Automated banking machine system and method
First Claim
1. A method comprising:
- a) receiving with a host system from an automated banking machine including a cash dispenser, a first public key of the automated banking machine, wherein a first certificate of the automated banking machine includes the first public key of the automated banking machine, wherein the first certificate of the automated banking machine is signed by a certificate authority (CA);
b) validating with the host system the first certificate of the automated banking machine using a public key of the CA;
c) receiving with the host system at least one first message from the automated banking machine, wherein the at least one first message includes data representative of a request to transfer a terminal master key to the automated banking machine;
d) generating a terminal master key with the host system including generating with the host system first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes the terminal master key;
e) sending from the host system at least one second message to the automated banking machine, wherein the at least one second message includes the first encrypted data;
f) receiving with the host system at least one third message from the automated banking machine, wherein the third message includes data representative of an acknowledgment that the terminal master key included in the first encrypted data has been accepted by the automated banking machine, wherein the at least one third message includes a digital signature of the automated banking machine;
g) validating with the host system the digital signature included in the at least one third message using a second public key of the automated banking machine.
20 Assignments
0 Petitions
Accused Products
Abstract
An automated banking machine (12, 200, 302) is provided. The machine may be operative to install a terminal master key (TK) therein in response to at least one input from a single operator. The machine may include an EPP (204) that is operative to remotely receive an encrypted terminal master key from a host system (210, 304). The machine may authenticate and decrypt the terminal master key prior to accepting the terminal master key. The machine may further output through a display device (30) of the machine a one-way hash of at least one public key associated with the host system. The machine may continue with the installation of the terminal master key in response to an operator confirming that the one-way hash of the public key corresponds to a value independently known by the operator to correspond to the host system.
36 Citations
39 Claims
-
1. A method comprising:
-
a) receiving with a host system from an automated banking machine including a cash dispenser, a first public key of the automated banking machine, wherein a first certificate of the automated banking machine includes the first public key of the automated banking machine, wherein the first certificate of the automated banking machine is signed by a certificate authority (CA); b) validating with the host system the first certificate of the automated banking machine using a public key of the CA; c) receiving with the host system at least one first message from the automated banking machine, wherein the at least one first message includes data representative of a request to transfer a terminal master key to the automated banking machine; d) generating a terminal master key with the host system including generating with the host system first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes the terminal master key; e) sending from the host system at least one second message to the automated banking machine, wherein the at least one second message includes the first encrypted data; f) receiving with the host system at least one third message from the automated banking machine, wherein the third message includes data representative of an acknowledgment that the terminal master key included in the first encrypted data has been accepted by the automated banking machine, wherein the at least one third message includes a digital signature of the automated banking machine; g) validating with the host system the digital signature included in the at least one third message using a second public key of the automated banking machine.
-
-
2. A method comprising:
-
a) receiving with a host system from an automated banking machine including a cash dispenser, a first public key of the automated banking machine, wherein a first certificate of the automated banking machine includes the first public key of the automated banking machine, wherein the first certificate of the automated banking machine is signed by a certificate authority (CA); b) validating with the host system the first certificate of the automated banking machine using a public key of the CA; c) receiving with the host system at least one first message from the automated banking machine, wherein the at least one first message includes data representative of a request to transfer a terminal master key to the automated banking machine; d) generating a terminal master key with the host system including generating first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes the terminal master key; e) generating a random number through operation of the host system; f) sending from the host system at least one second message to the automated banking machine, wherein the at least one second message includes the first encrypted data and the random number generated in (e) through operation of the host system; g) receiving with the host system at least one third message from the automated banking machine, wherein the third message includes data representative of an acknowledgment that the terminal master key included in the first encrypted data has been accepted by the automated banking machine, wherein the at least one third message includes a first number, h) verifying through operation of the host system that the random number generated through operation of the host system in (e) corresponds to the first number.
