The present invention relates to a system and method for postal indicia printing, evidencing and accounting. The invention provides print indicia on mailing items, such as envelopes, cards, or adhesive-backed label media, having an IBI Lite barcode with embedded evidencing provided by a security code, which is traceable to a transaction on the mailing machine or printer which printed such indicia.
The U.S. Post Office allows use of machine readable Information Based Indicia (IBI) barcodes on envelopes or labels attached to envelopes, instead of traditional stamps, in which such barcodes provide information relating to the postal meter that expensed postal funds. Such IBI barcode encodes up to 112 bytes of information, including a digital signature traceable to the postal meter that printed the code, so as to avoid fraudulent use of postage. The IBI barcode however utilizes a large amount of ink, especially when processing large amounts of mail.
To reduce the amount of ink, a much smaller IBI Lite barcode may be used, which encodes 14 bytes, but lacks a digital signature. The benefit of reduced ink usage sacrifices the presence of an encoded digital signature, thereby making traceability for evidencing and accounting of postage used by meters utilizing IBI Lite barcode difficult.
Moreover, because less information is provided using an IBI Lite barcode than full IBI barcodes, the post office requires controlled acceptance by post office personnel of envelopes or items having IBI Lite barcodes, and thus unlike full IBI barcodes, envelopes having IBI Lite barcodes cannot be placed in a traditional USPS letter collection boxes. Controlled acceptance of envelopes having IBI Lite barcode is also required because such envelopes usually lack Facing Identification Mark (FIM) orientation lines, along their edge.
Thus, it is desirable to print postal indicia on envelopes with IBI Lite barcodes with enhanced security, which enables evidencing and accounting of postage in accordance with such IBI Lite barcodes, and thereby provide both the benefit of reduced ink usage plus fraud detection capability.
Accordingly, it is an object of the present invention to provide a system and method for printing postal indicia on mailing items utilizing IBI Lite barcodes that provides enhanced security features and traceability for evidencing and accounting of postage used.
It is further an object of the present invention to provide a system and method for printing postal indicia utilizing IBI Lite barcodes that further provides USPS letter box acceptability.
Briefly described, the system embodying the present invention has a host computer system and a postal security device connected for data communication with the host computer system. The postal security device stores postage funds and provides to the host computer system data representing an IBI Lite barcode having at least part of a unique authentication code in response to a request from the host computer system, in which the authentication code is associated with a mailing item upon which the IBI Lite barcode will be printed. The host computer system utilizes such data to produce print data representing postage indicia for use on the mailing item having the IBI Lite barcode and image and/or text information. The system may further have one or more of a mailing machine, a stand-alone printer, or printing system, connected to the host computer system for receiving and printing such print data on the mailing item.
One or more successive mailing items processed are associated with a transaction, and for each transaction the host computer system stores transaction data in its memory representing the status of the PSD at the start and end of each transaction, and for each mailing item processed for that transaction its postage value and at least part of the unique authentication code generated by the PSD.
A plurality of host computer systems each with their respective PSD may be provided. A reset computer system separate from each of the mailing machines can communicate with the PSD, via their respective host computer system, to provide additional postage funds and to receive information from the host computer system representing the transaction data stored in the host computer system since the last communication with the reset computer system.
A method is also provided for generating indicia for printing on mailing items having the steps of: sending a request from a host computer system for postage to a postal security device storing postage funds; generating by the postal security device an authentication code in response to the request; sending data from the postal security device to the requesting host computer system representing an IBI Lite barcode having at least part of the authentication code; utilizing the data to produce print data representing postage indicia having the IBI Lite barcode with image/text information; and printing the print data on a mailing item to be associated with the authentication code. The method may further have the steps of: storing transaction data at the host computer system representing at least the postage value and the authentication code for each one of a group of one or more successive mailing items printed upon; sending the transaction data from the host computer system over a network to a reset computer system for storage of the transaction data; and resetting the postage funds stored in the postal security device by the reset computer system.
Although the term envelope is used herein it refers to any mailing item, such as a single sheet, postcard, or label media upon which postage indicia may be printed. Further, although IBI Lite barcodes are described, all or part of the authentication code may be printed in other representations (e.g., OneCode barcode) on mail with or without an IBI Lite barcode.
