Systems and methods for detecting postage fraud using an indexed lookup procedure
10783719 ยท 2020-09-22
Assignee
Inventors
Cpc classification
International classification
Abstract
A method and system for detecting postage fraud using an indexed lookup procedure is provided. The method includes generating, at a postage-issuing computer system, a unique postage indicium associated with a unique tracking number allocated to a postage transaction. The unique tracking number provides a mail piece tracking capability within the United States Postal Service (USPS). The method further includes indexing the postage transaction with the unique tracking number; and receiving, at the postage-issuing computer system, a request to validate a printed postage indicium carried on a mail piece received at the USPS. The request includes a tracking number identified from information further carried on the mail piece. The method also includes returning, to the USPS and in response to the request, a determination indicating whether the tracking number in the request matches any records stored in a transaction database.
Claims
1. A method for facilitating cryptographic-based generation and validation of postage indicia, comprising: obtaining, at a postage-issuing computer system associated with a postage vendor, a tracking number unique within the United States Postal Service (USPS), wherein the unique tracking number is allocated to a postage transaction and enables a mail piece associated with the postage transaction to be tracked within the USPS; generating, at the postage-issuing computer system, a digital signature based on at least (i) the unique tracking number, (ii) other information for a unique postage indicium, and (iii) a private key of a public/private key pair associated with the postage vendor such that digital integrity of both the unique tracking number and the other information for the unique postage indicium is verifiable using (i) the digital signature and (ii) a public key of the public/private key pair; generating, at the postage-issuing computer system, data representing the unique postage indicium such that the unique postage indicium data includes (i) the unique tracking number allocated to the postage transaction, (ii) the other information for the unique postage indicium, and (iii) the digital signature; causing, by the postage-issuing computer system, an end-user computer to be enabled to print the unique postage indicium as a first bar code on a first mail piece and the unique tracking number allocated to the postage transaction as a second bar code on a different portion of the first mail piece than the first bar code such that the unique tracking number is represented at least twice on the first mail piece; and performing, at the postage-issuing computer system, validation of a printed postage indicium carried on a mail piece received at the USPS, wherein the performance of the validation comprises: obtaining data representing the printed postage indicium, wherein the printed postage indicium data includes (i) a purported tracking number, (ii) other information for the printed postage indicium, and (iii) a purported digital signature for the printed postage indicium; using the public key of the public/private key pair associated with the postage vendor to determine whether the purported digital signature for the printed postage indicium is valid; and providing an indication that the printed postage indicium is valid responsive to a determination that the purported digital signature is valid and that the purported tracking number matches the unique tracking number allocated to the postage transaction.
2. The method of claim 1, wherein the printed postage indicium includes a printed bar code that represents (i) the purported tracking number, (ii) the other information for the printed postage indicium, and (iii) the purported digital signature, and wherein the information corresponding to the printed postage indicium is obtained from the printed bar code.
3. The method of claim 1, wherein the unique tracking number allocated to the postage transaction is obtained from the USPS.
4. The method of claim 1, the method further comprising: selecting, at the postage-issuing computer system, the unique tracking number to be allocated to the postage transaction from a pool of unassigned tracking numbers; and causing, by the postage-issuing computer system, the pool of unassigned tracking numbers to be updated by periodically downloading unassigned tracking numbers from the USPS.
5. The method of claim 1, wherein the unique tracking number allocated to the postage transaction is unique within the USPS to the postage transaction for at least one year.
6. The method of claim 1, wherein the other information for the unique postage indicium includes an identification number of the postage vendor, a user account for which the unique postage indicium is issued, and a piece count serial number corresponding to the unique postage indicium and specific to the user account, and wherein the digital signature is generated based on at least (i) the unique tracking number, (ii) the identification number of the postage vendor, (iii) the user account for which the unique postage indicium is issued, (iv) the piece count serial number, and (v) the private key of the public/private key pair associated with the postage vendor.
7. The method of claim 1, wherein the first bar code is at least one of a one-dimensional bar code or a two-dimensional bar that represents (i) the unique tracking number allocated to the postage transaction, (ii) the other information for the unique postage indicium, and (iii) the digital signature.
8. The method of claim 1, further comprising: causing, by the postage-issuing computer system, a refund related to a refund request to be issued responsive to a determination that the purported digital signature is valid and that the purported tracking number matches the unique tracking number allocated to the postage transaction.
9. The method of claim 1, wherein the indication that the printed postage indicium is valid is provided further responsive to a determination that the unique tracking number allocated to the postage transaction has not been used on a mail piece previously handled by the USPS, the method further comprising: providing, by the postage-issuing computer system, an indication that the printed postage indicium is invalid responsive to a determination that the purported digital signature is invalid, that the purported tracking number does not match any valid tracking number stored in a transaction database, or that the purported tracking number has been used on another mail piece previously handled by the USPS.
10. A postage-issuing computer system for facilitating cryptographic-based generation and validation of postage indicia, the postage-issuing computer system being associated with a postage vendor and comprising one or more processors configured to: obtain a tracking number unique within the United States Postal Service (USPS), wherein the unique tracking number is allocated to a postage transaction and enables a mail piece associated with the postage transaction to be tracked within the USPS; generate a digital signature based on at least (i) the unique tracking number, (ii) other information for a unique postage indicium, and (iii) a private key of a public/private key pair associated with the postage vendor such that digital integrity of both the unique tracking number and the other information for the unique postage indicium is verifiable using (i) the digital signature and (ii) a public key of the public/private key pair; generate data representing the unique postage indicium such that the unique postage indicium data includes (i) the unique tracking number allocated to the postage transaction, (ii) the other information for the unique postage indicium, and (iii) the digital signature; causing, by the postage-issuing computer system, an end-user computer to be enabled to print the unique postage indicium as a first bar code on a first mail piece and the unique tracking number allocated to the postage transaction as a second bar code on a different portion of the first mail piece than the first bar code such that the unique tracking number is represented at least twice on the first mail piece; and perform validation of a printed postage indicium carried on a mail piece received at the USPS, wherein the performance of the validation comprises: obtaining data representing the printed postage indicium, wherein the printed postage indicium data includes (i) a purported tracking number, (ii) other information for the printed postage indicium, and (iii) a purported digital signature for the printed postage indicium; using the public key of the public/private key pair associated with the postage vendor to determine whether the purported digital signature for the printed postage indicium is valid; and providing an indication that the printed postage indicium is valid responsive to a determination that the purported digital signature is valid and that the purported tracking number matches the unique tracking number allocated to the postage transaction.
11. The system of claim 10, wherein the printed postage indicium includes a printed bar code that represents (i) the purported tracking number, (ii) the other information for the printed postage indicium, and (iii) the purported digital signature, and wherein the information corresponding to the printed postage indicium is obtained from the printed bar code.
12. The system of claim 10, wherein the unique tracking number allocated to the postage transaction is obtained from the USPS.
13. The system of claim 10, wherein the one or more processors are further configured to: select the unique tracking number to be allocated to the postage transaction from a pool of unassigned tracking numbers; and cause the pool of unassigned tracking numbers to be updated by periodically downloading unassigned tracking numbers from the USPS.
14. The system of claim 10, wherein the unique tracking number allocated to the postage transaction is unique within the USPS to the postage transaction for at least one year.
15. The system of claim 10, wherein the other information for the unique postage indicium includes an identification number of the postage vendor, a user account for which the unique postage indicium is issued, and a piece count serial number corresponding to the unique postage indicium and specific to the user account, and wherein the digital signature is generated based on at least (i) the unique tracking number, (ii) the identification number of the postage vendor, (iii) the user account for which the unique postage indicium is issued, (iv) the piece count serial number, and (v) the private key of the public/private key pair associated with the postage vendor.
16. The system of claim 10, wherein the first bar code is at least one of a one-dimensional bar code or a two-dimensional bar that represents (i) the unique tracking number allocated to the postage transaction, (ii) the other information for the unique postage indicium, and (iii) the digital signature.
17. The system of claim 10, wherein the one or more processors are further configured to: cause a refund related to a refund request to be issued responsive to a determination that the purported digital signature is valid and that the purported tracking number matches the unique tracking number allocated to the postage transaction.
