Method and apparatus for on-line value-bearing item system
First Claim
1. A scalable on-line system for printing value bearing items (VBI) comprising:
- a client system; and
a scalable server system communicating with the client system over a communication network comprising;
a database remote from the client system and including information about a plurality of users;
a plurality of transaction data records stored in the database to ensure authenticity of the plurality of users; and
a plurality of stateless cryptographic devices remote from the client system and capable of authenticating and processing VBI printing requests from any of the plurality of users using a respective transaction data records stored in the database, wherein when a VBI printing request from a current user is received by the server system, an available cryptographic device from the plurality of cryptographic devices and the database cross-verify a copy of a last transaction data record stored in the database and stored in the available cryptographic device, before processing the VBI printing request from the current user, and wherein the server system sends a print authorization to the client system to print a VBI when the copy of the last transaction data record is cross-verified.
7 Assignments
0 Petitions
Accused Products
Abstract
An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a secure database is disclosed. The secure database has the ability to recover data in case of a database failure and includes account balances and other information for all of the on-line value-bearing item system customers and is capable of preventing access by unauthorized users. Also, a secure communication network is in operation to prevent unauthorized access to the users'"'"' data stored in the database.
A plurality of subsystems located on the server system side of the on-line VBI system provide services related to purchasing, accounting, and printing of VBI. Preferably, these services run on multiple server machines allowing the system to be scalable. The number of the servers can easily be increased to meet the growing needs of the subsystems as the numbers of transactions and users increase. The growing number of servers will not impact the performance of the on-line postage system, because the design of the on-line postage system allows for scalability.
-
Citations
42 Claims
-
1. A scalable on-line system for printing value bearing items (VBI) comprising:
-
a client system; and a scalable server system communicating with the client system over a communication network comprising; a database remote from the client system and including information about a plurality of users; a plurality of transaction data records stored in the database to ensure authenticity of the plurality of users; and a plurality of stateless cryptographic devices remote from the client system and capable of authenticating and processing VBI printing requests from any of the plurality of users using a respective transaction data records stored in the database, wherein when a VBI printing request from a current user is received by the server system, an available cryptographic device from the plurality of cryptographic devices and the database cross-verify a copy of a last transaction data record stored in the database and stored in the available cryptographic device, before processing the VBI printing request from the current user, and wherein the server system sends a print authorization to the client system to print a VBI when the copy of the last transaction data record is cross-verified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A scalable on-line system for printing value bearing items (VBI) comprising:
-
a client system; and a scalable server system communicating with the client system over a communication network comprising; a database remote from the client system and including information about a plurality of users; a plurality of transaction data records stored in the database to ensure authenticity of the plurality of users, wherein each transaction data record includes information to restore the data record to its last known state, when the data record is next used; and a plurality of stateless cryptographic devices remote from the client system and capable of authenticating and processing VBI printing requests from any of the plurality of users using a respective transaction data records stored in the database, wherein when a VBI printing request from a current user is received by the server system, an available cryptographic device from the plurality of cryptographic devices loads the current user'"'"'s transaction data record and instantiates a user state in the transaction data record to process the VBI printing requests from the current user, wherein each transaction data record includes one or more of an ascending register value, a descending register value, a respective cryptographic module ID, an indicium key certificate serial number, a licensing ZIP code, a key token for an indicium signing key, user secrets, a key for encrypting user secrets, date and time of last transaction, last challenge received from a respective client subsystem, an operational state of the respective module, expiration dates for keys, and a passphrase repetition list. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A method for printing value-bearing items (VBI) via a communication network including a client system, and a server system, the method comprising the steps of:
-
accepting print requests from a plurality of users by the client system; communicating the print requests to the server system over the communication network; storing in a database a plurality of transaction data records, wherein each transaction data record includes information to restore the data record to its last known state, when the data record is next used; ensuring authenticity of the plurality of users utilizing a respective transaction data record; processing in a stateless manner each transaction data record in the server system; authenticating by a cryptographic device any of the plurality of users in a stateless manner, utilizing one or more of the plurality of transaction data record stored in the database; receiving a VBI printing request from a current user; loading the current user'"'"'s transaction data record in the cryptographic device; and instantiating a user state in the transaction data record to process the VBI printing requests from the current user, wherein each of the transaction data records includes an ascending register value, a descending register value, a respective cryptographic device ID, an indicium key certificate serial number, a licensing ZIP code, a key token for an indicium signing key, user secrets, a key for encrypting user secrets, date and time of last transaction, last challenge received from a respective client subsystem, an operational state of the respective device, expiration dates for keys, and a passphrase repetition list. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42)
-
Specification