Automated banking machine system and method

US 7,418,592 B1
Filed: 04/19/2002
Issued: 08/26/2008
Est. Priority Date: 04/23/2001
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

a) generating with an encrypting pin pad (EPP) at least one pair of keys, wherein the at least one pair of keys includes a public key of the EPP and a private key of the EPP, wherein the EPP is configured to be installed in an ATM, wherein the EPP is operative when installed in the Automated Teller Machine (ATM) to encrypt a personal identification number (PIN) inputted through the EPP;

b) storing the public key of the EPP and the private key of the EPP in a memory of the EPP;

c) generating at least one certificate request message with the EPP, wherein the certificate request message includes the public key of the EPP;

d) outputting the certificate request message from the EPP;

e) receiving with the EPP at least one EPP certificate signed by a certificate authority (CA), wherein the EPP certificate includes the public key of the EPP;

f) receiving with the EPP at least one certificate of the CA signed by the CA, wherein the certificate of the CA includes a public key of the CA; and

g) storing the EPP certificate and the public key of the CA in the memory of the EPP.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automated banking machine (12, 200, 302) is provided. The machine may be operative to install a terminal master key (TK) therein in response to at least one input from a single operator. The machine may include an EPP (204) that is operative to remotely receive an encrypted terminal master key from a host system (210, 304). The machine may authenticate and decrypt the terminal master key prior to accepting the terminal master key. The machine may further output through a display device (30) of the machine a one-way hash of at least one public key associated with the host system. The machine may continue with the installation of the terminal master key in response to an operator confirming that the one-way hash of the public key corresponds to a value independently known by the operator to correspond to the host system.

35 Citations

View as Search Results

54 Claims

1. A method comprising:
- a) generating with an encrypting pin pad (EPP) at least one pair of keys, wherein the at least one pair of keys includes a public key of the EPP and a private key of the EPP, wherein the EPP is configured to be installed in an ATM, wherein the EPP is operative when installed in the Automated Teller Machine (ATM) to encrypt a personal identification number (PIN) inputted through the EPP;
  
  b) storing the public key of the EPP and the private key of the EPP in a memory of the EPP;
  
  c) generating at least one certificate request message with the EPP, wherein the certificate request message includes the public key of the EPP;
  
  d) outputting the certificate request message from the EPP;
  
  e) receiving with the EPP at least one EPP certificate signed by a certificate authority (CA), wherein the EPP certificate includes the public key of the EPP;
  
  f) receiving with the EPP at least one certificate of the CA signed by the CA, wherein the certificate of the CA includes a public key of the CA; and
  
  g) storing the EPP certificate and the public key of the CA in the memory of the EPP.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method according to claim 1, further comprising:
    - h) validating the certificate of the CA using the public key of the CA;
      
      i) validating the EPP certificate using the public key of the CA.
  - 3. The method according to claim 1, wherein the step (c) the certificate request message includes a serial number of the EPP, wherein in step (e) the EPP certificate includes a serial number, and further comprising:
    - h) verifying that the serial number of the EPP corresponds to the serial number included in the certificate of the EPP.
  - 4. The method according to claim 1, wherein step (c) includes signing the certificate request message with the private key of the EPP.
  - 5. The method according to claim 1, further comprising:
    - h) installing the EPP in the ATM, wherein the ATM includes a cash dispenser.
  - 6. The method according to claim 5, further comprising:
    - i) dispensing cash with the cash dispenser.
  - 7. The method according to claim 5, further comprising:
    - i) using the private key of the EPP to decipher an encrypted terminal master key received from a host system.
  - 8. The method according to claim 5, further comprising:
    - i) using the private key of the EPP to sign messages sent to a host system.
  - 9. The method according to claim 5, further comprising:
    - i) sending from the ATM a first message to a host system, wherein the first message includes the EPP certificate.
  - 10. The method according to claim 9, wherein prior to step (i) further comprising:
    - j) receiving with the ATM a second message from the host system which is representative of a command to perform step (i).
  - 11. The method according to claim 9, wherein in step (i) the first message includes the EPP certificate in a format that corresponds to the PKCS #7:
    - Cryptographic Message Syntax Standard.
  - 12. The method according to claim 11, and prior to step (i) further comprising:
    - j) transforming the EPP certificate to 7 bit ASCII using Base64 encoding.
  - 13. The method according to claim 5, and further comprising:
    - i) receiving with the ATM a first message from a host system, wherein the first message includes a public key of the host system;
      