18. The system of claim 10, wherein the indication that the printed postage indicium is valid is provided further responsive to a determination that the unique tracking number allocated to the postage transaction has not been used on a mail piece previously handled by the USPS, and wherein the one or more processors are further configured to: provide an indication that the printed postage indicium is invalid responsive to a determination that the purported digital signature is invalid, that the purported tracking number does not match any valid tracking number stored in a transaction database, or that the purported tracking number has been used on another mail piece previously handled by the USPS.
19. A method for facilitating cryptographic-based generation and validation of postage indicia, comprising: obtaining, at a postage-issuing computer system associated with a postage vendor, a tracking number unique within the United States Postal Service (USPS), wherein the unique tracking number is allocated to a postage transaction and enables a mail piece associated with the postage transaction to be tracked within the USPS; generating, at a postage-issuing computer system, a digital signature based on at least (i) the unique tracking number, (ii) other information for a unique postage indicium, and (iii) a private key of a public/private key pair associated with the postage vendor such that digital integrity of both the unique tracking number and the other information for the unique postage indicium is verifiable using (i) the digital signature and (ii) a public key of the public/private key pair; generating, at the postage-issuing computer system, data representing the unique postage indicium such that the unique postage indicium data includes (i) the unique tracking number allocated to the postage transaction, (ii) the other information for the unique postage indicium, and (iii) the digital signature; obtaining, at the postage-issuing computer system, a request to validate a subject postage indicium and, responsive to the validation request, performing, at the postage-issuing computer system, validation of the subject postage indicium, wherein the performance of the validation comprises: obtaining data representing the subject postage indicium, wherein the subject postage indicium data includes (i) a purported tracking number, (ii) other information for the subject postage indicium, and (iii) a purported digital signature for the subject postage indicium; using a public key of the public/private key pair associated with the postage vendor to determine whether the purported digital signature for the printed postage indicium is valid; and providing an indication that the subject postage indicium is valid responsive to a determination that the purported digital signature is valid, that the purported tracking number matches the unique tracking number allocated to the postage transaction, and that the unique tracking number allocated to the postage transaction has not been used on a mail piece previously handled by the USPS.
20. A postage-issuing computer system for facilitating cryptographic-based generation and validation of postage indicia, the postage-issuing computer system being associated with a postage vendor and comprising one or more processors configured to: obtain a tracking number unique within the United States Postal Service, wherein the unique tracking number is allocated to a postage transaction and enables a mail piece associated with the postage transaction to be tracked within the USPS; generate a digital signature based on at least (i) the unique tracking number, (ii) other information for a unique postage indicium, and (iii) a private key of a public/private key pair associated with the postage vendor such that digital integrity of both the unique tracking number and the other information for the unique postage indicium is verifiable using (i) the digital signature and (ii) a public key of the public/private key pair; generate data representing the unique postage indicium such that the unique postage indicium data includes (i) the unique tracking number allocated to the postage transaction, (ii) the other information for the unique postage indicium, and (iii) the digital signature; obtain a request to validate a subject postage indicium and, responsive to the validation request, performing, at the postage-issuing computer system, validation of the subject postage indicium, wherein the performance of the validation comprises: obtaining data representing the subject postage indicium, wherein the subject postage indicium data includes (i) a purported tracking number, (ii) other information for the subject postage indicium, and (iii) a purported digital signature for the subject postage indicium; using a public key of the public/private key pair associated with the postage vendor to determine whether the purported digital signature for the printed postage indicium is valid; and providing an indication that the subject postage indicium is valid responsive to a determination that the purported digital signature is valid, that the purported tracking number matches the unique tracking number allocated to the postage transaction, and that the unique tracking number allocated to the postage transaction has not been used on a mail piece previously handled by the USPS.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1) In order to better appreciate how the above-recited and other advantages and objects of the present inventions are obtained, a more particular description of the present inventions briefly described above will be rendered by reference to specific embodiments thereof, which are illustrated in the accompanying drawings. Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)
(13)
(14)
(15)
(16)
(17)
(18)
(19)
(20)
(21)
(22)
(23)
(24)
(25)
(26)
(27)
(28)
(29)
(30)
(31)
(32)
(33)
(34)
(35)
(36)
(37)
(38)
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
(39) The present invention is directed to a postage indicia tracking system for generating self-validating unique postage indicia that can be validated by a postal authority (such as, e.g., the United Stated Postal Service (USPS), United Parcel Service (UPS), Federal Express (FedEx), etc.) for various purposes (such as, e.g., detecting copy fraud, postage counterfeiting, refund facilitation, etc.).
(40) Referring to
(41) Like the prior art envelope 102 shown in
(42) The standard tracking identifiers 218 currently used on these USPS labels, however, are not suitable for preventing postage fraud, since one can easily duplicate the postage indicia, while using different tracking identifiers 218 (perhaps on a separate label), effectively covering up the copy fraud. To facilitate in detecting fraud, the self-validating unique postage indicium 204 has been modified to include a unique identifier. As will be described in further detail below, the unique identifier can be composed of, e.g., the same tracking identifier 218 that is provided at the bottom right corner of the label 200. In this case, the unique identifier contained within the self-validating unique postage indicium 204 can be used to validate the standard tracking identifier 218, and can thus be relied upon to detect copy fraud in a stand-alone verification system. If a standard tracking identifier 218 is not used on the label 200 (e.g., if the mail piece is being shipped via first class mail), the unique identifier can be composed of the piece count or ascending register in combination with the postage vendor ID and user account number. In this case, detection of copy fraud can be ensured in a stand-alone verification system only if 100% of the postage indicia are scanned. It is noted that a tracking identifier provides uniqueness with a single string of numbers, whereas a postage vendor ID/user account/piece count (or ascending register) combination provides uniqueness with two strings of numbers. To this extent, the tracking identifier, when available, is more advantageous to use, not only because it can detect copy fraud with respect to a single mail piece even if less than 100% of the postage indicia is scanned, but also because it can simply accomplish this with a single unique string of characters. As will be described in further detail below, however, use of the postage vendor ID/user account/piece count (or ascending register) combination as the unique identifier can be advantageously used to detect postal fraud in a non-stand-alone verification system even if 100% of the mail pieces are not scanned.
(43) Referring to
(44) To this end, the postage system 300 generally comprises a centralized postage indicia generation system 302, which includes a multitude of centralized postage-issuing computer systems 305/306/307 (referred to as central computer systems in the figures), each of which communicates with a multitude of end user computers 308. The postage system 300 also generally comprises a postal service 304, which includes a master tracking computer system 310 and a postage validation computer system 312. As will be described in further detail below, the different configurations of centralized postage-issuing computer systems 305/306/307 represent different means for issuing the tracking identifiers to the end user computers 308. As illustrated, the centralized postage-issuing computer systems 305/306/307, end user computers 308, master tracking computer system 310, and postage validation computer system 312 variously communicate with each other over communications links 314-322, each of which may represent, e.g., a LAN, Internet, or telephone network). It should be noted that, in the illustrated embodiment, communications among the end user computers 308, centralized postage-issuing computer system 305/306/307, master tracking computer system 310, and postage validation computer system 312 over the various links are generally secured by use of session encryption/decryption technology. The software and processes used to implement this technology is described in detail in U.S. Pat. No. 6,005,945, which has previously been incorporated herein by reference.
(45) In the illustrated embodiment, each end user computer 308 is owned and operated by a client of a postal vendor, and is the principal device for preparing mail pieces by printing the tracking identifiers and self-validating unique postage indicia on the mail pieces when received by the centralized postage-issuing computer system 305/306/307. Each centralized postage-issuing computer system 305/306/307 is owned and operated by a postal vendor and is the principal device that dispenses unique postage indicia to the end user computers 308 over communications links 314 in response to requests by the end user computers 308. As will be described in further detail below, the self-validating unique postage indicia contain identifiers that are unique within the postal service 304. Thus, at least for a significant period of time, e.g., one year, no two unique identifiers will be identical, thereby providing a reliable means for detecting mail fraud. The unique identifiers can be composed of numbers, letters, or a combination. As previously discussed, however, these unique identifiers are preferably tracking identifiers.
