Preprint -- final version in Concurrency and Parallelism, Programming, Networking, and Security,

eds. J. Jaffar and R. Yap, Springer, 1996, pp. 378-391

Cryptographic Postage Indicia

J D Tygar Bennet S Yee Nevin Heintze

Carnegie Mel lon Univ UC San Diego Bel l Laboratories

Pittsburgh PA La Jol la CA Murray Hil l NJ

tygarcscmuedu bsycsucsdedu nchbel llabscom

Abstract Metered mail provides substantial opp ortunities for fraud

Indeed losses due to meter fraud in the United States are said to exceed

million annually We apply cryptographic techniques to prevent

several typ es of improp er use of metering indicia

This pap er describ es a mail system that combines otheshelf barco de

technology tamp erpro of devices and cryptography in a fullyintegrated

secure franking system This system provides protection against

Tamp ering with p ostage meters to fraudulently obtain extra p ostage

Forging and copying of p ostal indicia

Unauthorized use of p ostage meters and

Stolen p ostage meters

We provide detailed justication for our design and discuss imp ortant

tradeos involvin g scanning strategies encryption technology and D

barco de technology

The US Postal Service recently announced an Information Based Indicia

Program IBIP which adopts principal design features

of our mo del

Beyond the intrinsic utility of this system it also presents what is likely

to b e the rst large scale use of public key infrastructure and microtrans

action technology

Motivation

TheUSPostal Service handles over billion pieces of mail eachyear through

almost autonomous p ost oce facilities Much of this mail is metered

which means that the mail do es not have an ordinary stamp attached to it

Instead a p ostage meter prints a sp ecial mark called a p ostal indicia on the

mail Fraud is a serious problem for the US Postal Service

This work was supp orted in part by the US Postal Service and was carried out at

Carnegie Mellon University It represents the opinions of the authors and do es not

necessarily represent the view of their employers funding sp onsors the US Postal

Service or the US Government Preliminary rep orts on this work app eared in

Also a preliminary version of this work was presented at SECURICOM in Paris June

Portion of this work and related work app ear in

This pap er addresses mail in the United States but the basic design can b e adapted

to mail in other countries

In the United States there are approximately million p ostage meters in

use which collectively account for approximately billion in p ostal revenue

The US General Accounting Oce recently calculated that meter fraud

cheats the US Postal Service out of substantially more than million

eachyear

There are over p ostage meters in the US that are currently rep orted

as lost or stolen

The US Postal Insp ection Service recently brought criminal charges in sep

arate cases in New York and Boston eachinvolved more than million

dollars in p ostage meter fraud

To address these problems we prop ose a new system for printing p ostage

indicia with cryptographic information This system allows a PC or workstation

with a laser printer and a tamp erpro of device to pro duce unforgeable p ostage

indicia This pap er describ es that design

The design of cryptographic p ostage indicia is an interesting exercise in se

curity engineering The US Postal Services recent Information Based Indicia

Program IBIP adopts the principal design features of our

mo del

Postal Fraud

Todays p ostage meters and indicia are not very secure They are vulnerable to

at least four kinds of fraud

The p ostage meter may b e tamp ered with so that it generates free p ostage

The indicia imprint pro duced by a p ostage meter may b e forged or copied

using a rubb er stamp a color photo copier or a color laser printer

Avalid p ostage meter maybeusedby an unauthorized p erson and

A p ostage meter may b e stolen

Anumb er of these issues can b e addressed by cryptography Thanks to recent

developments in digital barco ding we can now use otheshelf technology to

replace oldfashioned stamps by machine readable indicia These indicia can b e

printed by laser printers or similar devices under the control of a workstation a

PC or a dedicated p ostage device Moreover we can include cryptographically

signed information in the indicia to prove the authenticity of the indicia By

including information such as the mailing date and the zip co de of the sender

and receiver we can also guard against forged or copied indicia Pastor gave

a rough outline of howsuch a system could work

UnfortunatelyPastors system and similar proprietary prop osals are vulner

able to additional typ es of attack

Cryptographic techniques are vulnerable to misuse leading to systems that

can b e successfully attacked by an adversary

Postage meter credit may still b e tamp ered with even if cryptographic tech

niques are used

A p ostage meter may b e op ened and examined by adversaries lo oking for

cryptographic keys thus allowing the adversary to build new b ogus p ostage

meters

Even more problematic Pastors prop osal relies on an implicit assumption

that a master list containing all examined indicia is maintained This would re

quire a large distributed database on a highly available network connecting p ost