The foregoing and other features, objects, and advantages of the invention will become more apparent from a reading of the following detailed description in connection with the accompanying drawings, in which:
Referring to
For example, mailing machine 10 may be model numbers AESP-180 or AESP-180W manufactured by Data-Pac Mailing Corp., Webster N.Y. Although a mailing machine is shown in
Referring to
The PSD board 28b has a microcontroller 36 for controlling the operation of the PSD, volatile memory (or chip) 32 and non-volatile memory (or chip) 34. The microcontroller 36 may represent a Dallas Semiconductor Microcontroller, model no. DS5250, but other types of ATM microcontroller may be used.
The PSD board 28b is installed in a sturdy plastic box and then wrapped with a WL Gore & Associates tamper proof system which includes a sensor for detecting tampering with a plastic wrap (except connector 31b) around the box. Once the PSD box has the wrap installed it is then mated to the PSD motherboard. When the wrap sensor detects tampering, an IC chip erases or wipes volatile memory 32. Sometimes such eraser is called zeroization, such that memory 32 is not recoverable. The PSD motherboard 28a along with the PSD board 28b is preferably installed into a 16 gauge steel box (for e.g., box 137 of
Volatile memory 32 (e.g., RAM) includes at least the program code or software for operating microcontroller 36, and a SHA-1 HMAC signature algorithm utilizing a secret key to produce a cryptographic keyed-Hash Message Authentication Code (HMAC), such as described in FIPS PUB 198, issued by the U.S. Dept. of Commerce. Other data stored in memory 32 are the secret keys of the PSD, and at least an Indicia Version Number, Vendor number, and PSD Model number, as described later below.
Non-volatile memory 34 (e.g., RAM) has an ascending register, a descending register, and a piece or cycle counter. The ascending register records the amount of postage funds expensed. The descending register records the amount of postage funds available. The cycle counter is the number of pieces (e.g., envelopes or items) processed by the PSD. Non-volatile memory 34 also stores information which is set at time of manufacture/installation, including at least postage type, origin zip code, PSD serial number, and a user identifier (ID). The postage type is a one byte value indicating whether the postage type is real or not real, in operation the byte is set to 0 to indicate real value. The byte may be set to 1 during manufacture and testing. The origin zip code is a three byte value representing a five digit number identifying the U.S. Zip code where the PSD, and the mailing machine (or printer of
The PSD motherboard 28a communicates with the host computer system 12 (
The PSD electronics shown in
The host computer system 12 in such housing 30a configuration further has a display 33a and touch keyboard 33b on an assembly rotatable along the top of housing 30a, in which knobs 33c turn to lock and unlock the assembly's rotational position with respect to housing 30. Thus, the user interface of the display 33a and keyboard 33b can be rotated by the user as needed for ease of the user to access the user interface. This feature is desirable when housing 30a is mounted on a mailing machine such that the user can vary the user interface with respect to his or her position to control and/or monitor system operation. Also, the keyboard 33b may be pivotable upward and downwards along flanges extending to a shaft 33d along each side of the keyboard. For example, the housing 30a may be compact having a length of about 10 inches, a width of about 12 inches, and a height of about 3.75 inches. However, other dimensions may be used. Less preferably, the PSD 28 is located outside the housing of host computer system 12.
Referring back to
The IBI Lite barcode 46 represents 20 bytes of data as shown in the following table.
Indicia Version Number represents real postage prints as 0, and is stored in memory of PSD 28. The Piece Counter is the current value of the piece counter in memory of PSD 28. IBI Vendor/Model 50f and 50g, e.g., 0801 indicating vendor number 8, PSD Model number 1, is also stored in memory of PSD 28. The Intelligent Mail Service (IMS) Number represents a code indicating the USPS intelligent mail services (if any) that have been applied to the mail piece. The HMAC Message Digest represents the first 6 Bytes of a 20 byte HMAC determined by the PSD in response to a postage request from the host computer system, as will be described below in connection with
