公开(公告)号：US06748535B1

公开(公告)日：2004-06-08

申请号：US09458638

申请日：1999-12-09

申请人： Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr. ,  Edward J. Twarog

发明人： Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr. ,  Edward J. Twarog

IPC分类号： G06F126

CPC分类号： G07B17/00733 ,  G06F21/72 ,  G06F21/75 ,  G06F21/81 ,  G06F2207/7219 ,  G07B17/00193 ,  G07B2017/00233 ,  G07B2017/00346 ,  G07B2017/00959 ,  G07B2017/00967

摘要： System and method for performing cryptographic operations include providing at least one processor for performing cryptographic operations, memory coupled to the processor for use in performing the cryptographic operations; and a storage component coupled to the processor for storing and retrieving information calculated and used in the cryptographic operations. The processor, memory and storage component are securely enclosed whereby direct access to the cryptographic operations is prevented. At least the processor is comprised in an integrated circuit. A first power source, which is external to the secure enclosure, is coupled to and supplies power to the processor, the memory and the storage component. A second power source, which is within the housing of the integrated circuit, is coupled to and supplies power to at least the processor. A switch is included for switching from the first power source to the second power source when the cryptographic operations are being performed and for switching from the second power source to the first power source when non-cryptographic operations are being performed.

摘要翻译： 用于执行加密操作的系统和方法包括提供至少一个处理器用于执行加密操作，耦合到处理器的存储器用于执行密码操作; 以及耦合到所述处理器的存储部件，用于存储和检索在所述密码操作中计算和使用的信息。 处理器，存储器和存储组件被安全地封闭，从而防止对密码操作的直接访问。 至少处理器包含在集成电路中。 位于安全机箱外部的第一电源耦合到处理器，存储器和存储部件并向其供电。 在集成电路的壳体内的第二电源耦合到至少处理器并且向至少处理器供电。 当执行密码操作时，包括用于从第一电源切换到第二电源的开关，并且当正在执行非加密操作时用于从第二电源切换到第一电源。

公开(公告)号：US06594760B1

公开(公告)日：2003-07-15

申请号：US09217977

申请日：1998-12-21

申请人： Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr. ,  Edward J. Twarog

发明人： Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr. ,  Edward J. Twarog

IPC分类号： G06F1214

CPC分类号： G07B17/00733 ,  G06F21/72 ,  G06F21/75 ,  G06F21/81 ,  G06F2207/7219 ,  G07B17/00193 ,  G07B2017/00233 ,  G07B2017/00346 ,  G07B2017/00959 ,  G07B2017/00967

摘要： System and method for performing cryptographic operations include providing at least one processor for performing cryptographic operations, memory coupled to the processor for use in performing the cryptographic operations; and a storage component coupled to the processor for storing and retrieving information calculated and used in the cryptographic operations. The processor, memory and storage component are securely enclosed whereby direct access to the cryptographic operations is prevented. A first power source, which is external to the secure enclosure, is coupled to and supplies power to the processor, the memory and the storage component. A second power source, which is internal to the secure enclosure, is coupled to and supplies power to at least the processor. A switch is included for switching from the first power source to the second power source when the cryptographic operations are being performed and for switching from the second power source to the first power source when non-cryptographic operations are being performed.

摘要翻译： 用于执行加密操作的系统和方法包括提供至少一个处理器用于执行加密操作，耦合到处理器的存储器用于执行密码操作; 以及耦合到所述处理器的存储部件，用于存储和检索在所述密码操作中计算和使用的信息。 处理器，存储器和存储组件被安全地封闭，从而防止对密码操作的直接访问。 位于安全机箱外部的第一电源耦合到处理器，存储器和存储部件并向其供电。 位于安全机壳内部的第二电源耦合到至少处理器并向其供电。 当执行密码操作时，包括用于从第一电源切换到第二电源的开关，并且当正在执行非加密操作时用于从第二电源切换到第一电源。