oce facilities With nearly p ostal facilities and a yearly volume of

billion pieces of mail suchanintegrated realtime distributed highlyavailable

database would b e unrealistic at present without dramatically increasing the

cost of p ostage

This pap er describ es a complete p ostal franking system addressing these

concerns This system is most suitable for a PC or workstation printing out

cryptographic indicia on a standard laser printer A slightly less secure design

also allows p ostal meters to print out cryptographic indicia Central to our design

is the use of tamp erpro of computing devices such as those in the sp ecied

in the US FIPS standard Using this technologywe can pro duce

secure unforgeable p ostal indicia For further details and qualications see the

discussion in Section

Traditional Indicia

Here we review the structure of traditional indicia and dene necessary prop erties

for cryptographic indicia

Todays p ostage meters are p ortable devices containing a printmechanism

and a p ostage accounting mechanism enclosed in a sealed case Each p ostage me

ter is initialized with a p ostage credit by a p ost oce as each letter is stamp ed

the p ostage value is deducted from the machines credit Meters are p erio dically

returned to the p ost oce so that additional p ostage credit may b e transferred

to them Although p ostage meter cases are not tamp erresistant or tamp er

pro of they are supp osed to b e tamp erevident Meters are sub ject to p erio dic

insp ection by p ostal authorities Unfortunately the tamp erevidentmechanisms

frequently fail Further problems are created by stolen or missing meters which

cannot b e insp ected but may b e in use Finally p ostal employees often fail to

recognize signs of tamp ering

Traditional p ostage meters maintain three imp ortant registers

ascending register The monetary total value of all indicia ever pro duced by

this meter

descending register The remaining credit available in the meter

piececount register The numb er of indicia with nonzero p ostage pro duced

by the meter

When a new indicia is printed by a meter the p ostage value of the new indicia is

added to the ascending register and subtracted from the descending register and

the piececount is incremented by one During normal op eration the ascending

and descending registers sum to a constantvalue When the meter is relled and

additional p ostage credit is transferred to a meter the sum of the ascending and

descending registers increases

Fig Traditional indicia can b e easily forged or repro duced by a laser printer



Figure shows an example of a traditional indicia It contains information

ab out p ostage value date etc On the left side of the indicia are the words

Presorted First Class printed verticallyidentifying the class of the mail Im

mediately to the right is the citystate circle which notes the city Pittsburgh

th

state Pennsylvania and the date February of the indicia Further

to the right and directly underneath the eagle is a meter identication mark

PB METER This indicates that the imprintwas made by a Pitney

Bowes meter serial numb er Finallyinthebox on the righthand end

of the indicia is the p ostage value cents

The basic function of an indicia is to demonstrates to the p ostal carrier that

postage has been paid Tomakecopying more dicult the indicia is printed us

ing sp ecial uorescentinkHowever ink uorescence is rarely checked and in any

case uorescent ink is op enly sold without restriction Moreover rubb er stamps

Zero p ostage indicia are sometimes used for testing



The observant reader undoubtedly notes that the indicia shown in the gure is

smudged For the scoaw attempting to defraud p ostal authorities this is quite

imp ortant a traditional clear sign of meter fraud has b een indicia that are to o crisp and readable

that pro duce b ogus indicia can b e easily sp ecial ordered So little sophistication

and little investment is required to defeat the traditional p ostal indicia security

measures

Cryptographic Indicia

Using cryptographywe can design p ostage indicia that substantially improve

up on the security of traditional p ostage meter indicia In particular wecan

guarantee the following two prop erties a copied indicia are detectable and b

malicious users cannot generate valid new indicia even by mo difying existing

indicia

Weachieve the rst prop ertyby including additional information in indicia

the destination sender and return address of the mail and the datetime of

creation of the indicia Such indicia can b e copied but since the destination

address is included in the indicia the copied indicia is only valid for mail to

the same address As we shall discuss later this check can b e automated The

inclusion of time stamps allows us to set a maximum lifetime for an indicia

Serial numb ers trace the source of the attack to a unique p ostage meter licensee

