Tamper resistant postal security device with long battery life
First Claim
1. A method for use with a postal security device comprising a secure housing, and within the secure housing a body of data having a size, said postal security device also having within the secure housing means for generating print data for printing of postage indicia, said generating of said print data relying in part on the body of data, said postal security device also having within the secure housing a first memory sized to accommodate the body of data, said first memory of a type not requiring electrical power to maintain the contents thereof, the postal security device also having within the secure housing a second memory not large enough to accommodate the body of data, said second memory of a type that requires electric power to maintain its contents, said postal security device also comprising a battery powering the second memory and a tamper switch mechanically coupled with the secure housing so that upon tampering with the secure housing the second memory is disconnected from the battery, said postal security device further comprising an encryption key stored within said second memory, said postal security device further comprising a cryptographic engine;
- the method comprising the steps of;
storing the encryption key within the second memory;
encrypting the body of data by the cryptographic engine with respect to the encryption key;
storing the encrypted body of data in the first memory;
upon power-up of the postal security device decrypting the encrypted body of data with the cryptographic engine with respect to the encryption key;
temporarily storing the decrypted body of data in a third memory, wherein upon power down of the postal security device the decrypted body of data is lost;
in the event of tampering with the postal security device, removing power from the second memory and the third memory resulting in a loss of the encryption key and the decrypted body of data; and
requiring battery power for the second memory in order to minimize a need for back-up battery power in the postal security device, the second memory being limited in data storage capacity size in order to minimize battery power consumption when the second memory relies on back-up battery power.
3 Assignments
0 Petitions
Accused Products
Abstract
In accordance with the invention, a postal security device (PSD) (10) contains a non-volatile memory (13) which does not depend on battery power such as an EEPROM (13), and contains a nonvolatile memory (14, 16) which does depend on battery power, such as a static RAM. The PSD (10) also contains an encryption engine (12, 14, 22). An encryption key is developed and is stored in the static RAM (14), which is sized to be only large enough to contain the encryption key. A large body of data, too large to fit in the static RAM, is encrypted by means of the encryption engine (12, 14, 22) and with reference to the encryption key, and is stored in the EEPROM (13). This body of data typically includes cryptographic keys and sensitive bit-images. When the PSD is powered, a large RAM (typically a dynamic RAM) (16) is available to receive the large body of data, decrypted using the encryption key. A tamper switch (17) cuts power to both RAMs (14, 16) in the event of tampering.
40 Citations
18 Claims
-
1. A method for use with a postal security device comprising a secure housing, and within the secure housing a body of data having a size, said postal security device also having within the secure housing means for generating print data for printing of postage indicia, said generating of said print data relying in part on the body of data, said postal security device also having within the secure housing a first memory sized to accommodate the body of data, said first memory of a type not requiring electrical power to maintain the contents thereof, the postal security device also having within the secure housing a second memory not large enough to accommodate the body of data, said second memory of a type that requires electric power to maintain its contents, said postal security device also comprising a battery powering the second memory and a tamper switch mechanically coupled with the secure housing so that upon tampering with the secure housing the second memory is disconnected from the battery, said postal security device further comprising an encryption key stored within said second memory, said postal security device further comprising a cryptographic engine;
- the method comprising the steps of;
storing the encryption key within the second memory; encrypting the body of data by the cryptographic engine with respect to the encryption key; storing the encrypted body of data in the first memory; upon power-up of the postal security device decrypting the encrypted body of data with the cryptographic engine with respect to the encryption key; temporarily storing the decrypted body of data in a third memory, wherein upon power down of the postal security device the decrypted body of data is lost;
in the event of tampering with the postal security device, removing power from the second memory and the third memory resulting in a loss of the encryption key and the decrypted body of data; andrequiring battery power for the second memory in order to minimize a need for back-up battery power in the postal security device, the second memory being limited in data storage capacity size in order to minimize battery power consumption when the second memory relies on back-up battery power.