In operation of the mailing machine 10, when the host computer system 12 first connects with the PSD 28, the host computer system sends a request to the PSD for its status information. In response, the PSD sends to the host computer system its PSD Serial Number, and values of its ascending and descending registers, and cycle counter, and the User ID. The host computer system, which stores in its memory at least the PSD Serial Number and User ID, verifies that the PSD is proper by checking that this number matches the PSD Serial Number and User ID returned from the PSD. If these two values do not match, the mailing machine 10 will not operate. The origin zip code may also be read from PSD, and similarly used to verify the PSD by checking that the read zip code matches the origin zip stored in memory of the host computer system. The host computer system 12 has a graphical user interface (using 12a,b,c) enabling the user of mailing machine 10 to input either a preset postage value for each envelope to be processed, or select to weigh each envelope automatically on the scale 22 and determine the postage value of each piece individually based on weight and class of service. The graphical user interface may also display the current value of the descending register, or other information typical of a mailing machine. The graphical user interface also enables the user to assign an account number to be associated with the transaction, such as for billing or accounting purposes. Each transaction represents one or more envelopes processed by the host computer system under an account number. Once inputted, the operation of the mailing machine is as shown in
Referring to
When the envelope start along transport path 18a (step 55), the host computer system senses the envelope with sensor 23 (step 56), and then weighs the envelope, if scale 22 is provided and selected by the user (step 58). The host computer system 12 then sends a request to PSD for postage security data (i.e., HMAC) with the postage value and the IMS Number for the envelope (step 60). A zero IMS Number may refer to there being no intelligent mail services being applied to the piece. However, the user may select intelligent mail services via the graphical user interface of the host computer system, and as such the IMS Number has a value corresponding to such intelligent mail services selected. For example, the IMS Number may specify that the envelope is a certified letter, and such coding to identify that letter requires special treatment by the U.S. Post Office. Thus, the IMS Number is useful for automatically machine sorting of mail by the U.S. Post Office. If the postage value was inputted by the user, this is the postage value sent to the PSD 28. In response to the request, the PSD adds the postage value to the ascending register, subtracts the postage value from the descending register, and increments the cycle counter by one (step 62)
Next at step 64, the PSD determines the HMAC for this particular envelope. First the PSD determines the first 14 Bytes of the IBI Lite Data, such as shown in the above Table. The PSD now has all of this information since the postage value and IMS number was provided by the host computer system, and the Indicia Version, Cycle Counter, Vendor and Model Numbers, and PSD Serial Number are available from PSD memory. The first 14 Bytes (Indicia Version, Cycle Counter, Vendor/Model, PSD Ser. No., Postage Value, and IMS Number) is inputted to the SHA-1 HMAC algorithm executed by the PSD, as prescribed by FIPS PUB 198, using the secret key in memory 32 to determine a 20 byte HMAC security code (“Indicium HMAC”) for this envelope. The PSD then sends the first 14 Bytes and the 20-byte Indicium HMAC, 34 bytes in all, to the host computer system.
The host computer system at step 66 receives the 34 bytes, of which the first 20 bytes comprise the entire IBI Lite Data to be printed as a barcode on the envelope. Having the entire 20 Byte IBI Lite Data, the host computer system formats print data for printing as a barcode (e.g., 46—
The host computer system 12 sends the print data to printer 22 for printing on the envelope when the envelope is presented to the printer (step 70) and the envelope then is ejected by the mailing machine (step 72). Preferably each envelope is processed in approximately 0.25 seconds or less.
The host computer system 12 then determines if the transaction is complete (step 74), by checking if the user via the graphical user interface has selected to stop the transaction, or entered another account number, or other conditions, if desired, such as preset idle time when no mail is processed by the machine. If the transaction is not complete, the process branches to step 55, and the next envelope is processed through the machine. If the transaction is complete, the host computer system sends a request to the PSD for PSD status values (i.e., PSD Serial No., Ascending and Descending Registers, Cycle Counter) and a unique security code 20-byte HMAC (“Transaction HMAC”) based on such PSD status values (step 76). The PSD determines the Transaction HMAC using the secret key and the current PSD status values using SHA-1 HMAC algorithm (step 77). The host computer system receives the PSD status values and Transaction HMAC from the PSD, and records the returned values as Transaction End PSD Status, Transaction HMAC, with the Date and Time (step 78). After step 78, the process branches back to step 52 and waits for the next transaction. Optionally a second printer may be provided in machine 10, such that at step 70 the second printer's print head when disposed with respect to the envelope prints orientation lines, such as FIM marks.
