Cryptographic module for secure processing of value-bearing items

US 7,216,110 B1
Filed: 10/16/2000
Issued: 05/08/2007
Est. Priority Date: 10/18/1999
Status: Expired due to Term

First Claim

Patent Images

1. A security system for secure printing of value-bearing items in a wide area computer network comprising:

a plurality of user terminals coupled to the computer network;

a database including information about one or more users using the plurality of terminals;

a plurality of cryptographic devices remote from the plurality of user terminals and coupled to the computer network, wherein the cryptographic devices include a computer executable code for authenticating one or more users, wherein each of the plurality of cryptographic devices is programmable to service any of the plurality of user terminals, and wherein each cryptographic device is not dedicated to particular user terminals; and

a plurality of security device transaction data stored in the database for ensuring authenticity of the one or more users, wherein each security device transaction data is related to a user, wherein any cryptographic device authenticates the identity of each user and authenticates the user for a role, the role limiting the user to a subset of operations performed by the system.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a central database is disclosed. The cryptographic modules are capable of implementing the USPS Information Based Indicia Program Postal Security Device Performance Criteria and other required VBI standards. The modules encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters.

Citations

72 Claims

1. A security system for secure printing of value-bearing items in a wide area computer network comprising:
- a plurality of user terminals coupled to the computer network;
  
  a database including information about one or more users using the plurality of terminals;
  
  a plurality of cryptographic devices remote from the plurality of user terminals and coupled to the computer network, wherein the cryptographic devices include a computer executable code for authenticating one or more users, wherein each of the plurality of cryptographic devices is programmable to service any of the plurality of user terminals, and wherein each cryptographic device is not dedicated to particular user terminals; and
  
