Card activated cash dispensing automated banking machine system and method

US 7,904,713 B1
Filed: 08/18/2008
Issued: 03/08/2011
Est. Priority Date: 04/23/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

a) receiving with an automated banking machine at least one first message from a host banking system, wherein the automated banking machine includes a card reader, a cash dispenser, and an encrypting pin pad (EPP), wherein the EPP includes an original public key of an initial certificate authority (CA) and at least one original public key of the host banking system, wherein the at least one first message includes a new certificate of a new CA, wherein the new certificate of the new CA includes a new public key of the new CA, wherein the new certificate of the new CA is signed by the initial CA, wherein new certificate of the new CA is further signed by the host banking system;

b) validating a digital signature of the initial CA included with the new certificate of the new CA using the original public key of the initial CA;

c) validating a digital signature of the host banking system included with the new certificate of the new CA using the at least one original public key of the host banking system; and

d) storing the new public key of the new CA in the EPP.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cash dispensing automated banking machine that operates in response to data read from user cards includes a cash dispenser, keypad, and a card reader. The card reader is operative to read data bearing records such as user cards that include financial account information. The machine may include an encrypting pin pad (EPP) that is operative to remotely receive an encrypted terminal master key from a host banking system. The machine may authenticate and decrypt the terminal master key prior to accepting the terminal master key using a public key of a certificate authority. The machine may further receive and authenticate a new public for a new certificate authority for use with authenticating further terminal master keys.

50 Citations

View as Search Results

34 Claims

1. A method comprising:
- a) receiving with an automated banking machine at least one first message from a host banking system, wherein the automated banking machine includes a card reader, a cash dispenser, and an encrypting pin pad (EPP), wherein the EPP includes an original public key of an initial certificate authority (CA) and at least one original public key of the host banking system, wherein the at least one first message includes a new certificate of a new CA, wherein the new certificate of the new CA includes a new public key of the new CA, wherein the new certificate of the new CA is signed by the initial CA, wherein new certificate of the new CA is further signed by the host banking system;
  
  b) validating a digital signature of the initial CA included with the new certificate of the new CA using the original public key of the initial CA;
  
  c) validating a digital signature of the host banking system included with the new certificate of the new CA using the at least one original public key of the host banking system; and
  
  d) storing the new public key of the new CA in the EPP.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 31)
- - 2. The method according to claim 1, further comprising:
    - e) sending from the automated banking machine to the host banking system a second message representative of an acknowledgment that the new certificate of the new CA was accepted by the automated banking machine.
  - 3. The method according to claim 2, wherein the at least one first message corresponds to a write command message.
  - 4. The method according to claim 3, wherein the second message corresponds to a solicited status message.
  - 5. The method according to claim 1, wherein the EPP includes at least one original public key and at least one original private key pair stored therein, and further comprising:
    - e) generating with the EPP at least one new public key of the EPP and at least one new private key of the EPP; and
      
      f) sending from the automated banking machine at least one second message to the host banking system, wherein the at least one second message includes at least one certificate request message, wherein the at least one certificate request message includes the at least one new public key of the EPP.
  - 6. The method according to claim 5, wherein prior to step (f) further comprisingg) signing the at least one certificate request message using the at least one new private key of the EPP;
    - h) signing the at least one certificate request message using the at least one original private key of the EPP.
  - 7. The method according to claim 6, wherein in step (g) the at least one certificate request message signed with the at least one new private key of the EPP includes a format that corresponds to the PKCS #10:
    - Certification Request Syntax Standard.
  - 8. The method according to claim 7, wherein in step (h) at least one certificate request message signed with the at least one original private key of the EPP includes a format that corresponds to the PKCS #7:
    - Cryptographic Message Syntax Standard format.
  - 9. The method according to claim 5, further comprising:
    - g) receiving with the automated banking machine at least one third message from the host banking system, wherein the at least one third message includes at least one new certificate for the EPP, wherein the at least one new certificate for the EPP includes the at least one new public key of the EPP, wherein the at least one new certificate is signed by the new CA;
      
      h) validating with the EPP the at least one new certificate for the EPP using the at least one new public key of the new CA; and
      