(46) The centralized postage-issuing computer systems 306 and 307 are also the principal devices that directly transmit tracking identifiers to the end user computers 308 over communications links 314 in response to requests by the end user computers 308. This configuration is used when the end user computers 308 do not directly obtain the tracking identifiers from the master tracking computer system 310. The centralized postage-issuing computer systems 306 and 307 differ from each other in that the centralized postage-issuing computer system 306 merely acts as a vehicle for passing on tracking identifiers issued by the master tracking computer system 310 to the end user computers 308, whereas the centralized postage-issuing computer system 307 actually issues tracking identifiers from a previously stored pool of unassigned tracking identifiers, which are periodically downloaded from the master tracking computer system 310. In contrast to the centralized postage-issuing computer systems 306/307, the centralized postage-issuing computer system 305 does not take part in the tracking identifier issuing process. In this case, it is the master tracking computer system 310, rather than the centralized postage-issuing computer system 305, that transmits tracking identifiers to the end user computers 308 over communications links 322 in response to requests by the end user computers 308.
(47) In the illustrated embodiment, the master tracking computer system 310 is owned and operated by a postal authority (such as, e.g., the USPS), and is the principal device for allocating tracking identifiers either directly to the end user computers 308 over communications links 322, or directly to the centralized postage-issuing computer systems 306 or 307 over communications links 316, which then ultimately be transmitted to the end user computers 308 over the communications links 314. In an alternative embodiment, the master tracking computer system 310 is operated outside of the postal service 304. Because the USPS currently maintains such a master tracking service, however, it is preferable that the master tracking computer system 310 be contained within the postal service 304. The postage validation computer system 312 is owned and operated by the postal authority, and is the principal device for verifying the postage on mail pieces. Although in the illustrated embodiment, the postage validation computer system 312 performs stand-alone verification, if additional validating information is needed, the postage validation computer system 312 may optionally receive end user information from the centralized postage-issuing computer system 305/306/307 over communications links 318, or postage information associated with the tracking identifiers from the master tracking computer system 310 over communications links 320.
(48) Turning now to
(49) The mail handling modules 412 include a tracking identifier request module 414, postage indicia request module 416, communications module 418, tracking identifier printing module 420, and postage indicia printing module 422. The tracking identifier request module 414 is configured for generating a request for a unique tracking identifier. In the illustrated embodiment, this request takes the form of a query stream (e.g., in Extensible Markup Language (XML) format), and contains postage information to be associated with the unique tracking identifier, (such as, e.g., an Application D Program Interface (API) user account ID and password, destination address for the mail piece, sender's complete address, weight of the mail piece, service class, and the amount of postage). The postage indicia request module 416 is configured for generating a request for a self-validating unique postage indicium. In the illustrated embodiment, this request takes the form of a query stream (e.g., in XML format), and contains information specific to the immediate postage dispensing transaction (such as, e.g., the user's meter or account ID, the user account password, postage requested, service class, optional data advance, and ZIP+4+2 of the delivery address). If used in conjunction with the tracking identifier request module 414, the request generated by the postage indicia request module 416 will also contain the unique tracking identifier when received from the centralized postage-issuing computer system 305/306/307.
(50) The communications module 418 is configured for handling communications with the centralized postage-issuing computer system 305/306/307 over the communications link 314 (such as, e.g., transmitting tracking identifier requests and postage indicium requests and receiving tracking identifiers and self-validating unique postage indicia in response thereto). The communications module 418 is also configured for handling communications with the master tracking computer system 310 over the communications link 322 (such as, e.g., transmitting tracking identifier requests and receiving tracking identifiers in response thereto). It should be noted that the USPS currently provides a tracking identifier service called Webtools Shipping API, which allows end user computer 308 to obtain unique tracking identifiers directly from its server. The tracking identifier printing module 420 is configured for printing the one-dimensional barcode 220 corresponding to the tracking identifier received from the centralized postage-issuing computer system 306/307 on the label 200. The postage indicia printing module 422 is configured for printing on the label 200 the two-dimensional barcode 206 corresponding to the self-validating unique postage indicium A) received from the centralized postage-issuing computer system 305/306/307.
(51) Referring specifically to
(52) For example, the customer database 428 may contain the following information: meter/license number, account status (active, hold, canceled, etc.), account name, account password (typically encrypted), user's name, user's company, user's street address, user's city, user's state, user's postal code, descending balance, ascending balance, current piece count (last serial number used), origin/finance ZIPS (for US Market), origin/finance city, origin/finance state, date initially placed in service, date of last transaction, maximum postage allowable per self-validating unique postage indicium, minimum allowable balance, minimum re-credit amount, maximum re-credit amount, user's cryptographic private signing key (typically itself encrypted), credit card or ACH account numbers (typically encrypted), and account comments. The postage database 430 may contain the following information: date/time of transaction, piece number (serial number), weight, mail class, amount, destination address information, or public key reference number (indicating which key was used by the centralized postage-issuing computer system 306 to digitally sign the unique postage indicium for this postage dispensing event). The finance database 432 may contain the following information: date/time postage dispensed, amount of transaction, type of funds transfer (e.g., credit card, check, etc.), and identifying ID (e.g., credit card number, check number). Although the local memory 424 is depicted in
(53) The postage dispensing modules 426 include a communications module 434, database management module 436, tracking identifier request module 438, postage indicium request validation module 440, and postage indicium generation module 442. The communications module 434 is configured for handling communications with the end user computers 308 over the communications links 314 (such as, e.g., receiving tracking identifier requests and postage indicium requests and transmitting tracking identifiers and unique postage indicia). The database management module 436 is configured for storing and retrieving pertinent information in and from the customer database 428, postage database 430, and finance database 432 with the pertinent information. The postage indicium request validation module 440 is configured for validating postage indicium requests received from the end user computer 308 by, e.g., validating the meter or account ID and account password in the postage indicium request in relation to the same information contained in the customer database 428. The postage indicium generation module 442, along with a corresponding private key 444, is configured for generating the self-validating unique postage indicium in response to each postage indicium request received from the end user computer 308.
(54) In generating the self-validating unique postage indicium, the postage indicium generation module 442 comprises (1) a postage indicium generation submodule 446 for generating a unique postage indicium containing the tracking identifier and/or postage vendor ID/user account/piece count; (2) a digital signature generation submodule 448 for deriving a digital signature from the unique postage indicium using the private key 444; and (3) an association submodule 450 for associating the digital signature with the unique postage indicium to generate the self-validating unique postage indicium.
(55) It should be noted that certain cryptographically important operations are optionally performed in a specialized cryptographic coprocessor such as the FIPS-140/Level 4 IBM 458 co-processor. For instance, in the preferred embodiment, the private signing key appears in an unencrypted, operational form only within the confines of the co-processor. Similarly, the decryption of the postage indicium request and the subsequent authentication of said request is also handled inside the cryptographic co-processor. While these functions can be performed in a generalized computer operating system environment, the addition of the cryptographic coprocessor to the overall schema provides for an ultra-secure environment that is resistant to both outsider and insider attacks.
(56) In the illustrated embodiment, the self-validating unique postage indicium contains the same information as the postage indicium set forth in Table 1, with the exception that the destination zip code has been replaced with the tracking identifier (if the postage indicium request contains a tracking identifier) and the account-specific piece count has been moved into the portion of the postage indicium that is digitally signed, as set forth in Table 2.
(57) TABLE-US-00002 TABLE 2 Improved Unique Indicium Contents Item Number Field Name Size (Bytes) 1 Indicia Version Number 1 2 Algorithm ID 1 3 Certificate Serial Number 4 4 Device ID 8 5 Ascending Register 5 6 Postage 3 7 Date 4 8 License ZIP 4 9 Tracking Number 5 10 Software ID 6 11 Descending Register 4 12 Rate Category 4 13 Piece Count 4 14 Signature 40
(58) The Indicia Version Number identifies the version number assigned by the USPS to the indicia data set. The Algorithm ID identifies the digital signature algorithm used to create the digital signature on the postage indicium. The Certificate Serial Number identifies the unique serial number of the certificate issued by the IBIP Certificate Authority. The Device ID identifies the USPS-assigned ID for each postage vendor, and the user account for which the postage indicium will be issued. The Ascending Register identifies the total monetary value of all postage indicia ever produced for the user account. The Postage identifies the amount that will be applied to the mail piece. The Date identifies the date of mailing for a mail piece on which the postage indicium will be applied. The License ZIP identifies the 5-digit zip code for the licensing post office. The Tracking Number identifies the unique tracking identifier issued by the USPS for that particular mail piece. The Piece Count identifies the serial number for the mail piece produced for that user account. The Software ID identifies the end user computer software ID number. The Descending Register identifies the postage value remaining in the user account. The Rate Category identifies the postage class, including any presort discount Ad level, and rate. The Signature is the digital signature of items 1-13. It should be noted, however, that the digital signature can be derived from any combination of the items, provided that the unique tracking number is included in the digital signing process.
