Patent Grant
8527285
The present invention relates to printing both secure and non-secure documents with a single printer and more particularly to printing both postal and non-postal documents with a postage printing system in a manner that protects the security of the postal document printing.
Existing traditional closed postage printing systems are secure printing systems that are restricted to printing postage and postage related items such as meter register reports. These systems must ensure that the secure printer cannot be used to produce fraudulent copies of postal indicia without leaving evidence of tampering. As a result, traditional closed postage printing systems are single purpose devices used to print postage and postage related reports. These systems in certain implementations are enclosed in a single secure tamper resistant housing.
This restriction on printing limits the usefulness of such postage printing systems. As a result, users often employ two printers, one for printing postage indicia and related items and another as a generic printer for printing other non-postal items. For example, a postage printing system that prints on labels may be able to print postage, return addresses and destination addresses. However, the printer could not be used as a generic printer to print other images such as a corporate logo in the return address or product labels since the images could be made to be copies of valid postage indicia.
Closed postage printing systems, where the printer is dedicated to printing postal indicia and other postal related items, may be a single unit or may be implemented as a peripheral device. If the printer is implemented as a peripheral device portions of the host application and printer controller may be implemented in a host computer such as a personal computer (PC). Similarly the host application may further be implemented as a combination of a host computer application and a data center application. The host application formats data to send to the printer controller for printing. The printer controller authenticates the data that is sent by the host application. The authentication can take many forms. The print controller may simply check to see that a communications protocol has been implemented correctly or may perform cryptographic operations to ensure the source and/or integrity and/or freshness of the data. After authenticating the data, the print controller converts the data into control signals that instruct the print engine how to print the document. The print engine includes motors and a mechanism to create an image on the document employing, for example, an ink jet or a thermal print head. The print engine may also communicate status to the printer controller including out of paper, out of ink, over temperature condition, and the like.
It is an object of the present invention to print both secure images such as postage indicia and non-secure user defined images such as logos on the same printer. It is still another object of the present invention to enable the use of many general purpose printers to print both secure and non-secure images, including those printers that may have limited processing capability.
It has been discovered that by introducing a second mode of printing, a postage printing system can be used for printing both secure and non-secure documents without loss of security. This is accomplished by analyzing data employed in printing a document in a non-secure mode and preventing complete printing of the document if it could contain a critical element of a document printed in the secure mode.
It has also been discovered that by detecting in an image the presence of a specific type of bar code, such as a two-dimensional bar code of a postal indicia, and preventing the printing of any images that contain such bar code except when the image is from a secure source, a user may be enabled to use a single printer to print both secure images and other images which may be non-secure. A secure image is meant to include an image that is authorized, such as a postal indicium for which payment has been authorized and accounted. As a result, a user cannot fraudulently print a copy of or an image that looks like valid postal indicia using the same printer.
In accordance with an aspect of the present invention, software may be embedded in a printer which analyzes an image as it is printing to determine if the image contains a bar code of the type employed in a secure image such as a postal indicia two-dimensional bar code. If the image contains a bar code that could be part of a secure image, printing is halted prior to printing of the complete bar code unless the image comes from a secure source. The invention enables detection of the potential presence of a postal type bar code in a limited processing environment such as is found in many printers and also in an environment where all of the data necessary to produce the bar code image may not be resident at any one time.
A method for printing secure source images of the type that contain specific critical elements and non-secure images on a single printer embodying the present invention includes the steps of determining if an image to be printed is from a secure source or from a non-secure source. If the image to be printed is from the non-secure source, it is determined if the image contains a specific critical element of the type contained in secure source images. Printing of the image from the non-secure source is disabled if the image contains a specific critical element of the type contained in secure source images. Printing of the image from the non-secure source is enabled if the image does not contain a specific critical element of the type contained in the secure image.
A method for printing secure source images of the type that contain a specific critical element and non-secure source images on a single printer also embodying the present invention includes the steps of enabling printing on the printer of all secure source images. Also enabled for printing on the printer are all non-secure source images except those images that contain a specific critical element of the type contained in secure images.
