CA2152835C - Postage payment system with security for sensitive mailer data and enhanced carrier data functionality - Google Patents
Postage payment system with security for sensitive mailer data and enhanced carrier data functionality Download PDFInfo
- Publication number
- CA2152835C CA2152835C CA002152835A CA2152835A CA2152835C CA 2152835 C CA2152835 C CA 2152835C CA 002152835 A CA002152835 A CA 002152835A CA 2152835 A CA2152835 A CA 2152835A CA 2152835 C CA2152835 C CA 2152835C
- Authority
- CA
- Canada
- Prior art keywords
- mailpiece
- mailer
- data
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00459—Details relating to mailpieces in a franking system
- G07B17/00508—Printing or attaching on mailpieces
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00435—Details specific to central, non-customer apparatus, e.g. servers at post office or vendor
- G07B2017/00443—Verification of mailpieces, e.g. by checking databases
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00435—Details specific to central, non-customer apparatus, e.g. servers at post office or vendor
- G07B2017/00451—Address hygiene, i.e. checking and correcting addresses to be printed on mail pieces using address databases
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00459—Details relating to mailpieces in a franking system
- G07B17/00508—Printing or attaching on mailpieces
- G07B2017/00572—Details of printed item
- G07B2017/0058—Printing of code
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00459—Details relating to mailpieces in a franking system
- G07B17/00508—Printing or attaching on mailpieces
- G07B2017/00572—Details of printed item
- G07B2017/0058—Printing of code
- G07B2017/00588—Barcode
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00459—Details relating to mailpieces in a franking system
- G07B17/00508—Printing or attaching on mailpieces
- G07B2017/00572—Details of printed item
- G07B2017/00596—Printing of address
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00741—Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
- G07B2017/00758—Asymmetric, public-key algorithms, e.g. RSA, Elgamal
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00935—Passwords
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00951—Error handling, e.g. EDC (Error Detection Codes)
Abstract
A method and system for processing mail including imprinting on a mailpiece mailer identification information. Data is encrypted relative to the mailpiece with a private key associated with the mailer identification information. The private key also has an associated public key. The encrypted data is imprinted on the mailpiece and the mailpiece is placed in a mail delivery stream of a mail carrier. The mail is thereafter processed to determine from the mailer identification information thepublic key. The encrypted data is decrypted with the public key to authenticate the mailer and the mailers billing records are updated for mailer charges associated with the mailpiece. The addressee information for the mailpiece may be included as part of the encrypted data for mailpiece authentication.
The billing record of the mailer may be encrypted with the mailer public key and transmitted to the mailer. The various mailpieces of the mailer deposited with the carrier service may be consolidated into a single encrypted statement and provided to the mailer, either in physical form or electronically along with other information including address hygiene, availability of special services from thecarrier and the like. Authentication and receipt of the mailpiece are provided using an encrypted data on the mailpiece which may include an encryption of the hash function of data associated with the mailpiece being delivered or of the content of the mailpiece being delivered. the hash code may be generated by the mailer, carrier or the recipient.
The billing record of the mailer may be encrypted with the mailer public key and transmitted to the mailer. The various mailpieces of the mailer deposited with the carrier service may be consolidated into a single encrypted statement and provided to the mailer, either in physical form or electronically along with other information including address hygiene, availability of special services from thecarrier and the like. Authentication and receipt of the mailpiece are provided using an encrypted data on the mailpiece which may include an encryption of the hash function of data associated with the mailpiece being delivered or of the content of the mailpiece being delivered. the hash code may be generated by the mailer, carrier or the recipient.
Description
~ E-243 2~283~
POSTAGE PAYMENT SYSTEM WITH SECURITY FOR SENSITIVE
MAILER DATA AND ENHANCED CARRIER DATA FUNCTIONALITY
Field of the Invention The present invention relates to postage payment systems and, more particularly, to a payment system for delivery of mail and parcels where the charges for the delivery and/or any special services are invoiced to the mailer by a carrier such as a p~stal service or private delivery service.
Backqround of the Invention Postage payment systems have been developed employing postage meters, which are mass produced devices for printing a defined unit value for governmental (such as tax stamps, or postage stamp) or private carrier delivery of parcels and envelopes. These postage meter systems involve both pre-payment of postal charges by the mailer (prior to postage value imprinting) and post payment of postal charges by the mailer (subsequent to postage value imprinting). Postal charges (or other terms referring to postal) as used herein should be understood to mean charges for either postal charges, tax charges, or private carrier charges or the like (or postal service, tax service or private carrier service, as the case may be).Some of the varied types of postage metering systems are shown, for example, in U.S. Patent No. 3,978,457 for MICROCOMPUTERIZED ELECTRONIC
POSTAGE METER SYSTEM, issued August 31,1976; U.S. Patent No. 4,301,507 for ELECTRONIC POSTAGE METER HAVING PLURAL COMPUTING SYSTEMS, issued November 17, 1981; and U.S. Patent No. 4,579,054 for STAND ALONG
ELECTRONIC MAILING MACHINE, issued April 1, 1986. Moreover, other types of metering systems have been developed which involve different printing systems ~ 2l~283s 5 such as those employing thermal printers, ink jet printers, mechanical printers and other types of printing technologies. Examples of these other types of electronic postage meters are described in U.S. Patent No. 4,168,533 for MICROCOMPUTER
MINIATURE POSTAGE METER, issued September 18, 1979 and, U.S. Patent No.
4,493,252 for POSTAGE PRINTING APPARATUS HAVING A MOVABLE PRINT
HEAD AND A PRINT DRUM, issued January 15, 1985. These systems enable the postage meter to print variable information, which may be alphanumeric and graphic type information.
Postage metering systems have also been developed which employ encrypted information on a mailpiece. The postage value for a mailpiece may be 15 encrypted together with other data to generate a digital token. A digital token is encrypted information that authenticates the information imprinted on a mailpiece such as postage value. Examples of postage metering systems which generate and employ digil:al tokens are described in U.S. Patent No. 4,757,537 for SYSTEM FORDETECTING UNACCOUNTED FOR PRINTING IN A VALUE PRINTING SYSTEM, 20 issued July 12, 1988; U.S. Patent No. 4,831,555 for SECURE POSTAGE
APPLYING SYSTEM, issued May 15, 1989; U.S. Patent No. 4,775,246 for SYSTEM
FOR DETECTING UNACCOUNTED FOR PRINTING IN A VALUE PRINTING
SYSTEM, issued October 4, 1988; U.S. Patent No. 4,873,645 for SECURE
POSTAGE DISPENSING SYSTEM, issued October 10, 1989 and, U.S. Patent No.
25 4,725,718 for POSTAGE AND MAILING INFORMATION APPLYING SYSTEMS, issued February 16, 1988. These systems, which may utilize a device termed a Postage Evidencir,g Device (PED), employ an encryption algorithm which is utilized to encrypt selected information to generate the digital token. The encryption of the information provides security to prevent altering of the printed information in a 30 manner such that any change in a postal revenue block is detectable by appropriate verification procedures.
~ 21~2~35 Encryption systems have also been proposed where accounting for postage payment occurs at a time subsequent to the printing of postage. Systems of this type are disclosed in U.S. Patent No. 4,796,193 for POSTAGE PAYMENT SYSTEM
FOR ACCOUNTING FOR POSTAGE PAYMENT OCCURS AT A TIME
SUBSEQUENT~ TO THE PRINTING OF THE POSTAGE AND EMPLOYING A
VISUAL MARKING IMPRINTED ON THE MAILPIECE TO SHOW THAT
ACCOUNTING HAS OCCURRED, issued January 3, 1989; U.S. Patent No.
5,293,319 for POSTAGE METERING SYSTEM, issued March 8, 1994; and, U.S.
Patent Application Serial No. 882,871, for POSTAGE PAYMENT SYSTEM
EMPLOYING ENCRYPTION TECHNIQUES AND ACCOUNTING FOR POSTAGE
PAYMENT AT A TIME SUBSEQUENT TO THE PRINTING OF POSTAGE filed July 7,1986 by Wojciech M. Chrosny and assigned to Pitney Bowes, Inc., or its Canadian counterpart patent No.1 301 336.
Summary of the Invention It has been discovered that a public key cryptographic system can be employed in postage payment systems to greatly enhance the features and functionality of the system. This provides the ability of a carrier to securely and accurately invoice a mailer for mail placed into a postage system.
It has also been discovered that by the employment of a public key cryptographic system that a postage payment system can be provided where the payment is based on an invoice provided by the carrier which provides enhanced billing or marketing or demographic or other information, securely to the mailerutilizing the mailer billing information.
It has been further discovered that various unique services to authenticate and verify the delivery, receipt or even receipt for the specific content of themailpieces and parcels can be achieved.
~ 3S
It has still further been discovered that by utilizing the system, address hygiene information can be securely transmitted to the mailer by the carrier such that this information can be a value added service along with other services provided by the carrier.
In accordance with the present invention a method for mail processing includes imprinting on a mailpiece mai!er identification information. Data relative to the mailpiece is encrypted with a private key associated with the imprinted mailer identification information. The private key also has an associated a public key. The encrypted data is imprinted on the mailpiece. The mailpiece is placed in a mail delivery stream of a mailpiece carrier. The mail is processed to determine the mailer identification information. Using the mailer identification information the public key is obtained and used to decrypt the encrypted data to authenticate the mailer. The billing records for the mailer are updated for charges associated with the mailpiece.
A system embodying the present invention includes processing mail, printing means for imprinting information on a mailpiece and means for causing the printing means to imprint on the mailpiece mailer identification information. Means are coupled to said printing means for encrypting data relative to said mailpiece with a private key associated with the mailer identification information, the private key having an associated public key. Means cause the printing means to imprint on the mailpiece the encrypted data. Means process the mailpiece to determine the mailer identification information. A public key database is coupled to the processing means such that the determined mail identification data is utilized to retrieve the public key. Means for decrypting the encrypted data with said retrieved public key to authenticate the mailpiece mailer. Means are coupled to said decrypting meansfor generating a billing record for said mailer for charges associated with saidmailpieces.
2~ ~28~
In accordance with a feature of the invention, a method for generating an electronic receipt for a mailpieces, includes the steps of receiving a mailpiece and determining from the mailpiece mailer identification data and mailpiece identification data. The mailer identification data and the mailpiece identification data and recipient identification data are encrypted with a recipient private key, recipient private key having an associated public key. The encrypted data and the recipient identification data re transmitted to the mailer.
In accordance with still another feature of the present invention, method for generating an encrypted receipt to authenticate the receipt of a mailpiece, includes, generating a hash code for the information of a mailpiece and encrypting the generated hash code for the mailpiece with a first private key to generate an encrypted hash code of the mailpiece information, the private key having an associated lFirst public key. The mailpiece along the encrypted hash code are transmitted. The mailpiece and the encrypted hash code are received by a recipient and the encrypted hash code is encrypted with a second private key, the second private key associated with said recipient said having an associated second public key.
In accordance with yet another feature of the present invention, method for processing mail includes generating a mailpiece and generating a hash code of the content of the mailpiece. The encrypted hash code is encrypted and the mail is imprinted with addressee data and the encrypted hash code.
Brief Summarv of the Drawin~s A complete understanding of the present invention may be obtained from the following detailed description of the preferred embodiment thereof, when taken in conjunction with the accompanying drawings, wherein like reference numerals designate similar elements in the various figures, and in which:
21~2~35 FIGURE 1 is a mailpiece having encrypted information imprinted thereon in accordance with the present invention which is thereafter utilized by a carrier in generating billing information and utilized to provide additional verifications and information and services to a mailer;
FIGURE 2 is a block diagram of a mail generation system suitable for preparing the mailpiece shown in Figure 1;
FIGURE 3 is a flow chart of the operation of the system shown in Figure 2 in generating the mailpiece shown in Figure 1;
FIGURE 4 is a block diagram of a carrier processing system for the generation of billing records;
FIGURE 5 is a flow chart of the operation of the carrier mail processing system shown in Figure 4;
FIGURE 6 is a flow chart of the bill generation process employed by a carrier;
FIGURE 7 is a flow chart of the.operations performed by a mailer in processing a bill received from the carrier; and, FIGURE 8 is a flow chart of the process by a carrier to provide enhanced services to the mailer.
Detailed Description of the Preferred Embocliment 1. General Background A public key cryptographic system is used for identification of mailers. A
carrier such as a postal service or private delivery service, or a third trusted party, generates a pair of private/public keys for each mailer. Each mailer may also obtain a certificate with his private key. The certificate is digitally singed by the post (or a third trusted party) with its private key, thus authenticating the mailer. The certificate can be in the form of a smart card or PCMCIA card, both of which can be used with a standard personal computer.
