Cryptographic module for secure processing of value-bearing items

US 8,027,927 B2
Filed: 10/27/2009
Issued: 09/27/2011
Est. Priority Date: 10/18/1999
Status: Expired due to Term

First Claim

Patent Images

1. An on-line system for printing value bearing items (VBI) comprising:

one or more client systems for interfacing with a plurality of users; and

a database remote from the users comprising a plurality of user records, each user record including information about a respective user of the plurality of users;

a cryptographic module having a memory and remote from the users programmed to perform database transactions responsive to a request from a user, wherein the cryptographic module stores in the memory one or more checkpoint records related to one or more recent database transactions, respectively, wherein the database stores a checkpoint record related to a most recent database transaction performed by the cryptographic module, wherein each checkpoint record includes a total amount printed by the cryptographic module, and wherein the cryptographic module inputs the checkpoint record stored in the database and compares it with one of the one or more checkpoint records stored in the memory related to said most recent database transaction, before processing a new request from a user.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a central database is disclosed. The cryptographic modules are capable of implementing the USPS Information Based Indicia Program Postal Security Device Performance Criteria and other required VBI standards. The modules encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters.

183 Citations

22 Claims

1. An on-line system for printing value bearing items (VBI) comprising:
- one or more client systems for interfacing with a plurality of users; and
  
  a database remote from the users comprising a plurality of user records, each user record including information about a respective user of the plurality of users;
  
  a cryptographic module having a memory and remote from the users programmed to perform database transactions responsive to a request from a user, wherein the cryptographic module stores in the memory one or more checkpoint records related to one or more recent database transactions, respectively, wherein the database stores a checkpoint record related to a most recent database transaction performed by the cryptographic module, wherein each checkpoint record includes a total amount printed by the cryptographic module, and wherein the cryptographic module inputs the checkpoint record stored in the database and compares it with one of the one or more checkpoint records stored in the memory related to said most recent database transaction, before processing a new request from a user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the cryptographic module processes the new request from the user when the checkpoint record stored in the database matches the one of the one or more checkpoint records stored in the memory.
  - 3. The system of claim 2, wherein the cryptographic module returns an error code when the checkpoint record stored in the database does not match the one of the one or more checkpoint records stored in the memory.
  - 4. The system of claim 2, wherein the cryptographic module updates the checkpoint record to be stored in the database after the cryptographic module processes the new request from the user.
  - 5. The system of claim 1, wherein the cryptographic module protects the checkpoint record by a key and stores the protected checkpoint.
  - 6. The system of claim 3, wherein after returning the error code, the cryptographic module compares a second checkpoint record stored in the memory older than said one of the one or more checkpoint records related to said most recent database transaction with said checkpoint record stored in the database.
  - 7. The system of claim 6, wherein when said second checkpoint record matches said checkpoint record stored in the database, the matched record becomes an accepted checkpoint record, and wherein the cryptographic module further updates said one or more checkpoint records stored in the memory using data from the accepted checkpoint record and outputs an audit log record.
  - 8. The system of claim 7, wherein said audit log record includes information to document database transactions more recent than the accepted checkpoint record that are to be discarded.
  - 9. The system of claim 6, wherein when said checkpoint record stored in the database does not match any of said one or more checkpoint records stored in the memory, the cryptographic module is prevented from performing any further database transactions.
  - 10. The system of claim 1, wherein each checkpoint record further includes one or more of the group consisting of a total amount refunded by the cryptographic module, a total amount reset by the cryptographic module, a serial number of the cryptographic module, a transaction type, a value of an ascending register, a value of a descending register, a date stamp, and a time stamp.
  - 11. The system of claim 1, wherein the request is one or more of the group consisting of a print request, a reset request and a refund request.
  - 12. The system of claim 1, wherein the value bearing item is one or more of the group consisting of a mail piece, a ticket, a coupon, and a voucher.

13. An on-line system for printing value bearing items (VBI) comprising:
- one or more client systems for interfacing with a plurality of users; and
  
  a database remote from the users comprising a plurality of user records, each user record including information about a respective user of the plurality of users;
  
  a cryptographic module having a memory and remote from the users programmed to perform database transactions responsive to a request from a user, wherein the cryptographic module stores in the memory one or more checkpoint records related to one or more recent database transactions, respectively, wherein the database stores a checkpoint record related to a most recent database transaction performed by the cryptographic module, wherein each checkpoint record includes information about one or more of the group consisting of an amount printed by the cryptographic module, an amount reset by the cryptographic module, and an amount refund by the cryptographic module, and wherein the cryptographic module inputs the checkpoint record stored in the database and compares it with one of the one or more checkpoint records stored in the memory related to said most recent database transaction, before processing a new request from a user.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein the cryptographic module processes the new request from the user when the checkpoint record stored in the database matches the one of the one or more checkpoint records stored in the memory.
  - 15. The system of claim 14, wherein the cryptographic module returns an error code when the checkpoint record stored in the database does not match the one of the one or more checkpoint records stored in the memory.
  - 16. The system of claim 14, wherein the cryptographic module updates the checkpoint record to be stored in the database after the cryptographic module processes the new request from the user.
  - 17. The system of claim 13, wherein the request is one or more of the group consisting of a print request, a reset request and a refund request.

18. An on-line system for printing value bearing items (VBI) comprising:
- one or more client systems for interfacing with a plurality of users; and
  
  a database remote from the users comprising a plurality of user records, each user record including information about a respective user of the plurality of users;
  
  a cryptographic module having a memory and remote from the users programmed to perform database transactions responsive to a request from a user, wherein the cryptographic module stores in the memory one or more checkpoint records related to one or more recent database transactions, respectively, wherein the database stores a checkpoint record related to a most recent database transaction performed by the cryptographic module, wherein each checkpoint record is a function of one or more of the group consisting of an amount printed by the cryptographic module, an amount reset by the cryptographic module, and an amount refund by the cryptographic module, and wherein the cryptographic module inputs the checkpoint record stored in the database and compares it with one of the one or more checkpoint records stored in the memory related to said most recent database transaction, before processing a new request from a user.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The system of claim 18, wherein the cryptographic module processes the new request from the user when the checkpoint record stored in the database matches the one of the one or more checkpoint records stored in the memory.
  - 20. The system of claim 19, wherein the cryptographic module returns an error code when the checkpoint record stored in the database does not match the one of the one or more checkpoint records stored in the memory.
  - 21. The system of claim 19, wherein the cryptographic module updates the checkpoint record to be stored in the database after the cryptographic module processes the new request from the user.
  - 22. The system of claim 18, wherein the request is one or more of the group consisting of a print request, a reset request and a refund request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stamps.com, Inc.
Original Assignee
Stamps.com, Inc.
Inventors
Chow, William W., Ogg, Craig L.
Primary Examiner(s)
Augustin; Evens J

Application Number

US12/606,814
Publication Number

US 20100042545A1
Time in Patent Office

700 Days
Field of Search

705/60, 705/401, 705/410
US Class Current

705/60
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

G07B 17/0008   Communication details outsi...

G07B 17/00733   Cryptography or similar spe...

G07B 2017/00056   Client-server

G07B 2017/00064   Virtual meter, online stamp...

G07B 2017/00145   via the Internet

G07B 2017/00201   Open franking system, i.e. ...

G07B 2017/00887   using look-up tables, also ...

G07B 2017/00967   PSD [Postal Security Device...

Cryptographic module for secure processing of value-bearing items

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

183 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic module for secure processing of value-bearing items

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

183 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links