  a plurality of security device transaction data stored in the database for ensuring authenticity of the one or more users, wherein each security device transaction data is related to a user, wherein any cryptographic device authenticates the identity of each user and authenticates the user for a role, the role limiting the user to a subset of operations performed by the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 2. The system of claim 1, wherein the security device transaction data related to a user is loaded into the cryptographic device when the user requests to operate on a value bearing item.
  - 3. The system of claim 1, wherein the assumed role is a security officer role to initiate a key management function.
  - 4. The system of claim 1, wherein the assumed role is a key custodian role to take possession of shares of keys.
  - 5. The system of claim 1, wherein the assumed role is an administrator role to manage a user access control database.
  - 6. The system of claim 1, wherein the assumed role is an auditor role to manage audit logs.
  - 7. The system of claim 1, wherein the assumed role is a provider role to withdraw from a user account.
  - 8. The system of claim 1, wherein the assumed role is a user role to operate on a VBI.
  - 9. The system of claim 1, wherein the assumed role is a certificate authority role to allow a public key certificate to be loaded and verified.
  - 10. The system of claim 1, wherein the cryptographic device includes a state machine for determining a state corresponding to availability of one or more commands in conjunction with the role.
  - 11. The system of claim 1, wherein the cryptographic device includes a data validation subsystem and an auto-recovery subsystem for allowing the device to verify that data is up to date and to automatically re-synchronize the device with the data.
  - 12. The system of claim 1, wherein the cryptographic device is stateless.
  - 13. The system of claim 1, wherein the cryptographic device includes a computer executable code for preventing unauthorized modification of data.
  - 14. The system of claim 13, wherein the computer executable code prevents the unauthorized modification, substitution, insertion, and deletion of related data and cryptographically critical security parameters.
  - 15. The system of claim 1, wherein the cryptographic device includes a computer executable code for preventing unauthorized disclosure of data.
  - 16. The system of claim 15, wherein the data includes non-public contents of a postage meter, including plaintext cryptographic keys and other critical security parameters.
  - 17. The system of claim 1, wherein the cryptographic device includes a computer executable code for ensuring the proper operation of cryptographic security and VBI related meter functions.
  - 18. The system of claim 1, wherein the cryptographic device includes a computer executable code for detecting errors and preventing a compromise of the transaction data or critical cryptographic security parameters as a result of the errors.
  - 19. The system of claim 1, wherein at least one of the users is an enterprise account.
  - 20. The system of claim 1, wherein the cryptographic device includes a computer executable code for supporting multiple concurrent users and maintaining a separation of roles and operations performed by each user.
  - 21. The system of claim 1, wherein the cryptographic device stores information about a number of last transactions in a respective internal register.
  - 22. The system of claim 21, wherein the database stores a table including the respective information about a last transaction, a verification module to compare the information saved in the device with the information saved in the database.
  - 23. The system of claim 1, wherein the database includes data for creating one or more indicium, account maintenance, and revenue protection.
  - 24. The system of claim 23, wherein the data includes virtual meter information.
  - 25. The system of claim 23, wherein the data includes ascending and descending registers data.
  - 26. The system of claim 1, wherein the value bearing item is a mail piece.
  - 27. The system of claim 26, wherein the mail piece includes a digital signature.
  - 28. The system of claim 1, wherein the cryptographic device encrypts validation information according to a user request for printing a VBI.
  - 29. The system of claim 26, wherein the cryptographic device generates data sufficient to print a postal indicium in compliance with postal service regulation on the mail piece.
  - 30. The system of claim 1, wherein the value bearing item is a ticket.
  - 31. The system of claim 1, wherein a bar code is printed on the value bearing item.
  - 32. The system of claim 1, wherein the value bearing item is a coupon.
  - 33. The system of claim 1, wherein the value bearing item is currency.
  - 34. The system of claim 1, wherein the value bearing item is a voucher.
  - 35. The system of claim 1, wherein the value bearing item is a traveler'"'"'s check.
  - 36. The system of claim 1, wherein each security device transaction data includes one or more of an ascending register value, a descending register value, a respective cryptographic device ID, an indicium key certificate serial number, a licensing ZIP code, a key token for an indicium signing key, user secrets, a key for encrypting user secrets, data and time of last transaction, last challenge received from a respective client subsystem, an operational state of the respective device, expiration dates for keys, and a passphrase repetition list.
  - 37. The system of claim 1, wherein each security device transaction data includes one or more of a private key, a public key, and a public key certificate, wherein the private key is used to sign device status responses and a VBI which, in conjunction with a public key certificate, demonstrates that the device and the VBI are authentic.
  - 38. The system of claim 1 further comprising at least one more cryptographic device remote from the plurality of user terminals coupled to the computer network, wherein the at least one more cryptographic device includes a computer executable code for authenticating any of the plurality of users.
  - 39. The system of claim 38, wherein the cryptographic device shares a secret with the at least one more cryptographic device.
  - 40. The system of claim 38, wherein one of the plurality of cryptographic devices is a master device and generates a master key set (MKS).
  - 41. The system of claim 40, wherein the MKS includes a Master Encryption Key (MEK) used to encrypt keys when stored outside the device,.
  - 42. The system of claim 41, wherein the MKS further includes a Master Authentication Key (MAK) used to compute a DES MAC for signing keys when stored outside of the device.
  - 43. The system of claim 40, wherein the MKS is exported to other cryptographic devices by any cryptographic device.
  - 44. The system of claim 1, wherein the database includes a user profile for a subset of the plurality of users.
  - 45. The system of claim 44, wherein the user profile includes username, user role, password, logon failure count, logon failure limit, logon time-out limit, account expiration, password expiration, and password period.
  - 46. The system of claim 10, wherein the state machine includes one or more of an uninitialized state, an initialized state, an operational state, an administrative state, an exporting shares state, an importing shares state, and an error state.
  - 47. The system of claim 46, wherein the command corresponding to the operational state comprises commands for one or more of access control, session management, key management, and audit support.
  - 48. The system of claim 1, wherein the cryptographic device is capable of performing one or more of Rivest, Shamir and Adleman (RSA) public key encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-random number generation algorithms.