21S2~35 The public keys for the mailers are published in a directory that is distributedto all mail processing services for use in machines with scanning capabilities.
Examples of equipment with such scanning capability are advanced postal service facer/cancelers, MULTILINE OPTICAL CHARACTER RECOGNITION SORTERS
and barcode sorters. Each mailer protects his or her private key just as in any other public key cryptographic system, for example, by a password, personal identification number (PIN) or a cryptographic protocol designed for use with a personal computer or other device which functions as part of a mail generating system. Key update,revocation, initialization and other procedures are well known and described, for example, in key management standards, as for example, the X9.17 standards/published by X.9 Secretariat, American Bankers Association, 1120 Connecticul: Avenue, N.W., Washington, DC 20036, dated April 4, 1985 or ANSI/ABA X9.24 -1992, dated April 6, 1992.
As part of the mail generation process, first, for each mail piece to be generated, the mailer determines: the date, desired level of service, such as delivery date and special insurance, or returned receipt, etc. The mailer may also determine the postal rate for the piece and desired destination address. This information (or portion of it~ together with a mailer's identification (such as a 10 digit number) is encrypted with the mailer's private key. The resulted ciphertext is printed in amachine readable format together with the mailer's identification printed in a plaintext on the surface of the mailpiece or parcel or mailing label or tag.
Upon receiving the mail piece, postal processing equipment scans the mail piece and determines mailer's identification from the plain text mentioned above.
The identification serves as a pointer in the directory of public keys assigned to mailers. This allows the postal mail processing machine to quickly retrieve the public key matching the mailers private key that is needed to decrypt the remaining information obtained by scanning the ciphertext printed on a mail piece. This 2ls283~
decrypted information is used to generate billing data that can be used for customer's billing. In case that customer determined rate does not match postal rate, the data can be verified manually or go through a dispute or other resolution process.
An important advantage of the above arrangement is that the mailer can not repudiate hls ownership of the mail piece and then the postpayment billing for the mailpiece, since only the mailer was in possession of the matching private key. The copying of the data printed on a mailpiece by a third party does not make much economic sense since the address destination information is encrypted together with mailer's identity. Thus, a copy would have to be sent to the same destination which usually not practical. Mailpieces, that do not display mailer's identification in one way or another can not be processed in this manner because the mailer's or associated public key must be identified and used in the decryption process. As an alternative to the mailer identification, the mailer's identification can, if desired, be uniquely determined from the return address.
Another important advantage of the system is that delivery confirmations can be effectively organized. The mail recipient can digitally sign by encrypting a message containing unique sender identification and unique mail piece identification with his own private key. The mail sender upon receiving the confirmation can decrypt the mail receiver signature with the mail recipient public key. This provides for non repudiation of receipt, which can be an important aspect in the case of legal disputes, as for example, the receipt of negotiable securities by a bank or other institution which will normally provide a receipt.
The billing information can be encrypted by the carrier for privacy. This protects the m sent, addresses, postage paid, delivery confirmation etc. with the mailer's public key (the same that was used to decrypt mailer's authentication block on the mailpiece).
Then, only the legitimate mailer who is in possession of the matching private key will 2ls2835 5 be able to decrypt the billing data, reconcile it with the mailer's own records and initiate payment of the bill or other appropriate action.
The entire process can be made transparent to the mailer by prearranging appropriate communication protocols such as those used in electronic data interchange (EDI) or by printing the same information a record with a suitable 10 density two dimensional bar code such as PDF 417 or Code 1. This arrangement allows for a proof of expenses paid which may be useful for taxation purposes.
There are multiple advantages of the present system. It offers highly flexible service of absent some unusual circumstances. Each mailpiece is uniquely identified. Thus, tracking and tracing become very effective and allows for service monitoring.
The use of a public key encryption system for post charge system for mail delivery services provides a major advantage in key management. Specifically, with a public key system, the management of the private key used by the mailer to encrypt the mailpiece identification is not as difficult and burdensome a task as in a secret key encryption system. This is because the private key used by the mailer in 20 a public key system envisions a matching public key used by the carrier service to decrypt the encryption. Thus, the decryption of the authentication block becomes a simple matter of identifying the mailers public key, which identification can beentered onto the mailpiece itself. In sharp contrast, the use of a secret key encryption system where both the mailer and the carrier are required to have the25 same secret key involves a much greater burden in key management. This is because security of the key must be maintained at both the mailer and the carrier locations. l hus, for a carrier location where access to the key may be required by multiple people on different days and under different circumstances, key management, and more specifically, the security of the key management, may 30 become a major obstacle to implementing, in a practical sense, systems of this type.
21~2~3~
Furthermore, in the public key system as described herein, should the mailers private key used for encryption become compromised, the mailer simply need inform the carrier services which can thereafter deactivate the mailer private key for the particular account. Lockout and time changes can be instituted as a matter of routine to provide enhanced security.
The employment of a public key system should reduce billing disputes due to allegations of compromise of the secret key by the carrier with subsequent improper billing of the mailer. Since only the mailer has the private key, and only very limited number of carrier personnel associated with issuing the secret key to the mailer, and since decryption is implemented using the mailers public key, compromise of the mailer's private key which may result in billing for services not rendered or not requested, is, for all practical purposes, within the responsibility of the mailer.
An important feature of the present invention is that the post office can use billing as an effective communication channel to mailers. Together with the bill, many different services, discounted rates and other information can be passed tomailers. For example, if the post office or carrier service wishes to improve its capacity utilization in a given geographic area, it can communicate selectively to mailers in the area the availability of lower rates for mailers mailing from such a geographic area. Other examples include advertising goods and services for otherbusiness, providing mailing lists to mailers, address hygiene, etc. It should beexpressly noted that the bill (together with the just mentioned advertising and promotional information) can be sent to mailers either via traditional mail or through a telecommunications channel such as a modem and public telephone network.
Il. Mailer System Reference is now made to FIGURE 1. A mailpiece 100 is imprinted with data blocks 102, 104, 106, 108, 1 10 and 1 12. Block 102 is the destination address.
Block 104 is the origination address, which may uniquely identify the mailer. Block ~ , 2ls283s 106 is the mailer's unique identification number (MID) in this case 112345678907.
Block 108 represents service data required by the mailer and a unique identification for the mailpiece. Block 108, specifically 01 02 33 1234567, is formed as follows.
The first two digits "01" may represent a type of mail or a mail class that would typically be indicative of required delivery time, e.g. within 3 days. The second two digits "02" rnay represent a rating parameters such as weight, size etc. The use of rating parameters is described in pending patent application serial No. 08/133,398, filed October 8, 1992 for Pintsov et al, entitled POSTAL RATING SYSTEM WITH
VERIFIABLE INTEGRITY and assigned to Pitney Bowes Inc., the entire disclosure of which is hereby incorporated by reference. Combination of such parameters canbe encoded with more than two digits if needed. For example, if there are 20 different weight categories and 6 different size classes, then the total number of possible combinations is 6 x 20 = 120. Each combination can be encoded with three digit number. The third group of two digits "33" may represent a service requiremenl:, such as, insured letter with a confirmation of delivery. The last group of digits "1234567' is a unique mail piece identification. This may also be a consecutive non-resettable count of the mail generation system shown in FIGURE 2.
Block 112 represents the date of mailing (i.e. the date when the mailpiece was deposited and under control of the carrier), in this case May 31, 1994. The date is used among other things to verify mailer's public key certificate validity, which may have an expiration date. Block 114 represents the digital signature, SIG
in hexadecimal notation, of the mailpiece's content signed with mailer's private key.
Finally, the group of digits "012377356779568346" labeled 1 10 is postal (or carrier) authentication block (PAB). This block is obtained by encrypting blocks MID, MSDand delivery address data (DAD) and Date with the mailer's private key SKm. Thus, PAB = Encryp SKm [MID, MSD, DAD, DATE].
-~ 21 ~83~
PAB can be interpreted as a digital signature of the mailer, which provides the properties of origin authentication, data integrity and signer nonrepudiation.
Additionally check digits and other redundancy can be added to the data blocks MID, MSD, DAD, DATE and PAB to facilitate eflective error free scanning. It should be expressly noted that the PAB can be quite large and contain several hundreds bytes of data depending on the type of a public key cryptographic system used. In this case the PAB can be printed in a suitable two dimensional bar code such as PDF 417. Bar code representation 116 is merely a representation of the type of bar code that can be employed and can be printed at any suitable location on the envelope. Such bar code arrangement may be preferable from the scanning point ofview depending on the scanning equipment employed. It should be also noted that the PAB block can be printed either on the surface of the mailing envelope, or on a label, or on the address bearing document in such a manner that the block PAB iscontained within the window of the mailing envelope.
It should be understood that the mailer identification (MID) may or may not be encrypted into the block PAB. The block PAB can not be decrypted to authenticatethe mailer without knowledge of the mailer's public key. This key can be found only if the mailer's identification is known. Thus, if mailer's identification is not encrypted into PAB and it is deliberately or inadvertently altered, the mailpiece cannot be authenticated. It is possible in principle to find the mailer's identification from he originating address 104, but this is more cumbersome since it usually requires areliable automatic reading of multiple lines of alphanumeric data in the block 104 as opposed to reading of just a string of numerals.
Reference is now made to FIGURE 2. FIGURE 2 is a block diagram of a mail generation system suitable for use with the present invention and for printing the mailpiece shown in FIGURE 1. A personal computer 202 equipped with a smart card reader 204 and card 206 or other arrangement such as employing a PCMCIA
21~3~
or a smart diskette, and a printer 208 suitable for printing information either on a address bearing document or on a mailing envelope such as mail piece 100. The system may also include a scanner 210 and a link 212 to a public or other network.
This scanner and link may be utilized to obtain data or other information to be imprinted on the mailpiece 100. The scanner would obtain the data or other information by scanning documents, and the link would obtain the data or other information via a public or private network.
Reference is now made to FIGURE 3. For each mailpiece, the destination address is obtained and the delivery address data block (DAD) is computed at 302.
The mailer identification (MID) and mailpiece identification (Piece Count) are then retrieved at 304. At 306 the mailpiece rating parameters are entered and the service required data, that is the level of service and service features required by the mailer, are then determined to compute the mail service data block (MSD). The mailer then enters the PIN number or password to enable the encryption to proceed with the mailers private key, SKM at 308. At 310 the postal authentication block(PAB) is computed in accordance with the function that PAB equals the encryptionby the mailer using the secret key SKM of the data, MID, MSD, DAD, and DATE. It should be recognized that the postal authentication block and the data encrypted is a matter of choice and convention established by the carrier.
The mailer then enters the mailers origination address at 312. It should be noted that the mailers origination address and the block 106 on mailpiece 100 shown in FIGURE 1 should desirably be consistent and to provide a form of verification for the carrier as a matter of data consistency to insure that no processing errors have occurred. Moreover, such consistency also provides a level of security since both a visually readable and identifiable mailer origination address is consistent with the less easily interpreted ~requiring a lookup table) mailer unique identification number.
21S283~
At 314 error detection/correction codes are computed to be printed on the mailpiece to provide additional level of redundancy for automatic scanning and processing of the mail to verify the entry and printing of the consistent data by the mailer. It also provides by virtue of the redundancy consistent automatic reading of information for billing purposes and for mail processing purposes. This allows rapid and easy detection of errors in the processing of the mailpiece and, if appropriate, correction of such detected errors, as for example, scanning errors. Finally, at 316, the mailpiece is imprinted with the origination address, the destination address, the MID, the MSD, the PAB, DATE and the error detection correction codes. The process thereafter loops back and continues for the next mailpiece.
Reference is now made to FIGURE 7 which is a flow chart of the operations performed by the mailer in processing a bill received from the carrier. A bill is received from a carrier either in hard copy form or via a modem at 702. A
determination is then made at 704 whether the bill is in hard copy form in whichcase the bill is scanned at 706. In either case, either by scanning or by processing, the encrypted billing data including the bill identification is obtained at 708. The encrypted information is decrypted by the mailer using the mailers private key SKM
at 710. The billing data is thereafter verified against the mailers own records at 712.
If a determination is made at 714 that the carrier's bill data and the mailer's records match, the mailer may authorize payment of the bill at 716. If no match occurs, the matter is scheduled for resolution at 718. The payment by the mailer may be by electronic funds transfer.
Ill. Carrier System Reference is now made to FIGURE 4 which is a block diagram of a carrier processing system for generation of billing records. Mailpieces, such as mailpiece 100, are moved by a mail feeder 402 to a scanner 404 for scanning. The scanned document includes among other things the scanning of the various barcoded 2l~283~
5 information imprinted on the mailpiece. The scanning of the MID provides the information which is sent to the local computer 406 to retrieve from a public key database the public key associate with the mailer of the mailpiece being scanned.