公开(公告)号：US07539648B1

公开(公告)日：2009-05-26

申请号：US09650177

申请日：2000-08-29

申请人： Robert A. Cordery ,  David K. Lee ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

发明人： Robert A. Cordery ,  David K. Lee ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： G07B17/00733 ,  G06F7/725 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q30/0283 ,  G07B17/00362 ,  G07B2017/00096 ,  G07B2017/00161 ,  G07B2017/00395 ,  G07B2017/00427 ,  G07B2017/00758 ,  G07B2017/00766 ,  G07B2017/00782 ,  G07B2017/00806 ,  G07B2017/0083 ,  G07B2017/00854 ,  G07B2017/00927 ,  H04L9/3213 ,  H04L9/3268 ,  H04L2209/56

摘要： A system and method include means for processing a cryptographic certificate adapted to provide security functionality. A register means is provided and means for adjusting the register means to account for services when the cryptographic certificate is processed. In accordance with another aspect, a system and method include a register means for storing funds. Means are provided for processing a digital token providing proof of postage payment and means are also provided for processing a cryptographic certificate adapted to provide security functionality. Means debit funds stored in the register means when the digital token is processed and when the cryptographic certificate is processed. Processing the cryptographic certificate may involve many functions such as providing security services and/or certificate management functions (including generating and verifying cryptographic certificates) and/or key management functions and/or access to any needed private keys to perform security services. Processing the digital token may include generating the digital token or issuing the digital token.

摘要翻译： 系统和方法包括用于处理适于提供安全功能的加密证书的装置。 提供了一种寄存器装置和用于调整寄存器装置以在处理加密证书时考虑服务的装置。 根据另一方面，系统和方法包括用于存储资金的寄存器装置。 提供了用于处理提供邮资支付证明的数字令牌的手段，还提供了用于处理适于提供安全功能的加密证书的手段。 存储在寄存器中的借方资金意味着处理数字令牌和处理密码证书时。 处理加密证书可能涉及许多功能，例如提供安全服务和/或证书管理功能（包括生成和验证加密证书）和/或密钥管理功能和/或访问任何所需的私钥以执行安全服务。 处理数字令牌可以包括生成数字令牌或发出数字令牌。

公开(公告)号：US6134328A

公开(公告)日：2000-10-17

申请号：US133706

申请日：1998-08-13

申请人： Robert A. Cordery ,  David K. Lee ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

发明人： Robert A. Cordery ,  David K. Lee ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

IPC分类号： G06F7/72 ,  G06Q20/38 ,  G06Q30/02 ,  G07B17/00 ,  G07F7/02 ,  G07F19/00 ,  H04L9/32 ,  H04L9/00 ,  H04L9/30

CPC分类号： G07B17/00733 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q30/0283 ,  G07B17/00362 ,  H04L9/3213 ,  H04L9/3268 ,  G06F7/725 ,  G07B2017/00096 ,  G07B2017/00161 ,  G07B2017/00395 ,  G07B2017/00427 ,  G07B2017/00758 ,  G07B2017/00766 ,  G07B2017/00782 ,  G07B2017/00806 ,  G07B2017/0083 ,  G07B2017/00854 ,  G07B2017/00927 ,  H04L2209/56

摘要： A system and method include means for processing a cryptographic certificate adapted to provide security functionality. A register means is provided and means for adjusting the register means to account for services when the cryptographic certificate is processed. In accordance with anther aspect, a system and method include a register means for storing funds. Means are provided for processing a digital token providing proof of postage payment and means are also provided for processing a cryptographic certificate adapted to provide security functionality. Means debit funds stored in the register means when the digital token is processed and when the cryptographic certificate is processed. Processing the cryptographic certificate may involve many functions such as providing security services and/or certificate management functions (including generating and verifying cryptographic certificates) and/or key management functions and/or access to any needed private keys to perform security services. Processing the digital token may include generating the digital token or issuing the digital token.

