Maintaining secure access to a self-service terminal (SST)

US 10,395,226 B2
Filed: 01/31/2014
Issued: 08/27/2019
Est. Priority Date: 01/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method of maintaining secure access to a Self-Service Terminal (SST), comprising:

detecting, by a SST, a secure device presented thereto, wherein detecting further includes recognizing, by the SST, the secure device connected to the SST through a Universal Serial Bus (USB) port and recognizing the secure device as a USB key dongle that is a portable memory device, and wherein detecting further includes performing a cryptographic authentication on the USB key dongle before granting the USB key dongle access to the SST;

obtaining, by the SST, a list from the secure device relating to additional secure devices that are to be denied access to the SST, deactivated on the SST, and associated with invalid secure devices that are not allowed access to the SST, wherein obtaining the list further includes obtaining from the list, device identifiers associated with the additional secure devices, wherein each device identifier is a device serial number for a particular one of the additional secure devices, and wherein each device identifier in the list includes a modifiable attribute representing an expiration date, and wherein the additional secure devices are additional USB key dongles;

determining, by the SST, whether existing secure device information at the SST that represents invalid secure device identifiers is to be updated with the list having the device serial numbers and the corresponding expiration dates, and updating the existing secure device information at the SST with the list when the list is more recent than the existing secure device information, wherein determining further includes calculating each expiration date when processing the updating for each device identifier based on an issuance date and a time-to-live attribute; and

processing the method, by the SST, without the SST having a network connection.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A memory device is interfaced to a SST; an identifier and, optionally, an invalid identifier list are received from the device. The invalid identifier list is updated to the SST when the invalid identifier list is a more recent version of a SST invalid identifier list. The identifier is invalidated when the identifier is matched in the invalid identifier list or when an expiration date associated with the identifier has expired. When the identifier is invalid, access to administrative features of the SST is denied; and when the identifier is valid access to the administrative features is granted.

Citations

12 Claims

1. A method of maintaining secure access to a Self-Service Terminal (SST), comprising:
- detecting, by a SST, a secure device presented thereto, wherein detecting further includes recognizing, by the SST, the secure device connected to the SST through a Universal Serial Bus (USB) port and recognizing the secure device as a USB key dongle that is a portable memory device, and wherein detecting further includes performing a cryptographic authentication on the USB key dongle before granting the USB key dongle access to the SST;
  
  obtaining, by the SST, a list from the secure device relating to additional secure devices that are to be denied access to the SST, deactivated on the SST, and associated with invalid secure devices that are not allowed access to the SST, wherein obtaining the list further includes obtaining from the list, device identifiers associated with the additional secure devices, wherein each device identifier is a device serial number for a particular one of the additional secure devices, and wherein each device identifier in the list includes a modifiable attribute representing an expiration date, and wherein the additional secure devices are additional USB key dongles;
  
  determining, by the SST, whether existing secure device information at the SST that represents invalid secure device identifiers is to be updated with the list having the device serial numbers and the corresponding expiration dates, and updating the existing secure device information at the SST with the list when the list is more recent than the existing secure device information, wherein determining further includes calculating each expiration date when processing the updating for each device identifier based on an issuance date and a time-to-live attribute; and
  
  processing the method, by the SST, without the SST having a network connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising, checking for matches between a device identifier associated with the secure device and any device identifier in the list of the device identifiers.
  - 3. The method of claim 2, wherein checking further includes denying the secure device access to the SST when a match is made.
  - 4. The method of claim 3 further comprising, updating an expiration date on the secure device when the match is made to indicate that the expiration date has expired for the secure device.
  - 5. The method of claim 2 further comprising, requiring a person presenting the secure device to provide valid credentials when the match is not made.
  - 6. The method of claim 1 further comprising, checking for matches between a device identifier associated with the secure device and any device identifier in the existing secure device information at the SST.
  - 7. The method of claim 1 further comprising, transferring the existing secure device information at the SST to the secure device when the existing secure device information is more current than the list provided from the secure device.
  - 8. The method of claim 1, wherein determining further includes maintaining the existing secure device information at the SST when the existing secure device information is more recent than the list.

9. A Self-Service Terminal (SST), comprising:
- a device port that is a Universal Serial Bus (USB) port; and
  
  a secure device validator module operable to;
  
  (i) detect a secure device interfaced to the device port, wherein the secure device is a USB key dongle that is a portable memory device;
  
  (ii) determine whether the secure device is to be denied access to restricted portions of the SST by checking if an identifier associated with the secure device matches an identifier on an existing list of invalid identifiers and perform a cryptographic authentication on the USB key dongle before granting the USB key dongle access the SST, wherein the identifier is a unique serial number for the USB key dongle and wherein each invalid identifier is a specific unique serial number for a specific USB key dongle, and wherein the identifier and each invalid identifier includes modifiable attributes for expiration dates, wherein the secure device validator module is configured to process while the SST does not have a network connection;
  
  (iii) ascertain if a list of invalid identifiers retrieved from the secure device is more recent than an existing list of invalid secure identifiers stored by the secure device validator module; and
  
  (iv) update the existing list of invalid secure device identifiers with the expiration dates when the list of invalid secure device identifiers retrieved from the secure device is more recent than the existing list of invalid secure device identifiers and deny access to any subsequent secure device that is subsequently interfaced to the SST when the subsequent secure device is associated with one of the updated existing list of invalid secure device identifiers, wherein the secure device validator is further configured in (iv) to;
  
  calculate each expiration date during any update for each invalid secure device identifier based on an issuance date and a time-to-live attribute.
- View Dependent Claims (10, 11, 12)
- - 10. The SST of claim 9, wherein the secure device validator module operable to:
    - (v) update the list of invalid secure device identifiers stored on the secure device with the existing list of invalid secure device identifiers stored on the secure device when the existing list of invalid secure device identifiers is more recent than the list of invalid secure device identifiers retrieved from the secure device.
  - 11. The SST of claim 9, wherein the secure device validator module is further operable to:
    - (v) deny the secure device access to the SST when the identifier associated with the secure device is present in the existing list of invalid secure device identifiers.
  - 12. The SST of claim 9, wherein the secure device validator module is further operable to:
    - (v) update the expiration date of the secure device when the identifier associated with the secure device matches an identifier on the existing list of invalid secure device identifiers or matches an identifier retrieved from secure device list of invalid device identifiers on the secure device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NCR Atleos Corp.
Original Assignee
NCR Corporation (NCR Voyix Corporation)
Inventors
Neilan, Michael James, Horgan, Kevin
Primary Examiner(s)
Zare, Scott A

Application Number

US14/169,845
Publication Number

US 20150220900A1
Time in Patent Office

2,034 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/18   involving self-service term...

G07F 19/209   Monitoring, auditing or dia...

G07F 19/211   Software architecture withi...

Maintaining secure access to a self-service terminal (SST)

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Maintaining secure access to a self-service terminal (SST)

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links