For protecting confidential information in a printed document, the invention provides a system and method for, on one hand, encrypting the confidential content of the document and then printing the part or parts of the document with confidential information in an encrypted form and the rest of the document in a non-encrypted form, and, on the other hand, decrypting the encrypted document content for display and use or for printing. In addition, for preventing unauthorized copying and tampering of a printed document, the invention provides a system and method for managing a unique tag, which is attached to the document and which authenticates the document.

A goods processing apparatus includes a controller including a program memory, a security module, a first communication interface that is configured to, in cooperation with the security module, securely communicate with a remote server, and an acoustic output device electrically connected with the controller and configured to output audio files or sound files. The security module and the first communication interface can be electrically connected with the controller. The program memory may store a program to control the acoustic output via the acoustic output device. The program can facilitate external commands being transmitted from the remote server, or from one or more other internet sources, to the controller. Via security measures, operational security of the goods processing apparatus is prevented from being negatively affected, or harmful code is prevented from being transmitted to controller.

Systems and methods which are adapted to generate multiple indicia in a single secure environment session are described. Embodiments provide for generation of a plurality of postage indicia in a single postage security device (PSD) transaction, whereby the PSD loads and unloads corresponding virtual PSD information a single time for generating the plurality of postage indicia (i.e., in a single secure environment session). The indicia generated in a same secure environment session according to embodiments of the invention may comprise a plurality of indicia requested by a same, single user. Additionally or alternatively, the indicia generated in the same secure environment session may comprise a plurality of indicia requested by multiple different users.

The present invention is directed to systems and methods which identify fraudulent situations during the transaction phase. In one embodiment, such detection is accomplished by monitoring for situations either outside the range of normal for the general population or outside the range of normal for this particular user. The normal range could be rule driven and, for example, could include size of a given purchase, frequency of purchases, identity of use equipment being utilized for the current transaction, etc. The rule could be relaxed or tightened, at least in part, based on the length of time that the user has been a customer and the user's past payment history. In one embodiment, device ids are used to detect fraudulent users. These device (or software) ids could, for example, be a “fingerprint” of the user's equipment, or a “cookie” previously downloaded to the user that identifies the user to the fulfillment system. In situations where fraud is detected downloading the value to the user is interrupted.

A method is described for biometric enrolment of a biometrically authorisable device having a biometric sensor for identification of an authorised user and a processor capable of permitting access to one or more secure feature(s) based on authentication of the user's identity. The enrolment method includes mounting the biometrically authorisable device to a holder in order to form an enrolment system arranged to be delivered to the end user by mail. The holder has a power source such that during delivery the supply of power is deactivated and the holder includes a switching arrangement configured to activate the supply of power in response to manipulation of the holder. The enrolment system is delivered to the user and the supply of power is activated in response to manipulation of the holder by the user.

A postage generating system and method that allows for the generation of postage without the use of a PSD, while still maintaining the necessary data integrity and non-repudiation aspects. The cryptographic and accounting functions are performed separately when an indicium is generated and reconciled to ensure that every transaction is properly accounted for and funds are deducted from the user's account. The cryptographic functions for an indicium are performed utilizing a cloud-based Hardware Security Module (HSM). Transaction records for indicium generated by an HSM are stored in a database. The accounting is performed by a transaction server, separate and remote from the HSM, to make updates to the client's account to account for generated indicia. An Integrity Monitor Server monitors the consistency of the transactions, i.e., that every transaction performed by an HSM is properly accounted for by the transaction server and funds are deducted from the user's account.

Postage generation and management systems are provided in which hardware security modules (HSMs) are used to perform cryptographic operations instead of conventional postal security devices. Virtual PSD data is stored in a database and processed by the HSMs, allowing for improved security and scalability.

In order to prevent stamps or indicia from being forged and in order to bill a logistics service between different postal service providers correctly to the user, a computer-implemented method for franking postal articles is implemented. The article's progress is recorded by readers and, together with the accompanying franking identification, is stored in blocks of a blockchain as a transaction. In doing so, the assignment of the readers to a postal service provider is recorded. The logistics service provided is billed correctly to the user by analyzing the transactions stored in the blockchain that are to be allocated to at least one postal service provider.

The present invention is directed to systems and methods which identify fraudulent situations during the transaction phase. In one embodiment, such detection is accomplished by monitoring for situations either outside the range of normal for the general population or outside the range of normal for this particular user. The normal range could be rule driven and, for example, could include size of a given purchase, frequency of purchases, identity the equipment being utilized for the current transaction, etc. The rule could be relaxed or tightened, at least in part, based on the length of time that the user has been a customer and the user's past payment history. In one embodiment, device ids are used to detect fraudulent users. These device (or software) ids could, for example, be a fingerprint of the user's equipment, or a cookie previously downloaded to the user that identifies the user to the fulfillment system. In situations where fraud is detected downloading the value to the user is interrupted.

Embodiments of the invention are directed to systems, methods, and computer program products for layering authorization of resource distribution documents within an entity. In this way, the invention generates a multi-step layering process for resource distribution document generation. As such, each individual involved in resource distribution document generation process may add a unique layer to the resource distribution document prior to being authorized for use. Once the several layers have all been applied to the resource distribution document, the document becomes authenticated and approved for use. In some embodiments, the layers may include physical layers on the resource distribution document, such as account numbers, signature lines or the like. In some embodiments, the layers may include digital layers that combine to create a digital or physical marking on the resource distribution document identifying authentication for depositing.