Registers – Systems controlled by data bearing records – Banking systems
Reexamination Certificate
2002-04-19
2004-03-16
Le, Thien M. (Department: 2876)
Registers
Systems controlled by data bearing records
Banking systems
C235S380000, C705S064000, C705S071000, C705S072000, C705S075000, C705S076000, C705S035000, C705S042000, C705S043000, C705S044000
Reexamination Certificate
active
06705517
ABSTRACT:
TECHNICAL FIELD
This invention relates to automated banking machines. Specifically this invention relates to an automated banking machine system and method that is capable of configuring an automated banking machine with encryption keys.
BACKGROUND ART
Automated banking machines are well known. A common type of automated banking machine used by consumers is an automated teller machine (“ATM”). ATMs enable customers to carry out banking transactions. Common banking transactions that may be carried out with ATMs include the dispensing of cash, the making of deposits, the transfer of funds between accounts, the payment of bills and account balance inquiries. The types of banking transactions a customer can carry out are determined by capabilities of the particular banking machine and the programming of the institution operating the machine. Other types of automated banking machines may allow customers to charge against accounts or to transfer funds. Other types of automated banking machines may print or dispense items of value such as coupons, tickets, wagering slips, vouchers, checks, food stamps, money orders, scrip or traveler's checks. For purposes of this disclosure an ATM, an automated banking machine, or an automated transaction machine shall encompass any device which carries out transactions including transfers of value.
Many ATMs are configured to require consumers to enter a Personal Identification Number (PIN) with a keypad of the ATM prior to being granted permission to perform transaction functions with the ATM. The PIN is communicated to a host system by the ATM for purposes of authenticating the identity of the consumer. To prevent the PIN from being stolen by an unauthorized party, ATMs are operative to encrypt the PIN prior to sending the PIN to a host system. For many years Single-DES encryption has been used by ATMs to encrypt PINs using an 8 byte Communication (COM) secret key. Unfortunately, as the cost of computer processing power decreases over time, the risk of the encryption being cracked by unauthorized individuals or entities is increasing. Consequently, there exists a need for new and existing ATMs to include support for a more secure encryption protocol.
PIN information may be encrypted using a COM key known to both the ATM and the host system. The COM key may be securely sent to the ATM from the host system by encrypting the COM key with a terminal master key known to both the ATM and the host system. To maintain the secrecy of a terminal master key, when an ATM is being initially configured for operation, the initial terminal master key is often required to be manually installed by a two-person team at the ATM. Each person of the team has knowledge of only a portion of the information necessary to generate the initial terminal master key. To install the terminal master key successfully, each person must input into the ATM his or her known portion of the terminal master key. Once installed, the inputted portions undergo a mathematical procedure that results in a sixteen (16) character key unknown to either person.
In general, financial institutions or other entities which operate ATMs, are responsible for inserting a unique initial terminal master key in their ATMs. Such entities are also responsible for periodically updating the COM key used for PIN encryption. Although the use of two-person teams to install the initial terminal master key increases the security of the system, in general such a protocol increases the maintenance costs per ATM and is generally cumbersome to manage. As a result, existing keys on ATMs are often not updated on a regular basis, which increases their vulnerability to being cracked. Consequently, there exists a need for a new system and method of installing the initial terminal master key which is less costly and less cumbersome to perform. There is a further need for a new system and method of installing a terminal master key on an ATM which is equally or more secure than a two-person team system.
DISCLOSURE OF INVENTION
It is an object of an exemplary form of the present invention to provide an automated banking machine at which a user may conduct transactions.
It is a further object of an exemplary form of the present invention to provide an automated banking machine which is more secure.
It is a further object of an exemplary form of the present invention to provide an automated banking machine which supports more secure encryption protocols.
It is a further object of an exemplary form of the present invention to provide a system and method for securely installing a terminal master key on an automated banking machine.
It is a further object of an exemplary form of the present invention to provide a system and method for securely and remotely installing a terminal master key on an automated banking machine.
It is a further object of an exemplary form of the present invention to provide a system and method for securely and remotely installing a terminal master key on an automated banking machine with the use of only a single operator at the ATM.
Further objects of exemplary forms of the present invention will be made apparent in the following Best Modes for Carrying Out Invention and the appended claims.
The foregoing objects are accomplished in an exemplary embodiment by an automated banking machine that includes output devices such as a display screen, and input devices such as a touch screen and/or a keyboard. The ATM further includes devices such as a cash dispenser mechanism for sheets of currency, a printer mechanism, a card reader/writer, a depository mechanism and other transaction function devices that are used by the machine in carrying out banking transactions. In the exemplary embodiment the ATM includes at least one computer. The computer is in operative connection with the output devices and the input devices, as well as with the cash dispenser mechanism, card reader and other physical transaction function devices in the banking machine. The computer is further operative to communicate with a host system located remotely from the ATM.
In the exemplary embodiment, the computer includes software programs that are executable therein. The software programs of the ATM are operative to cause the computer to output user interface screens through a display device of the ATM. The user interface screens include consumer screens which provide a consumer with information for performing consumer operations such as banking functions with the ATM. The user interface screens further include service screens which provide a person servicing the ATM with information for performing service and maintenance operations with the ATM. In addition the ATM includes software programs operative in the computer for controlling and communicating with hardware devices of the ATM including the transaction function devices.
In an exemplary embodiment, the ATM includes encryption software and/or hardware which is operative to encrypt PIN information with DES keys securely received from the host system. In one exemplary embodiment, the ATM includes a keypad or encrypting pin pad (EPP) input device which is operative to encrypt a consumer entered PIN within a secure module directly at the keypad. The EPPs of exemplary embodiments are further operative to perform either Single-DES or Triple-DES encryption operations for message authentication, local PIN verification and key transport.
In the exemplary embodiment, the EPP and/or other hardware/software in the computer may be operative to establish a secure communication session between the ATM and a host system environment for transferring terminal master keys to the ATM from the host system. In the exemplary embodiment, individual authentication may be required from both the ATM and the host system to establish the secure communication session. Authentication may be achieved in one exemplary embodiment using digital certificates and digital signatures. Both the ATM and the host system each have individual certificates which may be exchanged between the ATM and host system in a point-to-p
Doland Anne
Smith Mark D.
Zajkowski Timothy
Die Old, Incorporated
Jocke Ralph E.
Le Thien M.
Parmelee Christopher L.
Sanders Allyson
LandOfFree
Automated banking machine system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automated banking machine system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automated banking machine system and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3271301