A printer for printing secure source images that contain a specific critical element and non-secure images embodying the present invention includes a printer controller for controlling the printing of said printer. The printer controller includes software for detecting after printing has commenced if an image to be printed contains a specific critical element.
Another method for printing secure source images of the type that contain specific critical elements and non-secure images on a single printer embodying the present invention includes the steps of commencing printing of an image from the non-secure source. During the printing of the image from said non-secure source, it is determined if the image contains a specific critical element of the type contained in secure source images and disabling completion of said printing of the image from the non-secure source if the image contains a specific critical element of the type contained in secure source images.
Yet another method for printing secure source images of the type that contain specific critical elements and non-secure images on a single printer includes the steps of commencing printing of an image from the non-secure source by creating pixels to be imprinted on a media and processing the pixels to determine transitions in contrast between pixels created for imprinting on the media. The pixel transition history is stored. A determination is made if the stored pixel transition history is consistent with the type of pixel transitions of the secure source specific critical elements. Completion of the printing of the image from the non-secure source is disabled if the stored pixel transition history is consistent with the type of pixel transitions of the secure source specific critical elements.
Reference is now made to the various figures in which similar reference numerals in the various figures designate similar elements and in which:
Reference is now made to
The computer system 2 communicates with and controls a printer 10. The printer 10 includes a software printer controller module 12, which has image source authentication functionality 14. The image source authentication 14 performs a similar function in the printer as the image source authentication function 6 in computer system 2. The printer controller 12 can further include a bar code detection algorithm 16. The printer controller 12 is used to drive a print head 18 to print images on document 20. In a like manner, the bar code detection algorithm 16 can run continuously or selectively operate only when the image source authentication 14 indicates that the source is from a non-secure source.
The computer system 2, which may be a microcomputer, and the printer 10 can be enclosed in a single secure housing 21 of the postage printing system. However, the postage printing system can also be implemented in arrangements that do not include a single secure housing. The computing system 2 and the printer 10 can be separate units with a communication link. The bar code detection algorithm 8 may also be provided in the computer system 2 as is shown in
Bar code detection algorithm 8 stops any attempt to print a bar code which could be of the type employed to print a fraudulent indicia or other information. The detection algorithm 8 also prevents the partial printing of a document as would incur in the printer 10 where the bar code algorithm 16 alone is employed and thus may save the supplies and ink in printing operations which are aborted. Having a bar code detection algorithm in both the computer system 2 and the printer 10 provides enhanced security; however, the bar code detection algorithm 8 is optional, particularly where the computer system 2 and the printer 10 are both enclosed in the single secure housing 21.
The bar code detection algorithm 16 is securely incorporated in the printer 10 to protect against the substitution of a different print driver in the computer system 2 such as where it is a separate PC. The particular architecture of the system can be modified and is a matter of design choice depending on the application and other constraints such as the specific hardware being employed. Various types of processing systems can be employed and various printers can be employed in accordance with the present invention and is not limited to applications employing a specific computer system or printer with any specific printing technology.
The bar code detection algorithms 8, 16 are only used when printing in non-secure mode as shown in the flowchart in
While there are a number of commercially available bar code decoding algorithms available for use within the print driver 4 on the computer system 2, these algorithms may be too computationally intensive for implementation within many commercially available printers. In addition to a lack of the needed computing power, printers often do not contain a full copy of the image they are printing. This may be due to the printer design or due to an insufficient amount of memory. A printer may receive only a portion of the image at a time. In some cases this amount of data resident in the printer may be restricted to the single column of data that is about to print. As a result, the complete bar code may not ever be resident in the printer at one time. Available two-dimensional bar code decoding algorithms generally require a complete image in order to find and decode the bar code. Therefore, a simpler algorithm is employed for implementation within the printer 10.
