Cryptographic module for secure processing of value-bearing items
First Claim
1. A cryptographic device for securing data in a computer network comprising:
- a processor programmed to authenticate a plurality of users on the computer network for generating a postal indicium;
a memory for storing a data record for ensuring authenticity of a user;
a cryptographic engine for cryptographically protecting the data record; and
an interface for communicating with the computer network,wherein the data record includes an ascending register value, a descending register value, a cryptographic device ID, a key token for an indicium signing key, at least one user secret, a key for encrypting the at least one user secret, date and time of last transaction, expiration dates for keys, and a passphrase repetition list.
4 Assignments
0 Petitions
Accused Products
Abstract
An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a central database is disclosed. The cryptographic modules are capable of implementing the USPS Information Based Indicia Program Postal Security Device Performance Criteria and other required VBI standards. The modules encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters.
-
Citations
39 Claims
-
1. A cryptographic device for securing data in a computer network comprising:
-
a processor programmed to authenticate a plurality of users on the computer network for generating a postal indicium; a memory for storing a data record for ensuring authenticity of a user; a cryptographic engine for cryptographically protecting the data record; and an interface for communicating with the computer network, wherein the data record includes an ascending register value, a descending register value, a cryptographic device ID, a key token for an indicium signing key, at least one user secret, a key for encrypting the at least one user secret, date and time of last transaction, expiration dates for keys, and a passphrase repetition list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for securing data in a computer network comprising:
-
a server system configured to communicate with a plurality of client systems via the computer network, the server system including a plurality of cryptographic devices, each cryptographic device comprising; a processor programmed to authenticate a plurality of users on the computer network for secure processing of a value bearing item; a memory for storing a data record for ensuring authenticity of a user; a cryptographic engine for cryptographically protecting the data record; and an interface for communicating with the computer network, wherein the data record includes an ascending register value, a descending register value, a respective cryptographic device ID, at least one user secret, a key for encrypting the at least one user secret, date and time of last transaction, passphrase repetition list and expiration dates for keys. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A system for securing data in a wide area computer network comprising:
-
a database including information about one or more users using a plurality of user terminals; a plurality of cryptographic devices remote from the plurality of user terminals and coupled to the computer network, wherein each of the cryptographic devices includes a computer executable code for authenticating one or more users; and a plurality of security device transaction data records stored in the database for ensuring authenticity of the one or more users, wherein each security device transaction data record is related to a user, wherein each of the cryptographic devices is capable of authenticating an identity of each user and authenticating each user for a role, the role limiting each user to a subset of operations performed by the system, wherein each of the plurality of cryptographic devices is programmed to receive any of the plurality of security device transaction data records, and wherein each cryptographic device is not dedicated to particular security device transaction data records. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A security system for securing data in a computer network comprising:
-
a plurality of cryptographic devices coupled to the computer network, wherein each cryptographic device includes a computer executable code for authenticating a plurality of users and verifying that an authenticated user is authorized to assume a role, and wherein each cryptographic device is capable of performing value management functions for the plurality of users; and a plurality of security device transaction data records for ensuring authenticity of the plurality of users, wherein each security device transaction data record is related to a user, wherein each cryptographic device is not dedicated to particular users, and wherein each cryptographic device is programmable to service any of the plurality of users. - View Dependent Claims (35, 36, 37, 38, 39)
-
Specification