-
-
3. A method comprising:
-
a) receiving with a host system from an automated banking machine including a cash dispenser, a first public key of the automated banking machine, wherein a first certificate of the automated banking machine includes the first public key of the automated banking machine, wherein the first certificate of the automated banking machine is signed by a certificate authority (CA); b) validating with the host system the first certificate of the automated banking machine using a public key of the CA; c) receiving with the host system at least one first message from the automated banking machine, wherein the at least one first message includes data representative of a request to transfer a terminal master key to the automated banking machine, wherein the at least one first message corresponds to a Diebold 91X Unsolicited Status Message; d) generating a terminal master key with the host system including generating first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes the terminal master key; e) sending from the host system at least one second message to the automated banking machine, wherein the at least one second message includes the first encrypted data, wherein the at least one second message corresponds to a Diebold 91X Write Command Message; f) receiving with the host system at least one third message from the automated banking machine, wherein the third message includes data that is representative of an acknowledgment that the terminal master key included in the first encrypted data has been accepted by the automated banking machine, wherein the at least one third message corresponds to a Diebold 91X Solicited Status Message.
-
-
4. A method comprising:
-
a) sending with a host system at least one first message to an automated banking machine including a cash dispenser, wherein the at least one first message includes data representative of a request to send a first certificate of the automated banking machine to the host system; b) receiving with the host system the first certificate of the automated banking machine from the automated banking machine, wherein the first certificate of the automated banking machine includes a first public key of the automated banking machine, wherein the first certificate of the automated banking machine is signed by a certificate authority (CA); c) through operation of the host system, validating the certificate of the automated banking machine using a public key of the CA; d) receiving with the host system at least one second message from the automated banking machine, wherein the at least one second message includes data representative of a request to transfer a terminal master key to the automated banking machine; e) generating a terminal master key with the host system including generating first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes the terminal master key; f) sending from the host system at least one third message to the automated banking machine, wherein the at least one third message includes the first encrypted data.
-
-
5. A method comprising:
-
a) sending from a host system to an automated banking machine that includes a cash dispenser, at least one first message, wherein the at least one first message includes data representative of a command operative to cause the automated banking machine to send at least one second message to the host system, wherein the at least one first message corresponds to a Diebold 91X Operational Command Message; b) receiving with the host system the at least one second message from the automated banking machine, wherein the at least one second message includes data representative of a request to transfer a terminal master key to the automated banking machine, wherein the at least one second message corresponds to a Diebold 91X Solicited Status Message; c) generating a terminal master key through operation of the host system, including generating first encrypted data using a first public key of the automated banking machine, wherein the first encrypted data includes the terminal master key; d) sending from the host system at least one third message to the automated banking machine, wherein the at least one third message includes the first encrypted data, wherein the at least one third message corresponds to a Diebold 91X Write Command Message.
-
-
6. A method comprising:
-
a) receiving with a host system from an automated banking machine that includes a cash dispenser, at least one first message, wherein the at least one first message includes data representative of a request to transfer a terminal master key to the automated banking machine; b) generating a terminal master key through operation of the host system, including generating first encrypted data using a first public key of the automated banking machine, wherein the first encrypted data includes the terminal master key; c) sending from the host system at least one second message to the automated banking machine, wherein the at least one second message includes the first encrypted data; d) generating a communication key through operation of the host computer, including generating second encrypted data using the terminal master key, wherein the second encrypted data includes the communication key; and e) sending from the host system at least one third message to the automated banking machine, wherein the at least one third message includes the second encrypted data.
