station forms a hash value on the basis of data contained in the postage indicium and checks whether this hash value matches a hash value contained in the postage indicium and, if it does not match, then the postage indicium is registered as being forged.
Additional advantages, special features and advantageous refinements of the invention ensue from the representation below of a preferred embodiment with reference to the drawings.
The drawings show the following:
FIG. 1—a schematic diagram of a method according to the invention,
FIG. 2—the schematic diagram shown in
FIG. 3—interfaces of the franking system shown in
FIG. 4—a schematic diagram of security mechanisms used in the method.
The following embodiment describes the invention with reference to an envisaged use in the realm of the Deutsche Post AG. However, it is, of course, equally well possible to use the invention for franking other documents, especially for use in the realm of other service providers.
The invention provides a practicable new form of franking with which customers can use a conventional PC with a printer and additional software and optionally hardware as well as Internet access to print “digital postage indicia” on letters, postcards, etc.
The customer can pay for the value of the printed-out postage indicia in various ways. For example, a stored credit can be correspondingly reduced. This credit is preferably stored digitally. Digital storage is effectuated, for example, on a special customer card, on a standardized bank card or in a virtual memory that is located, for instance, in a computer of the user. Preferably, the amount of credit is loaded before postage indicia are printed out. In an especially preferred embodiment, the amount of credit is loaded by means of a direct-debit procedure.
Preferably, several parties are involved in the franking procedure, whereby an especially advantageous breakdown of the parties is shown in
The parties shown are a customer, a customer system and a postal service provider.
The customer system comprises the hardware and software used by the customer for the PC franking. The customer system interacts with the customer to regulate the loading and storing of the account amounts. Details pertaining to the customer system regulate the approval prerequisites.
The postal service provider carries out the processing of the mailings and performs the necessary payment assurance. A value transfer center can be configured in various ways.
Payment assurance is preferably carried out by compiling components of the postage indicia.
For this purpose, agreement data (customer/customer system data) is transmitted from a central database to the system that is needed for the verification of the proper payment assurance.
The scope of the data to be stored is determined by the postal service provider, especially the operator of the postal service, taking into account the statutory regulations such as the German Postal Service Provider Data Protection Regulations (Postdienstunternehmensdatenschutzverordnung—PDSV). Fundamentally, these regulations state that all data may be stored that is needed for the proper determination, accounting and evaluation as well as for the verification of the accuracy of retrospective payments. As a matter of principle, this constitutes all mailing information without the name of the recipient and optionally the street number or P.O. Box of the recipient.
A background system checks whether the monetary amounts present in the customer system are, in fact, reduced by the monetary amounts that are printed out as postage indicia.
Compiling agreement data is preferably effectuated by a compilation system.
Agreement data for PC franking with the individual master data of the customer and of the customer system (e.g. security module ID) is provided and maintained by a database that can be used, for example, for other types of postage application. When an existing postage application database is used, for example, a separate partial area is used for PC franking in the database. The data is provided to the value transfer center and to the system for payment assurance in the mail center.
It is especially advantageous for the system to comprise interfaces that allow a data and information exchange with other systems.
The interfaces are designated with “postage indicium” and “collection”. Account data is exchanged between the customer system and the postal service provider via the account interface. For example, a sum of money can be loaded via the account interface.
The franking interface determines how postage indicia will be configured so that they can be read and verified in mail or freight centers.
In the implementation of the interfaces shown in
Below, there will be a presentation of how the security objectives of the franking method are achieved through application-specific, content-based security requirements.
The focus of this concept is aimed here at the technical specification of the security requirements made of the system. Processes that are not security-relevant such as registering, canceling and re-registering customers, which do not have to be carried out via the customer system, can be specified separately. Technical processes between the customer system and the customer system producer are preferably specified in such a way that they meet the security standard described here.
The following security objectives are achieved by the method according to the invention.
The first two of these security problems are essentially solved by the system concept and through measures in the overall system; the latter three are preferably solved by the implementation of software and hardware of the security module.