      j) calculating a one-way hash of the public key of the host system;
      
      k) outputting through a display device of the ATM the one-way hash; and
      
      l) receiving at least one first input through the at least one input device of the ATM that is representative of a command to accept the public key of the host system.
  - 14. The method according to claim 13, wherein in step (i) the first public key of the host system is included in a certificate of the host systems, wherein the certificate of the host system is signed by the CA, and further comprising:
    - m) validating the certificate of the host system using the public key of the CA.
  - 15. The method according to claim 13, wherein prior to step (i) further comprising:
    - m) receiving at least one first input through at least one input device of the ATM from a single operator;
      
      n) sending from the ATM a second message to the host system responsive to receiving the at least one first input, wherein the second message includes data that is representative of a request to send the public key of the host system to the ATM.
  - 16. The method according to claim 13, further comprising:
    - m) sending from the ATM to the host system a second message representative of an acknowledgement that the certificate of the host system was accepted by the ATM.
  - 17. The method according to claim 13, wherein in step (i) the first message includes the public key of the host in a format that corresponds to the PKCS #7:
    - Cryptographic Message Syntax Standard.

18. A method comprising:
- a) generating with an encrypting pin pad (EPP) at least one pair of keys, wherein the at least one pair of keys includes a public key of the EPP and a private key of the EPP, wherein the EPP is configured to be installed in an ATM, wherein the EPP is operative when installed in the ATM to encrypt a personal identification number (PIN) inputted through the EPP;
  
  b) storing the public key of the EPP and the private key of the EPP in a memory of the EPP;
  
  c) generating at least one certificate request message with the EPP, wherein the certificate request message includes the public key of the EPP;
  
  d) outputting the certificate request message from the EPP;
  
  e) receiving with the EPP at least one EPP certificate signed by a certificate authority (CA), wherein the EPP certificate includes the public key of the EPP;
  
  f) receiving with the EPP at least one certificate of the CA signed by the CA, wherein the certificate of the CA includes a public key of the CA;
  
  g) storing the EPP certificate and the public key of the CA in the memory of the EPP;
  
  h) installing the EPP in the ATM, wherein the ATM includes a cash dispenser;
  
  i) receiving with the ATM a first message from a host system which is representative of a command to send from the ATM a second message to a host system, wherein the second message includes the EPP certificate, wherein the first message corresponds to a operational command message; and
  
  j) responsive to (i) sending from the ATM the second message to the host system, wherein the second message includes the EPP certificate, wherein the second message corresponds to a solicited status messages.

19. A method comprising:
- a) generating with an encrypting pin pad (EPP) at least one pair of keys, wherein the at least one pair of keys includes a public key of the EPP and a private key of the EPP, wherein the EPP is configured to be installed in an ATM, wherein the EPP is operative when installed in the ATM to encrypt a personal identification number (PIN) inputted through the EPP;
  
  b) storing the public key of the EPP and the private key of the EPP in a memory of the EPP;
  
  c) generating at least one certificate request message with the EPP, wherein the certificate request message includes the public key of the EPP;
  
  d) outputting the certificate request message from the EPP;
  
  e) receiving with the EPP at least one EPP certificate signed by a certificate authority (CA), wherein the EPP certificate includes the public key of the EPP;
  
  f) receiving with the EPP at least one certificate of the CA signed by the CA, wherein the certificate of the CA includes a public key of the CA;
  