The public key so recovered is used to decrypt the encryption of the MID, MSD, DAD, and DATE data, using the mailers private key SKM. This allows the 10 computer to generate the necessary data for billing which may either be retained at the local computer 406 or communicated to a central billing computer 408 where billing records and billing database may be maintained. The mail passing the scanner is thereafter sent to sorting bins at 410 for further physical processing to allow expedited delivery of the mail and parcels.
Reference is now made to FIGURE 5 which delineates in greater detail the operation of the mail carrier processing system shown in FIGURE 4. At 502 the mailpiece is scanned to obtain data from the mailpiece. This data includes mailers identification data (MID), destination address data (DAD), mailers required service data (MSD), postal authentication block (PAB~ and DATE. Thereafter, using the 20 mailers identification (MID), the mailers public key (PKM) is retrieved from the public key database at 504. Additionally, if desired, a process may be implemented to check the expiration date of the public key PKM against the data of the imprinted mail. This is to insure that mailers are not using expired private keys to encrypt their mail and provides a level of security where mailers private encryption keys expire in 25 a preset period of time. This insures that only mail from legitimate subscribers to the service is processed. Thus, an individual mailer which at one time was a legitimate subscriber who allowed the subscription to the service to expire, may be identified to allow processing or rejection of the mailpiece depending upon the policy and practice of the carrier. At decision block 506 a determination is made whether 30 the time has expired such that the mailers key is no longer valid. If this is the case, the mailpiece is rejected at 508.
~ 2l~283~
If the key of the mailer is still valid, the carrier then decrypts the postal authentication block (PAB) using the mailers public key PKM at 510. This enablesthe carrier to obtain the mailers required service data (MSD) and the destination address dalta (DAD). Additionally, as a result of the decryption the data blocks MID, MSD, DAD and DATE become available in plaintext for processing by the carrier.
This data can be used to schedule the delivery of the mailpiece and in conjunction with the scheduling of the sorters such that mail requiring next day delivery is sorted differently than mailpieces requiring normal delivery and other special services such as certified mail, registered mail, insured mail, or other forms of express delivery mail are also appropriately sorted. The destination address data (DAD) is obtained from the decryption of the postal authentication block (PAD) is then compared with the destination address (DAD) printed in plaintext on the mailpiece at 512. If amatch does not occur at decision block 514 the mailpiece is rejected at 516. If however, a match does occur, the mailers required service data MSD and mailer identification data MID is utilized to update the mailers billing records in the local computer or central computer as the case may be at 518. The mailpiece is thereafter is sorted at 520 for further processing. The processes thereafter loops back and continues for the next mailpiece.
Reference is now made to FIGURE 6 which is a flow chart of the bill generation process employed by the carrier. The postal central computer updates and maintains billing records and also generate bills, as is a normal and well known process in billing traditional functions. In addition to traditional functions, however, this computer can provide for privacy of the billing data by encrypting this data with the mailer's public key PKm before printing it or sending such data via public telecommunication network. The format of the data can be agreed upon beforehand. In this case, the receiving party (the mailer) would be able to automatically interpret the data upon decrypting it with his or her private key SKm.
21~2~3~
5 This way the data is available only to the party in possession of the SKm, i.e. the mailer.
The Iprocess begins at 602 and loops for each mailpiece and each mailer identification. Thus, at 604 the mailers required service data (MSD) and mailpiece identification (piececount) are received for a particular mailer identification. The postal charges for the mailpiece are computed at 606. At 608 the billing record is updated for the mailer. The billing records are closed at the end of a billing cycle.
This enables the carrier to generate a bill for the mailer. The process includes the generation of a bill identification. The billing record is thereafter encrypted at 610 with the mailers public key PKM.
Additional information of value to the mailer may also be encrypted or provided in a plaintext format at 610 such as additional services available, special discounts available as for example for mail delivered between certain dates or certain times or certain destinations. Also address hygiene information and other information of value to the mailer may be encrypted and provided to the mailer. This 20 allows the carrier to process a mailer's bill and provide additional services to the mailer whicl- are returned to the mailer with the mailers bill in encrypted format or non-encrypl:ed format as mailer may desire. Thus, if the billing information is encrypted only the mailer who has possession of the mailer's private key SKM candecrypt and process the bill. The billing record is then printed at 612 and sent to the 25 mailer. Alternatively, the bill can be an electronic billing file which is electronically communicated to the mailer for payment or automatic funds transfer from a mailers account.
At 614 additional information may be added to the mailers bill such as additional advertising and promotional data. This may be incorporated in the 30 mailpiece in accordance with various topping-off arrangement, if desired, where there is available additional capacity in the mailpiece which would avoid going 2~283~
5 through a postage weight break. This enables unused (but charged for) space inthe envelope to be utilized. The final mailpiece bill is assembled and sent to the mailer at 614 if this optional additional feature is utilized (rather than having the mailpiece bill sent to the mailer at 612. The information encrypted by the carrier with the mailer's public key PKM may be the billing date alone, the additional 10 information (or part of it alone) or both the billing data and the additional information (or part of it).
Reference is now made to FIGURE 8 which is flowchart of the process by the carrier to provide enhanced services to the mailer. The mail recipient can effectively confirm the receipt of a mailpiece. For this purpose, mail recipient upon receiving a 15 mailpiece with delivery confirmation obtains the sender (mailer's) MID and the unique mailpiece identification PC (Piece Count) from the received mailpiece.
These two numbers uniquely identify the mailpiece. The receiving party then encrypts these two numbers with his own (recipient's) private key SKr and prints a receipt with a receiver authentication block RAB (which constitutes a digital receipt).
20 RAB is as follows:
RAB = {Encryp SKr [MID, PC, RDATE], RID, }, where RID is the unique receiver identification number and RDATE is the date of 25 receiving the mailpiece. The RID may be the same as the mailer identification data used by the receiver to process mail to be sent, i.e. when the recei~er is an originating mailer.
The receipt can now be sent to the sender via regular or electronic communication, or it can be included with the mailer's bill. Upon receiving such30 receipt, the original mailer would have to create an electronic copy of RAB (if it arrives in a hard c~py) by scanning the receipt, and then find the receiver's public 2~283S
5 key PKr in a postal public key directory using RID (receiver's identification). The encrypted portion of RAB is then decrypted to obtain MID and PC:
[~/IID, PC, RDATE] = Decryp PKr {EncrypSKr[MlD, PC, RDATE]}.
MID and PC can now be compared with the mailer's records and the match would serve as a confirmation of receipt for the mailpiece.
Since only the receiver is in possession of SKr, he or she can not repudiate the fact of receiving of the mailpiece.
This process can be extended to authenticate the mailpiece content, and not only the fact of sending/receiving the mailpiece. The sender creates a hash value of the information printed in the letter (mailpiece) and encrypt this hash value with sender's private key (a process referred to as digital signature):
SIG - Encrypt SKm {Hash(LlNFO)}, where LINFO is information contained in the letter. This information is represented by ASCII file or any other suitable computer format. Digital Signatures are known and described in detail, for example, in Contemporary Cryptology, ed. G. Simmons, IEEE Press, 1993.
The digital signature SIG can be printed either in the address block window, or in some other suitable place on the mailing envelope in such a manner that the carrier will be able to scan it and store it together with mailers identification ID, mailpiece iclentification ID and a unique identification of the destination address (such as delivery point postal code). The sender can ask the carrier (serving as a trusted thircl party) to produce evidence that the mailpiece with a given signature was in fact delivered on a given date. Of course, the receiver can always claim that ~ 2~283~
5 the content of the letter he received mismatch the signature, but would have to produce the evidence to that effect, and, moreover, if the original letter contained a traditional signature and printed on an appropriate stationary etc., such a claim would be difficult to prove. The digital signature can also be included with the bill together with the digital receipt of delivery.
Another method to certify the content of mailpieces is possible with a hybrid mail. In this case the mailer sends (via telecommunication lines) to the carrier a digital representation of desired messages. The carrier then distributes messages also electronically via telecommunication lines to carrier offices with locations closest to desired final destinations. Messages are then printed in these local 15 carrier offices and the physical mail is delivered by in the conventional fashion. In this arrangement, mailer can compute and transmit his or her digital signature together with each message and the carrier stores messages with signatures for further use if necessary. Alternatively, the carrier on behalf of the mailer cancompute digital signatures for each message using its own private key and print 20 them together with message prior to delivery. In either case, the carrier serves as a trusted third party providing non-repudiation service. In this instance the carrier scans multiple mallpieces of the mailer at 802 to obtain the mailers identification data (MID), destination address data (DAD),mailers required service data (MSD), postal authentication block (PAB), DATE and, finally, the mailers electronic 25 signature (SIG). This signature SIG is the encryption using the mailers private key SKM of the hash function of the information contained in the letter (LINFO).
The process in this FIGURE 8 is similar to the process in FIGURE 5 with the addition of the signature information (SIG). The process continues as before andwill not be described in great detail; however, at 804 the mailers public key is30 retrieved and the expiration date retrieved. A determination is made at 806 as to whether the mailer subscription to the carrier service has expired and, if so, the 2l~2835 5 mailpiece is rejected at 808. If not expired, a decryption occurs at 810 using the mailers public key PKM to obtain the necessary data at 812. The destination address data obtained from the plaintext and from the decryption is compared at 814. If a match does not occur, the mailpiece is rejected at 816. If a match does occur, the MSD and MID is sent to update the mailers billing records at 818 and the 10 mailpiece is sorted at 820.
POSTAGE PAYMENT SYSTEM WITH SECURITY FOR SENSITIVE
MAILER DATA AND ENHANCED CARRIER DATA FUNCTIONALITY
Field of the Invention The present invention relates to postage payment systems and, more particularly, to a payment system for delivery of mail and parcels where the charges for the delivery and/or any special services are invoiced to the mailer by a carrier such as a p~stal service or private delivery service.
Backqround of the Invention Postage payment systems have been developed employing postage meters, which are mass produced devices for printing a defined unit value for governmental (such as tax stamps, or postage stamp) or private carrier delivery of parcels and envelopes. These postage meter systems involve both pre-payment of postal charges by the mailer (prior to postage value imprinting) and post payment of postal charges by the mailer (subsequent to postage value imprinting). Postal charges (or other terms referring to postal) as used herein should be understood to mean charges for either postal charges, tax charges, or private carrier charges or the like (or postal service, tax service or private carrier service, as the case may be).Some of the varied types of postage metering systems are shown, for example, in U.S. Patent No. 3,978,457 for MICROCOMPUTERIZED ELECTRONIC
POSTAGE METER SYSTEM, issued August 31,1976; U.S. Patent No. 4,301,507 for ELECTRONIC POSTAGE METER HAVING PLURAL COMPUTING SYSTEMS, issued November 17, 1981; and U.S. Patent No. 4,579,054 for STAND ALONG
ELECTRONIC MAILING MACHINE, issued April 1, 1986. Moreover, other types of metering systems have been developed which involve different printing systems ~ 2l~283s 5 such as those employing thermal printers, ink jet printers, mechanical printers and other types of printing technologies. Examples of these other types of electronic postage meters are described in U.S. Patent No. 4,168,533 for MICROCOMPUTER
MINIATURE POSTAGE METER, issued September 18, 1979 and, U.S. Patent No.
4,493,252 for POSTAGE PRINTING APPARATUS HAVING A MOVABLE PRINT
HEAD AND A PRINT DRUM, issued January 15, 1985. These systems enable the postage meter to print variable information, which may be alphanumeric and graphic type information.
Postage metering systems have also been developed which employ encrypted information on a mailpiece. The postage value for a mailpiece may be 15 encrypted together with other data to generate a digital token. A digital token is encrypted information that authenticates the information imprinted on a mailpiece such as postage value. Examples of postage metering systems which generate and employ digil:al tokens are described in U.S. Patent No. 4,757,537 for SYSTEM FORDETECTING UNACCOUNTED FOR PRINTING IN A VALUE PRINTING SYSTEM, 20 issued July 12, 1988; U.S. Patent No. 4,831,555 for SECURE POSTAGE
APPLYING SYSTEM, issued May 15, 1989; U.S. Patent No. 4,775,246 for SYSTEM
FOR DETECTING UNACCOUNTED FOR PRINTING IN A VALUE PRINTING
SYSTEM, issued October 4, 1988; U.S. Patent No. 4,873,645 for SECURE
POSTAGE DISPENSING SYSTEM, issued October 10, 1989 and, U.S. Patent No.
25 4,725,718 for POSTAGE AND MAILING INFORMATION APPLYING SYSTEMS, issued February 16, 1988. These systems, which may utilize a device termed a Postage Evidencir,g Device (PED), employ an encryption algorithm which is utilized to encrypt selected information to generate the digital token. The encryption of the information provides security to prevent altering of the printed information in a 30 manner such that any change in a postal revenue block is detectable by appropriate verification procedures.