(59) The overall advantage of this approach is that it inserts at least one unique identifier in the digitally signed portion of the postage indicium. Not only does this allow detection of copy fraud, but the use of a tracking identifier, which is scanned 100% of the time, leads to other security advantages. And this approach meets the current USPS desire to validate mail pieces in a stand-alone environment. The scan will validate the digital signature on the postage indicium and present the tracking identifier instead of the destination zip code in the case of tracked packages. There are other reasons for replacing the destination zip code in the digitally signed contents of the postage indicium. Not only is the destination zip code not unique, in many cases it does not exist. For instance, mail pieces sent from the United States to foreign countries do not contain a destination zip code in the postage indicium. Also, there is a class of IBIP-related technologies, such as postage strip printers and IBIP sheet stamps, that do not include a destination zip code in the postage indicium. Since both venues print the address in a separate and distinct operation from the postage indicium printing, the USPS has permitted the destination zip code field in the postage indicium to be set to zeroes. This opens the door for copy fraud.
(60) Optionally, the destination zip code may be appended to the vendor portion of the postage indicium, which is an area of the postage indicium that is not scanned by the USPS and not digitally signed.
(61) Referring specifically to
(62) Referring specifically to
(63) In addition to the previously described components, the centralized postage-issuing computer system 307 comprises a local memory 452, which in addition to the previously described databases, stores a tracking identifier database 454 of pre-stored unassigned tracking identifiers received by the master tracking computer system 310, and a tracking information database 456 for storing each tracking identifier that has been issued to an end user computer 308 and the postage information associated with each tracking identifier, i.e., the information contained in the tracking identifier request. The centralized postage-issuing computer system 307 further comprises a set of postage dispensing modules 458, which in addition to the previously described modules, includes a tracking identifier allocation module 460 in place of the tracking identifier request module 438, and a database management module 462 in place of the database management module 436. The tracking identifier allocation module 460 is configured for allocating unique tracking identifiers from the tracking identifier database 454 to the end user computers 308 in response to receiving tracking identifier requests from the end user computers 308. In addition to performing the afore-described functions, the database management module 462 is further configured for storing pools of unassigned tracking identifiers within the tracking identifier database 454 as they are periodically received by the master tracking computer system 310, and for periodically retrieving postage information from the tracking information database 456 for transmission to the master tracking computer system 310.
(64) Referring specifically to
(65) The tracking identifier maintenance modules 470 include a communications module 474, tracking identifier allocation module 476, and database management module 478. The communications module 474 is configured for handling communications with the centralized postage-issuing computer systems 306/307 over the communications links 316, or with end user computers 308 over the communications links 322 (such as, e.g., receiving single tracking identifier requests and transmitting tracking identifiers to and from the centralized postage-issuing computer systems 306 or end user computers 308, as well as transmitting pools of unassigned tracking identifiers and receiving assigned tracking identifiers and associated postage information to and from the centralized postage-issuing computer systems 307). The communications module 474 is also configured for handling communications with the postage validation computer system 312 over the communications link 318 (such as, e.g., receiving requests for assigned tracking identifiers, associated postage information, and current delivery status, and transmitting the assigned tracking identifiers, associated postage information, and current delivery status). The tracking identifier allocation module 476 is configured for generating unique tracking identifiers in response to receiving tracking identifier requests from the centralized postage-issuing computer systems 306, or optionally from the end user computers 308. The database management module 478 is configured for storing and retrieving assigned tracking identifiers and associated postage information to and from the tracking information database 472. Although the local memory 468 is depicted in
(66) Referring specifically to
(67) The postage validation modules 488 include a communications module 492, database management module 493, a postage indicia validation module 494, and unique identifier comparison module 495. The communications module 492 is configured for handling communications with the centralized postage-issuing computer systems 305/306/307 over the communications links 318 (such as, e.g., receiving updated end user computer information and public key information). The communications module 492 is also configured for handling communications with the master tracking computer system 310 over the communications link 320 (such as, e.g., transmitting requests for tracking identifier associated postage information and receiving the tracking identifier associated postage information). The database management module 493 is configured for storing and retrieving pertinent information to and from the meter information database 490 and transaction database 491.
(68) The postage indicia validation module 494 is configured for validating the postage indicia, and includes a public key association submodule 496 for selecting a public key from the set of public keys 497, as dictated by the certificate serial number (item #3 in Table 2) in the self-validating unique postage indicium, and a digital signature verification submodule 498, along with a selected public key, configured for verifying the digital signature in the self-validating unique postage indicium.
(69) The unique identifier comparison module 495 is configured for comparing the digitally authenticated unique identifier contained in the postage indicium to all of the unique identifiers previously stored in the transaction database 491 to detect copy fraud. That is, a match means that the unique identifier has been previously used, which is an indication of copy fraud.
(70) Referring specifically to
(71) At steps 506-510, the centralized postage-issuing computer system 306 receives the tracking identifier request from the end user computer 308, and generates an identical tracking identifier request, and transmits the tracking identifier request to the master tracking computer system 310. In particular, the communications interface 423, under control of the communications module 434, receives the tracking identifier request over the communications link 314 (step 506). The tracking identifier request module 438 then generates a tracking identifier request with the associated postage information, which is identical to the tracking identifier request received from the end user computer 308 (step 508). Optionally, the database management module 436 stores the tracking information within a database, such as, e.g., a tracking information database (not shown). The communications interface 423 then, under control of the communications module 434, transmits the tracking identifier request over the communications link 316 (step 510).
(72) At steps 512-518, the master tracking computer system 310 receives the tracking identifier request from the centralized postage-issuing computer system 306, allocates a unique tracking identifier to the end user computer 308, records the unique tracking identifier, along with the associated postage information, and transmits the unique tracking identifier to the centralized postage-issuing computer system 306. In particular, the communications interface 466, under control of the communications module 474, receives the tracking identifier request over the communications link 316 (step 512). The tracking identifier allocation module 476 then allocates a unique tracking identifier to the end user computer 308, which typically will be the next tracking identifier in a series of tracking identifiers (step 514). The database management module 478 then stores the unique tracking identifier, as well as the associated postage information contained within the tracking identifier request received from the centralized postage-issuing computer system 306, within the tracking information database 472 (step 516). The communications interface 466 then, under control of the communications module 474, transmits the unique tracking identifier over the communications link 316 (step 518).
(73) At steps 520 and 522, the centralized postage-issuing computer system 306 receives the unique tracking identifier from the master tracking computer system 310 and transmits the unique tracking identifier to the end user computer 308. In particular, the communications interface 423, under control of the communications module 434, receives the unique tracking identifier over the communications link 316 (step 520). The communications interface 423 then, under control of the communications module 434, transmits the tracking identifier over the communications link 314 (step 522).
(74) At steps 524 and 526, the end user computer 308 receives the tracking identifier from the centralized postage-issuing computer system 306 and prints the tracking identifier on the label 200. In particular, the communications interface 410, under control of the communications module 418, receives the unique tracking identifier over the communications link 314 (step 524). The tracking identifier printing module 420 then prints on the label 200 the standard tracking identifier 218 as the one-dimensional barcode 220 (step 526).
(75) Referring specifically to
(76) At steps 534-540, the centralized postage-issuing computer system 307 receives the tracking identifier request from the end user computer 308, allocates a unique tracking identifier to the end user computer 308, records the unique tracking identifier, along with the associated postage information, and transmits the unique tracking identifier to the end user computer 308. In particular, the communications interface 423, under control of the communications module 434, receives the tracking identifier request over the communications link 314 (step 534). The tracking identifier allocation module 460 then allocates a unique tracking identifier to the end user computer 308, which typically will be the next tracking identifier in a series of tracking identifiers stored in the tracking identifier database 454 (step 536). The database management module 462 then stores within the tracking information database 456 the unique tracking identifier, as well as the associated postage information contained within the tracking identifier request received from the end user computer 308 (step 538). The communications interface 423 then, under control of the communications module 434, transmits the tracking identifier over the communications link 314 (step 540).