  g) storing the EPP certificate and the public key of the CA in the memory of the EPP;
  
  h) installing the EPP in the ATM, wherein the ATM includes a cash dispenser;
  
  i) receiving at least one first input through at least one input device of the ATM from a single operator;
  
  j) sending from the ATM a first message to a host system responsive to receiving the at least one first input, wherein the first message includes data that is representative of a request to send a public key of the host system to the ATM wherein the first message corresponds to a unsolicited status message;
  
  k) receiving with the ATM a second message from a host system, wherein the second message includes the public key of the host system, wherein the second message corresponds to a write command message;
  
  l) calculating a one-way hash of the public key of the host system;
  
  m) outputting through a display device of the ATM the one-way hash; and
  
  n) receiving at least one second input through the at least one input device of the ATM that is representative of a command to accept the public key of the host system.

20. A method comprising:
- a) generating with an encrypting pin pad (EPP) at least one pair of keys, wherein the at least one pair of keys includes a public key of the EPP and a private key of the EPP, wherein the EPP is configured to be installed in an ATM, wherein the EPP is operative when installed in the ATM to encrypt a personal identification number (PIN) inputted through the EPP;
  
  b) storing the public key of the EPP and the private key of the EPP in a memory of the EPP;
  
  c) generating at least one certificate request message with the EPP, wherein the certificate request message includes the public key of the EPP;
  
  d) outputting the certificate request message from the EPP;
  
  e) receiving with the EPP at least one EPP certificate signed by a certificate authority (CA), wherein the EPP certificate includes the public key of the EPP;
  
  f) receiving with the EPP at least one certificate of the CA signed by the CA, wherein the certificate of the CA includes a public key of the CA;
  
  g) storing the EPP certificate and the public key of the CA in the memory of the EPP;
  
  h) installing the EPP in the ATM, wherein the ATM includes a cash dispenser;
  
  i) receiving with the ATM a first message from a host system, wherein the first message includes a public key of the host system;
  
  j) calculating a one-way hash of the public key of the host system;
  
  k) outputting through a display device of the ATM the one-way hash;
  
  l) receiving at least one first input through the at least one input device of the ATM that is representative of a command to accept the public key of the host system; and
  
  m) sending from the ATM to the host system a second message representative of an acknowledgement that the certificate of the host system was accepted by the ATM, wherein the second message corresponds to a solicited status message.

21. A method comprising:
- a) generating with an encrypting pin pad (EPP) at least one public key of the EPP and at least one private key of the EPP, wherein the EPP is configured to be installed in an ATM, wherein the EPP is operative when installed in the ATM to encrypt a personal identification number (PIN) input through the EPP;
  
  b) storing the at least one public key of the EPP and the at least one private key of the EPP in a memory of the EPP;
  
  c) generating at least one certificate request message with the EPP, wherein the certificate request message includes the at least one public key of the EPP;
  
  d) outputting the at least one certificate request message from the EPP;
  
  e) receiving with the EPP at least one primary EPP certificate signed by a certificate authority (CA) and at least one secondary EPP certificate signed by the CA, wherein the at least one primary EPP certificate and the at least one secondary EPP certificate includes the at least one public key of the EPP; and
  
  f) receiving with the EPP a primary certificate of the CA signed by the CA and a secondary certificate of the CA signed by the CA, wherein the primary certificate of the CA includes a primary public key of the CA, wherein the secondary certificate of the CA includes a secondary public key of the CA;
  
  g) storing the at least one primary EPP certificate, the at least one secondary EPP certificate, the at least one primary public key of the CA, and the at least one secondary public key of the CA in the memory of the EPP.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 22. The method according to claim 21, further comprising:
    - h) validating the primary certificate of the CA with the primary public key of the CA;
      
      i) validating the secondary certificate of the CA with the secondary public key of the CA;
      
      j) validating the at least one primary EPP certificate with the primary public key of the CA; and
      