~ 21~2~35 Encryption systems have also been proposed where accounting for postage payment occurs at a time subsequent to the printing of postage. Systems of this type are disclosed in U.S. Patent No. 4,796,193 for POSTAGE PAYMENT SYSTEM
FOR ACCOUNTING FOR POSTAGE PAYMENT OCCURS AT A TIME
SUBSEQUENT~ TO THE PRINTING OF THE POSTAGE AND EMPLOYING A
VISUAL MARKING IMPRINTED ON THE MAILPIECE TO SHOW THAT
ACCOUNTING HAS OCCURRED, issued January 3, 1989; U.S. Patent No.
5,293,319 for POSTAGE METERING SYSTEM, issued March 8, 1994; and, U.S.
Patent Application Serial No. 882,871, for POSTAGE PAYMENT SYSTEM
EMPLOYING ENCRYPTION TECHNIQUES AND ACCOUNTING FOR POSTAGE
PAYMENT AT A TIME SUBSEQUENT TO THE PRINTING OF POSTAGE filed July 7,1986 by Wojciech M. Chrosny and assigned to Pitney Bowes, Inc., or its Canadian counterpart patent No.1 301 336.
Summary of the Invention It has been discovered that a public key cryptographic system can be employed in postage payment systems to greatly enhance the features and functionality of the system. This provides the ability of a carrier to securely and accurately invoice a mailer for mail placed into a postage system.
It has also been discovered that by the employment of a public key cryptographic system that a postage payment system can be provided where the payment is based on an invoice provided by the carrier which provides enhanced billing or marketing or demographic or other information, securely to the mailerutilizing the mailer billing information.
It has been further discovered that various unique services to authenticate and verify the delivery, receipt or even receipt for the specific content of themailpieces and parcels can be achieved.
~ 3S
It has still further been discovered that by utilizing the system, address hygiene information can be securely transmitted to the mailer by the carrier such that this information can be a value added service along with other services provided by the carrier.
In accordance with the present invention a method for mail processing includes imprinting on a mailpiece mai!er identification information. Data relative to the mailpiece is encrypted with a private key associated with the imprinted mailer identification information. The private key also has an associated a public key. The encrypted data is imprinted on the mailpiece. The mailpiece is placed in a mail delivery stream of a mailpiece carrier. The mail is processed to determine the mailer identification information. Using the mailer identification information the public key is obtained and used to decrypt the encrypted data to authenticate the mailer. The billing records for the mailer are updated for charges associated with the mailpiece.
A system embodying the present invention includes processing mail, printing means for imprinting information on a mailpiece and means for causing the printing means to imprint on the mailpiece mailer identification information. Means are coupled to said printing means for encrypting data relative to said mailpiece with a private key associated with the mailer identification information, the private key having an associated public key. Means cause the printing means to imprint on the mailpiece the encrypted data. Means process the mailpiece to determine the mailer identification information. A public key database is coupled to the processing means such that the determined mail identification data is utilized to retrieve the public key. Means for decrypting the encrypted data with said retrieved public key to authenticate the mailpiece mailer. Means are coupled to said decrypting meansfor generating a billing record for said mailer for charges associated with saidmailpieces.
2~ ~28~
In accordance with a feature of the invention, a method for generating an electronic receipt for a mailpieces, includes the steps of receiving a mailpiece and determining from the mailpiece mailer identification data and mailpiece identification data. The mailer identification data and the mailpiece identification data and recipient identification data are encrypted with a recipient private key, recipient private key having an associated public key. The encrypted data and the recipient identification data re transmitted to the mailer.
In accordance with still another feature of the present invention, method for generating an encrypted receipt to authenticate the receipt of a mailpiece, includes, generating a hash code for the information of a mailpiece and encrypting the generated hash code for the mailpiece with a first private key to generate an encrypted hash code of the mailpiece information, the private key having an associated lFirst public key. The mailpiece along the encrypted hash code are transmitted. The mailpiece and the encrypted hash code are received by a recipient and the encrypted hash code is encrypted with a second private key, the second private key associated with said recipient said having an associated second public key.
In accordance with yet another feature of the present invention, method for processing mail includes generating a mailpiece and generating a hash code of the content of the mailpiece. The encrypted hash code is encrypted and the mail is imprinted with addressee data and the encrypted hash code.
Brief Summarv of the Drawin~s A complete understanding of the present invention may be obtained from the following detailed description of the preferred embodiment thereof, when taken in conjunction with the accompanying drawings, wherein like reference numerals designate similar elements in the various figures, and in which:
21~2~35 FIGURE 1 is a mailpiece having encrypted information imprinted thereon in accordance with the present invention which is thereafter utilized by a carrier in generating billing information and utilized to provide additional verifications and information and services to a mailer;
FIGURE 2 is a block diagram of a mail generation system suitable for preparing the mailpiece shown in Figure 1;
FIGURE 3 is a flow chart of the operation of the system shown in Figure 2 in generating the mailpiece shown in Figure 1;
FIGURE 4 is a block diagram of a carrier processing system for the generation of billing records;
FIGURE 5 is a flow chart of the operation of the carrier mail processing system shown in Figure 4;
FIGURE 6 is a flow chart of the bill generation process employed by a carrier;
FIGURE 7 is a flow chart of the.operations performed by a mailer in processing a bill received from the carrier; and, FIGURE 8 is a flow chart of the process by a carrier to provide enhanced services to the mailer.
Detailed Description of the Preferred Embocliment 1. General Background A public key cryptographic system is used for identification of mailers. A
carrier such as a postal service or private delivery service, or a third trusted party, generates a pair of private/public keys for each mailer. Each mailer may also obtain a certificate with his private key. The certificate is digitally singed by the post (or a third trusted party) with its private key, thus authenticating the mailer. The certificate can be in the form of a smart card or PCMCIA card, both of which can be used with a standard personal computer.
21S2~35 The public keys for the mailers are published in a directory that is distributedto all mail processing services for use in machines with scanning capabilities.
Examples of equipment with such scanning capability are advanced postal service facer/cancelers, MULTILINE OPTICAL CHARACTER RECOGNITION SORTERS
and barcode sorters. Each mailer protects his or her private key just as in any other public key cryptographic system, for example, by a password, personal identification number (PIN) or a cryptographic protocol designed for use with a personal computer or other device which functions as part of a mail generating system. Key update,revocation, initialization and other procedures are well known and described, for example, in key management standards, as for example, the X9.17 standards/published by X.9 Secretariat, American Bankers Association, 1120 Connecticul: Avenue, N.W., Washington, DC 20036, dated April 4, 1985 or ANSI/ABA X9.24 -1992, dated April 6, 1992.
As part of the mail generation process, first, for each mail piece to be generated, the mailer determines: the date, desired level of service, such as delivery date and special insurance, or returned receipt, etc. The mailer may also determine the postal rate for the piece and desired destination address. This information (or portion of it~ together with a mailer's identification (such as a 10 digit number) is encrypted with the mailer's private key. The resulted ciphertext is printed in amachine readable format together with the mailer's identification printed in a plaintext on the surface of the mailpiece or parcel or mailing label or tag.
Upon receiving the mail piece, postal processing equipment scans the mail piece and determines mailer's identification from the plain text mentioned above.
The identification serves as a pointer in the directory of public keys assigned to mailers. This allows the postal mail processing machine to quickly retrieve the public key matching the mailers private key that is needed to decrypt the remaining information obtained by scanning the ciphertext printed on a mail piece. This 2ls283~
decrypted information is used to generate billing data that can be used for customer's billing. In case that customer determined rate does not match postal rate, the data can be verified manually or go through a dispute or other resolution process.
An important advantage of the above arrangement is that the mailer can not repudiate hls ownership of the mail piece and then the postpayment billing for the mailpiece, since only the mailer was in possession of the matching private key. The copying of the data printed on a mailpiece by a third party does not make much economic sense since the address destination information is encrypted together with mailer's identity. Thus, a copy would have to be sent to the same destination which usually not practical. Mailpieces, that do not display mailer's identification in one way or another can not be processed in this manner because the mailer's or associated public key must be identified and used in the decryption process. As an alternative to the mailer identification, the mailer's identification can, if desired, be uniquely determined from the return address.
Another important advantage of the system is that delivery confirmations can be effectively organized. The mail recipient can digitally sign by encrypting a message containing unique sender identification and unique mail piece identification with his own private key. The mail sender upon receiving the confirmation can decrypt the mail receiver signature with the mail recipient public key. This provides for non repudiation of receipt, which can be an important aspect in the case of legal disputes, as for example, the receipt of negotiable securities by a bank or other institution which will normally provide a receipt.
The billing information can be encrypted by the carrier for privacy. This protects the m sent, addresses, postage paid, delivery confirmation etc. with the mailer's public key (the same that was used to decrypt mailer's authentication block on the mailpiece).
Then, only the legitimate mailer who is in possession of the matching private key will 2ls2835 5 be able to decrypt the billing data, reconcile it with the mailer's own records and initiate payment of the bill or other appropriate action.
The entire process can be made transparent to the mailer by prearranging appropriate communication protocols such as those used in electronic data interchange (EDI) or by printing the same information a record with a suitable 10 density two dimensional bar code such as PDF 417 or Code 1. This arrangement allows for a proof of expenses paid which may be useful for taxation purposes.
There are multiple advantages of the present system. It offers highly flexible service of absent some unusual circumstances. Each mailpiece is uniquely identified. Thus, tracking and tracing become very effective and allows for service monitoring.
The use of a public key encryption system for post charge system for mail delivery services provides a major advantage in key management. Specifically, with a public key system, the management of the private key used by the mailer to encrypt the mailpiece identification is not as difficult and burdensome a task as in a secret key encryption system. This is because the private key used by the mailer in 20 a public key system envisions a matching public key used by the carrier service to decrypt the encryption. Thus, the decryption of the authentication block becomes a simple matter of identifying the mailers public key, which identification can beentered onto the mailpiece itself. In sharp contrast, the use of a secret key encryption system where both the mailer and the carrier are required to have the25 same secret key involves a much greater burden in key management. This is because security of the key must be maintained at both the mailer and the carrier locations. l hus, for a carrier location where access to the key may be required by multiple people on different days and under different circumstances, key management, and more specifically, the security of the key management, may 30 become a major obstacle to implementing, in a practical sense, systems of this type.
21~2~3~
Furthermore, in the public key system as described herein, should the mailers private key used for encryption become compromised, the mailer simply need inform the carrier services which can thereafter deactivate the mailer private key for the particular account. Lockout and time changes can be instituted as a matter of routine to provide enhanced security.
The employment of a public key system should reduce billing disputes due to allegations of compromise of the secret key by the carrier with subsequent improper billing of the mailer. Since only the mailer has the private key, and only very limited number of carrier personnel associated with issuing the secret key to the mailer, and since decryption is implemented using the mailers public key, compromise of the mailer's private key which may result in billing for services not rendered or not requested, is, for all practical purposes, within the responsibility of the mailer.
An important feature of the present invention is that the post office can use billing as an effective communication channel to mailers. Together with the bill, many different services, discounted rates and other information can be passed tomailers. For example, if the post office or carrier service wishes to improve its capacity utilization in a given geographic area, it can communicate selectively to mailers in the area the availability of lower rates for mailers mailing from such a geographic area. Other examples include advertising goods and services for otherbusiness, providing mailing lists to mailers, address hygiene, etc. It should beexpressly noted that the bill (together with the just mentioned advertising and promotional information) can be sent to mailers either via traditional mail or through a telecommunications channel such as a modem and public telephone network.
Il. Mailer System Reference is now made to FIGURE 1. A mailpiece 100 is imprinted with data blocks 102, 104, 106, 108, 1 10 and 1 12. Block 102 is the destination address.
Block 104 is the origination address, which may uniquely identify the mailer. Block ~ , 2ls283s 106 is the mailer's unique identification number (MID) in this case 112345678907.
Block 108 represents service data required by the mailer and a unique identification for the mailpiece. Block 108, specifically 01 02 33 1234567, is formed as follows.
The first two digits "01" may represent a type of mail or a mail class that would typically be indicative of required delivery time, e.g. within 3 days. The second two digits "02" rnay represent a rating parameters such as weight, size etc. The use of rating parameters is described in pending patent application serial No. 08/133,398, filed October 8, 1992 for Pintsov et al, entitled POSTAL RATING SYSTEM WITH
VERIFIABLE INTEGRITY and assigned to Pitney Bowes Inc., the entire disclosure of which is hereby incorporated by reference. Combination of such parameters canbe encoded with more than two digits if needed. For example, if there are 20 different weight categories and 6 different size classes, then the total number of possible combinations is 6 x 20 = 120. Each combination can be encoded with three digit number. The third group of two digits "33" may represent a service requiremenl:, such as, insured letter with a confirmation of delivery. The last group of digits "1234567' is a unique mail piece identification. This may also be a consecutive non-resettable count of the mail generation system shown in FIGURE 2.
