Method and device for defending against attacks to systems comprising a plug and play function
First Claim
Patent Images
1. A method for recognizing attacks on at least one interface of an automated self-service machine, to which at least one peripheral device of the automated self-service machine is connected, the method comprising:
- monitoring of the interface to detect changes at the interface;
if changes occur, calculating a probability of an unauthorized attack on the interface based on the type of change;
wherein one or more of the following events is taken into consideration in calculating the probability;
a reliability of a serial number of the at least one peripheral device connected to the interface;
a reliability of a maker/product combination for the at least one peripheral device;
a reliability of a device class of the at least one peripheral device;
a reliable number of devices from a device class of the at least one peripheral device;
a time interval between removing a device from and connecting a device to the interface;
a device path or type of connection;
a time of day at which a device is connected to or removed from the interface; and
a mode for the automated self-service machine when a device is connected to or removed from the interface, including a customer operation mode or a service mode;
and wherein if the probability is beyond a defined threshold, defensive measures are introduced.
10 Assignments
0 Petitions
Accused Products
Abstract
Method for recognizing attacks to at least one interface of a computer system, in particular an automated self-service machine, comprising: monitoring the interface in order to determine changes at the interface; if changes occur, the change is used to determine the probability that an unallowed attack is occurring at the interface; if the probability is beyond a defined threshold, defensive maneuvers are introduced.
-
Citations
17 Claims
-
1. A method for recognizing attacks on at least one interface of an automated self-service machine, to which at least one peripheral device of the automated self-service machine is connected, the method comprising:
-
monitoring of the interface to detect changes at the interface; if changes occur, calculating a probability of an unauthorized attack on the interface based on the type of change; wherein one or more of the following events is taken into consideration in calculating the probability; a reliability of a serial number of the at least one peripheral device connected to the interface; a reliability of a maker/product combination for the at least one peripheral device; a reliability of a device class of the at least one peripheral device; a reliable number of devices from a device class of the at least one peripheral device; a time interval between removing a device from and connecting a device to the interface; a device path or type of connection; a time of day at which a device is connected to or removed from the interface; and a mode for the automated self-service machine when a device is connected to or removed from the interface, including a customer operation mode or a service mode; and wherein if the probability is beyond a defined threshold, defensive measures are introduced. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An automated self-service machine having at least one interface, to which at least one peripheral device of the automated self-service machine is connected, comprising an ALU for monitoring the at least one interface to determine changes at the at least one interface;
- in the event that changes occur, the ALU determines a probability of an unauthorized attack on the at least one interface based on the type of change;
wherein the ALU takes into consideration one or more of the following events in calculating the probability;a reliability of a serial number of the at least one peripheral device connected to the interface; a reliability of a maker/product combination of the at least one peripheral device; a reliability of a device class of the at least one peripheral device; a reliable number of devices from a device class of the at least one peripheral device; a device path or type of connection; a time interval between removal of a device from and connection to the interface; a time of day at which a device is connected to or removed from the interface; and a mode for the automated self-service machine when connecting a device to or removing a device from the interface, including a customer operation mode or a service mode; and wherein if the probability is beyond a defined threshold, defensive measures are introduced through the ALU. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- in the event that changes occur, the ALU determines a probability of an unauthorized attack on the at least one interface based on the type of change;
Specification