(77) At steps 542 and 544, the end user computer 308 receives the tracking identifier from the centralized postage-issuing computer system 306 and prints the tracking identifier on the label 200. Steps 542 and 544 are similar to steps 526 and 528 described with respect to
(78) The procedure for performing these downloading and uploading functions are now described with respect to
(79) At steps 554-560, the master tracking computer system 310 generates a pool of unassigned tracking identifiers and transmits it to the centralized postage-issuing computer system 307, and the centralized postage-issuing computer system 307 receives the pool of unassigned unique tracking identifiers from the master tracking computer system 310 and records it. In particular, the database management module 478 generates a pool of unassigned unique tracking identifiers (step 554). The communications interface 466 then, under control of the communications module 474, transmits the pool of unassigned tracking identifiers over the communications link 316 (step 556). The communications interface 423, under control of the communications module 434, receives the tracking information over the communications link 316 (step 558). The database management module 462 then stores the pool of unassigned unique tracking identifiers in the tracking identifier database 454 (step 560).
(80) Referring specifically to
(81) At steps 568-572, the master tracking computer system 310 receives the tracking identifier request from the end user computer 308, allocates a unique tracking identifier to the end user computer 308, records the unique tracking identifier, along with the associated postage information, and transmits the unique tracking identifier to end user computer 308. In particular, the communications interface 466, under control of the communications module 474, receives the tracking identifier request over the communications link 322 (step 568). The tracking identifier allocation module 476 then allocates a unique tracking identifier to the end user computer 308, which typically will be the next tracking identifier in a series of tracking identifiers (step 570). The database management module 478 then stores within the tracking information database 472 the unique tracking identifier, as well as the associated postage information contained within the tracking identifier request received from the end user computer 308 (step 572). The communications interface 466 then, under control of the communications module 474, transmits the unique tracking identifier over the communications link 322 (step 574).
(82) At steps 576 and 578, the end user computer 308 receives the tracking identifier from the master tracking computer system 310 and prints the tracking identifier on the label 200. In particular, the communications interface 410, under control of the communications module 418, receives the unique tracking identifier over the communications link 322 (step 576). The tracking identifier printing module 420 then prints on the label 200 the standard tracking identifier 218 as the one-dimensional barcode 220 (step 578).
(83) Referring specifically to
(84) At steps 606-618, the centralized postage-issuing computer system 305/306/307 receives the postage indicium request from the end user computer 308, validates it, records the postage information contained in the postage indicium request, as well as any other transaction specific pertinent information, generates a self-validating unique postage indicium, and transmits the self-validating unique postage indicium to the end user computer 308. In particular, the communications interface 423, under control of the communications module 434, receives the postage indicium request over the communications link 314 (step 606). The postage indicium request validation module 440 then validates the postage indicium request by validating the user account ID and account password (step 608). If the user account ID or password does not correspond to an active user account, an error message is generated.
(85) The database management module 436 then updates the customer database 428 and postage database 430 with the pertinent transaction specific information (step 610). If available, the database management module 436 will store the tracking identifier in the postage database 430. The postage indicium generation module 442 then generates the self-validating unique postage indicium (steps 612-616). Specifically, the postage indicium generation submodule 446 generates a unique postage indicium containing the items set forth in Table 2, including the unique identifier(s) (such as, e.g., the postage vendor ID/user account number in combination with the piece count or descending register number, and unique tracking identifier (if available) contained within the postage indicium request) (step 612). At this point, the unique postage indicium is not self-validating. The digital signature generation submodule 448 then derives a digital signature from the unique postage indicium by applying the private key 444 thereto (step 614). The association submodule 450 then generates the self-validating unique postage indicium by associating the digital signature with the unique postage indicium (step 616). The communications interface 423 then, under control of the communications module 434, transmits the self-validating unique postage indicium over the communications link 314 (step 618).
(86) At steps 620 and 622, the end user computer 308 receives the self-validating unique postage indicium from the centralized postage-issuing computer system 305/306/307 and prints it on the label 200. In particular, the communications interface 410, under control of the communications module 418, receives the self-validating unique postage indicium over the communications link 314 (step 620). The postage indicia printing module 420 then prints on the label 200 the two-dimensional barcode 206 corresponding to the self-validating unique postage indicium (step 622). The label 200 can then be applied to the appropriate mail piece.
(87) It should be noted that although the tracking identifier acquisition and printing processes described with respect to
(88) Referring to specifically
(89) At steps 704-706, the postal verifier validates the postage indicium itself by operating the postage indicia validation module 494. In particular, the public key association submodule 496 obtains from the set of public keys 497 the public key corresponding to the Certificate Serial Number (item #3 in Table 2) within the postage indicium (step 704). The digital signature verification submodule 498 then verifies the digital signature of the postage indicium (step 706) to determine if they are consistent. If the signature verification process returns a Boolean true, this indicates that the postage indicium was in fact generated by a secure central computer 305/306/307 for a mail piece of the same approximate weight, origin and destination as the mail piece being processed.
(90) This will not, however, detect copy fraud. Thus, at step 708, the unique identifier comparison module 495 compares the unique identifier(s) of the mail piece (i.e., the unique tracking identifier (if available), and the postage vendor ID/user account/piece count (or ascending register)) with the set of unique identifiers previously stored in the transaction database 491. If the unique identifier of the current mail piece matches at least one of the unique identifiers stored in the transaction database 491, copy fraud is assumed, or at least suspected. If the unique identifier of the current mail piece does not match at least one of the unique identifiers stored in the transaction database 491, copy fraud is not assumed, although copy fraud may be detected if a fraudulent duplicate of the postage indicium is subsequently processed.
(91) It is worth noted that copy fraud detection using this process works with respect to any mail piece of any nature only if the unique identifiers contained in the postage indicia of all mail pieces are scanned and entered into the transaction database 491. Alternatively, copy fraud detection using this process works with respect to any mail piece that carries a tracking identifier if the tracking identifiers contained in the postage indicia of all of these types of mail pieces are scanned and entered into the transaction database 491. Currently, however, the USPS only spot checks the postage indicia, and thus copy fraud may be currently difficult to detect using copy fraudat least until the USPS scans 100% of the postage indicia. For example, if the postage indicia is checked only 10% of time, statistically, copy fraud will only be detected 1% of the time.
(92) Alternatively, when spot checking is the norm, detection of copy fraud in mail pieces that carry unique tracking identifiers can be maximized by comparing the unique tracking identifier contained in the postage indicium with the standard tracking identifier printed on the mail piece (step 710). Thus, if the unique tracking identifier contained in the postage indicium does not match the tracking identifier contained elsewhere on the mail piece, copy fraud is suspected. It is noted that the one-dimensional barcode 220 associated with the tracking identifier is scanned 100% of the time in the normal course of the USPS tracking business, and thus, a copyist will not attempt to duplicate one-dimensional barcodes 220 along with the unique postage indicia, but will rather only attempt to duplicate the unique postage indicia hoping that the tracking identifiers contained therein will not be compared with the tracking identifiers associated with the one-dimensional barcodes 220. Thus, if the postage indicia is checked 10% of the time, copy fraud will be detected 10% of the timea significant improvement.
(93) It should be noted that additional transaction information can be obtained from the centralized postage-issuing computer system 305/306/307 or master tracking computer system 310 over the communications links 318 and 320. This process will not be described in further detail. After the postage has been validated or rejected, the database management module 493 stores the postage information, including the unique identifier(s) contained within the postage indicium within the transaction database 491, along with the results of the validation process (step 712). If valid, the mail piece is then submitted for normal delivery processing (step 714).
(94) With reference to
(95) These components are generally similar to the same-named components of the postage system 300, but differ somewhat in that it provides a means for validating postage indicia in a non-stand-alone verification system using indexing identifiers. In this embodiment, in response to requests for postage from end user computers 358, each centralized postage-issuing computer system 356 generates postage indicia, and rather than transmitting it to the end user computers 358, indexes and stores the postage indicia. The postage indicia are indexed using indexing identifiers, which are transmitted to the end user computers 358 for printing on the mail pieces. In the illustrated embodiment, the indexing identifiers are unique within the postage service 354. Thus, at least for a significant period of time, e.g., one year, no two unique indexing identifiers will be identical, thereby providing a reliable means for detecting mail fraud. The unique indexing identifiers can be composed of numbers, letters, or a combination thereof, and can be composed of tracking identifiers postage vendor ID/user account/piece count (or ascending register) combinations, similar to the unique identifiers described with respect to the postage system 300.