Block 112 represents the date of mailing (i.e. the date when the mailpiece was deposited and under control of the carrier), in this case May 31, 1994. The date is used among other things to verify mailer's public key certificate validity, which may have an expiration date. Block 114 represents the digital signature, SIG
in hexadecimal notation, of the mailpiece's content signed with mailer's private key.
Finally, the group of digits "012377356779568346" labeled 1 10 is postal (or carrier) authentication block (PAB). This block is obtained by encrypting blocks MID, MSDand delivery address data (DAD) and Date with the mailer's private key SKm. Thus, PAB = Encryp SKm [MID, MSD, DAD, DATE].
-~ 21 ~83~
PAB can be interpreted as a digital signature of the mailer, which provides the properties of origin authentication, data integrity and signer nonrepudiation.
Additionally check digits and other redundancy can be added to the data blocks MID, MSD, DAD, DATE and PAB to facilitate eflective error free scanning. It should be expressly noted that the PAB can be quite large and contain several hundreds bytes of data depending on the type of a public key cryptographic system used. In this case the PAB can be printed in a suitable two dimensional bar code such as PDF 417. Bar code representation 116 is merely a representation of the type of bar code that can be employed and can be printed at any suitable location on the envelope. Such bar code arrangement may be preferable from the scanning point ofview depending on the scanning equipment employed. It should be also noted that the PAB block can be printed either on the surface of the mailing envelope, or on a label, or on the address bearing document in such a manner that the block PAB iscontained within the window of the mailing envelope.
It should be understood that the mailer identification (MID) may or may not be encrypted into the block PAB. The block PAB can not be decrypted to authenticatethe mailer without knowledge of the mailer's public key. This key can be found only if the mailer's identification is known. Thus, if mailer's identification is not encrypted into PAB and it is deliberately or inadvertently altered, the mailpiece cannot be authenticated. It is possible in principle to find the mailer's identification from he originating address 104, but this is more cumbersome since it usually requires areliable automatic reading of multiple lines of alphanumeric data in the block 104 as opposed to reading of just a string of numerals.
Reference is now made to FIGURE 2. FIGURE 2 is a block diagram of a mail generation system suitable for use with the present invention and for printing the mailpiece shown in FIGURE 1. A personal computer 202 equipped with a smart card reader 204 and card 206 or other arrangement such as employing a PCMCIA
21~3~
or a smart diskette, and a printer 208 suitable for printing information either on a address bearing document or on a mailing envelope such as mail piece 100. The system may also include a scanner 210 and a link 212 to a public or other network.
This scanner and link may be utilized to obtain data or other information to be imprinted on the mailpiece 100. The scanner would obtain the data or other information by scanning documents, and the link would obtain the data or other information via a public or private network.
Reference is now made to FIGURE 3. For each mailpiece, the destination address is obtained and the delivery address data block (DAD) is computed at 302.
The mailer identification (MID) and mailpiece identification (Piece Count) are then retrieved at 304. At 306 the mailpiece rating parameters are entered and the service required data, that is the level of service and service features required by the mailer, are then determined to compute the mail service data block (MSD). The mailer then enters the PIN number or password to enable the encryption to proceed with the mailers private key, SKM at 308. At 310 the postal authentication block(PAB) is computed in accordance with the function that PAB equals the encryptionby the mailer using the secret key SKM of the data, MID, MSD, DAD, and DATE. It should be recognized that the postal authentication block and the data encrypted is a matter of choice and convention established by the carrier.
The mailer then enters the mailers origination address at 312. It should be noted that the mailers origination address and the block 106 on mailpiece 100 shown in FIGURE 1 should desirably be consistent and to provide a form of verification for the carrier as a matter of data consistency to insure that no processing errors have occurred. Moreover, such consistency also provides a level of security since both a visually readable and identifiable mailer origination address is consistent with the less easily interpreted ~requiring a lookup table) mailer unique identification number.
21S283~
At 314 error detection/correction codes are computed to be printed on the mailpiece to provide additional level of redundancy for automatic scanning and processing of the mail to verify the entry and printing of the consistent data by the mailer. It also provides by virtue of the redundancy consistent automatic reading of information for billing purposes and for mail processing purposes. This allows rapid and easy detection of errors in the processing of the mailpiece and, if appropriate, correction of such detected errors, as for example, scanning errors. Finally, at 316, the mailpiece is imprinted with the origination address, the destination address, the MID, the MSD, the PAB, DATE and the error detection correction codes. The process thereafter loops back and continues for the next mailpiece.
Reference is now made to FIGURE 7 which is a flow chart of the operations performed by the mailer in processing a bill received from the carrier. A bill is received from a carrier either in hard copy form or via a modem at 702. A
determination is then made at 704 whether the bill is in hard copy form in whichcase the bill is scanned at 706. In either case, either by scanning or by processing, the encrypted billing data including the bill identification is obtained at 708. The encrypted information is decrypted by the mailer using the mailers private key SKM
at 710. The billing data is thereafter verified against the mailers own records at 712.
If a determination is made at 714 that the carrier's bill data and the mailer's records match, the mailer may authorize payment of the bill at 716. If no match occurs, the matter is scheduled for resolution at 718. The payment by the mailer may be by electronic funds transfer.
Ill. Carrier System Reference is now made to FIGURE 4 which is a block diagram of a carrier processing system for generation of billing records. Mailpieces, such as mailpiece 100, are moved by a mail feeder 402 to a scanner 404 for scanning. The scanned document includes among other things the scanning of the various barcoded 2l~283~
5 information imprinted on the mailpiece. The scanning of the MID provides the information which is sent to the local computer 406 to retrieve from a public key database the public key associate with the mailer of the mailpiece being scanned.
The public key so recovered is used to decrypt the encryption of the MID, MSD, DAD, and DATE data, using the mailers private key SKM. This allows the 10 computer to generate the necessary data for billing which may either be retained at the local computer 406 or communicated to a central billing computer 408 where billing records and billing database may be maintained. The mail passing the scanner is thereafter sent to sorting bins at 410 for further physical processing to allow expedited delivery of the mail and parcels.
Reference is now made to FIGURE 5 which delineates in greater detail the operation of the mail carrier processing system shown in FIGURE 4. At 502 the mailpiece is scanned to obtain data from the mailpiece. This data includes mailers identification data (MID), destination address data (DAD), mailers required service data (MSD), postal authentication block (PAB~ and DATE. Thereafter, using the 20 mailers identification (MID), the mailers public key (PKM) is retrieved from the public key database at 504. Additionally, if desired, a process may be implemented to check the expiration date of the public key PKM against the data of the imprinted mail. This is to insure that mailers are not using expired private keys to encrypt their mail and provides a level of security where mailers private encryption keys expire in 25 a preset period of time. This insures that only mail from legitimate subscribers to the service is processed. Thus, an individual mailer which at one time was a legitimate subscriber who allowed the subscription to the service to expire, may be identified to allow processing or rejection of the mailpiece depending upon the policy and practice of the carrier. At decision block 506 a determination is made whether 30 the time has expired such that the mailers key is no longer valid. If this is the case, the mailpiece is rejected at 508.
~ 2l~283~
If the key of the mailer is still valid, the carrier then decrypts the postal authentication block (PAB) using the mailers public key PKM at 510. This enablesthe carrier to obtain the mailers required service data (MSD) and the destination address dalta (DAD). Additionally, as a result of the decryption the data blocks MID, MSD, DAD and DATE become available in plaintext for processing by the carrier.
This data can be used to schedule the delivery of the mailpiece and in conjunction with the scheduling of the sorters such that mail requiring next day delivery is sorted differently than mailpieces requiring normal delivery and other special services such as certified mail, registered mail, insured mail, or other forms of express delivery mail are also appropriately sorted. The destination address data (DAD) is obtained from the decryption of the postal authentication block (PAD) is then compared with the destination address (DAD) printed in plaintext on the mailpiece at 512. If amatch does not occur at decision block 514 the mailpiece is rejected at 516. If however, a match does occur, the mailers required service data MSD and mailer identification data MID is utilized to update the mailers billing records in the local computer or central computer as the case may be at 518. The mailpiece is thereafter is sorted at 520 for further processing. The processes thereafter loops back and continues for the next mailpiece.
Reference is now made to FIGURE 6 which is a flow chart of the bill generation process employed by the carrier. The postal central computer updates and maintains billing records and also generate bills, as is a normal and well known process in billing traditional functions. In addition to traditional functions, however, this computer can provide for privacy of the billing data by encrypting this data with the mailer's public key PKm before printing it or sending such data via public telecommunication network. The format of the data can be agreed upon beforehand. In this case, the receiving party (the mailer) would be able to automatically interpret the data upon decrypting it with his or her private key SKm.
21~2~3~
5 This way the data is available only to the party in possession of the SKm, i.e. the mailer.
The Iprocess begins at 602 and loops for each mailpiece and each mailer identification. Thus, at 604 the mailers required service data (MSD) and mailpiece identification (piececount) are received for a particular mailer identification. The postal charges for the mailpiece are computed at 606. At 608 the billing record is updated for the mailer. The billing records are closed at the end of a billing cycle.
This enables the carrier to generate a bill for the mailer. The process includes the generation of a bill identification. The billing record is thereafter encrypted at 610 with the mailers public key PKM.
Additional information of value to the mailer may also be encrypted or provided in a plaintext format at 610 such as additional services available, special discounts available as for example for mail delivered between certain dates or certain times or certain destinations. Also address hygiene information and other information of value to the mailer may be encrypted and provided to the mailer. This 20 allows the carrier to process a mailer's bill and provide additional services to the mailer whicl- are returned to the mailer with the mailers bill in encrypted format or non-encrypl:ed format as mailer may desire. Thus, if the billing information is encrypted only the mailer who has possession of the mailer's private key SKM candecrypt and process the bill. The billing record is then printed at 612 and sent to the 25 mailer. Alternatively, the bill can be an electronic billing file which is electronically communicated to the mailer for payment or automatic funds transfer from a mailers account.
At 614 additional information may be added to the mailers bill such as additional advertising and promotional data. This may be incorporated in the 30 mailpiece in accordance with various topping-off arrangement, if desired, where there is available additional capacity in the mailpiece which would avoid going 2~283~
5 through a postage weight break. This enables unused (but charged for) space inthe envelope to be utilized. The final mailpiece bill is assembled and sent to the mailer at 614 if this optional additional feature is utilized (rather than having the mailpiece bill sent to the mailer at 612. The information encrypted by the carrier with the mailer's public key PKM may be the billing date alone, the additional 10 information (or part of it alone) or both the billing data and the additional information (or part of it).
Reference is now made to FIGURE 8 which is flowchart of the process by the carrier to provide enhanced services to the mailer. The mail recipient can effectively confirm the receipt of a mailpiece. For this purpose, mail recipient upon receiving a 15 mailpiece with delivery confirmation obtains the sender (mailer's) MID and the unique mailpiece identification PC (Piece Count) from the received mailpiece.
These two numbers uniquely identify the mailpiece. The receiving party then encrypts these two numbers with his own (recipient's) private key SKr and prints a receipt with a receiver authentication block RAB (which constitutes a digital receipt).
20 RAB is as follows:
RAB = {Encryp SKr [MID, PC, RDATE], RID, }, where RID is the unique receiver identification number and RDATE is the date of 25 receiving the mailpiece. The RID may be the same as the mailer identification data used by the receiver to process mail to be sent, i.e. when the recei~er is an originating mailer.
The receipt can now be sent to the sender via regular or electronic communication, or it can be included with the mailer's bill. Upon receiving such30 receipt, the original mailer would have to create an electronic copy of RAB (if it arrives in a hard c~py) by scanning the receipt, and then find the receiver's public 2~283S
5 key PKr in a postal public key directory using RID (receiver's identification). The encrypted portion of RAB is then decrypted to obtain MID and PC:
[~/IID, PC, RDATE] = Decryp PKr {EncrypSKr[MlD, PC, RDATE]}.
MID and PC can now be compared with the mailer's records and the match would serve as a confirmation of receipt for the mailpiece.
Since only the receiver is in possession of SKr, he or she can not repudiate the fact of receiving of the mailpiece.