Preferred embodiments of hardware that enhance the security standard are described below:
Through the design of the security module, it is ensured that an attacker cannot use interfaces that are intended for other purposes to read out information about data and keys, which are to be kept secret.
The presence of such channels of, namely, side channels, is checked by appropriate tests. Typical possibilities that are checked are:
Preferred properties of the data processing are presented below:
The involved entities, especially the user, must not be misled by a security module about the sequences of the transactions.
If, for example, the procedure of loading a value amount is carried out in the form of several partial procedures with individual call instructions of the security module, then the sequence control must ensure that these partial procedures are only carried out in the permissible order.
The status data that is used for the sequence control is security-relevant and is therefore preferably stored in an area of the security module that is secured against manipulation.
The fact that unauthorized changes and the re-importing of messages can be recognized is ensured for the standard messages of the system by the definitions of the system concept. The software of the security module must ensure that the recognition does indeed occur and that the appropriate reaction is generated. For security-relevant, producer-specific messages (for example, within the scope of personalizing the maintenance of the security module), appropriate suitable mechanisms are specified and employed.
The information relevant for securing the message integrity is preferably stored in an area of the security module that is secured against manipulation. Such information includes especially identification and authenticity features, sequence counters or monetary amounts.
The following measures can further enhance the data security:
Additional Aspects
Preferred measures in the production and personalization of security modules are:
The recording of the life cycle of a security module comprises:
For the PC franking, a fundamental security architecture is provided that combines the advantages of various existing approaches and that offers a high level of security with simple means.
The security architecture preferably comprises essentially three units that are shown in a preferred arrangement in
The individual process steps that are carried out in the value transfer center, customer system and mail center will be shown below in the form of a schematic diagram. The precise technical communication process, however, diverges from this schematic diagram (e.g. several communication steps to achieve a transmission shown here). In particular, in this depiction, the confidentiality and integrity of the communication between the identified and authenticated communication partners is a prerequisite.
Customer System
In actual practice, use is made of asymmetrical encryption with the public key of the communication partner (value transfer center or security module).
Along with the possibility of a preceding exchange of keys, another option is a symmetrical encryption.
Value Transfer Center
The fundamental security architecture presented does not comprise the separately secured administration of the account amounts (purse function), the security of the communication between the customer system and the value transfer center, the mutual identification of the customer system and of the value transfer center, and the initialization for the secure start-up of a new customer system.
Attacks on the Security Architecture
The described security architecture is secure against attacks through the following:
In order to increase data security, especially during searching, an exhaustive number of random numbers have to be used for forming the hash value.
The following features characterize the described security architecture in comparison to the IBIP model from the United States:
With PC franking, all of the products of the mailing service provider such as, for example, “national letter” (including extra services) and “national direct marketing” can be franked by the mailing service provider according to a preceding stipulation.
By the same token, this method can be used for other shipping forms such as package and express shipments.
The maximum monetary amount that can be loaded via the value transfer center is set at an appropriate level. The amount can be selected depending on the requirement of the customer and on the security needs of the postal service provider. Whereas a monetary amount of several hundred German marks at the maximum is especially advantageous for use by private customers, large-scale customers require far higher monetary amounts. An amount in the range of about 500 German marks is suitable for high-volume private households as well as for free-lancers and small businesses. From a system-related technical standpoint, the value stored in the purse should preferably not exceed twice the value amount.
Incorrectly Franked Mailings
Letters, envelopes, etc. that have already been printed and that are incorrectly franked are credited back to the customer in the form of a valid postage indicium.
Through suitable measures, for example, by stamping mailpieces as they arrive at the mail center, it is possible to ascertain whether a mailpiece has already been delivered. This prevents customers from getting already delivered mailpieces back from the recipient and from submitting them to the postal service provider, for example, Deutsche Post AG in order to obtain a refund.
The return to a central place of the postal service provider, for example, Deutsche Post, allows a high degree of payment assurance through a comparison of the data with account amounts and this provides knowledge about the most frequent reasons for returns. This might offer the possibility of fine-tuning by changing the entry prerequisites with the objective of reducing the return rates.