49. A system for secure processing of value-bearing items (VBIs) in a computer network comprising:
- a plurality of user terminals coupled to the computer network;
  
  a database coupled to the network and remote from the plurality of user terminals for storing information about one or more users using the plurality of terminals; and
  
  a server system coupled to the network including a plurality of cryptographic devices for performing secure VBI functions utilizing the information stored in the database, each of the plurality of cryptographic devices processes data for any of the user terminals, wherein each cryptographic device is not dedicated to particular user terminals;
  
  wherein a cryptographic device authenticates the identity of a user and restricts services to the user based on stored information in the database.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
- - 50. The system of claim 49, wherein at least one of the users is an enterprise account.
  - 51. The system of claim 49, further comprising a plurality of security device transaction data stored in the database for ensuring authenticity and authority of each of the plurality of users, wherein each transaction data is related to one of the plurality of uses and the security device transaction data related to a user is loaded into the cryptographic device when the user requests a VBI function.
  - 52. The system of claim 49, wherein the assumed role is an administrator role to manage a user access control database.
  - 53. The system of claim 49, wherein the assumed role is a provider role to authorize increasing credit for a user account.
  - 54. The system of claim 49, wherein the assumed role is a user role to perform expected IBIP postal meter operations.
  - 55. The system of claim 49, wherein the cryptographic device stores information about a number of last transactions in a respective internal register, the database stores a table including the respective information about a last transaction, a verification module to compare the information saved in the device with the information saved in the table.
  - 56. The system of claim 49, wherein the database includes data for creating indicium, account maintenance, and revenue protection.
  - 57. The system of claim 49, wherein the value bearing item is a mail piece.
  - 58. The system of claim 49, wherein the mail piece includes a digital signature.
  - 59. The system of claim 49, wherein the mail piece includes a postage amount.
  - 60. The system of claim 49, wherein the mail piece includes an ascending register of used postage and descending register of available postage.
  - 61. The system of claim 49, wherein the value bearing item is a ticket.
  - 62. The system of claim 49, wherein the value bearing item includes a bar code.
  - 63. The system of claim 49, wherein the value bearing item is a coupon.
  - 64. The system of claim 49, wherein the value bearing item is currency.
  - 65. The system of claim 49, wherein the value bearing item is a voucher.
  - 66. The system of claim 49, wherein the value bearing item is a traveler'"'"'s check.
  - 67. The system of claim 49, wherein each security device transaction data includes an ascending register value, a descending register value, a respective cryptographic device ID, an indicium key certificate serial number, a licensing ZIP code, a key token for an indicium signing key, user secrets, a key for encrypting user secrets, data and time of last transaction, last challenge received from a respective client subsystem, an operational state of the respective device, expiration dates for keys, and a passphrase repetition list.
  - 68. The system of claim 49, wherein each security device transaction data includes a private key, a public key, and a public key certificate, wherein the private key is used to sign device status responses and a VBI which, in conjunction with a public key certificate, demonstrates that the device and the VBI are authentic.
  - 69. The system of claim 49, wherein each cryptographic device is capable of performing one or more of Rivest, Shamir and Adleman (RSA) public key encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-random number generation algorithms.
  - 70. The system of claim 49, wherein each cryptographic device protects data using a stored secret.
  - 71. The system of claim 70, wherein the secret is a password.
  - 72. The system of claim 70, wherein the secret is a public/private key pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Auctane LLC (Stamps.com, Inc.)
Original Assignee
Stamps.com, Inc.
Inventors
Venkat, Girish, Ogg, Craig L., Chow, William W., Lingle, Piers C.
Primary Examiner(s)
Backer; Firmin

Application Number

US09/690,066
Time in Patent Office

2,395 Days
Field of Search

705/80, 705/50, 400/401
US Class Current

705/80
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 30/02   Marketing; Price estimation...

G06Q 50/188   Electronic negotiation

G07B 17/0008   Communication details outsi...

G07B 17/00733   Cryptography or similar spe...

G07B 2017/00056   Client-server

G07B 2017/00064   Virtual meter, online stamp...

G07B 2017/00145   via the Internet

G07B 2017/00201   Open franking system, i.e. ...

G07B 2017/00887   using look-up tables, also ...

G07B 2017/00967   PSD [Postal Security Device...

Cryptographic module for secure processing of value-bearing items

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

72 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic module for secure processing of value-bearing items

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

72 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links