This process can be extended to authenticate the mailpiece content, and not only the fact of sending/receiving the mailpiece. The sender creates a hash value of the information printed in the letter (mailpiece) and encrypt this hash value with sender's private key (a process referred to as digital signature):
SIG - Encrypt SKm {Hash(LlNFO)}, where LINFO is information contained in the letter. This information is represented by ASCII file or any other suitable computer format. Digital Signatures are known and described in detail, for example, in Contemporary Cryptology, ed. G. Simmons, IEEE Press, 1993.
The digital signature SIG can be printed either in the address block window, or in some other suitable place on the mailing envelope in such a manner that the carrier will be able to scan it and store it together with mailers identification ID, mailpiece iclentification ID and a unique identification of the destination address (such as delivery point postal code). The sender can ask the carrier (serving as a trusted thircl party) to produce evidence that the mailpiece with a given signature was in fact delivered on a given date. Of course, the receiver can always claim that ~ 2~283~
5 the content of the letter he received mismatch the signature, but would have to produce the evidence to that effect, and, moreover, if the original letter contained a traditional signature and printed on an appropriate stationary etc., such a claim would be difficult to prove. The digital signature can also be included with the bill together with the digital receipt of delivery.
Another method to certify the content of mailpieces is possible with a hybrid mail. In this case the mailer sends (via telecommunication lines) to the carrier a digital representation of desired messages. The carrier then distributes messages also electronically via telecommunication lines to carrier offices with locations closest to desired final destinations. Messages are then printed in these local 15 carrier offices and the physical mail is delivered by in the conventional fashion. In this arrangement, mailer can compute and transmit his or her digital signature together with each message and the carrier stores messages with signatures for further use if necessary. Alternatively, the carrier on behalf of the mailer cancompute digital signatures for each message using its own private key and print 20 them together with message prior to delivery. In either case, the carrier serves as a trusted third party providing non-repudiation service. In this instance the carrier scans multiple mallpieces of the mailer at 802 to obtain the mailers identification data (MID), destination address data (DAD),mailers required service data (MSD), postal authentication block (PAB), DATE and, finally, the mailers electronic 25 signature (SIG). This signature SIG is the encryption using the mailers private key SKM of the hash function of the information contained in the letter (LINFO).
The process in this FIGURE 8 is similar to the process in FIGURE 5 with the addition of the signature information (SIG). The process continues as before andwill not be described in great detail; however, at 804 the mailers public key is30 retrieved and the expiration date retrieved. A determination is made at 806 as to whether the mailer subscription to the carrier service has expired and, if so, the 2l~2835 5 mailpiece is rejected at 808. If not expired, a decryption occurs at 810 using the mailers public key PKM to obtain the necessary data at 812. The destination address data obtained from the plaintext and from the decryption is compared at 814. If a match does not occur, the mailpiece is rejected at 816. If a match does occur, the MSD and MID is sent to update the mailers billing records at 818 and the 10 mailpiece is sorted at 820.
Claims (19)
1. A method for mail piece processing, comprising the steps of:
imprinting on a mail piece mailer information;
encrypting data relative to the mail piece with a private key associated with said mailer identification information, said private key having associated therewith a public key;
imprinting on said mail piece the said encrypted data;
placing said mail piece in a mail delivery stream of a mail piece carrier;
processing said mail piece to determine said mailer identification information, using said mailer identification information to obtain said public key;
decrypting the encrypted data with said public key to authenticate said mailer;
and, updating billing records for said mailer for charges associated with said mail piece.
imprinting on a mail piece mailer information;
encrypting data relative to the mail piece with a private key associated with said mailer identification information, said private key having associated therewith a public key;
imprinting on said mail piece the said encrypted data;
placing said mail piece in a mail delivery stream of a mail piece carrier;
processing said mail piece to determine said mailer identification information, using said mailer identification information to obtain said public key;
decrypting the encrypted data with said public key to authenticate said mailer;
and, updating billing records for said mailer for charges associated with said mail piece.
2. A method for mail piece processing as defined in CLAIM 1 wherein said data that is encrypted includes addressee data.
3. A method for mail piece processing as defined in CLAIM 1 further including:
encrypting billing record data for said mailer with said public key and transmitting said encrypted billing record data to said mailer.
encrypting billing record data for said mailer with said public key and transmitting said encrypted billing record data to said mailer.
4. A method for mail piece processing as defined in CLAIM 3 wherein said encrypted billing record data is transmitted electronically to said mailer.
5. A method for mail piece processing as defined in CLAIM 3 wherein said encrypted billing record data is transmitted in physical form to said mailer.
6. A method as defined in CLAIM 3 wherein the step of encrypting said billing record further includes encrypting additional data with said mailer public key.
7. A system for processing mail, comprising:
printing means for imprinting information on a mailpiece;
means for causing said printing means to imprint on a mailpiece mailer identification information;
means coupled to said printing means for encrypting data relative to said mailpiece with a private key associated with said mailer identification information, said private key having an associated public key;
means for causing said printing means to imprint on said mailpiece said encrypted data;
means for processing said mailpiece to determine said mailer identification information;
a public key database;
means coupling said processing means to said database means such that said determined mail identification data is utilized to retrieve said public key;
means for decrypting said encrypted data with said retrieved public key to authenticate said mailpiece mailer; and, means coupled to said decrypting means for generating a billing record for said mailer for charges associated with said mailpieces;
printing means for imprinting information on a mailpiece;
means for causing said printing means to imprint on a mailpiece mailer identification information;
means coupled to said printing means for encrypting data relative to said mailpiece with a private key associated with said mailer identification information, said private key having an associated public key;
means for causing said printing means to imprint on said mailpiece said encrypted data;
means for processing said mailpiece to determine said mailer identification information;
a public key database;
means coupling said processing means to said database means such that said determined mail identification data is utilized to retrieve said public key;
means for decrypting said encrypted data with said retrieved public key to authenticate said mailpiece mailer; and, means coupled to said decrypting means for generating a billing record for said mailer for charges associated with said mailpieces;
8. A method for generating an electronic receipt for a mailpiece, comprising thesteps of:
receiving a mailpiece;
determining from said mailpiece mailer identification data and mailpiece identification data;
encrypting said mailer identification data and said mailpiece identification data and recipient identification data with a recipient private key;
said recipient private key having an associated public key; and transmitting to said mailer said encrypted data and the recipient identificationdata.
receiving a mailpiece;
determining from said mailpiece mailer identification data and mailpiece identification data;
encrypting said mailer identification data and said mailpiece identification data and recipient identification data with a recipient private key;
said recipient private key having an associated public key; and transmitting to said mailer said encrypted data and the recipient identificationdata.
9. A method as defined in CLAIM 8 wherein said encryption further includes other data associated with said mailpiece by said recipient.
10. A method as defined in CLAIM 9 wherein said other data associated with said mailpiece includes the date of receipt of said mailpiece.
11. A method for authenticating receipt of specific information of a mailpiece, comprising the steps of:
generating a hash code for said specific information of a mailpiece;
encrypting said generated hash code for said mailpiece with a first private key to generate an encrypted hash code of said mailpiece information, said firstprivate key having an associated first public key;
transmitting said mailpiece along and said encrypted hash code;
receiving said mailpiece and said encrypted hash code by a recipient; and, encrypting said encrypted hash code with a second private key to generate recipient encrypted information, said second private key associated with said recipient said second recipient private key having associated therewith a secondpublic key.
generating a hash code for said specific information of a mailpiece;
encrypting said generated hash code for said mailpiece with a first private key to generate an encrypted hash code of said mailpiece information, said firstprivate key having an associated first public key;
transmitting said mailpiece along and said encrypted hash code;
receiving said mailpiece and said encrypted hash code by a recipient; and, encrypting said encrypted hash code with a second private key to generate recipient encrypted information, said second private key associated with said recipient said second recipient private key having associated therewith a secondpublic key.
12. A method as defined in CLAIM 11 further including the steps of:
transmitting said recipient encrypted information to said mailer.
transmitting said recipient encrypted information to said mailer.
13. A method for processing mail comprising the steps of:
generating a mailpiece;
generating a hash code of the content of said mailpiece;
encrypting said hash code;
imprinting on said mailpiece addressee data; and, imprinting on said mailpiece said encrypted hash code.
generating a mailpiece;
generating a hash code of the content of said mailpiece;
encrypting said hash code;
imprinting on said mailpiece addressee data; and, imprinting on said mailpiece said encrypted hash code.
14. A method as defined in CLAIM 13 further including:
delivering said mailpiece to carrier;
said carrier retrieving said encrypted hash code and said addressee data;
and, said carrier storing said retrieved encrypted hash code and addressee data.
delivering said mailpiece to carrier;
said carrier retrieving said encrypted hash code and said addressee data;
and, said carrier storing said retrieved encrypted hash code and addressee data.
15. A method as defined in CLAIM 14 further including said carrier delivering said mailpiece to said addressee and storing said delivery date along with said retrieved encrypted hash code and addressee data.
16. A method as defined in CLAIM 14 wherein said carrier generates said hash code of the content of said mailpiece.
17. A method as defined in CLAIM 14 wherein said encrypted hash code and addressee data are retrieved by scanning said mailpiece.
