Method of improving the security of postage meter machines

US 5,805,711 A
Filed: 09/08/1995
Issued: 09/08/1998
Est. Priority Date: 12/21/1993
Status: Expired due to Term

First Claim

Patent Images

1. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:

providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine;

storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code;

conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at least a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence; and

said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing data and program code of an electronic postage meter machine against manipulation, having a microprocessor in a control unit of the postage meter machine for implementing steps for a start and initialization routine and following system routine with a possibility of entering into a communication mode with a remote data central, as well as further input steps in order to enter into a franking mode from which a branch is made back into the system routine after the implementation of an accounting and printing routine, includes conducting a start security check within the framework of a start and initialization routine which runs before a secure printing data call routine and the following system routine for determining the validity of a program code and/or of data in the predetermined memory location and of an appertaining MAC (message authentification code) that is present in the same storage medium. The check for valid program code and/or for validity of the data is implemented with a selected checksum method within an OTP (one time programmable) processor that internally receives the corresponding program parts. Transfer of the postage meter machine into the aforementioned system routine takes place given validity of the data or transfer of the postage meter machine into a first mode when the data are invalid, or when a specific manipulation criterion is met. Steps for preventing the franking or blocking of the postage meter machine and/or steps for preventing a further program execution or a program branch exiting the OTP processor within the framework of system routine the occur.

60 Citations

View as Search Results

18 Claims

1. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
- providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine;
  
  storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code;
  
  conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at least a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence; and
  
  said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents.
- View Dependent Claims (2, 3)
- - 2. A method as claimed in claim 1 wherein the step of conducting said start security check includes the steps of:
    - storing a predetermined MAC value in a storage medium external to said postage meter machine;
      
      transmitting said predetermined MAC value from said storage medium external to said postage meter machine to said storage medium in said postage meter machine accessible by said OTP processor;
      
      in said MAC check sum sequence, forming an MAC check sum in said OTP processor using said MAC formed over at least a portion of the contents of said storage medium; and
      
      comparing said MAC check sum in said OTP processor to said predetermined MAC value at at least one time selected from the group consisting of before conducting said franking mode, after conducting said franking mode, in said communication mode, and any time at which said postage meter machine is not printing.
  - 3. A method as claimed in claim 1 comprising the additional steps of:
    - monitoring expiration of a time selected from the group consisting of a time during which no franking of postal items occurs, and a predetermined number of loops of said system routine without any input, and upon expiration of said time said OTP processor placing said postage meter machine in a standby mode; and
      
      conducting at least one further security check in said standby mode and, if an error is identified in said at least one further security check, causing said OTP processor to place said postage meter machine in said first mode wherein franking is prevented.

4. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
- storing an encrypted, first crypto-key in a non-volatile memory externally from said OTP processor;
  
  storing a second crypto-key and a DES algorithm internally within said OTP process;
  
  decoding said first crypto-key using said second crypto-key in said OTP processor to obtain a decoded, first crypto-key; and
  
  said OTP processor initiating a communication in said communication mode in which data are communicated to said data central, and said OTP processor securing said data in said communication using the decoded, first crypto-key and said DES algorithm.
- View Dependent Claims (5, 6, 7)
- - 5. A method as claimed in claim 4 comprising the additional step of additionally securing said data in said communication in said communication mode with an MAC (message authentification code) formed internally over said data in said communication in said OTP processor.
  - 6. A method as claimed in claim 4 wherein the step of said OTP processor conducting a communication in said communication mode with said data central comprises prescribing a value in said OTP processor for a credit reloading and communicating said value, as said data secured by said decoded, first crypto-key and said DES algorithm, to said data central.
  - 7. A method as claimed in claim 4 wherein the step of said OTP processor initiating a communication in said communication mode with said data central includes said OTP processor receiving criterion, encrypted using said first crypto-key and said DES algorithm, for causing entry of said postage meter machine into a sleeping mode, as said data.

8. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
- providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine;
  
  storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code;
  
  conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at l east a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence;
  
  said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents; and
  
  storing an encryption algorithm and at least one crypto-key associated with said encryption algorithm internally in said OTP processor, and said OTP processor employing said at least one crypto-key and said encryption algorithm for forming said MAC.
- View Dependent Claims (9)
- - 9. A method as claimed in claim 8 wherein the step of storing said encryption algorithm comprises storing a DES algorithm.

10. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
- providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine;
  
  storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code;
  
  conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at least a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence;
  
  said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents;
  
  upon transfer into said system routine, said OTP processor calling current data and checking said current data with at least one decision criterion and, if said decision criterion is satisfied, causing said postage meter machine to enter into a second mode wherein a warning is displayed at said postage meter machine with a request for initiating a communication with said data central; and
  
  said OTP processor causing said postage meter machine to enter into at least one further mode and said OTP processor conducting at least one further security check in said at least further mode.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. A method as claimed in claim 10 wherein the step of implementing at least one further security check comprises conducting an authenticity check of values stored in accounting registers in said postage meter machine.
  - 12. A method as claimed in claim 10, wherein the step of said OTP processor implementing at least one further security check comprises:
    - storing security-related data in a non-volatile memory in said postage meter machine; and
      
      checking said security-related data at least before entering into said franking mode.
  - 13. A method as claimed in claim 10 wherein the step of said OTP processor implementing at least one further security check comprises the steps of:
    - identifying a selected portion of said program code; and
      
      checking for errors in said selected portion of said program code in said storage medium.
  - 14. A method as claimed in claim 10 wherein the step of said OTP processor conducting at least one further security check comprises:
    - storing data in an EPROM; and
      
      checking for authenticity of said data stored in said EPROM.
  - 15. A method as claimed in claim 10 including the additional steps of:
    - storing an accounting value in said EPROM; and
      
      determining an accuracy of said accounting value as said at least one additional security check.
  - 16. A method as claimed in claim 15 wherein the step of checking the accuracy of said accounting value comprises displaying said accounting value at said postage meter machine.
  - 17. A method as claimed in claim 15 wherein the step of checking the accuracy of said accounting value comprises printing out said accounting value using an internal printer of said postage meter machine which is also employed for said franking said postal items.

18. A method for securing data and program code in an electronic postage meter machine against manipulation, said electronic postage meter machine having a microprocessor in a control unit for implementing steps of a start and initialization routine upon turn-on of the postage meter machine and for thereafter implementing a system routine including a communication mode with a data central remote from said postage meter machine and a franking mode including an accounting and printing routine in which a franking amount is printed on a postal item and a debiting of the franking amount is made, followed by a branch back to a beginning of said system routine, said method comprising the steps of:
- providing an OTP (one time programmable) processor as said microprocessor in said control unit and providing a storage medium accessible by said OTP processor in said postage meter machine;
  
  storing memory contents which may be valid or invalid, in said storage medium, said memory contents including at least one of data and a program code;
  
  conducting a start security check in said OTP processor, upon said turn-on of said postage meter machine, in said start and initialization routine before conducting said system routine, and in said start security check forming an MAC (message authentification code) over at least a portion of the contents of said storage medium and using said MAC to determine the validity or invalidity of said contents of said storage medium over which said MAC is formed, using an MAC check sum sequence;
  
  said OTP processor transferring said postage meter machine into the system routine given validity of said memory contents and transferring the postage meter machine into a first mode and preventing franking by said postage meter machine in said first mode given invalidity of said memory contents; and
  
  said OTP processor, upon return to said system routine, entering into a printing data call routine for calling data for franking said postal items and conducting at least one check for authenticity of said printing data and, given an absence of authenticity, entering into a program branch externally from said OTP processor in said system routine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Francotyp-Postalia GmbH
Original Assignee
Francotyp-Postalia GmbH
Inventors
Reisinger, Frank, Wagner, Andreas, Rieckhoff, Peter, Gunther, Stephan, Berthold, Arndt, Windel, Harald, Kubatzki, Ralf, Bischoff, Enno, Zarges, Olav A., Freytag, Claus, Hansel, Marcus
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/525,923
Time in Patent Office

1,096 Days
Field of Search

380/2, 380/4, 380/23, 380/24, 380/25, 380/49, 380/50, 380/51, 380/55, 380/59, 364/464.11, 364/464.14, 364/464.15, 705/401, 705/405, 705/408, 705/410
US Class Current

380/55
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/575   Secure boot

G06F 21/64   Protecting data integrity, ...

G07B 17/00   Franking apparatus printing...

G07B 17/0008   Communication details outsi...

G07B 17/00733   Cryptography or similar spe...

G07B 2017/00096   via phone lines

G07B 2017/00169   from a franking apparatus, ...

G07B 2017/00233   Housing, e.g. lock or harde...

G07B 2017/00258   Electronic hardware aspects...

G07B 2017/0033   Communication with software...

G07B 2017/00338   Error detection or handling

G07B 2017/00346   Power handling, e.g. power-...

G07B 2017/00403   Memory zones protected from...

G07B 2017/00419   Software organization, e.g....

G07B 2017/00427   Special accounting procedur...

G07B 2017/0075   Symmetric, secret-key algor...

G07B 2017/00774   MAC (Message Authentication...

G07B 2017/00935   Passwords

G07B 2017/00951   Error handling, e.g. EDC (E...

Method of improving the security of postage meter machines

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Method of improving the security of postage meter machines

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others