      k) validating the at least one secondary EPP certificate with the secondary public key of the CA.
  - 23. The method according to claim 21, wherein in step (c) the at least one certificate request message includes a serial number of the EPP, wherein in step (e) both the at least one primary and the at least one secondary EPP certificate include a serial number, and further comprising:
    - h) verifying that the serial number of the EPP corresponds to the serial numbers included in both of the at least one primary and the at least one secondary EPP certificates.
  - 24. The method according to claim 21, wherein step (c) includes signing the at least one certificate request message with the at least one private key of the EPP.
  - 25. The method according to claim 21, further comprising:
    - h) installing the EPP in the ATM, wherein the ATM includes a cash dispenser.
  - 26. The method according to claim 25, further comprising:
    - i) dispensing cash with the cash dispenser.
  - 27. The method according to claim 25, further comprising:
    - i) using the at least one private key of the EPP to decipher an encrypted terminal master key received from a host system.
  - 28. The method according to claim 25, further comprising:
    - i) using the at least one private key of the EPP to sign messages sent to a host system.
  - 29. The method according to claim 25, further comprising:
    - i) sending from the ATM at least one first message to the host system, wherein the at least one first message includes the at least one primary EPP certificate.
  - 30. The method according to claim 29, wherein prior to step (i) further comprising:
    - j) receiving with the ATM at least one second message from the host system which is representative of a command to perform step (i).
  - 31. The method according to claim 30, further comprising:
    - k) sending from the ATM at least one third message to the host system, wherein the at least one third message includes the at least one secondary EPP certificate.
  - 32. The method according to claim 31, wherein prior to step (k) further comprising:
    - l) receiving with the ATM at least one fourth message from the host system which is representative of a command to perform step (k).
  - 33. The method according to claim 29, further comprising:
    - j) receiving with the ATM at least one second message from the host system, wherein the at least one second message includes at least one primary certificate of the host system, wherein the at least one primary certificate of the host system includes at least one primary public key of the host system, wherein the at least one primary certificate of the host system is signed by the CA; and
      
      k) validating the at least one primary certificate of the host system using the primary public key of the CA received in step (f).
  - 34. The method according to claim 33, and subsequent to step (j) further comprising:
    - l) receiving with the ATM at least one third message from the host system, wherein the at least one third message includes at least one secondary certificate of the host system, wherein the at least one secondary certificate of the host system includes at least one secondary public key of the host system, wherein the at least one secondary certificate of the host system is signed by the CA; and
      
      m) validating the at least one secondary certificate of the host system using the secondary public key of the CA received in step (f).
  - 35. The method according to claim 34, wherein prior to step (l) further comprising:
    - n) using the at least one primary public key of the host system to validate a signature of the host system included with at least one fourth message received with the ATM from the host system.
  - 36. The method according to claim 35, wherein after step (l) further comprising:
    - o) using the at least one secondary public key of the host system to validate a signature of the host system included with at least one fifth message received with the ATM from the host system.
  - 37. The method according to claim 36, wherein after step (l) further comprising:
    - p) sensing from the ATM at least one sixth message to the host system, wherein the at least one sixth message includes the at least one secondary EPP certificate.
  - 38. The method according to claim 25, further comprising:
    - i) receiving with the ATM at least one first message from the host system, wherein the at least one first message includes at least one primary certificate of the host system and at least one secondary certificate of the host system, wherein the at least one primary certificate of the host system includes at least one primary public key of the host system, and the at least one secondary certificate of the host system includes at leas one secondary public key of the host system, wherein the at least one primary and the at least one secondary certificates of the host system are signed by the CA;
      
      j) validating the at least one primary certificate of the host system using the primary public key of the CA received in step (f);
      
      k) validating the at least one secondary certificate of the host system using the secondary public key of the CA received in step (f); and
      
      l) sending from the ATM at least one second message to the host system, wherein the at least one second message includes the at least one primary EPP certificate and the at least one secondary EPP certificate.
  - 39. The method according to claim 38, further comprising:
    - m) receiving with the ATM at least one third message from the host system which is representative of a command to use the public keys associated with the secondary certificates received by the EPP for verification and encipherment processes performed with the EPP.
  - 40. The method according to claim 39, wherein prior to step (m) further comprising:
    - n) using the at least one primary public key of the host system to validate a signature of the host system included with at least one fourth message received with the ATM from the host system.
  - 41. The method according to claim 40, wherein after step (m) further comprising:
    - o) using the at least one secondary public key of the host system to validate a signature of the host system included with at least one fifth message received with the ATM from the host system.

42. A method comprising:
- a) generating with an encrypting pin pad (EPP) a first pair of keys and a second pair of keys, wherein the first pair of keys includes an encipherment public key of the EPP and a decipherment private key of the EPP, wherein the second pair of keys includes a verification public key of the EPP and a signature private key of the EPP, wherein the EPP is configured to be installed in an ATM, wherein the EPP when installed in the ATM is operative to encrypt a personal identification number (PIN) inputted through the EPP;
  
  b) storing the encipherment public key of the EPP, the verification public key of the EPP, the decipherment private key of the EPP and the signature private key of the EPP, in a memory of the EPP;
  
  c) generating at least one first certificate request message with the EPP, wherein the at least one first certificate request message includes the encipherment public key of the EPP;
  
  d) outputting the at least one first certificate request message from the EPP;
  
  e) receiving with the EPP at least one encipherment/decipherment certificate for the EPP signed by a certificate authority (CA), wherein the at least one encipherment/decipherment certificate for the EPP includes the encipherment public key of the EPP;
  
  f) storing the at least one encipherment/decipherment certificate of the EPP in the memory of the EPP;
  
  g) generating at least one second certificate request message with the EPP, wherein the at least one second certificate request message includes the verification public key of the EPP;
  
  h) outputting the at least one second certificate request message from the EPP;
  
  i) receiving with the EPP at least one signature/verification certificate for the EPP signed by the CA, wherein the at least one signature/verification certificate for the EPP includes the verification public key of the EPP; and
  
  j) storing the at least one signature/verification certificate of the EPP in the memory of the EPP;
  
  k) receiving with the EPP at least one certificate of the CA signed by the CA, wherein the at least one certificate of the CA includes a public key of the CA; and
  
  l) storing the public key of the CA in the memory of the EPP.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 43. The method according to claim 42, further comprising:
    - m) validating the at least one certificate of the CA with the public key of the CA;
      
      n) validating the at least one encipherment/decipherment certificate of the EPP with the public key of the CA; and
      
      o) validating the at least one signature/verification certificate of the EPP with the public key of the CA.
  - 44. The method according to claim 42, wherein in steps (c) and (g) the at least one first certificate request message and the at least one second certificate request message includes a serial number of the EPP, wherein in steps (e) and (i) both the at least one encipherment/decipherment certificate of the EPP and the at least one signature/verification certificate of the EPP include a serial number, and further comprising:
    - m) verifying that the serial number of the EPP corresponds to the serial numbers included in the at least one encipherment/decipherment certificate of the EPP and the at least one signature/verification certificate of the EPP.
  - 45. The method according to claim 42, wherein step (c) includes signing the at least one first certificate request message with the at least one decipherment private key of the EPP, wherein step (g) includes signing the at least one second certificate request message with the at least one signature private key of the EPP.
  - 46. The method according to claim 42, further comprising:
    - m) installing the EPP in the ATM, wherein the ATM includes a cash dispenser.
  - 47. The method according to claim 46, further comprising:
    - n) dispensing cash with the cash dispenser.
  - 48. The method according to claim 46, further comprising:
    - n) sending from the ATM at least one first message to a host system, wherein the at least one first message includes the at least one encipherment/decipherment certificate of the EPP; and
      