(96) These printed indexing identifiers can then be subsequently used by the postage service 354 to obtain the stored postage indicia from the centralized postage-issuing computer systems 356. The centralized postage indicia generation methodology offers a host of new security enhancements. Thus, if one makes the assumption that any mail piece validation tool would have access to the Internet (e.g., a laptop with a wireless Internet connection on a loading dock, or a desktop personal computer (PC) located in a mail processing facility), then one may greatly simplify the information contained on the mail piece itself if the mail piece was generated with a centralized postage service.
(97) Turning now to
(98) With specific reference to
(99) Specifically, the mail handling modules 812 include an indexing identifier request module 814, communications module 818, and indexing identifier printing module 820. The indexing identifier request module 814 is configured for generating a request for an indexing identifier. In the illustrated embodiment, this request takes the form of a query stream (e.g., in Extensible Markup Language (XML) format), and contains information specific to the immediate postage dispensing transaction (such as, e.g., the user's meter or account ID, the user account password, postage requested, service class, optional data advance, and ZIP+4+2 of the delivery address). The communications module 818 is configured for handling communications with the centralized postage-issuing computer system 356 over the communications link 364 (such as, e.g., transmitting indexing identifier requests and receiving indexing identifiers in response thereto). The indexing identifier printing module 820 is configured for printing an indexing identifier 203 received from the centralized postage-issuing computer system 356 on a label 201. The completed label 201 is similar to the completed label 200 illustrated in
(100) The indexing identifier can be printed on the label 201 in various formats. For example,
(101) Thus, the use of smaller two-dimensional barcodes or the simpler one-dimensional barcodes or digital data reduces the footprint required on the mail piece, and leaves that much more room for addressing, advertising, etc. This reduction in data also reduces the load on high speed printers, which have difficulty placing custom, non-static barcode images on mail pieces without compromising their rated speed (often 10,000-30,000 pieces per hour). Standard text can be printed at full speed, and most high-speed printers have one-dimensional barcode software (e.g., Code 128) in the printer firmware. Therefore, use of an indexing identifier, rather than a full postage indicium, opens the IBIP market to mass mailers, which account for the bulk of USPS letter mail revenue. Not only will use of the indexing identifier reduce printing costs, it will also reduce capital expenditure costs for barcode reading hardware. If OCR readable data is used for the indexing identifier, OCR capabilities, which the USPS already has extensive experience, can be used.
(102) With specific reference to
(103) Specifically, the postage dispensing modules 826 include a communications module 834, database management module 836, indexing module 838, indexed identifier request validation module 840, and postage indicium generation module 842. The communications module 834 is configured for handling communications with the end user computers 358 over the communications links 364 (such as, e.g., receiving indexing identifier requests and transmitting indexing identifiers). The database management module 836 is configured for storing and retrieving pertinent information in and from the customer database 828, postage database 830, and finance database 832, as well as for storing and retrieving indexed postage indicia in and from the postage indicia database 831. The postage indicia can include, e.g., the postage amount, date and time the postage indicium was created, service class, optional data advance, delivery zip code, and tracking identifier (if the mail piece is a tracked piece). The indexing identifier request validation module 840 is configured for validating indexing identifier requests received from the end user computer 358 by, e.g., validating the meter or account ID and account password in the indexing identifier request in relation to the same information contained in the customer database 828.
(104) The postage indicium generation module 842, along with a corresponding private key 844, is configured for generating a self-validating postage indicium in response to each indexing identifier request received from the end user computer 358. In generating the self-validating postage indicium, the postage indicium generation module 842 comprises (1) a postage indicium generation submodule 846 for generating a postage indicium; (2) a digital signature generation submodule 848 for deriving a digital signature from the postage indicium using the private key 844; and (3) an association submodule 850 for associating the digital signature with the postage indicium to generate the self-validating postage indicium. In the illustrated embodiment, the self-validating postage indicium contains the same information as the postage indicium previously set forth in Table 2. The indexing module 838 is configured for associating the indexing identifier transmitted to the end user computer 358 with the postage indicium stored within the postage indicia database 831.
(105) It is noted that the elimination of the digital signature on the mail piece itself does not compromise security, since the postage indicium stored in the postage indicia database 831 of the centralized postage-issuing computer system 356 is digitally signed in accordance with the USPS IBIP specifications. The presence of the digital signature somewhere in the security model addresses one major concern of the USPSthat fraud attacks are very likely to involve insiders employed by the postage vendor. To further ensure that the security system is impervious to even an insider attack, all security-critical operations such as indicium signing are actually accomplished within a Federal Information Processing Standard (FIPS-140/Level 4)-approved, physically secure coprocessor device (such as, e.g., an IBM 4758).
(106) With specific reference to
(107) The postage validation modules 888 include a communications module 892, database management module 893, postage indicia validation module 894, and postage indicia request module 895. The postage indicia request module 895 is configured for generating a request for postage indicium. In the illustrated embodiment, this request takes the form of a query stream (e.g., in Extensible Markup Language (XML) format), and contains the indexing identifier read from the mail piece and a password. The communications module 818 is configured for handling communications with the centralized postage-issuing computer system 356 over the communications link 368 (such as, e.g., transmitting postage indicium requests and receiving postage indicia in response thereto). The postage indicia validation module 894 is configured for validating the postage indicia obtained from the centralized postage-issuing computer system 356, and includes a public key association submodule 896, public keys 897, and digital signature verification submodule 898, which are similar to the same-named components in the previously described postage validation computer system 312, and will thus not be further described.
(108) Referring to specifically
(109) At steps 906-910, the centralized postage-issuing computer system 356 receives and validates the indexing identifier request from the end user computer 358, and records the postage information contained in the postage indicium request, as well as any other transaction specific pertinent information. In particular, the communications interface 822, under control of the communications module 834, receives the indexing identifier request over the communications link 364 (step 906). The indexing identifier request validation module 840 then validates the indexing identifier request by validating the user account ID and account password (step 908). If the user account ID or password does not correspond to an active user account, an error message is generated. The database management module 836 then updates the customer database 828 and postage database 830 with the pertinent transaction specific information (step 910).
(110) At steps 912-916, the centralized postage-issuing computer system 356 then generates the self-validating unique postage indicium. Specifically, the postage indicium generation submodule 946 generates a postage indicium containing the items set forth in Table 2 (step 912). The digital signature generation submodule 848 then derives a digital signature from the postage indicium by applying the private key 844 thereto (step 914). The association submodule 850 then generates the self-validating postage indicium by associating the digital signature with the postage indicium (step 916).
(111) At steps 918-922, the centralized postage-issuing computer system 356 then indexes and records the self-validating postage indicium, and transmits the indexing identifier to the end user computer 358. Specifically, the indexing module 838 indexes the self-validating postage indicium by associating the indexing identifier therewith (step 918). The database management module 836 then stores the indexed self-validating postage indicium in the postage indicia database 831 (step 920). The communications interface 822 then, under control of the communications module 834, transmits the indexing identifier over the communications link 314 (step 922).
(112) At steps 924 and 926, the end user computer 554 receives the indexing identifier from the centralized postage-issuing computer system 356 and prints it on the label 201. In particular, the communications interface 810, under control of the communications module 818, receives the indexing identifier over the communications link 364 (step 924). The indexing identifier printing module 820, prompted by the end user via the user interface, then prints on the label 201 the two-dimensional barcode 256, either of the one-dimensional barcodes 258 or 260, or the alpha-numerical data 262 (step 926). The label 201 can then be applied to the appropriate mail piece.
(113) Referring to specifically
(114) At step 1000, the postal verifier operates a postage scanning station 884 within the postage validation computer system 362 to read the indexing identifier (i.e., the two-dimensional barcode 256, one-dimensional codes 258 or 260, or alpha-numerical data 262) on the label 201 of the mail piece and display its contents to the verifier.
(115) At steps 1002-1004, the postage validation computer system 362 requests from the centralized postage-issuing computer system 356 the self-validating postage indicium associated with the indexing identifier read from the mail piece. In particular, the postage indicia request module 895 generates a postage indicium request carrying the indexing identifier and the password (step 1002). The communications interface 882 then, under control of the communications module 892, transmits the postage indicium request over the communications link 368 (step 1004).