      i) storing the at least one new certificate for the EPP in the EPP.
  - 10. The method according to claim 9, wherein in step (f) the at least one certificate request message further includes a serial number associated with the EPP;
    - wherein in step (g) the at least one new certificate for the EPP includes a serial number, wherein further comprising;
      
      j) verifying that the serial number of the EPP corresponds to the serial number included in the at least one new certificate for the EPP.
  - 11. The method according to claim 9, further comprising:
    - j) verifying that the at least one new public key of the EPP generated in step (e) corresponds to the new public key included in the at least one new certificate for the EPP.
  - 12. The method according to claim 9, wherein in step (f) the at least one second message corresponds to a solicited status message, wherein in step (g) the at least one third message corresponds to a write command message.
  - 13. The method according to claim 9, further comprising:
    - j) sending from the automated banking machine to the host banking system at least one fourth message representative of an acknowledgment that the new certificate for the EPP was accepted by the automated banking machine.
  - 14. The method according to claim 13, wherein in step (j) the fourth message corresponds to a solicited status message.
  - 15. The method according to claim 9, wherein prior to step (f) further comprising:
    - j) receiving with the automated banking machine at least one fourth message from the host banking system which is representative of a command to perform steps (e) and (f).
  - 16. The method according to claim 15, wherein in step (j) the at least one fourth message corresponds to an operational command message.
  - 17. The method according to claim 9, further comprising:
    - j) sending from the automated banking machine at least one fourth message to the host banking system, wherein the at least one fourth message includes the at least one certificate of the EPP.
  - 18. The method according to claim 17, wherein prior to step (j) further comprising:
    - k) receiving with the automated banking machine at least one fifth message from the host banking system which is representative of a command to perform step (j), wherein (j) is carried out responsive to (k).
  - 19. The method according to claim 18, wherein in step (k) the at least one fifth message corresponds to an operational command message, wherein in step (j) the at least one fourth message corresponds to a solicited status message.
  - 20. The method according to claim 17, wherein in step (j) the at least one fourth message includes the at least one new certificate of the EPP in a format that corresponds to the PKCS #7:
    - Cryptographic Message Syntax Standard.
  - 21. The method according to claim 9, wherein in step (g) the at least one second message includes the at least one new certificate of the EPP in a format that corresponds to the PKCS #7:
    - Cryptographic Message Syntax Standard.
  - 22. The method according to claim 5, wherein prior to step (f) further comprising:
    - g) generating the at least one certificate request message with Base64 encoding.
  - 23. The method according to claim 1, further comprising:
    - f) receiving with the automated banking machine at least one second message from the host banking system, wherein the at least one second message includes at least one new certificate for the host banking system, wherein the at least one new certificate for the host banking system includes at least one new public key of the host banking system, wherein the at least one new certificate of the host banking system is signed by the new CA; and
      
      g) validating with the EPP the at least one new certificate of the host banking system using the public key of the new CA; and
      
      h) storing the at least one new public key of the host banking system in the EPP.
  - 31. The method according to claim 1, further comprising:
    - e) dispensing cash with the cash dispenser.

24. A method comprising:
- a) receiving with an automated banking machine at least one first message from a host banking system, wherein the automated banking machine includes a card reader, a cash dispenser, and an encrypting pin pad (EPP), wherein the EPP includes an original public key of an initial certificate authority (CA) and at least one original public key of the host banking system, wherein the at least one first message includes a new certificate of a new CA, wherein the new certificate of the new CA includes a new public key of the new CA, wherein the new certificate of the new CA is signed by the initial CA, wherein new certificate of the new CA is further signed by the host banking system;
  
  b) validating a digital signature of the initial CA included with the new certificate of the new CA using the original public key of the initial CA;
  
  c) validating a digital signature of the host banking system included with the new certificate of the new CA using the at least one original public key of the host banking system;
  
  d) storing the new public key of the new CA in the EPP;
  
  wherein prior to step (c) further comprising;
  
  e) receiving with the automated banking machine at least one second message from the host banking system, wherein the at least one second message includes the at least one original public key of the host banking system;
  
  f) calculating at least one one-way hash of the at least one original public key of the host banking system;
  
  g) outputting through a display device of the automated banking machine the at least one one-way hash; and
  