      o) using the at least one decipherment private key of the EPP to decipher an encrypted terminal master key received in at least one second message by the ATM from the host system.
  - 49. The method according to claim 46, further comprising:
    - n) sending from the ATM at least one first message to a host system, wherein the at least one first message includes the at least one signature/verification certificate of the EPP; and
      
      o) using the at least one signature private key of the EPP to sign at least one second message being sent to the host system from the ATM.
  - 50. The method according to claim 46, further comprising:
    - n) receiving with the ATM at least one first message from the host system, wherein the at least one first message includes at least one encipherment/decipherment certificate of the host system and at least one signature/verification certificate of the host system, wherein the at least one encipherment/decipherment certificate of the host system includes at least one encipherment public key of the host system, wherein the at least one signature/verification certificate of the host system includes at least one verification public key of the host system, wherein the at least one encipherment/decipherment certificate of the host system is signed by the CA, wherein the at least one signature/verification certificate of the host system is signed by the CA; and
      
      o) storing the at least one encipherment public key of the host system and the at least one verification public key of the host system in the memory of the EPP.
  - 51. The method according to claim 50, further comprising:
    - p) validating the at least one encipherment/decipherment certificate of the host system using the public key of the CA; and
      
      q) validating the at least one signature/verification certificate of the host system using the public key of the CA.
  - 52. The method according to claim 50, further comprising:
    - p) using the at least one encipherment public key of the host system to encipher a terminal master key being sent in at least one second message to the host system from the ATM.
  - 53. The method according to claim 50, further comprising:
    - p) using the at least one verification public key of the host system to validate a digital signature of the host system included in at least one second message received from the host system with the ATM.

54. A method comprising:
- a) generating with an encrypting pin pad (EPP) at least one encipherment public key of the EPP, at least one decipherment private key of the EPP, at least one verification public key of the EPP, and at least one signature private key of the EPP, wherein the EPP is configured to be installed in an ATM, wherein the EPP when installed in the ATM is operative to encrypt a personal identification number (PIN) inputted through the EPP;
  
  b) storing the at least one encipherment public key of the EPP, the at least one verification public key of the EPP, the at least one decipherment private key of the EPP and the at least one signature private key of the EPP in a memory of the EPP;
  
  c) generating at least one certificate request message with the EPP, wherein the at least one certificate request message includes the at least one encipherment public key of the EPP and the at least one verification public key of the EPP;
  
  d) outputting the at least one certificate request message from the EPP to a certificate authority (CA);
  
  e) receiving with the EPP a primary encipherment/decipherment certificate for the EPP signed by a certificate authority (CA), a primary signature/verification certificate for the EPP signed by the CA, a secondary encipherment/decipherment certificate for the EPP signed by the CA, a secondary signature/verification certificate for the EPP signed by the CA, wherein the primary and secondary encipherment/decipherment certificates for the EPP include the at least one encipherment public key of the EPP, where the primary and secondary signature/verification certificates for the EPP include the at least one verification public key of the EPP; and
  
  f) storing the primary and the secondly encipherment/decipherment certificates and the primary and the secondary signature/verification certificates of the EPP in the memory of the EPP.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Diebold Nixdorf, Incorporated
Original Assignee
Diebold Incorporated (Diebold Nixdorf, Incorporated)
Inventors
Zajkowski, Timothy, Smith, Mark D., Doland, Anne
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Gelagay; Shewaye

Application Number

US10/126,723
Time in Patent Office

2,321 Days
Field of Search

380/282, 380/277, 713/156, 705/71, 705/72
US Class Current

713/156
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3672   initialising or reloading t...

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40975   using encryption therefor

G07F 19/20   Automatic teller machines [...

G07F 19/206   Software aspects at ATMs

G07F 7/1008   Active credit-cards provide...

G07F 7/1091   Use of an encrypted form of...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0891   Revocation or update of sec...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Automated banking machine system and method

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

Automated banking machine system and method

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links