Cryptographic module for secure processing of value-bearing items
First Claim
1. A cryptographic device for securing data in a computer network comprising:
- a processor programmed to authenticate a plurality of users on the computer network for generating a postal indicium, using a plurality of challenges;
a memory for storing a data record for ensuring authenticity of a user, the data record including a key for encrypting a user secret, a private key for signing the challenges, and a last challenge received from a client subsystem of the user;
a cryptographic engine for cryptographically protecting the data record; and
an interface for communicating with the computer network, wherein when the cryptographic device receives a new challenge message from the client subsystem, the processor is configured to respond by signing the received challenge with the stored private key and send a ciphertext back to the client subsystem to be compared with the new challenge message.
4 Assignments
0 Petitions
Accused Products
Abstract
An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a central database is disclosed. The cryptographic modules are capable of implementing the USPS Information Based Indicia Program Postal Security Device Performance Criteria and other required VBI standards. The modules encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters.
195 Citations
23 Claims
-
1. A cryptographic device for securing data in a computer network comprising:
-
a processor programmed to authenticate a plurality of users on the computer network for generating a postal indicium, using a plurality of challenges; a memory for storing a data record for ensuring authenticity of a user, the data record including a key for encrypting a user secret, a private key for signing the challenges, and a last challenge received from a client subsystem of the user; a cryptographic engine for cryptographically protecting the data record; and an interface for communicating with the computer network, wherein when the cryptographic device receives a new challenge message from the client subsystem, the processor is configured to respond by signing the received challenge with the stored private key and send a ciphertext back to the client subsystem to be compared with the new challenge message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for securing data in a computer network comprising:
a server system configured to communicate with a plurality of client systems via the computer network, the server system including a plurality of cryptographic devices, each cryptographic device comprising; a processor programmed to authenticate the plurality of users on the computer network for generating a postal indicium, using a plurality of challenges; a memory for storing a data record for ensuring authenticity of a respective one of the plurality of users, the data record including a key for encrypting a user secret, a private key for signing the challenges, and a last challenge received from a client subsystem of the respective user; a cryptographic engine for cryptographically protecting the data record; and an interface for communicating with the computer network, wherein when a respective cryptographic device receives a new challenge message from the client subsystem, the processor is configured to respond by signing the received challenge with the stored private key and send a ciphertext back to the client subsystem to be compared with the new challenge message. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
Specification