Abstract: In a secure cryptographic environment, a private key in a private/public key cryptographic scheme needs to be backed up and recovered in case of a loss or corruption of the private key. To back up the private key, multiple key segments are generated based on the private key which are distributed to a corresponding number of trusted individuals, each of whom has knowledge of only his or her key segment. The key can be restored only when all of the trusted individuals provide the respective key segments, based on which the original private key is reconstructed. In addition, each trusted individual is uniquely identifiable by a personal identification number. Advantageously, the private key which is secret can be backed up and restored without any individual having knowledge of the full key.

Abstract: In a postage meter system (FIG. 2), a user enters information,indicative of a batch of mail pieces to be franked (30). The mail pieces are franked(31), and when the batch is completed, data relating to the batch are made the subject of a cryptographic engine(33). The data digitally signed, or a message authentication code (MAC) is derived, all in a postal security device (PSD)(32). The data are communicated(34), preferably by means of public-key cryptography(35). These data are then made available to the postal authority in a secure way.

Abstract: A method for securely generating a PIN comprises generating a number of random binary bits; determining the least significant bits of the number of bits; converting the least significant bits to a decimal integer; shifting the value of the integer by a predetermined constant to produce a shifted integer; and encoding the shifted integer as bits in a PIN block in accordance with a standard. A method for managing security of a PIN used to provide access to a secure device comprising choosing the PIN; storing an encrypted version of the PIN in the device; and communicating the PIN to a user of the device via a communication channel separate and apart from a channel reset to provide the device to the user.

Abstract: In a postage meter system (FIG. 2), a user enters information,indicative of a batch of mail pieces to be franked (30). The mail pieces are franked(31), and when the batch is completed, data relating to the batch are made the subject of a cryptographic engine(33). The data digitally signed, or a message authentication code (MAC) is derived, all in a postal security device (PSD)(32). The data are communicated(34), preferably by means of public-key cryptography(35). These data are then made available to the postal authority in a secure way.

Abstract: In a postage meter system, a user enters information indicative of a batch of mail pieces to be franked. The mail pieces are franked, and when the batch is completed, data relating to the batch are made the subject of a cryptographic engine. The data are digitally signed, or a message authentication code (MAC) is derived, all in a postal security device (PSD). The data are communicated to a server, where the data are authenticated, preferably by means of public-key cryptographic means. These data are then made available to the postal authority in a secure way. Customer accounting is based on statistical data gathered by the postage printing base. Such data may be accumulated and stored in the PSD or in the postage printing base outside of the PSD. The cryptographic protection inherent in the PSD, of the sensitive data, effectively detects or prevents tampering. In addition effective backup and recovery mechanisms may be put into place to protect customer as well as third-party interests.