The second prop ertyisachieved using cryptography Indicia information is

digitally represented cryptographically signed and printedonanenvelop e



as a D barco de Such barco des can b e printed using commo dity laser printers

and they can b e scanned and redigitized at a p ost oce Several D barco de

technologies exist gure shows Lincolns Gettysburg Address enco ded in Sym

bol Technologies PDF barco de PDF can store bytes p er

square inch

Central to the security of cryptographic indicia is checking indicia validity

Section addresses this imp ortant issue

Indicia Design

What typ e of cryptographic signature algorithm should we use Most crypto

ts of time for generating the graphic signature algorithms require dierent amoun

signature and verifying the signature For a cryptographic p ostal indicia system

the b ottleneck is signature verication a typical p ostoce will verify manymore

mail items than a typical mailer will generate This argues that we should use

a signature mechanism with fast verication time The two most widely used

signature mechanisms are RSA and DSA of these RSA is b est suited for

our purp oses b ecause it gives the fastest signature verication times

RSA is a blo ck cipher it signs plaintext in xed length blo cks Given the state

of cryptographytodaywe recommend that use of RSA with byte blo cks

Smaller blo ck sizes will not b e safe for the exp ected lifetime of our system If

indicia include a certicate containing the verication public key see Section



In addition to the D barco de the envelop e will contain humanreadable versions

of some information such as the p ostage value and addresses

Fig PDF barco de representation of The Gettysburg Address

then barco des will contain bytes of data of whichbytes will b e for

mailsp ecic information Dep ending on the amount of errorcorrection required

such D barco des will o ccupy to square inches

For the b est security cryptographic p ostage indicia should contain the fol

lowing items

meter number bytes and typ e bytes This eld identies the

manufacturer mo del numb er individual meter numb er and revision number

for the meters software

p ostage bytes In addition to the D barco de this eld should app ear

in human readable form

datetime bytes In addition to the D barco de this eld should app ear

in human readable form

item count bytes This eld contains a piece count for this particular



meter For privacy reasons this should not b e readable to nonUSPS parties

ascending and descending registers bytes each Again for privacy

reasons this should not b e readable to nonUSPS parties



entry address bytes This is the address from which the mail is

stamp ed and enters the mail system

return address bytes This is the address to which undeliverable mail

should b e returned It mayormay not b e the same as the entry address



If items counts or ascendingdescend in g register values can b e read from the enve

lop e then it is p ossible for an outsider eg business comp etitor to nd out the size

of a mailing list by comparing the item counts from successive mailings



The USPS digit zip address representation uniquely identies all addresses

in the US and ts in bytes

The return address must also b e fully written out in human readable form

destination address bytes The destination address must also b e fully

written out in human readable form

These items use a total of bytes of our byte data eld leaving

bytes available for future advanced services

Up to now wehave discussed systems which incorp orate the destination

address in the indicia Unfortunately this requirement precludes the traditional

standalone mo del of a p ostage meter which axes an indicia without knowing

the destination address To use a standalone system with the ab ove indicia the

op erator would need to scan or manually enter the address information into the

unit

A more convenient but less secure system is also p ossible a standalone me

ter could omit destination address information from the indicia Note that entry

address and return address information are likely to b e xed so that these can

b e reasonably included in an indicia pro duced by a standalone device Without

the destination address information our indicia validitychecking b ecomes more

dicult we discuss this in Section

Sampling Strategies and Fraud Detection

Cryptographic indicia provide no security unless mail is insp ected Maximum

security is obtained if every indicia is scanned and veried However the supp ort

for this in terms of scanning and verication equipment is unlikely to b e in

place in near future The alternativeistocheck only a fraction of the mail

stream

We discuss three insp ection strategies random sample scanning selective

scanning using handheld scanners and universal scanning As the system evolves

we exp ect that each strategy and p erhaps combination of strategies will have

its place It is therefore imp ortant to adopt a system that supp orts all three

Random Sampling

In random sampling some small sample of the mail entering the system is se

lected and scanned As we increased the prop ortion of scanned mail we increase

the chances of detecting fraud but we also increase the cost of scanning An

imp ortant design issue is howtocheck only a fraction of the mail stream and

still provide eective fraud control It is imp ortant that sampling b e suciently

random so that the chance that any particular item is sampled is b ounded ab ove

and b elowby a minimum and maximum value

Each scanned item will b e sub jected to a numberofstaticchecks Some

of these checks indicate denite fraud while others only indicate p ossible fraud

Envelop es that are denitely fraudulent can b e withdrawn from the mail stream

Those that are just suspicious must remain in the system but will b e recorded

for followup fraud investigation for instance the envelop e could b e photo copied

