Method of improving the security of postage meter machines
First Claim
1. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
- providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine;
storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code;
conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at least a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence; and
said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for securing data and program code of an electronic postage meter machine against manipulation, having a microprocessor in a control unit of the postage meter machine for implementing steps for a start and initialization routine and following system routine with a possibility of entering into a communication mode with a remote data central, as well as further input steps in order to enter into a franking mode from which a branch is made back into the system routine after the implementation of an accounting and printing routine, includes conducting a start security check within the framework of a start and initialization routine which runs before a secure printing data call routine and the following system routine for determining the validity of a program code and/or of data in the predetermined memory location and of an appertaining MAC (message authentification code) that is present in the same storage medium. The check for valid program code and/or for validity of the data is implemented with a selected checksum method within an OTP (one time programmable) processor that internally receives the corresponding program parts. Transfer of the postage meter machine into the aforementioned system routine takes place given validity of the data or transfer of the postage meter machine into a first mode when the data are invalid, or when a specific manipulation criterion is met. Steps for preventing the franking or blocking of the postage meter machine and/or steps for preventing a further program execution or a program branch exiting the OTP processor within the framework of system routine the occur.
60 Citations
18 Claims
-
1. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
-
providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine; storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code; conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at least a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence; and said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents. - View Dependent Claims (2, 3)
-
-
4. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
-
storing an encrypted, first crypto-key in a non-volatile memory externally from said OTP processor; storing a second crypto-key and a DES algorithm internally within said OTP process; decoding said first crypto-key using said second crypto-key in said OTP processor to obtain a decoded, first crypto-key; and said OTP processor initiating a communication in said communication mode in which data are communicated to said data central, and said OTP processor securing said data in said communication using the decoded, first crypto-key and said DES algorithm. - View Dependent Claims (5, 6, 7)
-
-
8. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
-
providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine; storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code; conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at l east a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence; said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents; and storing an encryption algorithm and at least one crypto-key associated with said encryption algorithm internally in said OTP processor, and said OTP processor employing said at least one crypto-key and said encryption algorithm for forming said MAC. - View Dependent Claims (9)
-
-
10. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
-
providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine; storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code; conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at least a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence; said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents; upon transfer into said system routine, said OTP processor calling current data and checking said current data with at least one decision criterion and, if said decision criterion is satisfied, causing said postage meter machine to enter into a second mode wherein a warning is displayed at said postage meter machine with a request for initiating a communication with said data central; and said OTP processor causing said postage meter machine to enter into at least one further mode and said OTP processor conducting at least one further security check in said at least further mode. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
-
providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine; storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code; conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at least a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence; said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents; and said OTP processor, upon return to said system routine, entering into a printing data call routine for calling data for franking said postal items and conducting at least one check for authenticity of said printing data and, given an absence of authenticity, entering into a program branch externally from said OTP processor in said system routine.
-
Specification