Abstract: A method of authenticating a PSD and an initializing infrastructure that uses a secret key, a PSD public/private key pair and a provider public/private key pair. The infrastructure prepares a signed provider key record using the provider public key and the provider private key and a first MAC using the signed provider key record and the secret key. Both are sent to the PSD. The PSD authenticates the signed provider key record using the first MAC and the provider public key using the included digital signature. The PSD prepares a signed PSD key record using the PSD public key and the PSD private key and a second MAC using the signed PSD key record and the secret key. Both are sent to the infrastructure. The infrastructure authenticates the signed PSD key record using the second MAC and the PSD public key using the included digital signature.

Abstract: A mailing machine that optimizes throughput by reducing the amount of time necessary for the PSD to generate the digital signature and indicium for each mail piece is provided. The debit operation performed by the PSD, i.e., adjusting the PSD registers, is separated into three different sections, a pre-debit operation, a perform debit operation, and a complete debit operation. In addition, the calculation of the digital signature can optionally be pre-computed, or, alternatively, computed in stages, i.e., partial signature calculation. Utilizing this granularity, the cryptographic operations associated with generating the digital signature can be shifted between the three debit operations such that the execution time of the time critical portion of the debit operation (perform debit) can be optimized to meet the performance requirements of the mailing machine in which the PSD is deployed.

Abstract: A method includes configuring a flash memory device including a first memory sector having a primary memory sector correspondence, a second memory sector having an alternate memory sector correspondence, and a third memory sector having a free memory sector correspondence, copying a portion of the primary memory sector to the free memory sector, erasing the primary memory sector, and changing a correspondence of each of the first memory sector, the second memory sector, and the third memory sector.

Abstract: A method includes configuring a flash memory device including a first memory sector having a primary memory sector correspondence, a second memory sector having an alternate memory sector correspondence, and a third memory sector having a free memory sector correspondence, copying a portion of the primary memory sector to the free memory sector, erasing the primary memory sector, and changing a correspondence of each of the first memory sector, the second memory sector, and the third memory sector.

Abstract: A method and system that increases the throughput of a mailing machine by continuously computing indicia prior to and during mail processing is provided. The indicia generation process is divided into two distinct parts, cryptographic calculation and funds committal/printing. Indicium data are continuously computed, asynchronously with the printing of the indicia, and stored in a buffer until needed. This enables several indicium data to be computed and stored prior to processing of a mail piece by the mailing machine. Prior to printing an indicium on a mail piece, the funds for the indicium are accounted for by updating the registers of the mailing machine. Since a number of indicium data may be pre-computed prior to the start of processing the mail through the mailing machine, the throughput of the mailing machine can be increased.

Abstract: A method and system that protects against a replay attack in a closed system postage meter is provided. “Freshness” data is included along with each indicium message sent from the meter to the printer, thereby enabling the printer to detect “stale” indicium data, i.e., indicium data that was previously generated and is being replayed, and prohibit the printing of duplicate indicia. The freshness data includes a random nonce generated by the printer during initialization along with sequence data that the printer can verify against sequence data from the previous printed indicium. If in the current indicium message the nonce is different or the current sequence data is not greater than or equal to the sequence data from the previous printed indicium, indicating the current indicium data may have been previously generated and is a replay, the printer will not print the current indicium data.

Abstract: In a value dispensing system, a system and method for securely loading and executing software in a secure device that does not include any non-volatile programmable memory is provided. A non-secure portion of the value dispensing system stores software for loading into the secure portion when needed. Commands being sent to the secure printer are monitored to determine if the secure has the necessary software to execute the command. If the secure device currently does not have the necessary software to execute the command, the command is delayed and the proper software is loaded from the non-secure portion to the RAM of the secure device. A signature associated with the software is verified to ensure the authenticity of the software. If the signature is verified, the command is passed to the secure device, and, utilizing the software in the RAM, the command is executed by the secure device.