or digitally scanned Wenow outline eachcheck in detail

Validity Is the indicia valid do es it have a correct format and signature

If this check fails then the indicia almost certainly is fraudulent

Meter Number Is the meter on a list of stolen or suspicious meters

The trustworthiness of this test dep ends on the integrity of the list of

stolensuspicious meters

Item Counts Are the sequence count ascending register and descending reg

ister consistent

If this check fails then the indicia is likely to b e fraudulent

Item Count Limits Do the item counts fall within the b ounds sp ecied in



the meters current account information

The trustworthiness of this test dep ends on the integrity and timeliness of

the meter accounting information

Date Is the date recent

This test may o ccasionally fail for legitimate mail b ecause the mail maybe

stamp ed but not p osted immediately or b ecause of p ost oce delays

Entry Address Do the entry address on the indicia and the meters registered

address corresp ond and are they consistent with the actual p ointofentry

of the mail item into the mail stream

US p ostal regulations require that metered mail b e p osted at the p ost oce

where the meter is registered Currently this rule is not strictly enforced

Hence a failure of the entry address check indicates a suspicious mail item

but it do es not indicate denite fraud If compliance with the regulation

b ecomes mandatory then the reliability of this checkwould corresp ondingly

increase

Return Address Do es the return address on the envelop e corresp ond with

that on the indicia

Destination Address Do es the destination address on the envelop e corre

sp ond with that on the indicia If the destination address is omitted from

the indicia this check cannot b e p erformed

In addition to these checks information from sampled mail items that are

stamp ed by the same meter should b e collected and sub jected to some sta

ks To describ e these checks supp ose that one in every items is tistical chec

scanned

Item Counts Dates should increase with item counts The average increment

between items should b e ab out The same item count should not o ccur

twice

AccountCheck If over some interval of time n items with a sp ecic meter

or PC p ostage system numb er are scanned then the account for that meter

should indicate ab out n items

Dep ending on the equipment used some of these checks may b e p erformed

online that is the check is done as the piece of mail is b eing scanned However



A meters account sp ecies the current meter credit and countnumb ers and this

sets upp er and lower b ounds on the sequence count and ascending and descending

registers counts for a particular p erio d

it is likely that most checks will have to b e done oline particularly those that

involve lo oking up a database of previously scanned material From the p oint

of view of catching fraudulent letters it is b etter to p erform checks online if

we nd a suspicious letter we can capture the particular item rather than let it

pass on through the system Note that we only suggest delaying delivery of mail

in those cases where there is clear fraud

Random sample scanning is particularly eective against high volume viola

tors such as most p ostage meter users

Selective Scanning with HandHeld Scanners

This strategy involves selecting some p ortion of the mail stream for validation

based on criteria such as suspicious visual indicators for example the indicia

maylookunusual or tamp ered the return address maybeunusual etc All

of the static checks describ ed ab ove for random sampling are applicable We

presume that handheld scanners will b e p erio dically downloaded with lists of

suspicious meters and revoked certicates see Section Those checks that

cannot b e carried out on the sp ot could b e p erformed later by storing the scanned

indicia in the handheld unit and transmitting them to a central server at the

end of the day

Universal Scanning

Universal scanning means that each mail item is scanned Here wecancheck for

uniqueness of meter numb ers and item countnumb ers We can also check for the

consistency of p ostage used with descending register values The implementation

of such a system faces twochallenges First all envelop es must b e scanned or

recorded in some form

Second universal scanning involves considerable database requiremen ts For

tunately we can takeadvantage of the lo calitycharacteristics of mail Since me



tered mail typically enters the mail stream at a single sorting center we can

set up a lo calized database at all initial sorting centers Most checks can b e

p erformed by lo oking up the lo cal database Some checks will require commu

nication b etween databases when mail enters the mail stream at a dierent

sorting center These are likely to b e rare

Universal scanning will not b e costeective in the next few years However

it may b ecome costeective in the future The system wehave describ ed is

compatible with suchamove All of the checks describ ed for random sampling are

applicable and are in fact more eective in this setting In particular universal

scanning would greatly increase the chances of detecting violators who p ost a

lowvolume of mail



As noted earlier US p ostal regulations require that metered mail b e p osted at the p ost oce where the meter is registered