In another embodiment, the host computer system 12 may print postage indicia on labels or media, which may be adhesive backed, without mailing machine 10. This embodiment is shown in the block diagram
Referring to
A further embodiment is shown in
For example, computer system 103 coupled with printer 104 may represent an addressing system which, in accordance with software running on computer system 103, enables printing of addresses by printer 104 using address information stored in a database of memory (e.g., hard drive) of computer system 103 (or memory accessible to computer system 103 such as optical/magnetic media via an optical/magnetic drive of system 103, a external memory storage device, or port of computer system 103). Such addressing systems may be such as used for printing addresses on direct or bulk mail items, along with other print data or information, such as postal indicia, return addresses, logos, barcode addresses, and the like, in accordance with user input via graphic user interface (e.g., mouse, display, keyboard) utilizing the software on system 103. For example, software for operating computer system 103 to provide such addressing system is available from RENA Systems, Inc., but any other software for applying printed matter on mailing items using a printer may be used. In the present invention, such addressing system is improved to provide authorized envelope printing system 102, where computer system 103 has additional software enabling interactive operation with host computer system 12 so that computer system 103 can send messages requesting postage indicia to host computer system 12, receive print data representing such postage indicia from host computer system 12, and then directs the printer 104 to print postage indicia on envelopes or other mailing items along with other print data, such as addresses or other information, as desired by the user in accordance with software on computer system 103.
Referring to
The host computer system 12 then determines if the transaction is complete (step 118), by checking if the user via the graphical user interface of host computer system 12 has selected to stop the transaction, or entered another account number, or other conditions, if desired, such as preset idle time when no mail is processed by the system 102, or that a predetermined number of mailing items have been processed (such as inputted via the user interface of computer system 12 or 103). If the transaction is completed, steps 120, 121, and 122 are performed the same as step 76-78 described earlier, otherwise, the host computer system 12 returns to step 108 to wait for the new envelope sense message from computer system 103.
Referring to
The computer system 103 waits to receive from host computer system 12 the encrypted print data (IBI Lite barcode 46 and Image/Text 50) from step 116 of
In the case of the mailing machine 10, printer 80 or printing system 102, transaction data is stored in memory of the host computer system 12 for each transaction, e.g., a transaction number, Begin PSD status, End PSD status, Begin Date and Time, and End Date and Time, including the Transaction HMAC, and information about each mail piece processed, e.g., indicium HMAC (all or first 6 bytes) and postage value for each mail piece. The transaction data is uploaded to a reset computer system, via a network, which provides a repository (or archive storage) for all transactions processed by a particular PSD, as shown in
Referring to
A reset database 97 is provided in a memory storage unit, e.g., optical disc drive, of the computer system 96, and thus a part of such computer system. Alternatively, the reset database may be a separate memory storage unit, such as an external drive or memory of another computer system accessible to the reset computer system 96. The reset database 97 maintains an account for each user and the amount of postage funds which the user has deposited in such account. The reset database also maintains PSD history for each PSD 28 in system 100.
When a user at a host computer system 12 requires more postage at their PSD 28, the graphical user interface of the host computer system enables the user to request addition of a particular postage amount, and the host computer system then sends a request to its PSD 28 to add such amount. In response, the PSD 28 connects the reset computer system 96, via host computer 12 and network 95. The host computer system 12 then transmits (uploads) to the reset database 97, via the reset computer system 96, the PSD Status (Ascending Register, Descending Register, Cycle Counter, and unique security code 20-byte Transaction HMAC) when each transaction was processed by the host computer system since the last connection with the reset system. This information is provided in accordance with the stored transaction data in memory of the host computer system. For example of a two envelope (I) and (II) transaction, the transaction data stored in the host computer memory may represent the following data:
Transaction Identifier; Account Number
Begin—PSD SER. NO.; ASC. REG1; DESC. REG1; CYC. CTR1; DATE AND TIME1
End—PSD SER. NO.; ASC. REG2; DESC. REG2; CYC. CTR2; DATE AND TIME2
Transaction HMAC (unique 20-byte security code)
The upload to the reset database for the transaction of this example would be:
PSD SER. NO.; ASC. REG1; DESC. REG1; CYC. CTR1; DATE AND TIME1.
PSD SER. NO.; ASC. REG2; DESC. REG2; CYC. CTR2; DATE AND TIME2.
Transaction HMAC (unique 20-byte security code)
Upon receiving the uploads the reset computer system 96 stores it in reset database 97 in accordance with the PSD serial number. In this manner, the status of the PSD 28 at a start date and time and end data and time, and Transaction HMAC of every transaction is stored in the reset database 97, which maintains a repository of such information for evidencing purposes. Also, for accounting purposes, such data as to the status of descending and ascending registers can be checked for errors with funds previously provided to the descending register of the PSD. The upload of transaction data occurs each time the PSD communications with the reset computer system 96, regardless of whether funds are requested. Other data structures than shown above may also be used in storing and uploading transaction data.
