Maintaining secure access to a self-service terminal (SST)
First Claim
Patent Images
1. A method of maintaining secure access to a Self-Service Terminal (SST), comprising:
- detecting, by a SST, a secure device presented thereto, wherein detecting further includes recognizing, by the SST, the secure device connected to the SST through a Universal Serial Bus (USB) port and recognizing the secure device as a USB key dongle that is a portable memory device, and wherein detecting further includes performing a cryptographic authentication on the USB key dongle before granting the USB key dongle access to the SST;
obtaining, by the SST, a list from the secure device relating to additional secure devices that are to be denied access to the SST, deactivated on the SST, and associated with invalid secure devices that are not allowed access to the SST, wherein obtaining the list further includes obtaining from the list, device identifiers associated with the additional secure devices, wherein each device identifier is a device serial number for a particular one of the additional secure devices, and wherein each device identifier in the list includes a modifiable attribute representing an expiration date, and wherein the additional secure devices are additional USB key dongles;
determining, by the SST, whether existing secure device information at the SST that represents invalid secure device identifiers is to be updated with the list having the device serial numbers and the corresponding expiration dates, and updating the existing secure device information at the SST with the list when the list is more recent than the existing secure device information, wherein determining further includes calculating each expiration date when processing the updating for each device identifier based on an issuance date and a time-to-live attribute; and
processing the method, by the SST, without the SST having a network connection.
8 Assignments
0 Petitions
Accused Products
Abstract
A memory device is interfaced to a SST; an identifier and, optionally, an invalid identifier list are received from the device. The invalid identifier list is updated to the SST when the invalid identifier list is a more recent version of a SST invalid identifier list. The identifier is invalidated when the identifier is matched in the invalid identifier list or when an expiration date associated with the identifier has expired. When the identifier is invalid, access to administrative features of the SST is denied; and when the identifier is valid access to the administrative features is granted.
-
Citations
12 Claims
-
1. A method of maintaining secure access to a Self-Service Terminal (SST), comprising:
-
detecting, by a SST, a secure device presented thereto, wherein detecting further includes recognizing, by the SST, the secure device connected to the SST through a Universal Serial Bus (USB) port and recognizing the secure device as a USB key dongle that is a portable memory device, and wherein detecting further includes performing a cryptographic authentication on the USB key dongle before granting the USB key dongle access to the SST; obtaining, by the SST, a list from the secure device relating to additional secure devices that are to be denied access to the SST, deactivated on the SST, and associated with invalid secure devices that are not allowed access to the SST, wherein obtaining the list further includes obtaining from the list, device identifiers associated with the additional secure devices, wherein each device identifier is a device serial number for a particular one of the additional secure devices, and wherein each device identifier in the list includes a modifiable attribute representing an expiration date, and wherein the additional secure devices are additional USB key dongles; determining, by the SST, whether existing secure device information at the SST that represents invalid secure device identifiers is to be updated with the list having the device serial numbers and the corresponding expiration dates, and updating the existing secure device information at the SST with the list when the list is more recent than the existing secure device information, wherein determining further includes calculating each expiration date when processing the updating for each device identifier based on an issuance date and a time-to-live attribute; and processing the method, by the SST, without the SST having a network connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A Self-Service Terminal (SST), comprising:
-
a device port that is a Universal Serial Bus (USB) port; and a secure device validator module operable to; (i) detect a secure device interfaced to the device port, wherein the secure device is a USB key dongle that is a portable memory device; (ii) determine whether the secure device is to be denied access to restricted portions of the SST by checking if an identifier associated with the secure device matches an identifier on an existing list of invalid identifiers and perform a cryptographic authentication on the USB key dongle before granting the USB key dongle access the SST, wherein the identifier is a unique serial number for the USB key dongle and wherein each invalid identifier is a specific unique serial number for a specific USB key dongle, and wherein the identifier and each invalid identifier includes modifiable attributes for expiration dates, wherein the secure device validator module is configured to process while the SST does not have a network connection; (iii) ascertain if a list of invalid identifiers retrieved from the secure device is more recent than an existing list of invalid secure identifiers stored by the secure device validator module; and (iv) update the existing list of invalid secure device identifiers with the expiration dates when the list of invalid secure device identifiers retrieved from the secure device is more recent than the existing list of invalid secure device identifiers and deny access to any subsequent secure device that is subsequently interfaced to the SST when the subsequent secure device is associated with one of the updated existing list of invalid secure device identifiers, wherein the secure device validator is further configured in (iv) to;
calculate each expiration date during any update for each invalid secure device identifier based on an issuance date and a time-to-live attribute. - View Dependent Claims (10, 11, 12)
-
Specification