Fraud Detection

There are two basic kinds of attacks copying of indicia and forging of indicia

For each of these there are two sub cases those involving indicia that include

destination address information and those involving indicia that omit it

The table b elow summarizes our fraud detection metho ds

Copied Indicia Forged Indicia

Immediate detection of changed Immediate

Destination Address Included address information detection

otherwise use statistical metho ds

Immediate detection of changed Immediate

Destination Address Omitted entry or return address detection

otherwise use statistical metho ds

Key Management and Protection

Fundamental protection for our keys will b e provided by a tamp erpro of device

that will b e able to

store and maintain ascending descending and item count registers

keep the devices privatepublic key pair and a certicate signed byan

authoritytypically a manufacturer or the p ostal service attesting to the

devices public key the private key should never b e disclosed outside the

device

prepare bytes including the appropriate message digitally signed by the

devices public key for transformation in D bar co de format and

b e tamp erpro of in the sense that any attempt to p enetrate it will result in

the private key of the device b eing erased

Several appropriate tamp erpro of platforms exist and more are forthcoming

Some of these are very secure satisfying the highest securitylevel sp ecied by

US Federal Information Pro cessing Standard This publication gives

four security levels for cryptographic mo dules The highest levels of securityare

considered nearly unbreakable systems The US National Institute of Standards

and Technology has also recently announced a system for validating and ranking

prop osed physical devices according to the FIPS criteria Some examples

of p ossible technologies include the ABYSS and Citadel systems from

IBM the iPower encryption card by National Semiconductor the Crypta Plus

encryption card byTelequip the CYi chip from Cylink and some

tamp erpro of smart card systems There will b e additional announcements

of tamp erpro of devices with increased pro cessing p ower from ma jor vendors in

the next few months Many of these devices are highly p ortable and exist in

PCMCIA or smart card format We prop ose that users lease a secure device

private ownership of p ostal meters or p ostal equipment is illegal in the US

from an authorized vendor The same typ es of secure devices could b e used for

b oth p ostage meters and computergenerated p ostage

The designer of cryptographic p ostal indicia system must exercise care in

using secure devices Some purp ortedly secure devices have turned out to have

serious aws in them others mayreveal information ab out cryptographic

keys when attacked byclever use of clo ck information or when an adversary

delib erately induces hardware faults

Key generation and maintenance must address two issues First wewant

each device to haveitsown key to reduce the risk exp osure should a key b e

compromised Second it is not practical to maintain more than a small number

of keys in each handheld scanner

These two problems can b e elegantly solved by the use of public key cer

ticates We use vendorsp ecic and devicesp ecic publicprivate key pairs

Sp ecically eachvendor has a publicprivate key pair the public key is revealed

to the p ost oce and the private key is used only bythevendor Eachdevice

has a dierent publicprivate key the public key is revealed to the vendor and

the private key is used to encrypt indicia

The two groups of keys are used as follows A device generates its key pair on

ybythevendor The device initialization typically p erformed in a secure facilit

transfers its public key to the vendor and the vendor generates a simple public

key certicate for the devices key signed using the vendors private key These

certicates are far simpler than X or other prop osed public key certicates

they contain only a license numb er an expiration date and the public key cor

resp onding to the license This certicate is then transferred back to the device

The device includes the certicate along with a vendor identier in any indicia

it generates When an indicia is scanned the p ost oce uses the vendors public

key to check the certicate and obtain the device sp ecic keywhich in turn is

used to verify the signed data in the main part of the indicia

Note that the security of the system from a fraud p oint of view do es not

dep end on keeping the public keys secret these keys could b e published and in

fact the communications b etween tamp erpro of devices and vendors certicate

generators can b e public However if b oth the device sp ecic and vendor sp ecic

public keys are kept secret then we obtain an additional b enet cryptographic

indicia can only b e read by the p ost oce and vendors This could b e used to

satisfy privacy requirements for sensitive information contained in the indicia

Weanticipate a relatively small number of vendors and we b elievethatall

scanning devices will b e able to easily store all vendor public keys Up dated lists

of vendor public keys can b e p erio dically downloaded into each scanning device

Key certicates should b e renewed in conjunction with the legally required

physical insp ection of equipment New key certicates could b e downloaded

through a network or mo dem or the physical device could b e sent backtothe

factory for certicate renewal Since most existing and prop osed tamp erpro of

devices are highly p ortable this is a very practical measure

Although tamp erpro of devices should b e free from attack one must not

exclude the p ossibility that some private key may b ecome compromised byan

adversaryFor this reason a revo cation list should b e maintained of revoked

private keys This list can p erio dically b e downloaded to scanning devices along

with a list of license numb ers of stolen or lost equipment

Future Work

In the coming months the US Postal Service plans to b egin to exp erimentwith

cryptographic indicia through its IBIP program Rep ortedly

several manufactures are rushing into the eld with IBIP compliant pro ducts

This will provide an exciting opp ortunity to see public key cryptography

techniques deployed on a wide scale if successful most p eople in the US will b e