摘要翻译： 系统和方法包括用于处理适于提供安全功能的加密证书的装置。 提供了一种寄存器装置和用于调整寄存器装置以在处理加密证书时考虑服务的装置。 根据其他方面，系统和方法包括用于存储资金的寄存器装置。 提供了用于处理提供邮资支付证明的数字令牌的手段，还提供了用于处理适于提供安全功能的加密证书的手段。 存储在寄存器中的借方资金意味着处理数字令牌和处理密码证书时。 处理加密证书可能涉及许多功能，例如提供安全服务和/或证书管理功能（包括生成和验证加密证书）和/或密钥管理功能和/或访问任何所需的私钥以执行安全服务。 处理数字令牌可以包括生成数字令牌或发出数字令牌。

公开(公告)号：US06907399B1

公开(公告)日：2005-06-14

申请号：US09650176

申请日：2000-08-29

申请人： Robert A. Cordery ,  David K. Lee ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

发明人： Robert A. Cordery ,  David K. Lee ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

IPC分类号： G06F7/72 ,  G07B17/00 ,  H04L9/32 ,  G06F17/60

CPC分类号： G07B17/00733 ,  G06F7/725 ,  G06Q20/382 ,  G06Q30/018 ,  G06Q30/0283 ,  G07B17/00362 ,  G07B2017/00096 ,  G07B2017/00161 ,  G07B2017/00395 ,  G07B2017/00427 ,  G07B2017/00758 ,  G07B2017/00766 ,  G07B2017/00782 ,  G07B2017/00806 ,  G07B2017/0083 ,  G07B2017/00854 ,  G07B2017/00927 ,  H04L9/3213 ,  H04L9/3268 ,  H04L2209/56

摘要： A system and method include means for processing a cryptographic certificate adapted to provide security functionality. A register means is provided and means for adjusting the register means to account for services when the cryptographic certificate is processed. In accordance with anther aspect, a system and method include a register means for storing funds. Means are provided for processing a digital token providing proof of postage payment and means are also provided for processing a cryptographic certificate adapted to provide security functionality. Means debit funds stored in the register means when the digital token is processed and when the cryptographic certificate is processed. Processing the cryptographic certificate may involve many functions such as providing security services and/or certificate management functions (including generating and verifying cryptographic certificates) and/or key management functions and/or access to any needed private keys to perform security services. Processing the digital token may include generating the digital token or issuing the digital token.

公开(公告)号：US06157919A

公开(公告)日：2000-12-05

申请号：US575112

申请日：1995-12-19

申请人： Robert A. Cordery ,  David K. Lee ,  Steven J. Pauly ,  Leon A Pintsov ,  David W. Riley ,  Frederick W. Ryan, Jr. ,  Monroe A Weiant, Jr.

发明人： Robert A. Cordery ,  David K. Lee ,  Steven J. Pauly ,  Leon A Pintsov ,  David W. Riley ,  Frederick W. Ryan, Jr. ,  Monroe A Weiant, Jr.

IPC分类号： G07B17/00 ,  H04L9/00

CPC分类号： G07B17/00314 ,  G07B17/0008 ,  G07B17/00193 ,  G07B2017/00177 ,  G07B2017/00201 ,  G07B2017/00322 ,  G07B2017/0033 ,  G07B2017/00338 ,  G07B2017/00346 ,  G07B2017/00411 ,  G07B2017/00427