After the upload for each transaction since last connection is complete, a funds transfer process occurs in which the PSD 28 and reset computer system 96 send SHA-1 HMAC-signed, messages between each other, in which messages sent from the PSD to the reset computer system are signed by the PSD using the first secret key of the PSD, and message sent from the reset computer system are signed by the reset computer system using the second secret key of the receiving PSD. The reset computer system and PSD use the same SHA-1 HMAC algorithm and such signing/verifying provides a level of data communication security.
The PSD 28 using the first key signs a request for funds specified by the user to the reset computer system 96. The reset computer system 96 using the first key for the PSD stored in its memory verifies the PSD message authenticity. If the PSD message is authenticated, the reset computer system using the second key for the PSD stored in its memory signs a message to the PSD to instruct the PSD to add funds. The PSD using the second key in its memory authenticates the message, and if authenticated, add the funds to its descending register. The PSD then sends a verification message signed using its first key back to the reset computer system, and the reset computer system using the first key in its memory verifies the PSD message authenticity, and if authenticated subtracts that amount of funds from the user's account, and the connection between the PSD and the reset computer system terminates.
The evidencing operation is performed as follows for a print indicium to determine if the print indicium is authentic or fake using the IBI Lite barcode. The 20 bytes of the IBI Lite indicium being analyzed are input to the reset computer system 96 either by scanning the barcode or by manual entry. The reset computer system parses the 20 bytes into their component fields, including the PSD Serial Number. The PSD Serial Number is then used to retrieve data stored in the reset database 97 related to that PSD 28, including the signing (or first) key for that PSD and Transaction history. The reset computer system 96 then uses the first 14 bytes of the IBI Lite under examination, and that signing key to produce the 20-byte HMAC. The first 6 bytes of this computed HMAC are compared to the last 6 bytes of the IBI Lite data, and if they match then the indicium is valid in terms of the HMAC generated by the PSD for that mail piece.
As evidence that the print indicium is not a copy, i.e., a forged duplicate of an earlier valid print indicium, the PSD Transaction history may be compared with the date the indicium was printed (if known) and the cycle count contained in the IBI Lite. Either the cycle count from the indicium should fall between the start and end cycle counts of exactly one PSD Transaction recorded in the reset database 97, or the cycle count from the indicium should be greater than the end cycle count of the last PSD Transaction recorded in the reset database 97. If the Transaction in which the mail piece was printed is found, the date of the Transaction from the reset database 97 should match the date the indicium was printed (if known). If the cycle count from the indicium exceeds the end cycle count of the last PSD Transaction recorded in the reset database, then the indicium should only have been printed on or after the date of the last PSD Transaction recorded in the reset database.
In addition, or alternative, to the authentication code being a part of the IBI Lite barcode, the HMAC received by the host computer system 12 from PSD 28 may be printed in other representations on an envelope or other mailing item. For example, OneCode represents a four state code as described in USPS Publication, titled “Introducing OneCode Confirm”, Rev. 8.2, USPS, Mar. 15, 2006. The OneCode has 31 digits maximum, in which the fifteen digits designated for the customer identifier and sequence number may be used to represent part of the HMAC. The OneCode barcode may be printed by mailing machine 10 by providing an additional print head oriented to print the barcode on envelopes, or in printer 80 by programming the host computer system 12 coupled thereto to output this barcode on an envelope or other mailing item, or adhesive label media, or by printer 104 by including this barcode in the print page such as above the address. Evidencing may be provided by reading the part of the HMAC stored in the OneCode, then locating and verifying the HMAC utilizing the transaction data stored in database 97 of reset computer system 96. Like analyzing the part of the HMAC coded in the IBI Lite barcode, if more than one embedded code in the OneCode existed in the reset computer system database 97, other data may be used for authentication, such as approximate date printed or actual date if printed on the mailing item. Although the OneCode barcode is described, any other barcode or other readable or scannable representation may be printed on mail or labels by machine 10, printer 80 or 104, in which all or part of such barcode or representation need only encode part (such as 6 bytes) of the HMAC authentication code to provide sufficient uniqueness for evidencing.
From the foregoing description, it will be apparent that an improved system and method for postal indicia printing, evidencing and accounting has been provided. Variations and modifications in the herein described system and method will undoubtedly become apparent to those skilled in the art. According the foregoing description should be taken as illustrative and not in a limiting sense.
This application claims the priority benefit of U.S. Provisional Application No. 60/796,452, filed May 1, 2006, which is herein incorporated by reference.
Number | Date | Country | |
---|---|---|---|
60796452 | May 2006 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 11799359 | May 2007 | US |
Child | 12930091 | US |