Validity of Postage Indicia
For purposes of payment assurance, account amounts purchased by the customer are valid, for example, for only three months. An indication to this effect should be included in the agreement with the customer. If franking values cannot be used up within 3 months, then the customer system has to contact the value transfer center for a renewed creation of postage indicia. During this contact, like with the proper loading of account amounts, the remaining amount of an old account amount is added to a newly issued account amount and made available to the customer under a new loading procedure identification number.
Special Operational Handling
Fundamentally, the postage indicia can have any desired form in which the information contained therein can be reproduced. However, it is advantageous to configure the postage indicia in such a way that they have the form of bar codes, at least in certain areas. With the presented solution of the 2D bar code and the resultant payment assurance, the following special features must be taken into account during the processing:
PC-franked mailpieces can be dropped off via all drop-off modalities, also via mailboxes.
Compliance with the described security measures is further enhanced by specifying the approval prerequisites for producers of components of the franking system that are relevant for the interfaces, especially for the producers and/or operators of customer systems.
Governing Norms, Standards and Requirements
International Postage Meter Approval Requirements (IPMAR)
Preferably, the regulations in the most recent version of the document titled International Postage Meter Approval Requirements (IPMAR), UPU S-30, is applicable as are all norms and standards to which this document makes reference. Compliance with all of the requirements listed there, to the extent possible, is recommended for the customer system.
Digital Postage Marks: Applications, Security & Design
Fundamentally, the regulations of the current version of the document titled Digital Postage Marks: Applications, Security & Design (UPU: Technical Standards Manual) is applicable as are all norms and standards to which this document makes reference. Compliance with the “normative” content as well as far-reaching observation of the “informative” content of this document, to the extent possible, is recommended for the customer system.
Preferably, rules and regulations of the postal service provider are likewise applicable.
The data security and the reliability of the system as well as its user-friendliness are ensured by approving only those systems that fulfill all of the statutory regulations as well as all of the norms and standards of the postal service provider.
Additional Laws, Rules, Regulations, Guidelines, Norms and Standards
Fundamentally, all laws, rules, regulations, guidelines, norms and standards in their currently valid version that must be observed for the development and operation of a technical customer system in the actual execution are applicable.
Technical System Interoperability
Technical system interoperability relates to the functionality of the interfaces of the customer system, or to the compliance with the specifications set forth in the interface descriptions.
Accounting Interface
Communication Path, Protocols
The communication via the accounting interface preferably takes place via the public Internet or the basis of the TCP/IP and HTTP protocols. The data exchange can optionally be encrypted per HTTP via SSL (https). The target process of a necessary transmission is depicted here.
To the extent possible, the data exchange preferably takes place via HTML-coded and XML-coded files. The text and graphic contents of the HTML pages should be displayed in the customer system.
In the case of communication pages, it seems advisable to turn to a well-established HTML version and to dispense with the use of frames, embedded objects (Applets, ActiveX, etc.) and optionally animated GIFs.
Sign-On to Load an Account Amount (First Transmission from the Security Module to the Value Transfer Center)
Within the scope of the first transmission from the security module to the value transfer center, the certificate of the security module as well as an action indicator A are transmitted in non-encrypted and unsigned form.
Acknowledgement of the Sign-On (First Response from the Value Transfer Center to the Security Module)
The acknowledgement of the value transfer center contains the value transfer center's own certificate, an encrypted session key and the digital signature of the encrypted session key.
Second Transmission from the Security Module to the Value Transfer Center
Within the scope of this transmission, the security module transmits the newly encrypted session key, the encrypted random number and the encrypted data record with utilization data (level of a previously loaded account amount, remaining value of the current account amount, ascending register of all account amounts, last loading procedure identification number) to the value transfer center (all asymmetrically encrypted with the public key of the value transfer center). At the same time, the security module transmits the digital signature of this encrypted data to the value transfer center. Simultaneously, the customer system can transmit additional, non-encrypted and unsigned utilization journals or utilization profiles to the value transfer center.
It is advantageous for the utilization data to be entered into a utilization journal and for the utilization journal and/or the entries recorded therein to be digitally signed.
Second Response from the Value Transfer Center to the Security Module
The value transfer center transmits the symmetrically encrypted random number and the symmetrically encrypted loading procedure identification number to the security module. Moreover, the value transfer center transmits to the security module the loading procedure identification number, log-in information for the security module as well as a new session key, which have been encrypted with the public key of the security module. All of the transmitted data is also digitally signed.
Third Transmission from the Security Module to the Value Transfer Center
Within the scope of the third transmission, the security module transmits the new session key, the new loading procedure identification number together with utilization data to confirm successful communication, all in encrypted and digitally signed form, to the value transfer center.
Third Response from the Value Transfer Center to the Security Module
In the third response, the value transfer center acknowledges the success of the transmission without the use of cryptographic methods.
De-Installation
The option of de-installation of the customer system by the customer must be possible.
The detailed technical description of the accounting interface is presented with the concept of the postal authority's own value transfer center.
Utilization Journal and Utilization Profile
In the customer system, within the scope of each generation of a postage indicium, a journal entry has to be generated that must contain all information about each postage indicium—provided with a digital signature of the security module. Moreover, each error status of the security module has to be recorded in the journal in such a way that the manual deletion of this entry is noticed during the verification procedure.
The utilization profile contains a prepared summary of the utilization data since the last communication with the value transfer center.
If a customer system is divided into a component located at the premises of the customer as well as a central component (e.g. in the Internet), then the utilization profile has to be maintained in the central component.
Postage Indicium Interface
Components and Execution
The customer system has to be capable of creating PC indicia that correspond precisely to the specifications of the Deutsche Post, or to the framework of the commonly used CEN and UPU standards.
PC indicia preferably consist of the following three elements;
Advantageously, the bar code and the plain text of the PC postage indicium contain the following information:
Only the content of the postage indicium is described here. The requirements of the postal service provider retain their validity for the content of the address data.
Specification of the Physical Appearance on Paper (Layout)
The postage indicium is advantageously applied in the address field so as to be left-aligned above the address on the mailpiece.
The address field is specified in most recent valid version of the standards of the postal service provider. In this manner, the following postage indicia are made possible:
The following preferably applies to the individual elements of the postage indicium:
A preferred embodiment of the layout and of the positioning of the individual elements of the postage indicium is shown by way of an example below in
The “most critical” dimension is the height of the depicted window of a window envelope that measures 45 mm×90 mm in size. Here, a DataMatrix code with an edge length of about 13 mm is shown which, when the proposed data fields are used, is only possible with a pixel resolution of 0.3 mm. In terms of the available height, a code with an edge length of 24 mm does not leave sufficient space for information about the address.
Printing Quality and Readability
The flawless imprint of the postage indicium is the responsibility of the producer of the customer system within the scope of the approval procedure as well as the responsibility of the customer during the subsequent operations. For this purpose, the customer should be provided with suitable information in a user's manual and in a help system. This applies especially to the aspects of neatly adhering the labels and to preventing (parts of) the postage indicium from shifting outside of the visible area of window envelopes.
The machine-readability of postage indicia depends on the printing resolution used as well as on the contrast. If colors other than black are going to be used, then the reading rate can be expected to be lower. It can be assumed that the requisite reading rate can be met if a resolution of 300 dpi (dots per inch) is used in the printer along with a high printing contrast, this corresponds to about 120 pixels per centimeter.
Test Imprints
The customer system has to be capable of creating postage indicia whose appearance and size match valid postage indicia, but that are not intended for mailing but rather for test imprints and fine adjustments of the printer.
Preferably, the customer system is configured in such a way that the test imprints can be distinguished from actual postage indicia in a manner that the postal service provider can readily recognize. For this purpose, for example, the words “SAMPLE—do not mail” can be printed in the middle of the postage indicium. At least two-thirds of the bar code should be rendered unrecognizable by the words or in some other manner.
Aside from real (paid) postage indicia, except for specially marked test imprints, no blank imprints may be made.
Requirements of the Customer System
Basic System
Overview and Functionality
The basic system serves as a link between the other components of the PC franking, namely, the value transfer center, the security module, the printer and the customer. It consists of one or ore computer systems, for example, PCs, that can optionally also be networked with each other.
A representation of the entire system is shown in
The basic system also ensures the convenient utilization of the entire system by the customer.
Requirements of the Structure and the Security
The basic system preferably has four interfaces:
Moreover, the following data has to be stored and processed in the basic system:
The basic system preferably supports the following sequences:
As a “cryptographic module” as defined in FIPS PUB 140, Security Requirements for Cryptographic Modules, the security module ensures the actual security of the customer system. It consists of hardware, software, firmware or a combination thereof and encompasses the cryptographic logic and the cryptographic processes, that is to say, the administration and application of cryptographic processes as well as the manipulation-proof storage of the value amount. The requirements that the security module must comply with are defined
For introduction into and operation in a customer system, a security module has to be appropriately certified as a cryptographic module as set forth in FIPS PUB 140—preferably in accordance with Security Level 3—within the scope of the introduction process.
Processes of the Security Module
For purposes of initialization and for communication with the value transfer center and for deactivation, in addition to the regular operations, the security module should preferably support essentially the following processes, which are described in detail in the back part of the Technical Description Appendix:
The security module is not used during the test imprint and is consequently not contacted.
Printer
Depending on the specifications of the producer, the printer can be either a commercially available standard printer or a special printer.
The vast majority of today's laser and inkjet printers should fundamentally be suitable for PC franking Printers with a resolution of at least 300 dpi are recommended.
Processes within the Customer System
Sequence of Creating Postage Indicia
Through the customer system, the customer carries out the following partial processes in the creation of postage indicia:
The use of the technical system is complemented by practical organizational measures so that a multiple mailing of a postage indicium, which can be technically registered, is also viewed as a violation of the terms and conditions of the sender.
Furthermore, it is advantageous to provide suitable technical parameters for printing out the postage indicia, especially in terms of the printing quality, so that the postage indicia can be better read in automatic reading devices.
Suitable quality assurance systems, especially according to the ISO 9001 ff. standards, can be used as the basis for checking the system.
Number | Date | Country | Kind |
---|---|---|---|
100 20 566 | Apr 2000 | DE | national |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/DE01/01555 | 4/24/2001 | WO | 00 | 11/19/2002 |
Publishing Document | Publishing Date | Country | Kind |
---|---|---|---|
WO01/82233 | 11/1/2001 | WO | A |
Number | Name | Date | Kind |
---|---|---|---|
4376299 | Rivest | Mar 1983 | A |
5142577 | Pastor | Aug 1992 | A |
5666421 | Pastor et al. | Sep 1997 | A |
5801364 | Kara et al. | Sep 1998 | A |
5982896 | Cordery et al. | Nov 1999 | A |
6005945 | Whitehouse | Dec 1999 | A |
6209093 | Venkatesan et al. | Mar 2001 | B1 |
6438530 | Heiden et al. | Aug 2002 | B1 |
6847951 | Cordery et al. | Jan 2005 | B1 |
20040059680 | Lang et al. | Mar 2004 | A1 |
Number | Date | Country |
---|---|---|
31 26785 | Jul 1980 | DE |
0 376 573 | Dec 1989 | EP |
0 550 226 | Dec 1992 | EP |
0 854 446 | Dec 1997 | EP |
0 782 108 | Jan 2000 | EP |
0 331 352 | Jul 2002 | EP |
WO 9814907 | Apr 1998 | WO |
WO 9857302 | Dec 1998 | WO |
WO 9916023 | Apr 1999 | WO |
WO 9948053 | Sep 1999 | WO |
Number | Date | Country | |
---|---|---|---|
20040028233 A1 | Feb 2004 | US |