摘要： A transaction evidencing system includes a personal computer (PC) comprising a processor, memory and hard drive, with a plurality of non-metering application programs that selectively run on the PC. An unsecured printer is operatively coupled to the PC for printing in accordance with the non-metering application programs. A portable vault card that is removably coupled to the PC is programmed to generate tokens generation and perform transaction accounting. An application interface module in the PC, which interfaces with the non-metering application programs, issues a request for digital tokens in response to requests for indicia from a non-metering application program. A secure communications module in the PC, which securely communicates with the vault card when the vault card is coupled to the PC, sends the request for digital token to the vault card and receives a digital token generated by the vault card. An indicia bitmap generation module generates an indicia bitmap in the PC from the digital token and stores it in memory. The indicia bitmap is accessed by the non-metering application program when a print indicia operation is selected. A transaction capture module in the PC stores on the hard drive a transaction record corresponding to each issued digital token and associated postal data. The application interface module, the secure communications module, the indicia bitmap generation module and the transaction capture module are part of a dynamic link library module in the PC.

摘要翻译： 交易证明系统包括包括处理器，存储器和硬盘驱动器的个人计算机（PC），其具有选择性地在PC上运行的多个非计量应用程序。 根据非计量应用程序，不安全的打印机可操作地耦合到PC以进行打印。 可拆卸地耦合到PC的便携式存储卡被编程为产生令牌生成并执行事务计费。 与非计费应用程序接口的PC中的应用接口模块响应于来自非计费应用程序的标记的请求而发出数字令牌的请求。 PC中的安全通信模块，当保险库卡耦合到PC时，其与保险库卡安全地通信，将数字令牌的请求发送到保险库卡并接收由保险库卡产生的数字令牌。 标记位图生成模块从数字令牌在PC中生成标记位图并将其存储在存储器中。 当选择打印标记操作时，非计量应用程序访问标记位图。 PC中的交易捕获模块在硬盘驱动器上存储与每个发行的数字令牌和相关联的邮政数据相对应的交易记录。 应用接口模块，安全通信模块，标记位图生成模块和事务捕获模块是PC中动态链接库模块的一部分。

公开(公告)号：US5812666A

公开(公告)日：1998-09-22

申请号：US553812

申请日：1995-10-23

申请人： Walter J. Baker ,  Feliks Bator ,  Robert A. Cordery ,  Kevin D. Hunter ,  Kathryn V. Lawton ,  Louis J. Loglisci ,  Steven J. Pauly ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr. ,  Gary M. Heiden

发明人： Walter J. Baker ,  Feliks Bator ,  Robert A. Cordery ,  Kevin D. Hunter ,  Kathryn V. Lawton ,  Louis J. Loglisci ,  Steven J. Pauly ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr. ,  Gary M. Heiden

IPC分类号： G07B17/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  H04L9/06

CPC分类号： H04L9/083 ,  G07B17/00733 ,  H04L9/0825 ,  H04L9/3213 ,  G07B17/0008 ,  G07B2017/00846 ,  G07B2017/00854 ,  G07B2017/00862 ,  G07B2017/0087 ,  G07B2017/00895 ,  G07B2017/00967

摘要： A Key Management System for generating, distributing and managing cryptographic keys used by an information transaction system that employs cryptographic means to produce evidence of information integrity. The system comprises a plurality of functionally distinct secure boxes operatively coupled to each other. Each of the secure boxes performs functions for key generation, key installation, key verification or validation of tokens. Computers, operatively coupled to the secure boxes, provide system control and facilitate communication among the secure boxes. A plurality of separate logical security domains provide domain processes for key generation, key installation, key verification and validation of tokens produced by the transaction evidencing device within the domain using the key management functions. A plurality of domain archives, corresponding respectively to each of the security domains, securely and reliably record key status records and master keys for each domain. The Key Management System installs the master keys in the transaction evidencing device and validates the tokens. The secure boxes include a key generation box for generating, encrypting and signing a master key; a key installation box for receiving, verifying and decrypting the signed master key and for installing the master key into the transaction evidencing device; a key verification box for verifying the installation of the master key in the transaction evidencing device, a token verification box for verifying the tokens, and at least one manufacturing box for generating domain keys and distributing the domain keys among the secure boxes for each of the domains.

