Using Data Signatures on Retail Journal Files
Original Publication Date: 2000-Sep-01
Included in the Prior Art Database: 2003-Jun-20
In retail stores, the traditional business process involves a printer with 2 print stations at the point of sale. One of these stations creates a customer receipt. The second station is for the exclusive use of the retailer. This printed output is referred to as the "summary journal" and is a vital part of the retailer's accounting and loss prevention system. Retailers are increasingly moving toward thermal printers because of higher speed and reduced noise. Many of these newer retail printers, including the IBM 4610, have only one print station used to create the customer receipt. In lieu of the paper summary journal mentioned above, the application running in the terminal creates an electronic version of the summary journal. This commonly referred to as EJ for electronic journal. These EJ files contained the same information as the paper journals but are much easier to work with, store for future reference, and search for accounting or "exception" transactions. Like any other computer file, the EJ file is completely editable using a suitable PC editor. The data is sensitive data and can potentially be used by the retailer to track fraud committed by clerks or store management. The freedom of the data to be edited destroys any level of security the retailing company may have to track and detect fraud. The problem can be addressed by passing the EJ data through a digital signature "engine" uniquely associated with the point of sale terminal. The digital signature engine consists of a processing subsystem with secure key storage. This engine can either be board mounted on the POS system board or on an adapter that must be attached for the POS/EJ application to run. Use of the digital signature engine is not a complete solution however, as someone intent on fraud could create a false EJ record to replace the valid one and pass the false EJ file through the signature engine.