CRYPTOGRAPHIC MODULE FOR SECURE PROCESSING OF VALUE-BEARING ITEMS

US 20100228674A1
Filed: 05/18/2010
Published: 09/09/2010
Est. Priority Date: 10/18/1999
Status: Active Grant

First Claim

Patent Images

1. A cryptographic device for securing data on a computer network comprising:

a processor programmed to authenticate a plurality of users on the computer network for secure processing of a value bearing item;

a memory for storing a data record for ensuring authenticity of a user;

a cryptographic engine for cryptographically protecting the data record; and

an interface for communicating with the computer network,wherein the data record includes an ascending register value, a descending register value, a cryptographic device ID, a key token for an indicium signing key, at least one user secret, a key for encrypting the at least one user secret, date and time of last transaction, expiration dates for keys, and a passphrase repetition list.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a central database is disclosed. The cryptographic modules are capable of implementing the USPS Information Based Indicia Program Postal Security Device Performance Criteria and other required VBI standards. The modules encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters.

Citations

20 Claims

1. A cryptographic device for securing data on a computer network comprising:
- a processor programmed to authenticate a plurality of users on the computer network for secure processing of a value bearing item;
  
  a memory for storing a data record for ensuring authenticity of a user;
  
  a cryptographic engine for cryptographically protecting the data record; and
  
  an interface for communicating with the computer network,wherein the data record includes an ascending register value, a descending register value, a cryptographic device ID, a key token for an indicium signing key, at least one user secret, a key for encrypting the at least one user secret, date and time of last transaction, expiration dates for keys, and a passphrase repetition list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The cryptographic device of claim 1, wherein the processor includes a state machine for determining a state corresponding to availability of one or more commands.
  - 3. The cryptographic device of claim 2, wherein the state machine includes one or more of the group consisting of an uninitialized state, an initialized state, an operational state, an administrative state, an importing shares state, and an error state.
  - 4. The cryptographic device of claim 3, wherein the one or more commands corresponding to the uninitialized state includes a command for start initializing.
  - 5. The cryptographic device of claim 3, wherein the one or more commands corresponding to the initialized state includes commands for one or more of get status command, initialize access control database command, logon command, logoff command, query current user role command, query current user ID command, session management commands, audit entry creation command, generate master key set command, and generate transport key pair commands.
  - 6. The cryptographic device of claim 3, wherein the one or more commands corresponding to the operational state include commands for one or more of access control, session management, key management, and audit support.
  - 7. The cryptographic device of claim 6, wherein the commands for access control include one or more of transition to administrative state command, logon command, logoff command, query current user role command, query current user ID command, view access control database command, change password command, set clock command, and set Status command.
  - 8. The cryptographic device of claim 1, wherein the value bearing item is a postage value including a postal indicium.
  - 9. The cryptographic device of claim 8, wherein the postal indicium comprises a digital signature.
  - 10. The cryptographic device of claim 8, wherein the postal indicium comprises a postage amount.
  - 11. The cryptographic device of claim 1, wherein the value bearing item includes a bar code.
  - 12. The cryptographic device of claim 1, wherein the value bearing item consists of a group comprising of a ticket, a coupon, a voucher, and a traveler'"'"'s check.
  - 13. The cryptographic device of claim 1, wherein the processor is configured to share a secret with a plurality of other cryptographic devices.
  - 14. The cryptographic device of claim 1, wherein at least one of the plurality of users is an enterprise account.

15. A system for securing data on a computer network comprising:
- a plurality of cryptographic devices, each cryptographic device comprising;
  
  a processor programmed to authenticate a plurality of users on the computer network for secure processing of a value bearing item;
  
  a memory for storing a data record for ensuring authenticity of a user;
  
  a cryptographic engine for cryptographically protecting the data record; and
  
  an interface for communicating with the computer network,wherein the data record includes an ascending register value, a descending register value, a respective cryptographic device ID, at least one user secret, a key for encrypting the at least one user secret, date and time of last transaction, and expiration dates for keys, andwherein each of the plurality of cryptographic devices is configured to be capable of authenticating any of the plurality of users on the computer network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the value bearing item is a postage value including a postal indicium.
  - 17. The system of claim 16, wherein the postal indicium comprises a digital signature.
  - 18. The system of claim 15, wherein the value bearing item includes a bar code.
  - 19. The system of claim 15, wherein the value bearing item consists of a group comprising of a ticket, a coupon, a voucher, and a traveler'"'"'s check.
  - 20. The system of claim 15, wherein the processor is configured to share a secret with the plurality of cryptographic devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stamps.com, Inc.
Original Assignee
Stamps.com, Inc.
Inventors
Ogg, Craig L., Chow, William W.

Granted Patent

US 8,041,644 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/62
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

G07B 17/0008   Communication details outsi...

G07B 17/00733   Cryptography or similar spe...

G07B 2017/00056   Client-server

G07B 2017/00064   Virtual meter, online stamp...

G07B 2017/00145   via the Internet

G07B 2017/00201   Open franking system, i.e. ...

G07B 2017/00887   using look-up tables, also ...

G07B 2017/00967   PSD [Postal Security Device...

CRYPTOGRAPHIC MODULE FOR SECURE PROCESSING OF VALUE-BEARING ITEMS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CRYPTOGRAPHIC MODULE FOR SECURE PROCESSING OF VALUE-BEARING ITEMS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links