The present invention relates to a system and method for manufacturing and securing the transport of postage printing devices such as a postal security device or a dedicated postage printer. The present invention also relates to a system and method for mutually authenticating such a postage printing device and a registering entity's computer infrastructure before placing the postage printing device into operation.
Postage metering systems are well known in the art. A postage metering system applies evidence of postage, commonly referred to as postal indicia, to an envelope or other mailpiece and accounts for the value of the postage dispensed.
Presently, there are two postage metering system types: closed systems and open systems. In a closed system, the system functionality is solely dedicated to postage metering activity. Examples of closed metering systems include conventional digital and analog (mechanical and electronic) postage meters wherein a dedicated printer is securely coupled to a metering or accounting function. In a closed system, since the printer is securely coupled and dedicated to the meter, printing evidence of postage cannot take place without accounting for the evidence of postage. In an open system, the printer is not dedicated to the metering activity, freeing system functionality for multiple and diverse uses in addition to the metering activity. Examples of open metering systems include personal computer (PC) based devices with single/multi-tasking operating systems, multi-user applications and digital printers. An open system metering device is a postage evidencing device with a non-dedicated printer that is not securely coupled to a secure accounting module. Open system indicia printed by the non-dedicated printer are made secure by including addressee information in the encrypted evidence of postage printed on the mailpiece for subsequent verification.
Conventional analog closed system postage meters (both mechanical and electronic) have heretofore physically secured the link between printing and accounting. The integrity of the physical meter box has been monitored by periodic inspections of the meters. Digital closed system postage meters typically include a dedicated digital printer coupled to a metering (accounting) device, which is referred to herein as a postal security device (PSD). Digital printing postage meters have removed the need for the physical inspection that was required with analog systems by cryptographically securing the link between the accounting and printing mechanisms. In essence, digital printing postage meters create a secure point to point communication link between the accounting unit and printhead.
In such digital closed systems, the dedicated printer and PSD may be located in the same device and/or at the same location when placed in operation. Alternatively, the dedicated printer may be located in a first location (i.e., the local location where indicia are to be printed), and the PSD may be located in a remote location, such as a provider's data center. In the latter situation, it is still necessary for the dedicated printer to be a secure device having cryptographic capabilities so that postage printing information, such as an indicia, received from the PSD, and the PSD itself, can be authenticated. As used herein, the term “postage printing device” shall refer to: (i) a PSD that forms a part of a closed system; (ii) a closed system device that includes a PSD and one or more other components, such as a printer; and (iii) a secure dedicated printer that forms part of a closed system, such as a system where the PSD is located at a remote location.
Currently, secret key cryptography techniques are used to secure new postage printing devices between the time that they are manufactured and the time they are registered and initialized or parameterized for operation at a location such as the office or home of the user. Specifically, secret key cryptography is used to lock postage printing devices after they are manufactured and before they are transported to the parameterization location and to unlock postage printing devices once they have securely reached the parameterization location. The secret keys that are used in this process are derived from a master key that must be known to both the party manufacturing the postage printing device and the party initializing the postage printing device for operation. Any compromise of the master key could compromise the security of all of the postage printing devices that are manufactured. It is therefore necessary to maintain strict control over the master key to prevent such compromise. This is more easily accomplished if the provider of the postage printing devices both manufactures the devices and initializes the devices for operation. However, due to cost concerns, manufacturing is now frequently done by parties other than the provider at locations remote and separate from the provider. Use of the conventional secret key method in this situation presents significant security risks, as each manufacturing facility must have knowledge of the master key. A business model of having all of the devices manufactured by third parties (without any key information) first shipped to the provider for the loading of cryptographic key information before shipping them to the consumer is cost prohibitive. Thus, a system and method for securely manufacturing postage printing devices at a third party location and shipping the devices to a parameterization location prior to being placed into service is needed.
The present invention relates to a method of manufacturing a postage printing device such as a PSD or a dedicated printer used in a closed postage metering system. The postage printing device is manufactured at a manufacturing station and is to be registered for operation under the authority of a registering entity such as a provider of the postage printing device. The registering entity has a registering entity public/private key pair, and the manufacturing station has a manufacturing station public/private key pair. The method includes storing a root certificate in the postage printing device, wherein the root certificate comprises the registering entity public key signed by the registering entity private key. The method further includes generating a transport public/private key pair for the postage printing device, and storing at least the transport private key in the postage printing device. The method also includes generating a transport certificate, wherein the transport certificate comprises the transport public key signed by the manufacturing station private key, and storing the transport certificate in the postage printing device. After the transport certificate is stored in the postage printing device, the postage printing device is set to a transport lock state so that it can be securely transported.
Preferably, the step of generating the transport public/private key pair is performed by the postage printing device. In addition, the manufacturing station preferably includes a secure coprocessor, and the manufacturing station public/private key pair is associated with and unique to the secure coprocessor. In this embodiment, the transport certificate is generated by the secure coprocessor and is sent to the postage printing device. Also in this embodiment, before the step of generating the transport certificate, the method further comprises the postage printing device generating a transport certificate request that is sent to the secure coprocessor, and the secure coprocessor verifies the transport certificate request.
Moreover, before the step of storing the transport certificate in the postage printing device, the method preferably further includes the manufacturing station sending a manufacturing certificate to the postage printing device, wherein the manufacturing certificate comprises the manufacturing station public key signed by the registering entity private key, and the postage printing device verifying the manufacture certificate using the root certificate and verifying the transport certificate using the manufacturing certificate.
In the preferred embodiment, the manufacturing station includes a manufacturing station computer coupled to a secure coprocessor. In addition, the registering entity is a provider of the postage printing device and operates the computer system that registers the postage printing device.
In one embodiment, the method is also for registering the postage printing device prior to it being placed in operation. In this embodiment, the method further includes generating an operation public/private key pair for the postage printing device, generating an operation certificate, wherein the operation certificate comprises the operation public key signed by a postal authority private key, and storing the operation certificate in the postage printing device. This method may further include verifying the transport certificate before the operation certificate is generated, and verifying the operation certificate before it is stored using a domain certificate, wherein the domain certificate includes a postal authority public key corresponding to the postal authority private key signed by the registering entity private key. This domain certificate may be verified using the root certificate, and in particular the registering entity public key contained therein. The method may also further include the postage printing device and a registration computer system exchanging first and second challenges and exchanging and verifying first and second corresponding key proofs. Finally, the method may further include deleting the transport certificate from the postage printing device to remove any association of the postage metering device to its location of manufacture.
Another aspect of the invention relates to a postage printing device that was manufactured at a manufacturing station that has a manufacturing station public/private key pair. The postage printing device is to be registered for operation under the authority of a registering entity that has a registering entity public/private key pair. The postage printing device includes a memory that stores a root certificate, a transport private key, and a transport certificate. The root certificate includes the registering entity public key signed by the registering entity private key. The transport private key is the private key of a transport public/private key pair, and the transport certificate includes the transport public key signed by the manufacturing station private key.
Therefore, it should now be apparent that the invention substantially achieves all the above aspects and advantages. Additional aspects and advantages of the invention will be set forth in the description that follows, and in part will be obvious from the description, or may be learned by practice of the invention. Moreover, the aspects and advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
The accompanying drawings illustrate presently preferred embodiments of the invention, and together with the general description given above and the detailed description given below, serve to explain the principles of the invention. As shown throughout the drawings, like reference numerals designate like or corresponding parts.
The present invention utilizes public key cryptography techniques to enable postage printing devices to be manufactured by a third party (other than the provider of the postage printing device) and shipped by the third party to a registration and parameterization location in a secure manner. The present invention also utilizes public key cryptography techniques to mutually authenticate a postage printing device and a registering party, such as the provider, that provides parameterization data for the postage printing device. Thus, at the outset, it will be helpful to describe certain public key cryptography terminology and symbology that will be used herein. As is known, public key cryptography utilizes pairs of corresponding cryptographic keys, i.e., a public key and a private key (referred to as a public/private key pair). When a public/private key pair is described herein, the following symbols will be used: (PX, P′X), where PX is X's public key, and P′X is X's private key. In addition, public key cryptography makes use of digital signatures to authenticate data. A digital signature of a piece of data Y consists of a hash, preferably a one-way hash, of the data Y that is encrypted by a particular private key. Thus, when used herein, the phrase “Y signed by private key P′X” or something similar means that a record or data element is created that includes: (1) the data Y, and (2) a digital signature of the data Y created using the private key P′X (Y is hashed and then encrypted with P′X). In addition, reference is made herein to a number of public key certificates. Those public key certificates include a particular public key signed by a particular private key, meaning the certificate comprises a data element including: (1) the particular public key, and (2) a digital signature of the particular public key created with the particular private key. The symbol [PX] P′Y is used herein to refer to a public key certificate for X which includes X's public key (PX) and a digital signature of (PX) created by Y's private key (P′Y).
Moreover, reference is made herein to validation of keys and verification of various types of signed data, such as the certificate [PX] P′Y described above. As used herein, validation means the validation of public keys for key integrity tests. Verification of signed data means that the signature is verified using a key, i.e., signed data is authenticated using the public key corresponding to the private key used to create the associated digital signature. In particular, in the case of [PX] P′Y, a hash of PX is created, the digital signature is decrypted using PY (to obtain the originally created hash), and the two hashes are compared to one another. Other terms used herein shall be given the meaning generally understood in the field of public key cryptography.
Referring to
Before the manufacturing steps shown in
Referring again to
Referring to
As step 140, postage printing device 25 verifies the manufacturing certificate [Pbox] P′cert using the root certificate [Pcert] P′cert, and verifies the transport certificate [Ptrans] P′box using the manufacturing certificate [Pbox] P′cert. Next, at step 145, postage printing device 25 stores the transport certificate [Ptrans] P′box in non-volatile memory and sets itself to a transport lock state. Once in the transport lock state, postage printing device 25 cannot operated until unlocked with an appropriate command. At this point, manufacturing is complete and postage printing device 25 is ready to be shipped. As seen from the steps above, postage printing device 25, when shipped, will include the following stored information: the root certificate [Pcert] P′cert the transport public/private key pair (Ptrans, P′trans) and the transport certificate [Ptrans] P′box,
Once manufactured, postage printing device 25 must be registered and parameterized before being placed into operation. These steps involve authenticating, unlocking, and loading certain cryptographic and operational information into postage printing device 25. The registration and parameterization of postage printing device 25 requires that it communicate with the computer infrastructure of an authorized registering and parameterizing entity. Preferably, the authorized registering and parameterizing entity is the provider.
Referring to
At step 225, host computer 45 then sends a start registration command, the server challenge and the domain certificate [Ppost] P′cert to postage printing device 25. As seen in step 230, postage printing device 25 verifies the domain certificate [Ppost] P′cert using the provider public key (Pcert) from the root certificate. Referring now to
Referring now to
While preferred embodiments of the invention have been described and illustrated above, it should be understood that these are exemplary of the invention and are not to be considered as limiting. Additions, deletions, substitutions, and other modifications can be made without departing from the spirit or scope of the present invention. Accordingly, the invention is not to be considered as limited by the foregoing description but is only limited by the scope of the appended claims.