-
-
7. A method comprising:
-
a) receiving with a host system from an automated banking machine that includes a cash dispenser, at least one first message, wherein the at least one first message includes data representative of a request to transfer a terminal master key to the automated banking machine, wherein the host system includes a primary public key of a certificate authority (CA), a secondary public key of the CA, at least one primary certificate of the host system signed by the CA, at least one secondary certificate of the host system signed by the CA, and a primary certificate of the automated banking machine signed by the CA, wherein the primary public key of the CA is used to validate the primary certificate of the host system and the at least one primary certificate of the automated banking machine, wherein the secondary public key of the CA is used to validate the at least one secondary certificate of the host system; b) sending from the host system, at least one second message to the automated banking machine, wherein the at least one second message includes the at least one secondary certificate of the host system; c) receiving with the host system, at least one third message from the automated banking machine, wherein the at least one third message includes a secondary certificate of the automated banking machine; d) validating through operation of the host system the secondary certificate of the automated banking machine using the secondary public key of the CA; e) generating a terminal master key through operation of the host system including generating first encrypted data using a first public key of the automated banking machine, wherein the first encrypted data includes the terminal master key; and f) sending from the host system at least one fourth message to the automated banking machine, wherein the at least one fourth message includes the first encrypted data.
-
-
8. A method comprising:
-
a) receiving with a host system, at least one first message from an automated banking machine that includes a cash dispenser, wherein the at least one first message includes at least one original certificate of the automated banking machine signed by an initial certificate authority (CA), wherein the at least one original certificate of the automated banking machine includes an original public key of the automated banking machine; b) validating the at least one original certificate of the automated banking machine using a public key of the initial CA through operation of the host system; c) receiving with the host system a new certificate of a new CA that is signed by the initial CA, wherein the new certificate of the new CA includes a public key of the new CA; d) through operation of the host system, signing the new certificate of the new CA with a private key of the host system to produce a digital signature of the host system; e) sending from the host system, at least one second message to the automated banking machine, wherein the at least one second message includes the new certificate of the new CA and the digital signature of the host system; f) receiving with the host system, at least one third message from the automated banking machine, wherein the at least one third message includes at least one certificate request message;
wherein the at least one certificate request message includes a first public key of the automated banking machine, a first digital signature of the automated banking machine, and a second digital signature of the automated banking machine;g) through operation of the host system, validating the first digital signature of the automated banking machine using the first public key of the automated banking machine; h) through operation of the host system, validating the second digital signature of the automated banking machine using the original public key of the automated banking machine; i) providing to the host system a new certificate issued by the new CA for the automated banking machine, wherein the new certificate for the automated banking machine includes the first public key of the automated banking machine; j) sending from the host system, at least one fourth message to the automated banking machine, wherein the at least one fourth message includes the new certificate for the automated banking machine; k) subsequent to (j), receiving with the host system at least one fifth message from an automated banking machine, wherein the at least one fifth message includes data representative of a request to transfer a terminal master key to the automated banking machine; l) generating a terminal master key through operation of the host system including generating first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes the terminal master key; and m) sending from the host system at least one sixth message to the automated banking machine, wherein the at least one sixth message includes the first encrypted data.
-
-
9. A method comprising:
-
a) receiving with a host system from an automated banking machine that includes a cash dispenser, data corresponding to at least one certificate of the automated banking machine, wherein the at least one certificate of the automated banking machine is signed by a certificate authority (CA) and includes a first public key of the automated banking machine; b) validating the at least one certificate of the automated banking machine using a public key of the CA; c) receiving with the host system, data representative of a request to transfer a terminal master key to the automated banking machine; d) generating a terminal master key; e) generating first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes data corresponding to the terminal master key; f) sending data corresponding to the first encrypted data from the host system to the automated banking machine; g) receiving with the host system at least one message from the automated banking machine, wherein the at least one message includes data representative of an acknowledgment that the terminal master key has been accepted by the automated banking machine, wherein the at least one message includes data corresponding to a digital signature of the automated banking machine; and h) validating the digital signature corresponding to data included in the at least one message using a second public key of the automated banking machine. - View Dependent Claims (10, 11)
-
-
12. A method comprising:
-