18. A method as defined in CLAIM 6 wherein said additional data includes address hygiene data.
19. A method as defined in CLAIM 3 wherein said encrypted billing record data include data for a plurality of mailpieces.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US08/270,555 | 1994-07-05 | ||
| US08/270,555 US5586036A (en) | 1994-07-05 | 1994-07-05 | Postage payment system with security for sensitive mailer data and enhanced carrier data functionality |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2152835A1 CA2152835A1 (en) | 1996-01-06 |
| CA2152835C true CA2152835C (en) | 2002-04-30 |
Family
ID=23031780
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002152835A Expired - Lifetime CA2152835C (en) | 1994-07-05 | 1995-06-28 | Postage payment system with security for sensitive mailer data and enhanced carrier data functionality |
Country Status (2)
| Country | Link |
|---|---|
| US (1) | US5586036A (en) |
| CA (1) | CA2152835C (en) |
Families Citing this family (159)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH07271865A (en) | 1994-04-01 | 1995-10-20 | Mitsubishi Corp | Method for managing copyright of data base |
| US7302415B1 (en) | 1994-09-30 | 2007-11-27 | Intarsia Llc | Data copyright management system |
| DE69532434T2 (en) | 1994-10-27 | 2004-11-11 | Mitsubishi Corp. | Device for file copyright management system |
| US5826247A (en) * | 1996-04-09 | 1998-10-20 | Pitney Bowes Inc. | Closed loop transaction based mail accounting and payment system with carrier payment through a third party initiated by mailing information release |
| US6748101B1 (en) | 1995-05-02 | 2004-06-08 | Cummins-Allison Corp. | Automatic currency processing system |
| US6363164B1 (en) | 1996-05-13 | 2002-03-26 | Cummins-Allison Corp. | Automated document processing system using full image scanning |
| US5742845A (en) | 1995-06-22 | 1998-04-21 | Datascape, Inc. | System for extending present open network communication protocols to communicate with non-standard I/O devices directly coupled to an open network |
| US6985888B1 (en) | 1995-08-21 | 2006-01-10 | Pitney Bowes Inc. | Secure user certification for electronic commerce employing value metering system |
| US5796841A (en) * | 1995-08-21 | 1998-08-18 | Pitney Bowes Inc. | Secure user certification for electronic commerce employing value metering system |
| US8595502B2 (en) | 1995-09-29 | 2013-11-26 | Intarsia Software Llc | Data management system |
| US6807534B1 (en) * | 1995-10-13 | 2004-10-19 | Trustees Of Dartmouth College | System and method for managing copyrighted electronic media |
| CA2193282A1 (en) * | 1995-12-19 | 1997-06-20 | Robert A. Cordery | A method generating digital tokens from a subset of addressee information |
| GB9601937D0 (en) * | 1996-01-31 | 1996-04-03 | Neopost Ltd | Mail franking apparatus |
| US7226494B1 (en) * | 1997-04-23 | 2007-06-05 | Neopost Technologies | Secure postage payment system and method |
| US6661910B2 (en) * | 1997-04-14 | 2003-12-09 | Cummins-Allison Corp. | Network for transporting and processing images in real time |
| US8443958B2 (en) | 1996-05-13 | 2013-05-21 | Cummins-Allison Corp. | Apparatus, system and method for coin exchange |
| US8162125B1 (en) | 1996-05-29 | 2012-04-24 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US7187795B2 (en) | 2001-09-27 | 2007-03-06 | Cummins-Allison Corp. | Document processing system using full image scanning |
| US20050276458A1 (en) | 2004-05-25 | 2005-12-15 | Cummins-Allison Corp. | Automated document processing system and method using image scanning |
| US7903863B2 (en) | 2001-09-27 | 2011-03-08 | Cummins-Allison Corp. | Currency bill tracking system |
| US5915022A (en) * | 1996-05-30 | 1999-06-22 | Robinson; Rodney Aaron | Method and apparatus for creating and using an encrypted digital receipt for electronic transactions |
| US8478020B1 (en) | 1996-11-27 | 2013-07-02 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US5970150A (en) * | 1996-12-19 | 1999-10-19 | Pitney Bowes Inc. | System for producing verifiable kiosk receipts and records |
| US5873073A (en) * | 1996-12-24 | 1999-02-16 | Pitney Bowes Inc. | Method and system for mail piece production utilizing a data center and inter-related communication networks |
| US5918220A (en) * | 1996-12-24 | 1999-06-29 | Pitney Bowes Inc. | Method and system for worldwide media selection, production, and delivery |
| US5802503A (en) * | 1996-12-24 | 1998-09-01 | Pitney Bowes Inc. | Channel switched mail message switching and metering system |
| GB9702099D0 (en) * | 1997-01-31 | 1997-03-19 | Neopost Ltd | Secure communication system |
| GB9704159D0 (en) * | 1997-02-28 | 1997-04-16 | Neopost Ltd | Security and authentication of postage indicia |
| US6039257A (en) * | 1997-04-28 | 2000-03-21 | Pitney Bowes Inc. | Postage metering system that utilizes secure invisible bar codes for postal verification |
| US6111953A (en) * | 1997-05-21 | 2000-08-29 | Walker Digital, Llc | Method and apparatus for authenticating a document |
| BR9806000A (en) | 1997-06-17 | 2000-01-25 | Purdue Pharma Lp | Self-destructive document and system for sending messages by e-mail. |
| DE19733605A1 (en) * | 1997-07-29 | 1999-02-04 | Francotyp Postalia Gmbh | Procedure for billing shipping services |
| US6088720A (en) * | 1997-07-29 | 2000-07-11 | Lucent Technologies Inc. | Self-cleaning and forwarding feature for electronic mailboxes |
| US5878766A (en) * | 1997-10-20 | 1999-03-09 | Vickers, Incorporated | Pressure compensated flow control valve |
| US6591291B1 (en) * | 1997-08-28 | 2003-07-08 | Lucent Technologies Inc. | System and method for providing anonymous remailing and filtering of electronic mail |
| US5925864A (en) * | 1997-09-05 | 1999-07-20 | Pitney Bowes Inc. | Metering incoming deliverable mail to automatically enable address correction |
| FI973788A (en) * | 1997-09-25 | 1999-03-26 | Nokia Telecommunications Oy | Electronic payment system |
| DE19748954A1 (en) * | 1997-10-29 | 1999-05-06 | Francotyp Postalia Gmbh | Producing security markings in franking machine |
| US6233565B1 (en) | 1998-02-13 | 2001-05-15 | Saranac Software, Inc. | Methods and apparatus for internet based financial transactions with evidence of payment |
| US6175827B1 (en) * | 1998-03-31 | 2001-01-16 | Pitney Bowes Inc. | Robus digital token generation and verification system accommodating token verification where addressee information cannot be recreated automated mail processing |
| US6487301B1 (en) * | 1998-04-30 | 2002-11-26 | Mediasec Technologies Llc | Digital authentication with digital and analog documents |
| DE19823907B4 (en) * | 1998-05-28 | 2005-02-10 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Procedure for providing and checking credentials |
| US6142380A (en) * | 1998-09-30 | 2000-11-07 | Pitney Bowes Inc. | Usage of dual luminescent inks to produce a postal orienting and sorting identification mark for an information-based indicia |
| US6820202B1 (en) * | 1998-11-09 | 2004-11-16 | First Data Corporation | Account authority digital signature (AADS) system |
| US7047416B2 (en) * | 1998-11-09 | 2006-05-16 | First Data Corporation | Account-based digital signature (ABDS) system |
| US6480831B1 (en) * | 1998-12-24 | 2002-11-12 | Pitney Bowes Inc. | Method and apparatus for securely transmitting keys from a postage metering apparatus to a remote data center |
| US6795813B2 (en) | 1998-12-30 | 2004-09-21 | Pitney Bowes Inc. | System and method for linking an indicium with address information of a mailpiece in a closed system postage meter |
| US6853989B2 (en) | 1998-12-30 | 2005-02-08 | Pitney Bowes Inc. | System and method for selecting and accounting for value-added services with a closed system meter |
| US6865561B1 (en) | 1998-12-30 | 2005-03-08 | Pitney Bowes Inc. | Closed system meter having address correction capabilities |
| US7058610B1 (en) | 1999-06-24 | 2006-06-06 | Pitney Bowes Inc. | System and method for communicating a message in a mailing system |
| US20020029152A1 (en) * | 1999-06-24 | 2002-03-07 | Pitney Bowes Inc. | Method and apparatus for tracking mail items through a carrier distribution system |
| US6532452B1 (en) * | 1999-06-24 | 2003-03-11 | Pitney Bowes Inc. | System and method for employing digital postage marks as part of value-added services in a mailing system |
| US6260029B1 (en) * | 1999-08-11 | 2001-07-10 | Pitney Bowes Inc. | Postage meter that provides on a mailpiece evidence of postage paid together with cryptographically secured, third party certified, non-shipping information about the sender of the mailpiece |
| US7081595B1 (en) | 1999-08-31 | 2006-07-25 | United States Postal Service | Apparatus and methods for processing mailpiece information in a mail processing device using sorter application software |
| US6894243B1 (en) | 1999-08-31 | 2005-05-17 | United States Postal Service | Identification coder reader and method for reading an identification code from a mailpiece |
| US7060925B1 (en) | 1999-08-31 | 2006-06-13 | United States Of America Postal Service | Apparatus and methods for processing mailpiece information by an identification code server |
| US6976621B1 (en) | 1999-08-31 | 2005-12-20 | The United States Postal Service | Apparatus and methods for identifying a mailpiece using an identification code |
| US6977353B1 (en) | 1999-08-31 | 2005-12-20 | United States Postal Service | Apparatus and methods for identifying and processing mail using an identification code |
| US8346676B1 (en) | 1999-10-06 | 2013-01-01 | Stamps.Com Inc. | Reporting shipping rates and delivery schedules for multiple services and multiple carriers |
| WO2001029781A1 (en) * | 1999-10-15 | 2001-04-26 | Ascom Hasler Mailing Systems, Inc. | Technique for effectively generating postage indicia using a postal security device |
| US8701857B2 (en) | 2000-02-11 | 2014-04-22 | Cummins-Allison Corp. | System and method for processing currency bills and tickets |
| JP3755376B2 (en) * | 2000-03-21 | 2006-03-15 | セイコーエプソン株式会社 | Printing device |
| US20020184324A1 (en) * | 2000-04-13 | 2002-12-05 | Carlin Paul N. | Method and system for electronic commingling of hybrid mail |
| US6697843B1 (en) * | 2000-04-13 | 2004-02-24 | United Parcel Service Of America, Inc. | Method and system for hybrid mail with distributed processing |
| US20010035964A1 (en) * | 2000-04-20 | 2001-11-01 | Hiroyasu Kurashina | Tape cartridge, tape printing method, tape printing apparatus, and label-producing method |
| DE10020566C2 (en) * | 2000-04-27 | 2002-11-14 | Deutsche Post Ag | Method for providing postage with postage indicia |
| GB2363887B (en) * | 2000-06-19 | 2004-02-11 | Pitney Bowes Ltd | Mailer-postal service interfaces |
| US6929181B1 (en) | 2000-07-25 | 2005-08-16 | Richard E. Oswalt | Date specific package delivery system |
| US6983368B2 (en) * | 2000-08-04 | 2006-01-03 | First Data Corporation | Linking public key of device to information during manufacture |
| US6978369B2 (en) * | 2000-08-04 | 2005-12-20 | First Data Corporation | Person-centric account-based digital signature system |
| US6789189B2 (en) * | 2000-08-04 | 2004-09-07 | First Data Corporation | Managing account database in ABDS system |
| US7082533B2 (en) * | 2000-08-04 | 2006-07-25 | First Data Corporation | Gauging risk in electronic communications regarding accounts in ABDS system |
| CA2417770C (en) | 2000-08-04 | 2011-10-25 | First Data Corporation | Trusted authentication digital signature (tads) system |
| US7096354B2 (en) * | 2000-08-04 | 2006-08-22 | First Data Corporation | Central key authority database in an ABDS system |
| US7558965B2 (en) * | 2000-08-04 | 2009-07-07 | First Data Corporation | Entity authentication in electronic communications by providing verification status of device |
| US7010691B2 (en) * | 2000-08-04 | 2006-03-07 | First Data Corporation | ABDS system utilizing security information in authenticating entity access |
| US7552333B2 (en) * | 2000-08-04 | 2009-06-23 | First Data Corporation | Trusted authentication digital signature (tads) system |
| US6925451B1 (en) * | 2000-08-24 | 2005-08-02 | Pitney Bowes Inc. | Mail receipt terminal having deposit tracking capability |
| US6959292B1 (en) * | 2000-10-20 | 2005-10-25 | Pitney Bowes Inc. | Method and system for providing value-added services |
| AU2002235181A1 (en) * | 2000-12-15 | 2002-06-24 | United States Postal Service | Electronic postmarking without directly utilizing an electronic postmark server |
| DE10105273A1 (en) * | 2001-02-02 | 2002-08-14 | Deutsche Post Ag | Method for checking a franking applied to a mail item and device for carrying out the method |
| US7364079B2 (en) * | 2001-02-21 | 2008-04-29 | United States Postal Service | Tracking label |
| WO2002069180A1 (en) * | 2001-02-21 | 2002-09-06 | United States Postal Service | Systems and methods for processing items in an item delivery system |
| US8521658B2 (en) | 2001-02-21 | 2013-08-27 | United States Postal Service | Systems and methods for producing and managing a tracking label in an item delivery system |
| GB2376332B (en) * | 2001-03-16 | 2005-08-10 | Post Office | Authenticating postage marks |
| US20020138759A1 (en) * | 2001-03-26 | 2002-09-26 | International Business Machines Corporation | System and method for secure delivery of a parcel or document |
| US8521657B2 (en) * | 2001-04-03 | 2013-08-27 | United States Postal Service | Systems and methods for capturing mail for electronic bill presentment |
| US7647275B2 (en) | 2001-07-05 | 2010-01-12 | Cummins-Allison Corp. | Automated payment system and method |
| US6550994B2 (en) | 2001-07-20 | 2003-04-22 | Pitney Bowes Inc. | System for printing information on a mailing medium |
| US20040128508A1 (en) * | 2001-08-06 | 2004-07-01 | Wheeler Lynn Henry | Method and apparatus for access authentication entity |