receiving mail with cryptographic indicia in the near future It will arguably b e

the rst widescale test of public key systems and certicates in a commercial

context

One function of the tamp erpro of devices in this system is to act as an elec

tronic wallet It is clear that this typ e of device could have electronic commerce

implications well b eyond p ostal applications This topic is pursued further in

But the exploitation of these devices is not without problems wehave al

ready discussed in Section unexp ected weakness in purp ortedly tamp erpro of

devices

But b eyond these weaknesses the mo del of an electronic wallet do es not

match the standard denition for tamp erpro of and tamp erresistant devices

the FIPS standard We clearly wanttomake improp er manipulation

of electronic wallet register values imp ossible On the other hand these register

values should not b e kept secret on the contrary it is highly desirable and

p erhaps mandatory that the residual funds stored in a tamp erpro of device b e

available to b oth the user and to p ostal authorities

en worse consider the case of a failed device According the FIPS Ev

mo del all memory should b e erased when the system is attacked compromised

or fails in a waythatmay p ermit attack But this conicts with a desire for

p ostal authorities to b e able to determine as much information as p ossible ab out

the device For example in a criminal fraud investigation the susp ects could

easily slightly tamp er with the device erasing all memory and depriving the

investigators of p otentially incriminating evidence

One approach to this problem is to mo dify FIPS But is not so clear

that the standard can b e mo died without creating severe security risks

A dierent approach uses digitally signed backups of the memory state Of

course on no account should security critical values esp ecially private keys b e

released on backup But a criminal has little incentive to makevalid backups

so the evidentiary problem still remains

How can we balance the diering needs of users and the p ostal service Desiderata for tamp erpro of systems in IBIP include

maintenance of security

retention of evidence and audit trails

protection of customer funds and

use of otheshelf comp onents

while retaining a scalable ecient unobtrusive total system We regard the res

olution of these tensions as a critical research issue for the successful deployment of cryptographic p ostal indicia

References

Ross Anderson and Markus Kuhn Tamp er resistance a cautionary note In

Proceedings of The Second USENIX Workshop on Electronic Commerce Oakland

CA Novemb er

Dan Boneh Richard DeMillo and Richard Lipton Cryptanalysis in the presence

of hardware faults Personal communications

Cylink Corp CYi press release February

Louis Claude Guillou Michel Ugon and JeanJacques Quisquater The smart

card A standardized security device dedicated to public cryptologyInGustavus J

Simmons editor Contemporary cryptology The science of information integrity

IEEE Press Piscataway NJ

Stuart Itkin and Josephine Martell A PDF primer A guide to understanding

second generation bar co des and p ortable data les Technical Rep ort Monograph

Symbol Technologies April

PKocher Timing attacks on implementation s of diehellman rsa dss and

other systems In Advances in Cryptology Crypto Proceedings Lecture Notes

in Computer Science SpringerVerlag

Bill McAllister Postage meter fraud estimated at million this year Wash

ington Post Septemb er

National Semiconductor Inc iPower chip technology press release February

National Institute of Science and Technology A prop osed federal information pro

cessing standard for digital signature standard Technical Rep ort Do cket No

echnology RIN AA National Institute of Science and T

U S National Institute of Standards and TechnologyFederal information pro

cessing standards publication Security requirements for cryptographic mo d

ules January

JosePastor CRYPTOPOST A cryptographic applicati on to mail pro cessing

Journal of Cryptology

Theo Pavlidis Jerome Swartz and Ynjiun PWang Fundamentals of bar co de

information theory Computer April

Theo Pavlidis Jerome Swartz and Ynjiun PWang Information enco ding with

twodimensional bar co des Computer June

Judy Rakowsky men accused of p o cketing million in p ostage fraud scheme

Boston GlobeFebruary

R Rivest A Shamir and L Adleman A metho d for obtaining digital signa

tures and publickey cryptosystems Communications of the ACM

February

Telequip Inc Crypta Plus press release January

J D Tygar Atomicity in electronic commerce In Proceedings of the Fifteenth

Annual ACM Symposium on Principles of Distributed Computing pages May

J D Tygar and Bennet S Yee Cryptography Its not just for electronic mail

anymore Technical Rep ort CMUCS Carnegie Mellon Univ ersity March

J D Tygar Bennet S Yee and Nevin Heintze Cryptographic p ostage indicia

Technical Rep ort CMUCS Carnegie Mellon UniversityJanuary

U S Postal Service Information Based Indicia Program IBIP New Technology

Metering Devices May