摘要翻译： 一种密钥管理系统，用于生成，分发和管理信息交易系统使用的加密密钥，该信息交易系统采用加密手段来产生信息完整性的证据。 该系统包括可操作地彼此耦合的多个功能不同的安全盒。 每个安全盒都执行密钥生成，密钥安装，密钥验证或令牌验证的功能。 可操作地耦合到安全盒的计算机提供系统控制并促进安全盒之间的通信。 多个单独的逻辑安全域提供用于密钥生成，密钥安装，密钥验证和使用密钥管理功能由域内的交易证明设备产生的令牌的验证的域过程。 分别对应于每个安全域的多个域归档安全可靠地记录每个域的密钥状态记录和主密钥。 密钥管理系统将主密钥安装在事务证明设备中，并验证令牌。 安全盒包括用于生成，加密和签名主密钥的密钥生成盒; 用于接收，验证和解密签名的主密钥并将主密钥安装到交易证明设备中的密钥安装箱; 用于验证主密钥在交易证明设备中的安装的关键验证框，用于验证令牌的令牌验证盒，以及用于生成域密钥的至少一个制造盒，以及在每个的安全盒中分配域密钥 域名

公开(公告)号：US5796841A

公开(公告)日：1998-08-18

申请号：US518404

申请日：1995-08-21

申请人： Robert A. Cordery ,  David K. Lee ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

发明人： Robert A. Cordery ,  David K. Lee ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

IPC分类号： G06F7/72 ,  G06Q20/38 ,  G06Q30/02 ,  G07B17/00 ,  G07F7/02 ,  G07F19/00 ,  H04L9/32 ,  H04L9/00 ,  H04L9/30

CPC分类号： G07B17/00733 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q30/0283 ,  G07B17/00362 ,  H04L9/3213 ,  H04L9/3268 ,  G06F7/725 ,  G07B2017/00096 ,  G07B2017/00161 ,  G07B2017/00395 ,  G07B2017/00427 ,  G07B2017/00758 ,  G07B2017/00766 ,  G07B2017/00782 ,  G07B2017/00806 ,  G07B2017/0083 ,  G07B2017/00854 ,  G07B2017/00927 ,  H04L2209/56

摘要： A system and method include means for processing a cryptographic certificate adapted to provide security functionality. A register means is provided and means for adjusting the register means to account for services when the cryptographic certificate is processed. In accordance with anther aspect, a system and method include a register means for storing funds. Means are provided for processing a digital token providing proof of postage payment and means are also provided for processing a cryptographic certificate adapted to provide security functionality. Means debit funds stored in the register means when the digital token is processed and when the cryptographic certificate is processed. Processing the cryptographic certificate may involve many functions such as providing security services and/or certificate management functions (including generating and verifying cryptographic certificates) and/or key management functions and/or access to any needed private keys to perform security services. Processing the digital token may include generating the digital token or issuing the digital token.

公开(公告)号：US5661803A

公开(公告)日：1997-08-26

申请号：US414896

申请日：1995-03-31

申请人： Robert A. Cordery ,  John F. Braun ,  Frank M. D'Ippolito ,  Kathyrn V. Lawton ,  Steven J. Pauly ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

发明人： Robert A. Cordery ,  John F. Braun ,  Frank M. D'Ippolito ,  Kathyrn V. Lawton ,  Steven J. Pauly ,  Leon A. Pintsov ,  Frederick W. Ryan, Jr. ,  Monroe A. Weiant, Jr.

