CRYPTOGRAPHIC MODULE FOR SECURE PROCESSING OF VALUE-BEARING ITEMS
First Claim
1. A cryptographic device for securing data on a computer network comprising:
- a processor programmed to authenticate a plurality of users on the computer network for secure processing of a value bearing item;
a memory for storing a data record for ensuring authenticity of a user;
a cryptographic engine for cryptographically protecting the data record; and
an interface for communicating with the computer network,wherein the data record includes an ascending register value, a descending register value, a cryptographic device ID, a key token for an indicium signing key, at least one user secret, a key for encrypting the at least one user secret, date and time of last transaction, expiration dates for keys, and a passphrase repetition list.
4 Assignments
0 Petitions
Accused Products
Abstract
An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a central database is disclosed. The cryptographic modules are capable of implementing the USPS Information Based Indicia Program Postal Security Device Performance Criteria and other required VBI standards. The modules encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters.
-
Citations
20 Claims
-
1. A cryptographic device for securing data on a computer network comprising:
-
a processor programmed to authenticate a plurality of users on the computer network for secure processing of a value bearing item; a memory for storing a data record for ensuring authenticity of a user; a cryptographic engine for cryptographically protecting the data record; and an interface for communicating with the computer network, wherein the data record includes an ascending register value, a descending register value, a cryptographic device ID, a key token for an indicium signing key, at least one user secret, a key for encrypting the at least one user secret, date and time of last transaction, expiration dates for keys, and a passphrase repetition list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for securing data on a computer network comprising:
-
a plurality of cryptographic devices, each cryptographic device comprising; a processor programmed to authenticate a plurality of users on the computer network for secure processing of a value bearing item; a memory for storing a data record for ensuring authenticity of a user; a cryptographic engine for cryptographically protecting the data record; and an interface for communicating with the computer network, wherein the data record includes an ascending register value, a descending register value, a respective cryptographic device ID, at least one user secret, a key for encrypting the at least one user secret, date and time of last transaction, and expiration dates for keys, and wherein each of the plurality of cryptographic devices is configured to be capable of authenticating any of the plurality of users on the computer network. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification