WO2009083103A1 - Poste de dépôt et procédé d'affranchissement d'envois postaux dans un poste de dépôt - Google Patents

Poste de dépôt et procédé d'affranchissement d'envois postaux dans un poste de dépôt Download PDF

Info

Publication number
WO2009083103A1
WO2009083103A1 PCT/EP2008/010378 EP2008010378W WO2009083103A1 WO 2009083103 A1 WO2009083103 A1 WO 2009083103A1 EP 2008010378 W EP2008010378 W EP 2008010378W WO 2009083103 A1 WO2009083103 A1 WO 2009083103A1
Authority
WO
WIPO (PCT)
Prior art keywords
module
measured values
measuring
measuring device
measuring module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2008/010378
Other languages
German (de)
English (en)
Inventor
Hans Schneider
Rolf Peters
Mike Bobinski
Guido Leidig
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Deutsche Post AG
Original Assignee
Deutsche Post AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Deutsche Post AG filed Critical Deutsche Post AG
Publication of WO2009083103A1 publication Critical patent/WO2009083103A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00193Constructional details of apparatus in a franking system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/00024Physical or organizational aspects of franking systems
    • G07B2017/00048Software architecture
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00193Constructional details of apparatus in a franking system
    • G07B2017/00225Vending machine or POS (Point Of Sale) apparatus
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00362Calculation or computing within apparatus, e.g. calculation of postage value
    • G07B2017/0037Calculation of postage value
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00362Calculation or computing within apparatus, e.g. calculation of postage value
    • G07B2017/00395Memory organization
    • G07B2017/00403Memory zones protected from unauthorized reading or writing
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00459Details relating to mailpieces in a franking system
    • G07B17/00661Sensing or measuring mailpieces
    • G07B2017/00685Measuring the dimensions of mailpieces
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00459Details relating to mailpieces in a franking system
    • G07B17/00661Sensing or measuring mailpieces
    • G07B2017/00701Measuring the weight of mailpieces
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00741Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
    • G07B2017/00758Asymmetric, public-key algorithms, e.g. RSA, Elgamal
    • G07B2017/00766Digital signature, e.g. DSA, DSS, ECDSA, ESIGN

Definitions

  • the invention relates to a delivery station for franking mailpieces, which has at least one scale for determining the weight of a mailpiece and at least one dimension measuring device for determining the dimensions of a mailpiece. Furthermore, an arithmetic unit for determining the postage charge for a mail item and a franking unit for applying a postage indicium to the mail item are provided. The arithmetic unit has access to measurement tolerances of the scale and the dimension measuring device.
  • the invention further relates to a method for franking mailpieces in such a delivery station.
  • Customers can also submit a larger quantity of unfranked mail in a branch of a transport and delivery service.
  • the delivery company carries out a franking of the shipments, whereby franking machines can also be used.
  • the customers are for the delivery of Shipments bound to specified opening hours of branches of the delivery company.
  • the device automatically franking the mailpieces.
  • the device could be placed in public areas to provide customers with 24-hour service. In this case, such a device requires a method for the automatic determination of a postage amount or postage due required for a shipment.
  • Such a mailing station is known for example from the German patent application DE 10 2005 006 005 A1.
  • the document discloses a mailing station, in which a mail item is transferred from an acceptance means into a housing which is inaccessible to a customer.
  • measured values for weight, length, width and height of the mail item are determined by measuring devices.
  • the negative tolerances of the individual measuring devices are added to the measured values thus determined, and the amounts of the positive tolerances are subtracted in order to obtain adapted measured values.
  • These adjusted metrics come with value ranges of
  • the reference list assigns different postage amounts to value ranges of the adjusted measured values, and a result list with the postage amounts assigned to the determined adjusted measured values is generated.
  • the smallest postage amount of the result list is determined and determined as the required postage fee for the postal item in question.
  • a franking mark is applied to the mailpiece, the franking mark containing the determined postage amount.
  • Verification in most cases requires type approval, which means that a typical copy of the measuring instrument concerned must be approved by the competent authority. In the Federal Republic of Germany, for example, the responsible authority is the Physikalisch Technische Bundesweg (PTB).
  • the authority usually checks the registration documents and a sample device according to the regulations of the respective calibration regulations. Essential aspects here are the measuring accuracy and measuring stability. In particular, the applicable requirements and error limits must be adhered to.
  • the admission test includes metrological, technical and administrative examinations.
  • the technical tests which also include software tests, will examine whether the operating, display and impression functions meet the requirements and that the device is adequately protected against operator error and manipulation. As delivery stations for franking mailpieces are usually computer-controlled, approval and calibration of software components is thus also required.
  • the applicant will receive from the competent authority a registration certificate and a registration mark which must be displayed on all measuring instruments in a visible place. If the device type has been approved, then each individual device must then be calibrated by the responsible calibration authority before it may be used, for example, in business transactions.
  • a consignment station is to be calibrated for the delivery and franking of postal consignments, it is possible to have all components of the system and the software in their entirety checked and calibrated.
  • this has the disadvantage that changes to the device and / or the software are associated with a re-examination by an approval authority. A change in the operating system underlying the software or other non-calibration-relevant parameters can therefore not be performed by an administrator in this case.
  • a consignment station may include hardware and software components that are not subject to custody, it is possible to separate custody and non-custody components. This allows the non-legal components to be freely modified without the need for re-approval or calibration of the entire assembly.
  • the German Utility Model DE 296 13 903 U1 discloses, for example, an arrangement for quality assurance of complex electronic measuring devices, which have both custody as well as non-custody components.
  • German Patent Application DE 195 27 293 A1 discloses a method and a device for reliable measurement and processing of measured data in the field of exhaust gas analysis. So that a computer connected to a measuring module does not have to be calibrated together with the measuring module, which would lead to a restriction of the initially open PC system, the document proposes that measured values are transmitted to a PC via a suitable interface.
  • the PC does not have to be calibrated, but can also be used freely for other applications.
  • Known approaches are not suitable for designing a verifiable delivery station for franking mail so that components subject to calibration can be checked and calibrated by a licensing authority, while non-compulsory components can be changed freely by the operator of the consignment station. There are no
  • Mailing stations are known which fulfill the criteria of the competent registration authorities.
  • the object of the invention is therefore to provide a mailing station which meets these requirements.
  • this object is achieved by a device having the features of independent claim 1.
  • Advantageous developments of the device will become apparent from the dependent claims 2-12.
  • the object is further achieved by a method according to claim 13.
  • Advantageous embodiments of the method will become apparent from the dependent claims 14-22.
  • the delivery station according to the invention for franking mailpieces has at least one scale for determining the weight of a mailpiece and at least one dimension measuring device for determining the dimensions of a mailpiece. Furthermore, an arithmetic unit for determining the postage fee for a mail item is provided, wherein the arithmetic unit has access to measurement tolerances of the scale and the dimension measuring instrument.
  • a franking unit serves to apply a postage indicium to the mailpiece.
  • the scale and the dimension measuring device are each physically sealed and are connected via physically sealed data cables in conjunction with a serial interface of the processing unit. These measuring devices or a respectively associated interface sign the generated measured values.
  • the measuring tolerances of the scale and the dimension measuring device and format categories for mailpieces are stored in a signed one-way memory, on the data of which a signed measuring module of the arithmetic unit has read-only access.
  • Measurement module further comprises means for receiving measurements from the scale and the dimension measuring device via the serial interface.
  • a component of the measuring module in the form of a correction module comprises means for adding and subtracting the respective measuring tolerances of the scale and the dimension measuring device to the received measured values so as to produce corrected measured values.
  • the measurement module also has a format module comprising means for determining the format category of a mailpiece from the corrected dimension measurements and the format categories in the disposable memory.
  • the measuring module comprises means for determining the product category of a mail item from the corrected weight measurement value of the mail item and the format category of the mail item determined by the format module.
  • the measuring module has access to a file which contains an association between product categories of mailpieces and postage charges, so that a postage fee determined therefrom for a mail item can be supplied by the metering module to the franking unit.
  • This file preferably has no signature.
  • the measuring module furthermore has means for signing data records, comprising at least measurement values of the scale and the dimension measuring device, the associated corrected measured values and the determined product category of a mailpiece, and a memory module for storing a signed data record in the signed disposable memory.
  • the delivery station has a display in connection with the measurement module, on which at least measurement values and / or corrected measurement values of the balance and the dimension measurement device are displayed, wherein a mask displayed on the display is generated and signed by the measurement module.
  • the measurement module and its components are signed with a signature based on asymmetric encryption.
  • This signature can be generated with a private key that was generated by and / or stored in a TPM chip (Trusted Platform Module) of the arithmetic unit, wherein the TPM chip is permanently installed in the arithmetic unit. Access to the private key in the TPM chip can be password protected.
  • the scale, the dimension measuring device and / or an associated interface form a hash value over a measured value.
  • the measuring module forms a hash value over a data set, comprising at least the measured values of the balance and the dimension measuring device, the associated corrected measured values and the determined product category of a mailpiece.
  • the measuring module and its components are preferably software components in the form of Java archive files.
  • the measuring module and its software components can be stored on a write-protected storage medium whose mechanical write-protect switch has been physically sealed, wherein the connection of the storage medium to the arithmetic unit has also been physically sealed.
  • the measuring module can be stored, for example, on a USB memory stick or a hard disk with a mechanical write-protect switch.
  • the invention further comprises a method for franking mailpieces in such a delivery station.
  • the measuring module and its components are signed prior to carrying out the method steps, wherein the signing is effected by asymmetric encryption.
  • the storage of the measuring module and its software components on a write-protected storage medium is preferably carried out prior to performing the method.
  • the invention brings with it in particular the advantage that components that are not subject to custody are separated from the components subject to calibration such that they are not influenced by them. Among other things, this means that the non-legal components the consignment station according to the invention can be changed by the operator of the machine without a renewed approval or calibration is required.
  • FIG. 1 shows an embodiment of the delivery station according to the invention
  • Fig. 2 is a schematic representation of custody and non-custody
  • Fig. 3 is a schematic representation of the method steps in the
  • FIG. 4 shows a schematic representation of the components of a computing unit of the delivery station according to the invention.
  • the delivery station 10 is a self-service machine to which customers can deliver mailings such as mail or goods shipments.
  • these are registered customers who can identify themselves, for example via a customer card, so that the services provided by the consignment station can be billed to the customer in a simple manner.
  • the services of the machine is in particular the franking of mail with the required postage.
  • the machine automatically determines the format of a shipment, calculates the correct charge and prints it as Franking mark on the consignment.
  • the machine can also be made available to non-registered customers, if appropriate billing procedures are integrated.
  • postal delivery orders, registered mail, COD shipments or an address check can be carried out by the delivery station 10.
  • Several delivery stations are preferably connected to a backend system, which handles at least the operation of the machines and the billing of services at the customer.
  • the operation of the machines includes, for example, the maintenance, the setting of collection containers for receiving mail items and the demand-based collection of delivered items.
  • the backend systems may also take over customer identification and legitimization, determination of delivery limits, and tracking of delivered shipments.
  • the overall application may be a client-server application, but a delivery station is preferably configured as a rich client hosting the application logic.
  • a consignment station 10 is expediently designed burglar-proof and weather-resistant.
  • a post office usually includes a housing inaccessible to a customer. As soon as the customer has introduced the mailpieces into the device and the measuring and franking process has been started, there is no possibility for him to access the mailpieces.
  • the device is accessible to service personnel who have access to the various technical components. For this purpose, one or more closable flaps may be provided which release the access to the technique of the device.
  • the device is also accessible to employees of the operator of the device, which remove delivered mail and forward them to the transport and delivery process.
  • the delivered mail items 20 are preferably collected in one or more containers 12, which are also accessible through a closable flap. It can be provided that the device performs a level control of the respective collection container. If the sump filled to a predetermined level, the operator of the device is notified that an emptying must be done. Furthermore, the acceptance of further transmissions on the device can be denied.
  • the device according to FIG. 1 has an acceptance means 11 for accepting mailpieces 20.
  • This is preferably a singler, which feeds a stack of mailpieces individually into the device.
  • the verzeier may be a known from the prior art device which allows a single feeder.
  • the customer places a stack of items, for example, in an acceptance opening 11 and closes a cover flap, behind which thereupon the collection of the shipments takes place.
  • Individual consignments can also be received via the collection in the device.
  • the device may further include, like conventional mailboxes, a slot for inserting individual mailings.
  • a mail item 20 passes through the device 10 by means of one or more means of transport.
  • the means of transport are, for example, conveyor belts and rollers which guide a shipment through various measuring devices and subsequently through a pressure arrangement.
  • the items are preferably transported lying horizontally. A combatkanter transport is also possible.
  • the various measuring devices determine at least the weight and dimensions of the shipment. The determination of the individual measured values can take place simultaneously or successively by different measuring devices.
  • the weight G of a mail item 20 can be measured by various methods of weight determination. In a particularly preferred
  • the weight is determined by a dynamic balance 30.
  • the scale can be calibrated, with the minimum and maximum Maximum tolerance values are determined.
  • the tolerance values of the balance are stored in a computing means 50 of the device.
  • the length L and height H of a broadcast can also be determined by various known means.
  • the maximum and minimum tolerance values of this measurement can be obtained by the evaluation of measurement series.
  • the measurement of the width B of a transmission takes place, for example, via an image recognition or permanently installed width measuring sensors.
  • the width B is defined as the smallest distance between two opposite edges of a shipment to each other.
  • the tolerance values of the measuring device can be determined by measuring series.
  • the measuring devices for determining the length, width and height of a mail item 20 are referred to below in their entirety as a dimension measuring device 40.
  • a dimension measuring device can thus consist of one or more measuring devices.
  • the various measuring devices are connected to a computing unit 50, which is preferably also located within the device 10.
  • the computing unit 50 may be, for example, a PC having a processor, a memory, a plurality of hard disks and removable media.
  • the PC also has a network connection, for example in the form of Fast Ethernet.
  • the determined measured values are transferred to the arithmetic unit 50 for evaluation.
  • the arithmetic unit 50 generates measured values corrected from the measured values by processing the negative and positive tolerances of the individual measuring devices.
  • these tolerance values are offset with the measured values H for the height, L for the length, G for the weight and B for the width of the mail item.
  • the amount of the negative tolerance is added to the measured value measured in order to obtain adapted measured values H ', L', G 'and B'.
  • the amount of the positive tolerance is subtracted from the measured value measured to obtain adjusted measured values H ", L", G "and B".
  • the length measuring device has a tolerance of + 2 mm and -3 mm
  • the adjusted measured values of the other variables are calculated analogously in the computing means 50.
  • the arithmetic unit 50 compares the adapted measured values with the value ranges of a reference list. If a product or a product class is determined in whose value range all adjusted measured values lie, the assigned postage amount is included in a result list. If this result list contains several postage amounts, the smallest amount is determined and determined as the postage amount to be applied to the mail piece. If the result list contains only one entry, the relevant postage amount is determined as the postage amount to be applied. With the postage amount thus determined, a franking mark is generated in a franking unit 60 and printed on the mailpiece 20. As a franking unit, any known from the prior art franking units are used, for example, imprint a postage indicium in the form of a matrix code on a mailpiece.
  • the user is displayed via a display means of the device, a corresponding message and ejected the shipment from the device.
  • the determination of the postage amount is supplemented by information provided by a user about the type of mail item, so that it is a semi-automatic postage determination.
  • the type of shipment may include, for example, information about content, mission or additional services include. This information is not determined physically in one embodiment of the invention, but entered by the user through an operating unit 13 of the delivery station 10.
  • the operating unit may comprise, for example, a keyboard, a screen or a touchscreen and a card reader.
  • a user indicates whether the mailing destination of the mailpiece is national or international. This can also be done automatically by an evaluation of the shipment address. However, since a manual evaluation is required for illegible addresses, it can be provided that the
  • Consignment target is basically entered by the user.
  • the user does not specify the distinction between national and international deliveries individually for each shipment but rather for a larger quantity of simultaneously delivered shipments.
  • the delivery station 10 may further comprise a bar code reader for detecting bar codes located on postal items.
  • the device preferably has one or more cameras to record images of the mailpieces. In this case, images of the address side of mailpieces are preferably recorded.
  • the image of a mailpiece can be used, for example, to display it to a customer on the screen of the operating unit 13. The customer can view the address data and thus order a registered letter.
  • Fig. 2 shows a schematic representation of custody and non-custody components for operating the consignment station according to the invention.
  • Hardware components such as a scale 30 and the dimension measuring devices 40 are preferably connected via standardized interfaces to the arithmetic unit 50 of the delivery station 10, so that they can be exchanged. Since the process of automatic consignments within a consignment station 10 determines the format of the consignments and their weight by means of measuring equipment and the price of the consignment fee is automatically determined on the basis of the results of these measurements, the whole process is subject to approval and verification by the competent authority.
  • the calibration extends not only to the measured values themselves but also to the data processing that determines the transmission format from the measured values. The verification confirms the correctness of the measurement and the fee determination by a calibration official.
  • the primary purpose of the measurement of a consignment is to determine the consignment format and weight, as these form the basis for the product determination and thus the fee determination.
  • the shipment format is determined by means of a
  • the customer must be able to understand the charge determination so that the measurement results are displayed to him.
  • the display of the measurement results is also subject to the calibration process, as this should not be manipulated. If an output of individual measurements, for example on a receipt or a
  • This measured value memory like the measured values, must be protected against manipulation itself, so that it is preferably a disposable memory that can only be read by reading.
  • both the Software component which forms the interface to the measured value memory 55, as well as the disposable memory itself protected against manipulation.
  • the measured value memory 55 can be created, for example, in a database of the arithmetic unit 50 and access to the measured value memory is made only via a predetermined interface, which can be done on stored data only a read access.
  • the stored data can be stored as binary database files on a hard disk.
  • a manipulation of the database files can be excluded by security mechanisms of the database itself, if manipulated database files are identified as corrupt by the database and can no longer be activated.
  • a deletion of the database files can be timed within the database schema itself. So there is no deletion function from the outside.
  • the storage duration of data records can be stored for example by the calibration officer in the measured value memory itself and thus controlled at any time.
  • the overall system of measuring devices 30 and 40, measurement data transmission to the format-determining software of the arithmetic unit 50, the format determination of the arithmetic unit 50, the measured value memory 55 and an indication of the measurement results on a display 80 are usually signed and sealed on site by a calibration official.
  • a product and price list 93 which shows the postage to be paid for a determined product category, is not subject to custody. This can therefore be changed by the operator of the consignment station, without a renewed calibration must be performed. If this results in new format categories, however, these are to be stored in the measured value memory 55.
  • the software of the arithmetic unit 50 must be protected in particular against deliberate changes by means of common software tools.
  • the interfaces between software subject to legal custody and software that is not subject to custody transfer must be free of feedback, ie the interfaces prevent the entry of impermissible data, parameters and commands. Measuring devices may, for example are not unduly influenced if their non-reactive interfaces are exposed to external voltages. Furthermore, the interface outputs the main displays in legal-for-trade format to additional legal-for-trade instruments.
  • Dimensional measuring devices 40 are subject to the calibration process. In order to prevent subsequent manipulation of the device or to properly demonstrate manipulations, these calibrated measuring devices are usually sealed with a calibration seal. Also, the transport path of measurement data from the measuring devices to a measured value software of the computing unit 50 must be sealed. Such seals provide an example of a physical seal in the sense of this invention. The scale 30 and the dimension measuring instruments 40 are thus calibrated and then physically sealed.
  • the programs are transported, for example, in the automatic feeder occasionally through the measuring chain, and the individual measuring devices automatically take their measured value, sign it and send it via an interface 51 to a measuring module 52 of the arithmetic unit 50.
  • the interface 52 is preferably a serial interface, and each meter has a corresponding hardware driver 53 and 54.
  • the measuring devices are also connected to the arithmetic unit 50 via physically sealed data cables 80 and 71.
  • the measured values themselves can be determined by the measuring instruments independently by means of events (Events) are reported to the measuring module 52.
  • An event can either be the reporting of a new measurement result or the reporting of an error that has occurred.
  • the data can be exchanged over the interface in XML format. It should be noted that measurement data can be retrieved but not manipulated.
  • the measuring instruments sign their measurement data records.
  • One possible form of the signature is the formation of a hash value or scatter value over the supplied data record.
  • cryptographic hash functions such as MD5, SHA-1 or RIPEMD-160 can be used.
  • the use of a certificate or an encryption of the data can additionally be carried out.
  • the calibration official must usually be given the opportunity to check the integrity of the signature of each individual measured value in the measured value memory. Depending on the signature used, he must be given access to a public key.
  • RSA may be used in various signatures within the scope of the invention.
  • Asymmetrical methods are also referred to as public-key methods. In these methods, the user has two keys, a public key and a secret key. Both keys fulfill certain tasks.
  • the public key is made public. Any other user can use this key to send to the owner a message that has been generated by clear text encryption.
  • the secret key is kept secret by the owner. It is used to decrypt encrypted messages sent to it.
  • signing a message or a binary file means that, according to a known method, a message or binary checksum is computed and then encrypted with the private key of an asymmetric key pair. If it is now to be determined whether the present message or binary file is unchanged at the time of signing, this can with the public key of the asymmetric key pair. To do this, the checksum algorithm is used, the encrypted checksum is decrypted with the public key, and the values are compared.
  • a public key with the identity of a third person can be created. Certificates can be used.
  • a certificate is a kind of proof of authenticity for a public key, where a certificate consists of the public key of the holder of the certificate, an identity characteristic of the holder of the certificate, the name of the issuer of the certificate and a digital key of the issuer of the certificate.
  • the signing of a measured value can take place in the physical measuring device itself, if, for example, a key is stored in the EPROM of the measuring device.
  • the signing can also take place in the interface of the respective measuring device. In this case, the interface is subject to calibration and the software must also be signed.
  • the structure of the measuring module 52 and its interaction with other components is shown in FIG. 4.
  • the software components for measuring data acquisition and evaluation are available, for example, as Java archive files (jar files).
  • the jar files can be provided with a signature, whereby the signature is stored in the jar file itself. This signature is generated using a private key and can be verified using a public key.
  • the required key pair consisting of private and public key, can be generated and stored for example by a TPM chip of the arithmetic unit 50.
  • the TPM Trusted Platform Module
  • the TPM chip contains a hardware number generator and can encrypt, decrypt and sign data.
  • the TPM chip can generate 2048-bit RSA keys directly on the chip.
  • the nonvolatile TPM memory has multiple keys, and the volatile area accommodates multiple temporary RSA keys, 16 or 24 Platform Configuration Registers that capture hashes of hardware and software configurations, and two types of phones. Since each TPM chip is unique and can not be replaced, the software signed with it is bound to the respective consignment station.
  • step 1 As soon as all measured values for a program 20 are present, as indicated in FIG. 3 as step 1), these are forwarded to a correction component 90 within the measuring module 52.
  • the correction module 90 for tolerance correction of the measured values is subject to the calibration process.
  • the valid tolerance values lie within the saved measured value memory 55 and are retrieved from the correction module 90 therefrom.
  • the calibration official previously signed these tolerance values during calibration with his private key.
  • the tolerance values including the signature are stored in the measured value memory 55.
  • the calibration official can use his public key to verify the tolerance values.
  • the recorded measured values are corrected by the correction module 90 by the retrieved tolerance values from the one-way memory 55, as shown in FIG labeled with step 2).
  • the tolerance correction algorithm is preferably as follows:
  • correction module 90 has generated corrected measured values in this manner, only these corrected measured values may be used for the further process steps. Both the original measurement data and the corrected measured values are forwarded to the measured value memory 55 in the data packet for later storage.
  • the complete measurement data set is signed by the measurement module 52 so that stored values can no longer be manipulated at the system level. This can also be done via a hash value over the complete record.
  • the measuring module 52 further comprises a module 91 for format determination, wherein this format module 91 is also subject to the calibration process.
  • the format module accesses format categories that are also stored in the measured value memory 55. Although the valid format categories are part of the non-legal file 93 with the price and product list (PPL), they are also stored in the saved measured value memory 55.
  • the format categories are for example signed in the backend and delivered to the machine 10. There, the format categories after successful verification of the signature by the front-end software in the measured value memory 55 of the arithmetic unit 50 are imported.
  • the format categories are retrieved from the memory module 55 from the format module 91, and the format determination module compares the corrected measurement values of the program with these stored format category limits.
  • the format module 91 determines therefrom the format category of the program to be used, as indicated in step 3) in FIG. 3.
  • the corresponding product from the valid price and product list 93 is selected with the additional information provided by the customer (including ordered quality of service, additional services, etc.), as indicated in step 4 in FIG. 3 .
  • This price and product determination is not subject to the calibration process, since, apart from the format category, no measured values are used, but information or wishes of the customer.
  • the determined product and its price are however preferentially to the measured values of the transmission in the
  • Measured value memory 55 recorded. For this reason, the product identification with the measured values is forwarded to a calibration-relevant memory module 92 of the measuring module 52.
  • This memory module 92 is used to store the complete measurement data record. This module 92 is also subject to the calibration process. After completion of the data set by the information from the product and price determination of the complete data set is signed to exclude subsequent changes, and then stored in the measured value memory 55. This process is indicated in FIG. 3 as step 5).
  • the measuring device itself which has generated a measured value, is preferably identifiable by a unique identification number. For example, a SHA1 checksum per measured value and ID number can be formed for each dimension for a measurement. After the correction of the measured values by the tolerances, a SHA1 hash value is formed via the aggregated data record, which also contains the determined format category and the product ID. This hash value and the SHA1 hash value for all software modules relevant to eich are linked to one another, for example, via an XOR connection. Both the hash value over the data record and the hash value formed via the XOR connection can be verified.
  • the postage fee determined by the measuring module 52 as a result of said steps is sent as a print job to a franking module 60, around the mail item 20 to frank accordingly with a postage indicium. This is shown as step 6) in FIG.
  • the franked mail item is for example introduced into a collecting container 12.
  • the printed postage amount will be charged to the customer and a receipt will be issued. Since customers usually deliver several postal items, the sum of the franking services is indicated on the receipt, which is preferably printed at the end of the process.
  • the measurement module 52 determines that a shipment 20 is not a valid product or the shipment can not be further processed, the shipment will be ejected and the recorded measurements may be discarded. In this case, the measured values do not have to be stored in the measured value memory 55 since no service is charged to the customer.
  • the system preferably offers the customer the option of retrospectively reading the measured values of his shipments.
  • a menu item is offered to the customer, for example, on a control unit 13 on a screen, which allows him within a fixed period of time (eg 90 days) the stored measurements after specifying the date, the billing number on the receipt of the customer or the shipment number to view a single shipment.
  • This display of the measured values on a display 80 is likewise subject to the calibration process, since manipulation of the data between measured value memory and display 80 must be precluded.
  • the mask to be displayed is therefore also created and signed by the measuring module 52.
  • a root-CA authenticated by the machine can be created, which also uses the storage root key of the Trusted Platform Module (TPM chip).
  • the TPM chip contains a unique identifier such as an endorsement key in the form of a 2048-bit RSA key pair that the manufacturer writes to the chip.
  • the TPM chip can thus serve to identify the processing unit and the software thereon.
  • the arithmetic unit 50 with the associated software is thus protected from it, to another To be transferred to the consignment station.
  • the software is thus tied to a specific consignment station and hardware.
  • USB memory stick attached to the PC, which will physically be set to a read-only mode read-only switch upon completion of the signing by the calibration officer and is sealed by the calibration official with seals.
  • a hard disk with a mechanical write-protection switch can also be used for this purpose.
  • a calibration officer will primarily use the console of the computer on which the calibration-relevant software modules are installed for his main task.
  • the console Using the console, he is able to verify the signature of all calibration-relevant software modules or to sign them themselves.
  • the calibration official is expediently provided with a screen mask.
  • the verification of the determined measured values can be carried out using the identical masks of the measured value display as for the customer.
  • the calibration officer also needs access to the original measuring values of the measuring instruments, for example, an equivalent mask like the
  • the calibration officer is then able to verify the signature of the individual measured values and the signature of the entire measured value data set in both masks. The verification can be carried out automatically in the calibration-relevant and thus signed measured value software.
  • OSGi is an abbreviation for the Open Services Gateway Initiative.
  • the Open Services Gateway initiative is a Java-based management standard have been set by hardware-independent service components. Services can be implemented in the Java programming language, but can also consist of native code.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Devices For Checking Fares Or Tickets At Control Points (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Vehicle Interior And Exterior Ornaments, Soundproofing, And Insulation (AREA)

Abstract

L'invention concerne un dispositif étalonnable et un procédé d'affranchissement d'envois postaux dans un poste de dépôt (10), les valeurs de mesure étant signées. Des valeurs de tolérance des appareils de mesure sont appelées à partir d'une mémoire unidirectionnelle également signée (55), aux données de laquelle un module de mesure (52) peut accéder uniquement en lecture, et utilisées pour produire des valeurs de mesure corrigées. A partir d'un fichier (93) qui contient une association entre des catégories d'envois postaux et des valeurs d'affranchissement, le module de mesure (52) détermine, à l'aide d'une catégorie de produit déterminée, une valeur d'affranchissement qui est apposée par une unité d'affranchissement (60) sous la forme d'une marque d'affranchissement sur l'envoi postal (20). De plus, un jeu de données constitué au moins de valeurs de mesure, de valeurs de mesure corrigées et de la catégorie de produit est signé par le module de mesure (52), et mémorisé par un module de mémoire (92) dans la mémoire unidirectionnelle signée (55).
PCT/EP2008/010378 2008-01-02 2008-12-08 Poste de dépôt et procédé d'affranchissement d'envois postaux dans un poste de dépôt Ceased WO2009083103A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP08000012.8A EP2077528B8 (fr) 2008-01-02 2008-01-02 Station de livraison et procédé d'affranchissement de courriers postaux dans des stations de livraison
EP08000012.8 2008-01-02

Publications (1)

Publication Number Publication Date
WO2009083103A1 true WO2009083103A1 (fr) 2009-07-09

Family

ID=39370929

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/010378 Ceased WO2009083103A1 (fr) 2008-01-02 2008-12-08 Poste de dépôt et procédé d'affranchissement d'envois postaux dans un poste de dépôt

Country Status (4)

Country Link
EP (1) EP2077528B8 (fr)
ES (1) ES2571857T3 (fr)
PL (1) PL2077528T3 (fr)
WO (1) WO2009083103A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008026273A1 (de) * 2008-06-02 2009-12-10 Deutsche Post Ag Einlieferungsstation für Postsendungen und Verfahren zum Einliefern von Postsendungen
CN112261601A (zh) * 2020-10-20 2021-01-22 北京思特奇信息技术股份有限公司 一种基于用户自定制的移动资费订购方法及系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4445526A1 (de) * 1994-02-04 1995-08-10 Sartorius Gmbh Anlage zur Meßwerterfassung und Anzeige, insbesondere Wägeanlage
WO2001099054A1 (fr) * 2000-06-19 2001-12-27 Pitney Bowes Limited Stockage de donnees securise dans des systemes ouverts
US20030226016A1 (en) * 2002-05-31 2003-12-04 International Business Machines Corporation Assurance of authentication in a computer system apparatus and method
EP1450144A2 (fr) * 2003-02-24 2004-08-25 Schenck Process GmbH Procédé et dispositif pour la protection digitale de valeurs mesurées
US20040221175A1 (en) * 2003-04-29 2004-11-04 Pitney Bowes Incorporated Method for securely loading and executing software in a secure device that cannot retain software after a loss of power
DE102005006005A1 (de) * 2005-02-09 2006-08-10 Deutsche Post Ag Verfahren und Vorrichtung zur automatisierten Annahme und Frankierung von Postsendungen

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19527293A1 (de) 1995-07-26 1997-01-30 Bosch Gmbh Robert Verfahren und Vorrichtung zur sicheren Messung und Verarbeitung sowie Überprüfung von Meßdaten
DE19628539A1 (de) 1996-07-16 1998-03-12 Csb Syst Software Entwicklung Anordnung und Verfahren zur Qualitätssicherung elektronischer Meßeinrichtungen

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4445526A1 (de) * 1994-02-04 1995-08-10 Sartorius Gmbh Anlage zur Meßwerterfassung und Anzeige, insbesondere Wägeanlage
WO2001099054A1 (fr) * 2000-06-19 2001-12-27 Pitney Bowes Limited Stockage de donnees securise dans des systemes ouverts
US20030226016A1 (en) * 2002-05-31 2003-12-04 International Business Machines Corporation Assurance of authentication in a computer system apparatus and method
EP1450144A2 (fr) * 2003-02-24 2004-08-25 Schenck Process GmbH Procédé et dispositif pour la protection digitale de valeurs mesurées
US20040221175A1 (en) * 2003-04-29 2004-11-04 Pitney Bowes Incorporated Method for securely loading and executing software in a secure device that cannot retain software after a loss of power
DE102005006005A1 (de) * 2005-02-09 2006-08-10 Deutsche Post Ag Verfahren und Vorrichtung zur automatisierten Annahme und Frankierung von Postsendungen

Also Published As

Publication number Publication date
EP2077528B8 (fr) 2016-08-10
ES2571857T3 (es) 2016-05-27
EP2077528B1 (fr) 2016-03-30
PL2077528T3 (pl) 2016-09-30
EP2077528A1 (fr) 2009-07-08
ES2571857T8 (es) 2016-09-28

Similar Documents

Publication Publication Date Title
DE69724345T2 (de) System zur kontrollierten Annahme von Poststücken, das sicher die Wiederverwendung einer ursprünglich für ein Poststück erzeugten digitalen Wertmarke bei einem später vorbereiteten anderen Poststück zum Beglaubigen der Bezahlung der Postgebühren ermöglicht
EP1405274B1 (fr) Procede de verification de la validite de mentions d'affranchissement numeriques
DE69434621T2 (de) Postgebührensystem mit nachprüfbarer Unversehrtheit
DE69636375T2 (de) System zur kontrollierten Annahme der Bezahlung und des Nachweises von Postgebühren
DE69634397T2 (de) Verfahren zum Erzeugen von Wertmarken in einem offenen Zählsystem
DE68922288T3 (de) Zentrales Aktualisieren einer nutzerseitigen Datenbank
DE3644229B4 (de) Vorrichtung zur stapelweisen Bearbeitung einer großen Menge von Poststücken
DE69936013T2 (de) System und Verfahren zur Detektion von Postgebührenbuchführungsfehlern in einer Umgebung zur kontrollierten Annahme
DE3841394C2 (de) Verfahren für die Ausgabe von Postgebühren
DE69636617T2 (de) Verfahren und System zum Nachweisen von Transaktionen mit hinterherigem Drucken und Verarbeiten des Postens
DE3613007B4 (de) System zur Ermittlung von nicht-abgerechneten Drucken
DE69433527T2 (de) Postverarbeitungssystem für Poststücke mit Verifikation im Datenzentrum
DE3644318A1 (de) Postaufgabesystem mit portowert-uebertragung und verrechnungsfaehigkeit
WO2013037516A1 (fr) Procédé et dispositif pour associer une valeur de mesure enregistrée par une station de charge à une transaction
DE3644232A1 (de) Postaufgabesystem mit portowertuebertragung und verrechnungsfaehigkeit
DE3613008A1 (de) Portogebuehren- und versandinformations-aufbringungssystem
DE69637237T2 (de) Verfahren and Vorrichtung zur Authentifizierung von Postgebührenabrechnungsberichten
EP1107190B1 (fr) Procédé et machine à affranchir
EP1581910A1 (fr) Procede et dispositif pour le traitement d'information graphique figurant sur des surfaces d'articles postaux
EP2077528B1 (fr) Station de livraison et procédé d'affranchissement de courriers postaux dans des stations de livraison
DE102005006005A1 (de) Verfahren und Vorrichtung zur automatisierten Annahme und Frankierung von Postsendungen
DE60132775T2 (de) Sichere speicherung von daten auf offenen systemen
EP1450144A2 (fr) Procédé et dispositif pour la protection digitale de valeurs mesurées
EP2077530A1 (fr) Procédé et dispositif destinés au traitement de valeurs de mesure; utilisation d'un support de stockage destiné à la sécurisation de composants logiciels signés
DE69636360T2 (de) Auf Transaktionen mit geschlossener Schleife basierendes Rechnungs- und Bezahlungssystem für Postsendungen mit durch Freigabe der Postversandinformation ausgelöster Bezahlung des Beförderers durch eine dritte Partei

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08866592

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08866592

Country of ref document: EP

Kind code of ref document: A1