  h) receiving at least one first input through the at least one input device of the machine that is representative of a command to accept the at least one original public key of the host banking system.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method according to claim 24, wherein in step e) the at least one original first public key of the host banking system is included in at least one certificate of the host banking system, wherein the at least one certificate of the host banking system is signed by the initial certificate authority, wherein further comprising:
    - i) validating the at least one certificate of the host banking system using the public key of the initial certificate authority (CA).
  - 26. The method according to claim 24, wherein prior to step e) further comprising:
    - i) receiving at least one first input through at least one input device of the automated banking machine from a single operator, wherein the at least one input is representative of a command to initiate the transfer of the at least one original public key of the host banking system to the automated banking machine;
      
      j) sending from the automated banking machine at least one third message to the host banking system, wherein the at least one third message is representative of a request to send the at least one original public key of the host banking system to the automated banking machine.
  - 27. The method according to claim 26, wherein in step (j) the at least one third message corresponds to an unsolicited status message, wherein in step (a) the at least one first message corresponds to a write command message.
  - 28. The method according to claim 26, wherein in step (a) the at least one first message includes the new certificate of the CA in a format that corresponds to the PKCS #7:
    - Cryptographic Message Syntax Standard.
  - 29. The method according to claim 24, further comprising:
    - i) sending from the automated banking machine to the host banking system at least one third message representative of an acknowledgment that the at least one certificate of the host banking system was accepted by the automated banking machine.
  - 30. The method according to claim 29, wherein in step (i) the at least one third message corresponds to a solicited status message.

32. Non-transitory computer readable media bearing computer executable instructions operative to cause at least one computer in an automated banking machine to cause the automated banking machine to carry out a method comprising:
- a) receiving with the automated banking machine at least one first message from a host banking system, wherein the automated banking machine includes a card reader, a cash dispenser, and an encrypting pin pad (EPP), wherein the EPP includes an original public key of an initial certificate authority (CA) and at least one original public key of the host banking system, wherein the at least one first message includes a new certificate of a new CA, wherein the new certificate of the new CA includes a new public key of the new CA, wherein the new certificate of the new CA is signed by the initial CA, wherein new certificate of the new CA is further signed by the host banking system;
  
  b) validating a digital signature of the initial CA included with the new certificate of the new CA using the original public key of the initial CA;
  
  c) validating a digital signature of the host banking system included with the new certificate of the new CA using the at least one original public key of the host banking system; and
  
  d) storing the new public key of the new CA in the EPP.

33. Apparatus comprising:
- a card activated cash dispensing automated banking machine,wherein the automated banking machine includes at least one card reader device operative to read a card provided by a user of the machine,wherein the automated banking machine includes a cash dispenser,wherein the automated banking machine includes an encrypting pin pad (EPP), wherein the EPP includes an original public key of an initial certificate authority (CA) and at least one original public key of a host banking system,wherein the automated banking machine is operative to receive at least one first message from the host banking system, wherein the at least one first message includes a new certificate of a new CA, wherein the new certificate of the new CA includes a new public key of the new CA, wherein the new certificate of the new CA is signed by the initial CA, wherein new certificate of the new CA is further signed by the host banking system, wherein the EPP is operative to validate the digital signature of the initial CA included with the new certificate of the new CA using the original public key of the initial CA, wherein the EPP is operative to validate a digital signature of the host banking system included with the new certificate of the new CA using the at least one original public key of the host banking system, wherein the EPP is operative to store the new public key of the new CA in the EPP.
- View Dependent Claims (34)
- - 34. The apparatus according to claim 33, wherein the at least one first message corresponds to a write command message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Diebold Nixdorf, Incorporated
Original Assignee
Diebold Incorporated (Diebold Nixdorf, Incorporated)
Inventors
Zajkowski, Timothy, Smith, Mark D., Doland, Anne
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Gelagay; Shewaye

Application Number

US12/228,902
Time in Patent Office

932 Days
Field of Search

713/156
US Class Current

713/156
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3672   initialising or reloading t...

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40975   using encryption therefor

G07F 19/20   Automatic teller machines [...

G07F 19/206   Software aspects at ATMs

G07F 7/1008   Active credit-cards provide...

G07F 7/1091   Use of an encrypted form of...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0891   Revocation or update of sec...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Card activated cash dispensing automated banking machine system and method

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Card activated cash dispensing automated banking machine system and method

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links