Abstract: A mailing machine that optimizes throughput by reducing the amount of time necessary for the PSD to generate the digital signature and indicium for each mail piece is provided. The debit operation performed by the PSD, i.e., adjusting the PSD registers, is separated into three different sections, a pre-debit operation, a perform debit operation, and a complete debit operation. In addition, the calculation of the digital signature can optionally be pre-computed, or, alternatively, computed in stages, i.e., partial signature calculation. Utilizing this granularity, the cryptographic operations associated with generating the digital signature can be shifted between the three debit operations such that the execution time of the time critical portion of the debit operation (perform debit) can be optimized to meet the performance requirements of the mailing machine in which the PSD is deployed.

Abstract: In accordance with an exemplary embodiment of the invention, a method includes storing at least one data element in an external memory located outside of a security boundary, and executing a validation algorithm within the security boundary to repeatedly validate the at least one data element. The validation algorithm includes validating a size of the at least one data element, validating a hash of the at least one data element, and validating a signature of a hash file comprising information corresponding to the at least one data element.

Abstract: A method includes configuring a flash memory device including a first memory sector having a primary memory sector correspondence, a second memory sector having an alternate memory sector correspondence, and a third memory sector having a free memory sector correspondence, copying a portion of the primary memory sector to the free memory sector, erasing the primary memory sector, and changing a correspondence of each of the first memory sector, the second memory sector, and the third memory sector.

Abstract: In a value dispensing system, a system and method for securely loading and executing software in a secure device that does not include any non-volatile programmable memory is provided. A non-secure portion of the value dispensing system stores software for loading into the secure portion when needed. Commands being sent to the secure printer are monitored to determine if the secure has the necessary software to execute the command. If the secure device currently does not have the necessary software to execute the command, the command is delayed and the proper software is loaded from the non-secure portion to the RAM of the secure device. A signature associated with the software is verified to ensure the authenticity of the software. If the signature is verified, the command is passed to the secure device, and, utilizing the software in the RAM, the command is executed by the secure device.

Abstract: A method and system that protects against a replay attack in a closed system postage meter is provided. “Freshness” data is included along with each indicium message sent from the meter to the printer, thereby enabling the printer to detect “stale” indicium data, i.e., indicium data that was previously generated and is being replayed, and prohibit the printing of duplicate indicia. The freshness data includes a random nonce generated by the printer during initialization along with sequence data that the printer can verify against sequence data from the previous printed indicium. If in the current indicium message the nonce is different or the current sequence data is not greater than or equal to the sequence data from the previous printed indicium, indicating the current indicium data may have been previously generated and is a replay, the printer will not print the current indicium data.

Abstract: A method and system that protects against a parallel printing attack is provided. During initialization of a printer and a meter, the printer provides the meter with an identification number. The identification number can be a serial number or the like, or a random number generated by the printer. The meter includes the identification number in each indicium message sent to the printer and optionally signs the message. When the printer receives an indicium message, it will compare the identification number in the indicium message to its own identification number. If the identification number is identical, the printer will print the indicium. If the identification number is not identical or the signature does not verify, the printer will not print the indicium. Thus, only the printer connected to the meter during initialization of the system will be able to print indicia generated during that session.

Abstract: A method and system for printing a 2D-barcode corresponding to a binary data array and a substrate imprinted with such barcode. The barcode has I first columns of modules and J rows of modules transverse to columns. Each module having a one-to-one correspondence with a bit in a data array and comprising X columns and Y rows of pixels.

Abstract: A mailing machine that optimizes throughput by reducing the amount of time necessary for the PSD to generate the digital signature and indicium for each mail piece is provided. The debit operation performed by the PSD, i.e., adjusting the PSD registers, is separated into three different sections, a pre-debit operation, a perform debit operation, and a complete debit operation. In addition, the calculation of the digital signature can optionally be pre-computed, or, alternatively, computed in stages, i.e., partial signature calculation. Utilizing this granularity, the cryptographic operations associated with generating the digital signature can be shifted between the three debit operations such that the execution time of the time critical portion of the debit operation (perform debit) can be optimized to meet the performance requirements of the mailing machine in which the PSD is deployed.

Abstract: A method and system for printing a 2D-barcode corresponding to a binary data array and a substrate imprinted with such barcode. The barcode has I first columns of modules and J rows of modules transverse to columns. Each module having a one-to-one correspondence with a bit in a data array and comprising X columns and Y rows of pixels.