(116) At steps 1004-1010, the centralized postage-issuing computer system 356 then receives the postage indicium request, and retrieves and transmits to the postage validation computer system 362 the self-validating postage indicium corresponding to the inspected mail piece. In particular, the communications interface 822, under control of the communications module 834, receives the postage indicium request over the communications link 368 (step 1006). The database management module 836 then retrieves from the postage indicia database 831 the self-validating postage indicium corresponding to the received indexing identifier (step 1008). The communications interface 822 then, under control of the communications module 834, transmits the self-validating postage indicium over the communications link 368 (step 1010).
(117) At steps 1012 and 1014, the postage validation computer system 362 receives the self-validating postage indicium from the centralized postage-issuing computer system 356 and displays its contents to the postal verifier. In particular, the communications interface 882 then, under control of the communications module 892, receives the self-validating postage indicium from the centralized postage-issuing computer system 356 over the communications link 368 (step 1012), and the postage scanning station 884 displays its contents to the postal verifier (step 1012). At step 1014, the verifier then manually compares the contents of the self-validating postage indicium to the human-readable information (e.g., mailing date, postage amount, origin of mail piece, and destination of mail piece) on the mail piece. If the contents of the self-validating postage indicium do not match the human-readable information, this is an indication of likely fraudulent use of a postage indicium and is treated as such.
(118) At steps 1016-1018, the postal verifier validates the postage indicium itself by operating the postage indicia validation module 894. In particular, the public key association submodule 896 obtains from the set of public keys 897 the public key corresponding to the Certificate Serial Number (item #3 in Table 2) within the postage indicium (step 1016). The digital signature verification submodule 898 then verifies the digital signature of the postage indicium to determine if they are consistent (step 1018). If the verification process returns a Boolean true, this indicates that the postage indicium was in fact generated by a secure central computer 356 for a mail piece of the same approximate weight, origin and destination as the mail piece being processed. If copy fraud is to be detected, a copy fraud detection process using unique identifiers or similar to the process disclosed with respect to
(119) After the postage has been validated or rejected, the database management module 893 stores the postage information, along with the results of the validation process (step 1020). If valid, the mail piece is then submitted for normal delivery processing (step 1022).
(120) It should be noted that rather than have the postal verifier validate the postage indicium, the centralized postage-issuing computer system 356 itself can validate the postage indicium. In this case, the postage indicia validation module 894 will be located in the centralized postage-issuing computer system 356. Thus, after the centralized postage-issuing computer system 356 retrieves the self-validating postage indicium corresponding to the indexing identifier at step 1008, it will validate the postage indicium itself using a corresponding public key. If it is valid, the centralized postage-issuing computer system 356 will transmit a Boolean true, along with the already validated postage indicium, to the postage validation computer system 362, which will then perform postage validation steps 1014, 1016, 1018, and 1020. If it is invalid, the centralized postage-issuing computer system 356 will transmit a Boolean false to the postage validation computer system 362, which will then store the results of the validation process as being invalid at step 1020.
(121) The use of a tracking identifier as an indexing identifier not only allows the postal service to validate the postage on mail pieces that bear the tracking identifier, it provides the recipient of the mail piece a means for verifying that the mail piece was sent from a trusted individual. Referring to
(122) The centralized postage-issuing computer 356 is configured in the same manner as previously described, but now optionally stores information relating to the sender of the mail piece. This can be stored in the postage database 830 or elsewhere. In reality, as a matter of course, the sender information is routinely stored in the centralized postage-issuing computer 356, as well as transmitted to the USPS, when the sender obtains an account with the postage vendor. Thus, these meter holders are known to the postage vendor and the USPS, and can be considered to be trusted individuals or entities.
(123) Importantly, this sender identification information, along with postage information, can be easily retrieved by the centralized postage-issuing computer 356 upon receipt of the indexing identifier, and specifically, an associated tracking identifier. With specific reference to
(124) The sender identification request module 1314 is configured for generating a request for sender identification information, along with associated postage information. In the illustrated embodiment, this request takes the form of a query stream (e.g., in Extensible Markup Language (XML) format), and contains the unique tracking identifier printed on the received mail piece. The communications module 1318 is configured for handling communications with the centralized postage-issuing computer system 356 over the communications link 384 (such as, e.g., transmitting sender identification requests and receiving sender identification information and associated postage information in response thereto).
(125) Referring to
(126) At steps 1406-1410, the centralized postage-issuing computer system 356 then receives the sender identification request, and retrieves and transmits to the mail recipient computer 378 the sender identification information and associated postage information corresponding to the received mail piece. In particular, the communications interface 822, under control of the communications module 834, receives the sender identification request over the communications link 384 (step 1406). The database management module 836 then retrieves from the postage database 830 the sender identification information and associated postage information corresponding to the received tracking identifier (step 1408). The communications interface 822 then, under control of the communications module 834, transmits the sender identification information with the associated postage information over the communications link 384 (step 1410).
(127) At steps 1412 and 1414, the mail recipient computer 378 receives the sender identification information and associated postage information from the centralized postage-issuing computer system 356 and displays it to the mail recipient. In particular, the communications interface 1302 then, under control of the communications module 1318, receives the sender identification information and associated postage information from the centralized postage-issuing computer system 356 over the communications link 384 (step 1412), and the user interface 1302 displays this information to the mail recipient (step 1414), and specifically in a window similar to that illustrated in
(128) The use of a tracking identifier in the postage indicium or as an indexing identifier not only facilitates the postal service in detecting postage fraud and protecting package recipients from insidious individuals, but also facilitates the postal service in issuing refunds for unused postage. Consider a misprint scenario where an end user attempts to print an Express Mail label and the printing process fails in some way even though the postage was issued. The end user still wants to ship the package, so he/she will take corrective measures and print a second Express Mail label. The second label will have the identical destination address (in particular the same ZIP+4+2 zip code, the same postage amount, but a different tracking identifier, which is issued on a per-print basis. This scenario creates a database structure that conceptually holds the information set forth in Table 3 below.
(129) TABLE-US-00003 TABLE 3 Express Mail Label Misprint Scenario Service Piece Tracking Delivery Date/Time Account ZIP + 4 + 2 Class Postage Weight Count Number Status Sep. 9, 500318 94301104147 Express 22:34 4 2445 330343434334 Submitted 2001: 15:16:01 Sep. 9, 500318 94301104147 Express 22:34 4 2446 330343456301 Delivered 2001: 15:19:01
(130) A digital signature protects the integrity of the information in the database. It should be noted that the data set forth in Table 3 alone is strongly suggestive of a misprint scenario. But a much stronger case can be made several days later, when the tracking identifiers can be statused against the postal authority's (e.g., USPS) tracking system using a simple Internet transaction. If the end user never mailed a package with the first label (tracking identifier 330343434334), it will never achieve a status of delivered. On the other hand, one should see a delivered status on the second transaction if one waits a sufficient amount of time (e.g., 2-10 days).
(131) With reference to
(132) These components are generally similar to the same-named components of the postage system 300, but differ somewhat in that it provides a means for providing refunds for unused postage. In this embodiment, in response to postage refund inquiries from an account administrator, each centralized postage-issuing computer system 386 retrieves previously stored postage transaction information, which contains, for each postage transaction, a tracking identifier and an associated delivery status. The centralized postage-issuing computer system 386 filters the retrieved postage transaction information for pertinent refund information, and displays it to the account administrator who determines whether there is unused postage to be refunded. The delivery status within the stored postage transaction information is updated by the master tracking computer system 390.
(133) The refund inquiry can take a variety of formats. For example, a refund eligible inquiry can reveal postage transaction information that meets the following criteria: (1) two or more transactions; (2) none of the transactions have ever been refunded in the past; (3) issued for the same account; (4) issued on the same day; (5) issued to the same destination; (6) issued for the same service class; (7) issued for the same postage amount; and (8) each transaction has an associated unique tracking identifier.
(134) It should be noted that the date of this query is Aug. 23, 2001, and the postage transactions in question were completed three days earlier. The USPS delivery status for the first package presents the phrase Your item was accepted at 10 pm on August 21 in Palo Alto, Calif. 94301. This phrase is misleading in that it infers that the USPS actually took possession of this package. In reality, it only indicates the date/time in which the tracking information was posted to the master tracking computer system. When this message persists for days or weeks, one much conclude that the tracking identifier was indeed issued, but the package never entered the postal system. As another example, an audit inquiry can reveal all postage transaction information in a specific user account.