- the method comprising the steps of;
-
2. A method for use with a postal security device comprising a secure housing, and within the secure housing a body of data having a size, said postal security device also having within the secure housing means for generating print data for printing of postage indicia, said generating of said print data relying in part on the body of data, said postal security device also having within the secure housing a first memory sized to accommodate the body of data, said first memory of a type not requiring electrical power to maintain the contents thereof, the postal security device also having within the secure housing a second memory not large enough to accommodate the body of data, said second memory of a type that requires electric power to maintain its contents, said postal security device also comprising a battery powering the second memory and a tamper switch mechanically coupled with the secure housing so that upon tampering with the secure housing the second memory is disconnected from the battery, said postal security device further comprising an encryption key stored within said second memory, said postal security device further comprising a cryptographic engine;
- the method comprising the steps of;
storing the encryption key within the second memory; encrypting the body of data by the cryptographic engine with respect to the encryption key; storing the encrypted body of data in the first memory; upon power-up of the postal security device decrypting the encrypted body of data with the cryptographic engine with respect to the encryption key; temporarily storing the decrypted body of data in a third memory, wherein upon power down of the postal security device the decrypted body of data is lost; in the event of tampering with the postal security device, removing power from the second memory and the third memory resulting in a loss of the encryption key and the decrypted body of data; and limiting a size of data stored in the second memory to the encryption key in order to maximize a life of the battery powering the second memory. - View Dependent Claims (3, 4, 10, 11, 12)
- the method comprising the steps of;
-
5. A postal security device having improved battery power consumption during power-off periods comprising;
-
a first memory device for storing encrypted data, the first memory device being connected to a main power source and not connected to a back-up battery power source; a second memory device having a memory storage capacity sufficient to store only an encryption key, the encryption key being used to decrypt the encrypted data stored in the first memory device when the postal security device is powered on, the second memory being connected to both the main power source and the back-up battery power source, the second memory device having a data storage capacity size limited to the encryption key to minimize battery power consumption when the second memory relies on back-up battery power, only the second memory having a battery source in order to minimize a need for back-up battery power; an encryption engine adapted to decrypt the encrypted data using the encryption key during power on; and a third memory for temporarily storing the decrypted data, the third memory being connected only to the main power source; wherein when the main power source is interrupted, the decrypted data in the third memory is lost while the second memory retains the encryption key, and since only the second memory requires back-up battery power, battery power consumption of the postal security device is reduced. - View Dependent Claims (6, 7)
-
-
8. A postal security device comprising:
-
a secure housing, and within the secure housing; a first nonvolatile memory device not having a backup battery power source and adapted to store an encrypted body of data when power is applied to the postal security device and when power is not applied to the postal security device; a second nonvolatile memory device having a backup battery power source and having a storage capacity only large enough to store an encryption key, the second non volatile memory having a limited data size tied to the encryption key to maximize a life of the back-up battery power source; an encryption engine adapted to encrypt a body of data with reference to the encryption key in order to form the encrypted data stored in the first nonvolatile memory; a third memory device not having a backup battery and adapted to temporarily store a body of decrypted data while the postal security device is powered on, the body of decrypted data being transferred to the third memory device from the encryption engine when the postal security device is initially powered on, the encryption engine decrypting the decrypted data stored in the second memory device with respect to the encryption key when the postal security device is powered on; and wherein when the postal security device powers down, the body of decrypted data temporarily stored in the third memory device is lost and battery power required to maintain the postal security device is minimized. - View Dependent Claims (9)
-
-
13. A method of improving back-up battery power consumption in a postal security device comprising:
-
storing a body of encrypted data in a first memory device that does not have a back-up battery power source, the encrypted data being encrypted by an encryption engine with respect to an encryption key; storing the encryption key in a second memory device in the postal security device, only the second memory device having a back-up battery power source and having a maximum storage capacity limited to a size of the encryption key and limiting data storage capacity size of the second memory in order to minimize battery power consumption when the second memory relies on back-up battery power, wherein a need for back-up battery power in the postal security device is minimized; powering up the postal security device and automatically decrypting the encrypted data with respect to the encryption key stored in the second memory device; temporarily storing the decrypted data in a third memory device not having a back-up power source, wherein if power to the postal security device is interrupted, the decrypted data is lost and only the encryption key stored in the second memory device having the battery back-up is maintained; and causing the decrypted data in the third memory device and the encryption key to be lost if the postal security device is tampered with. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification