[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: USPO & Digital Postage/E-Cash Project


I would appreciate any citations you can offer which:
-Describe the proposed system in some detail
-Describe the weaknesses identified by the CMU team.

Also, this group might want to know that CMU has (perhaps independently)
done work in this area over two years ago.  It may well be that the team at
CMU which did the USPO contract research is the same team that proposed
digital postage in a research paper in that time frame, and it may well be
that their system would withstand a much more rigorous attack.  I'm afraid
I've lost the precise citation, but I found the report browsing the CMU
tech reports server about 18 months ago.


At 10:25 PM 02/07/95, Dale Harrison (AEGIS wrote:
>The US Post Office just killed a project that would have created a
>digital postage/e-cash system.  This would have been a digital
>replacement for the Pitney-Bose style Postage Metering machines.  To use
>a PM machine one has to take the entire machine physically to a Postal
>Station and purchase some fixed dollar amount of postage.  The Postal
>clerk unseals and unlocks the machine, dials in the amount of postage
>purchased and then relocks and reseals the machine.
>This mechanical system would have been replaced by a serial-port dongle
>and a piece of software.  The dongle would contain an EEPROM in a
>replacable button (made by Dallas Semiconductor) into which would be
>loaded data indicating the amount of postage that had been purchased and
>not yet used.  The software package would be able to print the address,
>postage seal, routing codes, etc directly on the envelope via a laser
>printer and decrement the amount of available postage left in the
>dongle.  In the original test, customers would have to take the dongle
>to a Postal Station to purchase additional postage, but the ultimate
>goal was to have been to have a commerical dial-up service available
>that one could dial into and purchase additional postage directly.
>A proof-of-concept prototype was developed in VB and a production
>prototype was then developed in VC++.  Unfortunately the crypto wasn't
>very strong.  The USPO contracted with Carnege-Mellon to try and break
>the system and they were able to within a couple of weeks.  USPO then
>killed the project.
>Dale H.