The printer 10 in the present system does not need to decode a two-dimensional or other bar code and only needs to detect that one might exist. In addition, the characteristics of the bar codes that must be detected allow a simple detection algorithm to be constructed. Bar codes printed for postal applications must be printed within tight specifications such as data content, module size, contrast, rotation, and the like. An example of such a postal bar code specification is contained in “Performance Criteria for the Information-Based Indicia and Security Architecture for Closed IBI Postage Metering Systems”, United States Postal Service, Jan. 12, 1999. In addition, the structure of two-dimensional bar codes, for example a DataMatrix bar code, differs from other images and text. Such two-dimensional bar codes are arranged in rows and columns in what resembles a checkerboard pattern. Each intersection of a row and a column is referred to as a module. The columns are arranged at regular intervals. Due to the manner in which data is encoded, from one column to the next on average half of the modules change from black to white or white to black. These large periodic changes do not occur in normal images where the changes from black to white (or changes in contrast in a color image) are usually not periodic and are more gradual or in text where there are relatively few changes since most of the image is usually the background. This difference is illustrated in
Reference is now made to
The authentication of sources of the image in step 22 can be a determination as to whether the image source is from a trusted third party, as for example, a postage provider such as Pitney Bowes Inc., or is otherwise determined to be from an authorized secure source. Various forms of determining that the image is from a secure, authorized, source may include: testing for the incorporation of a password in the image data (e.g., in the file header), verifying via cryptographic operations (e.g., digital signature verification) that data that is transmitted to the printer with the image had been cryptographically certified by a trusted source, decoding image data that is encoded in a proprietary format that is used only for secure images, etc.
Reference is now made to
As is illustrated in
Thus the two images shown in
Reference is now made to
The bar code detection algorithm first subdivides an image into subcolumns. The subcolumn height is chosen to be no larger than half the height of a smallest bar code that is to be detected. This guarantees that at least one subcolumn will be entirely contained within the bar code, as shown in
Reference is now made to
Where this is the case, no analysis can be conducted because insufficient data is available. A determination is then made at 54 if more subcolumn data is available. If more subcolumn data is not available, the column data (consisting of all the data from all the subcolumns) is copied at 56 to function as the previous column data and processing continues at step 46. Where a determination is made at 54 that there is more subcolumn data, the next subcolumn is processed at 55 and the system loops back to determine if a new subcolumn is the part of the first column at 52.
When the determination is made at 52 that the data is not of a first column, at 58 a transition count is set to zero. At 60 a first pixel in the subcolumn is set as the current pixel and a calculation is made at 62 of the difference, e.g., the difference in contrast, between the current pixel and the same pixel (i.e., the adjacent pixel in the same row) in the previous subcolumn. A determination is then made at 64 whether the difference is greater than an established threshold. The threshold established for the system may be, for example, a 40% difference in contrast. If the difference is greater than the threshold, the transition count is incremented at 66. A determination is then made at 68 whether there are more pixels in the subcolumn. If at step 64 it is determined that the difference is not greater than the threshold, processing continues at step 68.
If there are more pixels in the subcolumn, at 71 the current pixel is set equal to the next pixel in the subcolumn. Processing continues thereafter at 62. Where, however, a determination is made at 68 that there are no more pixels in the subcolumn, the transition count is appended to the subcolumn history at 69. The subcolumn history is a list of the transition counts between adjacent subcolumns as calculated in steps 58, 60, 62, 64, 66, 68 and 71. Processing of the subcolumn history is implemented at 70 as is illustrated in the flow chart shown in
Reference is now made to
Referring again to
A determination is then made at 92 if the potential module size has been previously established. If it is determined at 92 that the potential module size for a postal indicia bar code has not been established, a determination is then made at 102 if the module size is within the expected limits of such a bar code. The expected limits of module size are determined based upon the size of the barcode that the algorithm is attempting to detect. In
Where a determination is made at 92 that the potential module size has been previously established, a further determination is made at 94 if the distance is within one pixel or column of the potential module size previously established. If the distance is determined at 94 not to be within one pixel or column of the potential module size previously established, the program branches to point 82, returning “No” as the detection of a potential barcode, and the processing branches to point “A”. If the distance is determined at 94 to be within one pixel or column of the potential module size previously established, the bar code column counter is incremented at 96. A determination is made at 98 if the threshold number of bar code columns has been reached. Where this is the case and the threshold number of bar code columns has been reached, at 100 the potential bar code is set to yes and the method branches to point 110, returning “Yes” as the potential detection of a barcode, and the processing branches to point “A”. Where a determination is made that the threshold number of bar code columns has not been reached at 98, the system loops back to 86 for a determination if more transition data history is available.