IPC分类号： G07F7/02 ,  B65G61/00 ,  G06F12/00 ,  G06F15/16 ,  G06F15/177 ,  G06Q10/00 ,  G06Q50/00 ,  G07B17/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00

CPC分类号： H04L9/3213 ,  G07B17/00733 ,  H04L9/0825 ,  H04L9/083 ,  G07B2017/00766 ,  G07B2017/00846 ,  G07B2017/00854 ,  G07B2017/0087 ,  G07B2017/00887 ,  G07B2017/00895 ,  G07B2017/00967

摘要： A method of token verification in a Key Management System provides a logical device identifier and a master key created in a logical security domain to a transaction evidencing device, such as a digital postage meter. The method creates a master key record in a key verification box, securely stores the master key record in a Key Management System archive, and produces in the transaction evidencing device evidence in the logical security domain of transaction information integrity. The method inputs the evidence of the transaction information integrity to a token verification box, and inputs in the token verification box the master key record from the Key Management System archive. The method determines in the token verification box that the master key is valid in logical security domain, uses in the token verification box the master key to verify the evidence of transaction information integrity, and outputs from the token verification box an indication of the result of the verification of the evidence of transaction information integrity. The master key record includes the logical device identifier, the master key and a digital signature associating the logical device identifier and the master key. The method checks the digital signature to verify the association of the logical device identifier and the master key within the logical security domain.

摘要翻译： 密钥管理系统中的令牌验证方法为逻辑安全域中创建的逻辑设备标识符和主密钥提供给诸如数字邮资计费器之类的交易证明设备。 该方法在密钥验证框中创建主密钥记录，将主密钥记录安全地存储在密钥管理系统归档中，并在交易证明装置中产生交易信息完整性的逻辑安全域中的证据。 该方法将交易信息完整性的证据输入令牌验证框，并在令牌验证框中输入密钥管理系统归档中的主密钥记录。 该方法在令牌验证框中确定主密钥在逻辑安全域中有效，在令牌验证框中使用主密钥验证交易信息完整性的证据，并从令牌验证框输出结果的指示 验证交易信息完整性的证据。 主密钥记录包括逻辑设备标识符，主密钥和与逻辑设备标识符和主密钥相关联的数字签名。 该方法检查数字签名以验证逻辑设备标识符与主密钥在逻辑安全域内的关联。

公开(公告)号：US07080044B1

公开(公告)日：2006-07-18

申请号：US09690285

申请日：2000-10-17

申请人： Robert A Cordery ,  David K. Lee ,  Steven J. Pauly ,  Leon A Pintsov ,  David W. Riley ,  Frederick W. Ryan, Jr. ,  Monroe A Weiant, Jr.

发明人： Robert A Cordery ,  David K. Lee ,  Steven J. Pauly ,  Leon A Pintsov ,  David W. Riley ,  Frederick W. Ryan, Jr. ,  Monroe A Weiant, Jr.

IPC分类号： G07B17/60

CPC分类号： G07B17/00314 ,  G07B17/0008 ,  G07B17/00193 ,  G07B2017/00177 ,  G07B2017/00201 ,  G07B2017/00322 ,  G07B2017/0033 ,  G07B2017/00338 ,  G07B2017/00346 ,  G07B2017/00411 ,  G07B2017/00427

摘要： A transaction evidencing system includes a personal computer (PC) comprising a processor, memory and hard drive, with a plurality of non-metering application programs that selectively run on the PC. An unsecured printer is operatively coupled to the PC for printing in accordance with the non-metering application programs. A portable vault card that is removably coupled to the PC is programmed to generate tokens generation and perform transaction accounting. An application interface module in the PC, which interfaces with the non-metering application programs, issues a request for digital tokens in response to requests for indicia from a non-metering application program. A secure communications module in the PC, which securely communicates with the vault card when the vault card is coupled to the PC, sends the request for digital token to the vault card and receives a digital token generated by the vault card. An indicia bitmap generation module generates an indicia bitmap in the PC from the digital token and stores it in memory. The indicia bitmap is accessed by the non-metering application program when a print indicia operation is selected. A transaction capture module in the PC stores on the hard drive a transaction record corresponding to each issued digital token and associated postal data. The application interface module, the secure communications module, the indicia bitmap generation module and the transaction capture module are part of a dynamic link library module in the PC.