a) receiving with a host system from an automated banking machine that includes a cash dispenser, data corresponding to at least one certificate of the automated banking machine, wherein the at least one certificate of the automated banking machine is signed by a certificate authority (CA) and includes data corresponding to a first public key of the automated banking machine; b) validating the at least one certificate of the automated banking machine using a public key of the CA; c) receiving with the host system at least one first message, wherein the at least one first message includes data representative of a request to transfer a terminal master key to the automated banking machine; d) generating a terminal master key; e) generating a random number through operation of the host system; f) generating first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes data corresponding to the terminal master key; g) sending from the host system at least one second message to the automated banking machine, wherein the at least one second message includes data corresponding to the first encrypted data and the random number generated through operation of the host system; h) receiving with the host system at least one third message from the automated banking machine, wherein the at least one third message includes data corresponding to a first number and data that is representative of an acknowledgment that the terminal master key has been accepted by the automated banking machine; and i) verifying that the random number generated through operation of the host system and the first number have a corresponding relationship. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
a) receiving with a host system from an automated banking machine that includes a cash dispenser, data corresponding to at least one certificate of the automated banking machine, wherein the at least one certificate of the automated banking machine is signed by a certificate authority (CA) and includes data corresponding to a first public key of the automated banking machine; b) validating the at least one certificate of the automated banking machine using a public key of the CA; c) receiving with the host system at least one first message from the automated banking machine, wherein the at least one first message includes data representative of a request to transfer a terminal master key to the automated banking machine, wherein the at least one first message corresponds to a Diebold 91X Unsolicited Status Message; d) generating a terminal master key; e) generating first encrypted data using a first public key of the automated banking machine, wherein the first encrypted data includes data corresponding to the terminal master key; f) sending from the host system at least one second message to the automated banking machine, wherein the at least one second message includes data corresponding to the first encrypted data, wherein the at least one second message corresponds to a Diebold 91X Write Command Message; and g) receiving with the host system at least one third message from the automated banking machine, wherein the at least one third message includes data that is representative of an acknowledgment that the terminal master key has been accepted by the automated banking machine, wherein the at least one third message corresponds to a Diebold 91X Solicited Status Message.
-
-
22. A method comprising:
-
a) receiving with a host system at least one first message, wherein the at least one first message includes data representative of a request to transfer a terminal master key to the automated banking machine, wherein the automated banking machine includes a cash dispenser; b) sending at least one second message to the automated banking machine, wherein the at least one second message includes data representative of a request to send a first certificate of the automated banking machine to the host system; c) receiving with the host system from the automated banking machine, data corresponding to the first certificate of the automated banking machine, wherein the first certificate of the automated banking machine is signed by a certificate authority (CA) and includes data corresponding to a first public key of the automated banking machine; d) validating the first certificate of the automated banking machine using a public key of the CA; e) generating a terminal master key; f) generating first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes data corresponding to the terminal master key; and g) sending from the host system at least one second message to the automated banking machine, wherein the at least one second message includes data corresponding to the first encrypted data. - View Dependent Claims (23)
-
-
24. A method comprising:
-
a) receiving with a host system at least one first message, wherein the at least one first message includes data representative of a request to transfer a terminal master key to an automated banking machine, wherein the automated banking machine includes a cash dispenser; b) generating a terminal master key; c) generating first encrypted data using a first public key of the automated banking machine, wherein the first encrypted data includes data corresponding to the terminal master key; d) sending from the host system at least one second message to the automated banking machine, wherein the at least one second message includes data corresponding to the first encrypted data; e) generating a communication key; f) generating second encrypted data using the terminal master key, wherein the second encrypted data includes data corresponding to the communication key; and g) sending from the host system at least one third message to the automated banking machine, wherein the at least one third message includes data corresponding to the second encrypted data. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A method in which a host system includes a primary public key of a certificate authority (CA), a secondary public key of the CA, at least one primary certificate of the host system signed by the CA, at least one secondary certificate of the host system signed by the CA, and a primary certificate of an automated banking machine signed by the CA, wherein the primary public key of the CA is used to validate the primary certificate of the host system, and the primary certificate of the automated banking machine, wherein the secondary public key of the CA is used to validate the secondary certificate of the host system, wherein the automated banking machine includes a cash dispenser, the method comprising:
-
a) sending from the host system, at least first message to the automated banking machine, wherein the at least one first message includes data corresponding to the secondary certificate of the host system; b) receiving with the host system, at least one second message from the automated banking machine, wherein the at least one second message includes data corresponding to a secondary certificate of the automated banking machine, wherein the secondary certificate of the automated banking machine includes data corresponding to a public key of the automated banking machine; and c) validating the secondary certificate of the automated banking machine using the secondary public key of the CA; d) receiving with a host system at least one third message, wherein the at least one third message includes data representative of a request to transfer a terminal master key to the automated banking machine; e) generating a terminal master key; f) generating first encrypted data using the public key of the automated banking machine, wherein the first encrypted data includes data corresponding to the terminal master key; and g) sending from the host system at least one fourth message to the automated banking machine, wherein the at least one fourth message includes data corresponding to the first encrypted data.