The process described above exhibits several advantages over existing bar code recognition process. As a result, the process can be implemented within the limited processing environment of a printer. The advantages include that the entire image need not be processed at once. The history of transitions may be maintained in a relatively small amount of memory and may be calculated based upon only two columns of data at a time. Therefore the process algorithm may be executed while data is printing or while the image is being transferred to the printer. Additionally, the operations required by the process are relatively simple (subtraction and comparison) and may be implemented in a limited processing environment without significant performance impact. Accordingly, the process that performs the bar code detection does not require significant memory requirements or computing power requirements. Thus, the process can be easily implemented in many printers. The capability to perform the process can be provided in printers and can be selectively activated at a later time when the printer is connected to a host and is to be used for applications involving the printing of secure and non-secure images, such as the printing of postage indicia.
The secure image as noted above may be a postal indicium containing a specific type of postal bar code as a specific critical element of the postal indicia. The secure image may also be an event ticket containing a barcode with seat information, a certificate of authenticity for a collectable with a barcode containing information about the collectable, a money order with a barcode containing financial information, etc. Additionally, the various percentages referred to above (30%, 40% and 50% are representative of types of percentages that may be employed and are not critical and are a matter of design based on the requirements of any particular application.
While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiments, it is to be understood that the invention is not limited to the disclosed embodiment, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4253015 | McFiggans et al. | Feb 1981 | A |
| 4253158 | McFiggans | Feb 1981 | A |
| 5386303 | Kihara | Jan 1995 | A |
| 5483602 | Stenzel et al. | Jan 1996 | A |
| 5533144 | Fan | Jul 1996 | A |
| 5611630 | Dolan et al. | Mar 1997 | A |
| 5798844 | Sakano et al. | Aug 1998 | A |
| 6026186 | Fan | Feb 2000 | A |
| 6067374 | Fan et al. | May 2000 | A |
| 6181813 | Fan et al. | Jan 2001 | B1 |
| 6202092 | Takimoto | Mar 2001 | B1 |
| 6317524 | Wu et al. | Nov 2001 | B1 |
| 6515755 | Hasegawa | Feb 2003 | B1 |
| 6533385 | Mackey et al. | Mar 2003 | B1 |
| 6542629 | Wu et al. | Apr 2003 | B1 |
| 6580820 | Fan | Jun 2003 | B1 |
| 6612684 | Mackay et al. | Sep 2003 | B2 |
| 7054461 | Zeller et al. | May 2006 | B2 |
| 7114657 | Auslander et al. | Oct 2006 | B2 |
| 7191336 | Zeller et al. | Mar 2007 | B2 |
| 7385728 | Lay et al. | Jun 2008 | B2 |
| 7483175 | Ryan, Jr. et al. | Jan 2009 | B2 |
| 20020046196 | Ogg | Apr 2002 | A1 |
| 20020054315 | Masaki et al. | May 2002 | A1 |
| 20020176114 | Zeller et al. | Nov 2002 | A1 |
| 20040141190 | Akashi | Jul 2004 | A1 |
| 20040165211 | Herrmann et al. | Aug 2004 | A1 |
| 20050086516 | Ueda et al. | Apr 2005 | A1 |
| 20050120244 | Choi | Jun 2005 | A1 |
| 20050144469 | Saitoh | Jun 2005 | A1 |
| 20060012805 | Liu | Jan 2006 | A1 |
| 20070146768 | Isoda | Jun 2007 | A1 |
| 20070146806 | Ishihara | Jun 2007 | A1 |
| 20070242312 | Tsutsumi | Oct 2007 | A1 |
| Number | Date | Country |
|---|---|---|
| 1143385 | Oct 2001 | EP |
| 0243056 | May 2002 | WO |
| Entry |
|---|
| Performance Criteria For Information-Based Incidicia and Security Architecture for Closed IBI Postage Metering Systems (PCIBI-C); US Postal Service, Jan. 12, 1999. |
| Number | Date | Country | |
|---|---|---|---|
| 20080005042 A1 | Jan 2008 | US |