(135) This process provides a complete audit trail even through there is no mail piece specimen. The process not only has utility for misprint scenarios that do not produce a scannable specimen, but it can also be used for misprints that do produce a scannable specimen. Normally, the specimen must be mailed to the postage vendor, which involves an additional mailing expense for the end user, as well as an additional effort for both end user and postage vendor. This process would allow end users to simply destroy misprint specimens if they met the refund criteria listed above. In essence, the evidence supporting the refund is electronic and not paper-based.
(136) It should be noted that the entire process is enabled by the confluence of the centralized postage system concept and the unique tracking identifier. Mail pieces devoid of a unique tracking identifier would not be eligible for this refund process, nor would mail pieces created by postage metering technologies, which are not centralized (e.g., conventional postage meters or PC-postage meters that draw upon a local vault of funds to create postage indicia).
(137) Means can also be provided to automatically poll the delivery status of a refunded mail piece after the refund is processed. This process will continue for a period of several months. If the master tracking computer system suddenly shows a change in delivery status for that refunded mail piece, an automated alert is forwarded to the postal authorities and an investigation can be launched.
(138) A refund inquiry can also be in the form of an audit review of all postage transactions in a user account.
(139) Turning now to
(140) Specifically, the postage dispensing/refund eligibility modules 1126 include a communications module 1134, database management module 1136, tracking identifier request module 1138, postage indicium request validation module 1140, postage indicium generation module 1142, delivery status request module 1143, filtering module 1145, refund inquiry module 1147, and refund display module 1149. The delivery status request module 1143 is configured for generating a request for the delivery status for each tracking identifier stored in the postage database 1130. The filtering module 1145 is configured for variously generating refund information by filtering and formatting the postage transaction information retrieved from the postage database 1130, as will be described in further detail below. In addition to being configured for providing the communications previously described with respect to the communications module 434, the communications module 1134 is configured for transmitting delivery status requests to, and receiving confirmatory delivery status information from, the master tracking computer system 390 over the communications link 396.
(141) The database management module 1136 is configured for storing and retrieving pertinent information in and from the customer database 1128, postage database 1130, and finance database 1132. This function includes storing and retrieving a tracking identifier and an associated delivery status, and updating that associated delivery status with confirmatory delivery status information received from the master tracking computer system 390. As will be described in further detail, the confirmatory delivery status information indicates whether a mail piece carrying a tracking identifier has, in fact, been delivered. The refund inquiry module 1147 is configured for generating an inquiry for postage refund information. In the illustrated embodiment, the inquiry contains a user account ID and password and the refund inquiry, which as previously discussed, can include various types. The refund display module 1149 is configured for displaying on the display 1127 the postage refund information filtered by the filtering module 1145.
(142) The tracking identifier request module 1138, postage indicium request validation module 1140, and postage indicium generation module 1142 (and corresponding private key 1144) are configured to perform the same functions described with respect to the tracking identifier request module 438, postage indicium request validation module 440, and postage indicium generation module 442 (and corresponding private key 444), and will thus not be described in further detail.
(143) Alternatively, a centralized postage-issuing computer system, in combination with the refund inquiry functionality, can be constructed similarly to the centralized postage-issuing computer system 307, wherein tracking identifiers are issued to end user computers by the centralized postage-issuing computer system from a pool of pre-stored unassigned tracking identifiers, or even more alternatively, wherein no tracking identifier issuing functionality, in which case, the master tracking computer system directly issues tracking identifiers to the end user computer. A centralized postage-issuing computer system, in combination with the refund inquiry functionality, can be constructed similarly to the centralized postage-issuing computer system 356, wherein self-validating postage indicia are stored in the centralized postage-issuing computer system and indexing identifiers are transmitted to the end user computers.
(144) Referring specifically to
(145) The tracking information maintenance modules 1170 include a communications module 1174, tracking identifier allocation module 1176, database management module 1178, and refunded postage polling module 1180. In addition to being configured for providing the communications previously described with respect to the communications module 474, the communications module 1174 receives delivery status requests from, and transmits confirmatory delivery status information to, each centralized postage-issuing computer system 386 over the communications links 396. The confirmatory delivery status information is obtained from tracking stations (not shown), which scan tracked mail pieces when they are delivered. The tracking identifier allocation module 1176 is configured for performing the same functions as the tracking identifier allocation module 476 previously described in the master tracking computer system 310. The database management module 1178 is configured for storing and retrieving assigned tracking identifiers and associated postage information (including delivery status) to and from the tracking information database 1172. The database management module 1178 is further configured for updating the tracking information database 1172 with refund information. That is, if a specific postage transaction has been refunded, the database management module 1178 will associate a refund indicator with the postage information relating to the specific postage transaction. The refunded postage polling module 1180 periodically polls the tracking information database 1172 to determine if a mail piece associated with any refunded postage transaction has been delivered.
(146) Referring to specifically
(147) At step 1204, the postage transaction information, along with the tracking identifiers and associated delivery status, is recorded. Specifically, the database management module 1136 stores the postage transaction information in the postage database 1130. At step 1206, the multitude of mail pieces are processed through the postal authority, which in this case, is the USPS. At step 1208, the postal authority, upon delivery of the mail pieces to their intended destination, reads the tracking identifiers on the mail pieces. At step 1210, this delivery information is transmitted to and recorded in the master tracking computer system 390: Specifically, the database management module 1178 updates the confirmatory delivery status information in the tracking information database 1172 by changing the status from accepted to delivered.
(148) At steps 1212 and 1214, the centralized postage-issuing computer system 386 generates and transmits a delivery status request to the master tracking computer system 390. Specifically, the delivery status request module 1143 generates a delivery status request (step 1212), and the communications interface 1122 then, under control of the communications module 1134, transmits the delivery status request over the communications link 396 (step 1214). At steps 1216-1220, the master tracking computer system 390 receives the delivery status request from the centralized postage-issuing computer system 386 and transmits the confirmatory delivery status information to the centralized postage-issuing computer system 386. Specifically, the communications interface 1166, under control of the communications module 1174, receives the delivery status request over the communications link 396 (step 1216). The database management module 1178 then retrieves the confirmatory delivery status information from the tracking information database 1172 (step 1218), and the communications interface 1166 then, under control of the communications module 1174, transmits the confirmatory delivery status information over the communications link 316 (step 1220). Alternatively, the confirmatory delivery status information can periodically be downloaded from the master tracking computer system 390 without prompting by the centralized postage-issuing computer system 386.
(149) At steps 1222 and 1224, the centralized postage-issuing computer system 386 receives the confirmatory delivery status information from the master tracking computer system 310 and updates the delivery status within the stored postage transaction information with the confirmatory delivery status information. In particular, the communications interface 1222, under control of the communications module 1234, receives the confirmatory delivery status information over the communications link 396 (step 1222). The database management module 1136 then updates the delivery status within the postage database 1130 (step 1224). If the confirmatory delivery status information indicates that the mail piece carrying the tracking identifier has been delivered, the delivery status associated with that tracking identifier will be updated as delivered. If the confirmatory delivery status information indicates that the mail piece carrying the tracking identifier has not been delivered, the delivery status associated with that tracking identifier will be updated as not delivered.
(150) Referring to specifically
(151) At steps 1244 and 1246, the postal authority then enters the refunded postage transaction into the master tracking computer system 390, where the delivery status can be checked for six more months. In particular, the database management module 1178 will associate a refund indicator with the postage information relating to the refunded postage transaction (step 1244), and the refunded postage polling module 1180 periodically polls the tracking information database 1172 to determine if a mail piece associated with any refunded postage transaction has been delivered (step 1246). It should be noted that the refund process even allows an end user to initiate a refund inquiry without intervention by the account administrator. In this case, the end user will would have to wait the required minimum time to ensure the never mailed package doesn't show up on the tracking system, but then the process is so automatic that the refund could be instituted entirely without an account administrator's intervention.
(152) Although particular embodiments of the present inventions have been shown and described, it will be understood that it is not intended to limit the present inventions to the preferred embodiments, and it will be obvious to those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the present inventions. Thus, the present inventions are intended to cover alternatives, modifications, and equivalents, which may be included within the spirit and scope of the present inventions as defined by the claims. All publications, patents, and patent applications cited herein are hereby incorporated by reference in their entirety for all purposes.