| US8428332B1 (en) | 2001-09-27 | 2013-04-23 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US8437529B1 (en) | 2001-09-27 | 2013-05-07 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US8433123B1 (en) | 2001-09-27 | 2013-04-30 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US8437530B1 (en) | 2001-09-27 | 2013-05-07 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US8944234B1 (en) | 2001-09-27 | 2015-02-03 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US20040260661A1 (en) * | 2002-10-24 | 2004-12-23 | Lytle Peter C. | Security mailing system |
| WO2003036570A2 (en) * | 2001-10-24 | 2003-05-01 | Intelligent Kiosk Company | Security mailing system |
| US20030084007A1 (en) * | 2001-10-29 | 2003-05-01 | George Brookner | Postage stamps authenticating the sender of a mail piece, and methods for use therewith |
| US7822679B1 (en) | 2001-10-29 | 2010-10-26 | Visa U.S.A. Inc. | Method and system for conducting a commercial transaction between a buyer and a seller |
| US6813614B2 (en) * | 2001-11-19 | 2004-11-02 | Pitney Bowes Inc. | Method for re-keying postage metering devices |
| US7325732B2 (en) * | 2001-12-04 | 2008-02-05 | Bowe Bell + Howell Postal Systems Company | Method and system for mail security and traceability |
| GB2382908A (en) * | 2001-12-10 | 2003-06-11 | Philip Grotsky | Postal system |
| US6896118B2 (en) | 2002-01-10 | 2005-05-24 | Cummins-Allison Corp. | Coin redemption system |
| US7272581B2 (en) * | 2002-03-12 | 2007-09-18 | Pitney Bowes Inc. | Method and system for optimizing throughput of mailing machines |
| US20030225592A1 (en) * | 2002-05-29 | 2003-12-04 | Algazi Allan Stuart | System and method for a business-to-consumer delivery network within a local district |
| US7356516B2 (en) | 2002-06-13 | 2008-04-08 | Visa U.S.A. Inc. | Method and system for facilitating electronic dispute resolution |
| AU2003268029A1 (en) | 2002-07-29 | 2004-02-16 | United States Postal Service | Pc postagetm service indicia design for shipping label |
| EP1540597A1 (en) * | 2002-08-29 | 2005-06-15 | United States Postal Service | Systems and methods for re-estimating the postage fee of a mailpiece during processing |
| US8171567B1 (en) | 2002-09-04 | 2012-05-01 | Tracer Detection Technology Corp. | Authentication method and system |
| US20040049471A1 (en) * | 2002-09-10 | 2004-03-11 | Pitney Bowes Incorporated | Method for processing and delivering registered mail |
| US8627939B1 (en) | 2002-09-25 | 2014-01-14 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US7167586B2 (en) * | 2002-09-30 | 2007-01-23 | Pitney Bowes Inc. | Method and system for remote form completion |
| US7343042B2 (en) * | 2002-09-30 | 2008-03-11 | Pitney Bowes Inc. | Method and system for identifying a paper form using a digital pen |
| US7417773B2 (en) | 2002-09-30 | 2008-08-26 | Pitney Bowes Inc. | Method and system for creating and sending a facsimile using a digital pen |
| US7110576B2 (en) * | 2002-12-30 | 2006-09-19 | Pitney Bowes Inc. | System and method for authenticating a mailpiece sender |
| SE0300585L (en) * | 2003-03-04 | 2004-09-05 | Anna Karin Saetherblom | Mailbox |
| US20050125345A1 (en) * | 2003-11-25 | 2005-06-09 | Pitney Bowes Incorporated | Early bill payment process |
| US7831519B2 (en) | 2003-12-17 | 2010-11-09 | First Data Corporation | Methods and systems for electromagnetic initiation of secure transactions |
| US8606697B2 (en) | 2004-06-17 | 2013-12-10 | Visa International Service Association | Method and system for providing buyer bank payable discounting services |
| US8037310B2 (en) * | 2004-11-30 | 2011-10-11 | Ricoh Co., Ltd. | Document authentication combining digital signature verification and visual comparison |
| US8005764B2 (en) * | 2004-12-08 | 2011-08-23 | Lockheed Martin Corporation | Automatic verification of postal indicia products |
| US8209267B2 (en) * | 2004-12-08 | 2012-06-26 | Lockheed Martin Corporation | Automatic revenue protection and adjustment of postal indicia products |
| US7937332B2 (en) * | 2004-12-08 | 2011-05-03 | Lockheed Martin Corporation | Automatic verification of postal indicia products |
| US7711639B2 (en) | 2005-01-12 | 2010-05-04 | Visa International | Pre-funding system and method |
| US20060173797A1 (en) * | 2005-01-31 | 2006-08-03 | Robert Sheehan | Method for tracking mail piece data |
| US7427025B2 (en) * | 2005-07-08 | 2008-09-23 | Lockheed Marlin Corp. | Automated postal voting system and method |
| FR2890771B1 (en) * | 2005-09-09 | 2007-12-14 | Neopost Ind Sa | METHOD AND SYSTEM FOR VALIDATION AND VERIFICATION OF POSTAL MAIL |
| WO2007033098A2 (en) * | 2005-09-12 | 2007-03-22 | United States Postal Service | Systems and methods for automated reconciliation of mail entry operations |
| US7664947B2 (en) * | 2005-10-12 | 2010-02-16 | The Boeing Company | Systems and methods for automated exchange of electronic mail encryption certificates |
| US7946406B2 (en) | 2005-11-12 | 2011-05-24 | Cummins-Allison Corp. | Coin processing device having a moveable coin receptacle station |
| US7980378B2 (en) | 2006-03-23 | 2011-07-19 | Cummins-Allison Corporation | Systems, apparatus, and methods for currency processing control and redemption |
| US20080149518A1 (en) * | 2006-07-26 | 2008-06-26 | Macor James J | Protection and authentication device for a collectable object |
| US7929749B1 (en) | 2006-09-25 | 2011-04-19 | Cummins-Allison Corp. | System and method for saving statistical data of currency bills in a currency processing device |
| US8818904B2 (en) | 2007-01-17 | 2014-08-26 | The Western Union Company | Generation systems and methods for transaction identifiers having biometric keys associated therewith |
| US7933835B2 (en) | 2007-01-17 | 2011-04-26 | The Western Union Company | Secure money transfer systems and methods using biometric keys associated therewith |
| US8417017B1 (en) | 2007-03-09 | 2013-04-09 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| WO2008112132A1 (en) | 2007-03-09 | 2008-09-18 | Cummins-Allison Corp. | Document imaging and processing system |
| US8538123B1 (en) | 2007-03-09 | 2013-09-17 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US8504473B2 (en) | 2007-03-28 | 2013-08-06 | The Western Union Company | Money transfer system and messaging system |
| US8676715B2 (en) * | 2007-06-06 | 2014-03-18 | Pitney Bowes Inc. | System and method for authenticating indicia using identity-based signature scheme |
| FR2918199B1 (en) † | 2007-06-26 | 2009-08-21 | Solystic Sas | METHOD FOR PROCESSING POSTAL SHIPMENTS THAT EXPLOIT THE VIRTUAL IDENTIFICATION OF SHIPMENTS WITH READRESSING |
| KR100943513B1 (en) * | 2007-09-13 | 2010-02-22 | 한국전자통신연구원 | System and method for planning and managing real-time postal delivery operation |
| US8085980B2 (en) * | 2008-08-13 | 2011-12-27 | Lockheed Martin Corporation | Mail piece identification using bin independent attributes |
| US20100100233A1 (en) * | 2008-10-22 | 2010-04-22 | Lockheed Martin Corporation | Universal intelligent postal identification code |
| US8291239B2 (en) * | 2008-11-25 | 2012-10-16 | Pitney Bowes Inc. | Method and system for authenticating senders and recipients in a carrier system and providing receipt of specified content by a recipient |
| US8391583B1 (en) | 2009-04-15 | 2013-03-05 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US8478019B1 (en) | 2009-04-15 | 2013-07-02 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US8929640B1 (en) | 2009-04-15 | 2015-01-06 | Cummins-Allison Corp. | Apparatus and system for imaging currency bills and financial documents and method for using the same |
| US8577335B2 (en) | 2011-06-08 | 2013-11-05 | Kitaru Innovations Inc. | Method and apparatus for tracking package deliveries |
| GB2501254A (en) * | 2012-04-16 | 2013-10-23 | Sean Reel | Method for paying for postage |
| US9141876B1 (en) | 2013-02-22 | 2015-09-22 | Cummins-Allison Corp. | Apparatus and system for processing currency bills and financial documents and method for using the same |
| US9276944B2 (en) * | 2013-03-13 | 2016-03-01 | International Business Machines Corporation | Generalized certificate use in policy-based secure messaging environments |
| US9116137B1 (en) | 2014-07-15 | 2015-08-25 | Leeo, Inc. | Selective electrical coupling based on environmental conditions |
| US10102566B2 (en) | 2014-09-08 | 2018-10-16 | Leeo, Icnc. | Alert-driven dynamic sensor-data sub-contracting |
| GB2535449A (en) * | 2015-02-05 | 2016-08-24 | Croft & Weston Ltd | Postal systems and methods |
| WO2017066724A1 (en) * | 2015-10-15 | 2017-04-20 | Leeo, Inc. | Devices, systems, and methods for delivering asset-monitoring tools |
| US9801013B2 (en) | 2015-11-06 | 2017-10-24 | Leeo, Inc. | Electronic-device association based on location duration |
| US10805775B2 (en) | 2015-11-06 | 2020-10-13 | Jon Castor | Electronic-device detection and activity association |
| CA3053960A1 (en) | 2017-03-06 | 2018-09-13 | United States Postal Service | System and method of providing informed delivery items using a hybrid-digital mailbox |
Family Cites Families (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US3978457A (en) * | 1974-12-23 | 1976-08-31 | Pitney-Bowes, Inc. | Microcomputerized electronic postage meter system |
| US4168533A (en) * | 1976-01-14 | 1979-09-18 | Pitney-Bowes, Inc. | Microcomputerized miniature postage meter |
| US4301507A (en) * | 1979-10-30 | 1981-11-17 | Pitney Bowes Inc. | Electronic postage meter having plural computing systems |
| US4579054A (en) * | 1982-12-08 | 1986-04-01 | Pitney Bowes Inc. | Stand-alone electronic mailing machine |
| US4493252A (en) * | 1983-03-09 | 1985-01-15 | Pitney Bowes Inc. | Postage printing apparatus having a movable print head in a print drum |
| US4743747A (en) * | 1985-08-06 | 1988-05-10 | Pitney Bowes Inc. | Postage and mailing information applying system |
| US4725718A (en) * | 1985-08-06 | 1988-02-16 | Pitney Bowes Inc. | Postage and mailing information applying system |
| US4831555A (en) * | 1985-08-06 | 1989-05-16 | Pitney Bowes Inc. | Unsecured postage applying system |
| US4775246A (en) * | 1985-04-17 | 1988-10-04 | Pitney Bowes Inc. | System for detecting unaccounted for printing in a value printing system |
| US4757537A (en) * | 1985-04-17 | 1988-07-12 | Pitney Bowes Inc. | System for detecting unaccounted for printing in a value printing system |
| US4796193A (en) * | 1986-07-07 | 1989-01-03 | Pitney Bowes Inc. | Postage payment system where accounting for postage payment occurs at a time subsequent to the printing of the postage and employing a visual marking imprinted on the mailpiece to show that accounting has occurred |
| US5375172A (en) * | 1986-07-07 | 1994-12-20 | Chrosny; Wojciech M. | Postage payment system employing encryption techniques and accounting for postage payment at a time subsequent to the printing of postage |
| US4813912A (en) * | 1986-09-02 | 1989-03-21 | Pitney Bowes Inc. | Secured printer for a value printing system |
| US5050213A (en) * | 1986-10-14 | 1991-09-17 | Electronic Publishing Resources, Inc. | Database usage metering and protection system and method |
| US4853961A (en) * | 1987-12-18 | 1989-08-01 | Pitney Bowes Inc. | Reliable document authentication system |
| US4873645A (en) * | 1987-12-18 | 1989-10-10 | Pitney Bowes, Inc. | Secure postage dispensing system |
| GB8804689D0 (en) * | 1988-02-29 | 1988-03-30 | Alcatel Business Systems | Franking system |
| US4888803A (en) * | 1988-09-26 | 1989-12-19 | Pitney Bowes Inc. | Method and apparatus for verifying a value for a batch of items |
| US5170044A (en) * | 1990-11-09 | 1992-12-08 | Pitney Bowes Inc. | Error tolerant 3x3 bit-map coding of binary data and method of decoding |
| US5073935A (en) * | 1990-12-17 | 1991-12-17 | Jose Pastor | Method for secure communication |
| US5142577A (en) * | 1990-12-17 | 1992-08-25 | Jose Pastor | Method and apparatus for authenticating messages |
| US5293319A (en) * | 1990-12-24 | 1994-03-08 | Pitney Bowes Inc. | Postage meter system |
| US5142579A (en) * | 1991-01-29 | 1992-08-25 | Anderson Walter M | Public key cryptographic system and method |
| US5390251A (en) * | 1993-10-08 | 1995-02-14 | Pitney Bowes Inc. | Mail processing system including data center verification for mailpieces |
-
1994
- 1994-07-05 US US08/270,555 patent/US5586036A/en not_active Expired - Lifetime
-
1995
- 1995-06-28 CA CA002152835A patent/CA2152835C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CA2152835A1 (en) | 1996-01-06 |
| US5586036A (en) | 1996-12-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2152835C (en) | Postage payment system with security for sensitive mailer data and enhanced carrier data functionality | |
| US5612889A (en) | Mail processing system with unique mailpiece authorization assigned in advance of mailpieces entering carrier service mail processing stream | |
| US5454038A (en) | Electronic data interchange postage evidencing system | |
| CA1301336C (en) | Postage payment system employing encryption techniques and accounting for postage payment at a time subsequent to the printing of postage | |
| US8027844B2 (en) | System and method for processing mail | |
| CA2391690A1 (en) | Method for authenticating mailpieces | |
| US6959292B1 (en) | Method and system for providing value-added services | |
| GB2293737A (en) | Postage evidencing system with encrypted hash summary reports | |
| US20080109359A1 (en) | Value Transfer Center System | |
| GB2410362A (en) | Postage mark | |
| GB2376334A (en) | Authenticating postage marks | |
| CA2419735A1 (en) | Mail processing system with unique mailpiece authorization assigned in advance of mailpieces entering carrier service mail processing stream | |
| WO2001020464A1 (en) | Payment system and method | |
| GB2376333A (en) | Authenticating postage marks | |
| GB2372245A (en) | Orientating mail using postage marks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKEX | Expiry |
Effective date: 20150629 |