-
-
30. A method comprising:
-
a) receiving with a host system, at least one first message from an automated banking machine that includes a cash dispenser, wherein the at least one first message includes data corresponding to at least one original certificate of the automated banking machine signed by an initial certificate authority (CA), wherein the at least one original certificate of the automated banking machine includes data corresponding to an original public key of the automated banking machine; and b) validating the original certificate of the automated banking machine using a public key of the initial CA; c) receiving a new certificate of a new CA that is signed by the initial CA, wherein the new certificate of the new CA includes a public key of the new CA; d) signing the new certificate of the new CA using a private key of the host system to produce data corresponding to a digital signature of the host system; e) sending from the host system, at least one second message to the automated banking machine, wherein the at least one second message includes data corresponding to the new certificate of the new CA signed in (d) and the digital signature of the host system produced in (d); f) receiving with the host system, at least one third message from the automated banking machine, wherein the at least one third message corresponds to at least one certificate request message, wherein the at least one certificate request message includes data corresponding to a first public key of the automated banking machine, a first digital signature of the automated banking machine, and a second digital signature of the automated banking machine; g) validating the first digital signature of the automated banking machine using the first public key of the automated banking machine; h) validating the second digital signature of the automated banking machine using the original public key of the automated banking machine; i) causing the new certificate authority to issue a new certificate for the automated banking machine, wherein the new certificate for the automated banking machine includes data corresponding to the first public key of the automated banking machine; j) sending from the host system, at least one fourth message to the automated banking machine, wherein the at least one fourth message includes data corresponding to the new certificate for the automated banking machine caused to be issued in (i); k) receiving with a host system at least one fifth message, wherein the at least one fifth message includes data representative of a request to transfer a terminal master key to the automated banking machine; l) generating a terminal master key; m) generating first encrypted data using the first public key of the automated banking machine, wherein the first encrypted data includes data corresponding to the terminal master key; and n) sending from the host system at least one sixth message to the automated banking machine, wherein the at least one sixth message includes data corresponding to the first encrypted data. - View Dependent Claims (31, 32, 33, 34, 35)
-
-
36. A method comprising:
-
a) receiving with a host system from an automated banking machine including a cash dispenser, data corresponding to a public key associated with the automated banking machine; b) sending from the host system to the automated banking machine data corresponding to a public key associated with the host system; c) through operation of the host system, causing first encrypted data to be generated using the public key associated with the automated banking machine, wherein the first encrypted data includes data corresponding to at least one first key; d) sending from the host system to the automated banking machine, at least one message including data corresponding to the first encrypted data; e) sending from the host system to the automated banking machine, at least one message including data corresponding to second encrypted data encrypted using the at least one first key, wherein the second encrypted data includes data corresponding to a second key; f) receiving with the host system from the automated banking machine at least one message including data corresponding to third encrypted data encrypted using the second key; g) through operation of the host system, determining that a banking transaction is authorized using data corresponding to the third encrypted data received in (f); h) responsive to (g) sending from the host system to the automated banking machine, a message including data indicating that the banking transaction is authorized to be performed. - View Dependent Claims (37, 38, 39)
-
Specification