Registers – Systems controlled by data bearing records – Banking systems
Reexamination Certificate
2000-09-27
2001-07-03
Pitts, Harold I. (Department: 2876)
Registers
Systems controlled by data bearing records
Banking systems
C902S012000
Reexamination Certificate
active
06253997
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an automated teller's machine and in particular, relates to the security of the automated teller's machine.
2. Description of the Related Art
An automated teller's machine is installed at a variety of places, such as banks, post offices, convenience stores, stations, airports, etc., and a variety of transactions, such as deposit transactions, payment transactions, transfer transactions, exchange transactions, etc., are conducted according to a user's operation.
FIG. 1
shows an example configuration of a conventional automated teller's machine. The automated teller's machine
100
comprises a user interface unit
101
, a main control unit
102
and a cash input/output unit
103
.
The user interface unit
101
transmits the operation and instruction of a user to the main control unit
102
and provides the user with transaction-related information according to the instruction of the main control unit
102
. The main control unit
102
performs a transaction according to a user's instruction and gives an instruction to the cash input/output unit
103
based on the transaction result. The main control unit
102
transmits/receives information related to the transaction to/from a host
111
, if necessary. The cash input/output unit
103
outputs an amount of cash requested by a user or collects an amount of cash inputted by a user according to the instruction of the main control unit
102
.
The operation of the automated teller's machine
100
is briefly described next. Here, a case where a user-A withdraws 5,000 yen is described as an example.
When withdrawing cash from the automated teller's machine
100
, the user-A first selects “Withdraw cash” for a transaction to be performed. Then, the user-A inserts a cash card, credit card, etc. (hereinafter collectively called a cash card), inputs his or her password and inputs information about an amount of cash to be withdrawn, according to the guidance of the user interface unit
101
.
The main control unit
102
notifies the host
111
of information for identifying the inserted cash card and other pieces of information inputted by the user-A. The host
111
judges whether the user-A is the authorized holder of the inserted cash card and whether the transaction requested by user-A is allowable. Then, the host
111
provides the main control unit
102
of the automated teller's machine
100
with an instruction corresponding to the judgment result.
It is assumed here that the user-A is the authorized holder of the cash card and the deposit balance of the account of the user-A is 5,000 yen or more. In this case, the main control unit
102
instructs the cash input/output unit
103
to “Output 5,000 yen”. On receipt of this instruction, the cash input/output unit
103
outputs 5,000 yen. At this time, the user interface unit
101
issues a receipt relating to this transaction.
When a transaction is performed using an automated teller's machine, as a matter of course, security is a key factor. For this purpose, information transmitted/received between the automated teller's machine
100
and the host
111
is usually encrypted. In particular, if a network
112
is configured using a public network, complex cryptography is needed.
An existing automated teller's machine is usually developed for the exclusive use of each bank. Under these circumstances, the format, etc., of data in each automated teller's machine is not made public. Therefore, even if information used in an automated teller's machine is stolen, it is difficult to understand the contents and it is also difficult to alter the data. For that reason, the existing automated teller's machine was not generally provided with a special function to prevent information used in the machines from being stolen and altered.
However, recently standardization has also been promoted in the field of an automated teller's machine. As one architectural standard of an automated teller's machine, for example, a WOSA (Windows (TM) Open Service Architecture) Extensions for Financial Services “Cash Dispenser Device Class Service Provider Implementation Specification” is known.
In this way, the architecture of an automated teller's machine is standardized and the format, etc., of data used in the machine becomes widely known. Therefore, if information used in the automated teller's machine is stolen, the contents can easily be decoded and the data can also be altered.
For example, if as shown in
FIG. 1
, the user-A instructs “Withdraw 5,000 yen”, the main control unit
102
instructs the cash input/output unit
103
to output 5,000 yen. In this case, the cash input/output unit
103
outputs 5,000 yen according to the instruction, and the host
111
reduces the deposit amount of user-A's account by 5,000 yen. At this time, if the information provided from the main control unit
102
to the cash input/output unit
103
is tapped and the information is altered from “Output 5,000 yen” to “Output 50,000 yen”, the cash input/output unit
103
outputs 50,000 yen instead of 5,000 yen according to the altered information. In this case, the host
111
reduces the deposit amount of user-A's account by only 5,000 yen. As a result, the bank suffers a great loss by the illegal withdrawal.
SUMMARY OF THE INVENTION
An object of the present invention is to improve the security against the tapping and alteration of information used in the automated teller's machine.
The automated teller's machine of the present invention comprises a control unit and a cash output unit, and outputs cash according to a given instruction. The control unit generates control data including information for indicating an amount of cash to be withdrawn according to the given instruction. The output unit stores cash and outputs cash based on the control data generated by the control unit. Mutual authorization is performed between the control unit and output unit.
If in the above-described configuration, at least one of the control unit and the output unit is illegally replaced with another device, the mutual certification fails. The automated teller's machine is, for example, designed in such a way that the subsequent transaction cannot be performed if the above-described mutual authorization fails. Therefore, if at least one of the control unit and the output unit is illegally replaced with another device, the automated teller's machine ceases the subsequent transactions. Accordingly, the security of the automated teller's machine is improved.
Another aspect of the automated teller's machine comprises the above-described control unit and output unit, and the above-described control data are encrypted according to a predetermined algorithm when being transmitted from the control unit to the output unit.
If the control data to be transmitted from the control unit to the output unit are encrypted, the contents cannot be easily analyzes and the data cannot be altered, even if information used in the automated teller's machine is tapped. Accordingly, security can be improved.
The above-described automated teller's machine can also be configured in such a way that a key for the above-described encryption can be modified based on a parameter used inside the apparatus. Generally speaking, in a system where a key for encryption is periodically or non-periodically modified, complex cryptography is implemented. Accordingly, the security of the automated teller's machine can be further improved.
REFERENCES:
patent: 6006989 (1999-12-01), Ademmer et al.
patent: 6-96330 (1994-04-01), None
patent: 6162315 (1994-06-01), None
patent: 11-66200 (1999-03-01), None
Inaoka Mayumi
Onawa Yoshi
Ozaki Yoshiyuki
Armstrong Westerman Hattori McLeland & Naughton LLP
Fujitsu Limited
Pitts Harold I.
LandOfFree
Automated teller's machine and method thereof does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automated teller's machine and method thereof, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automated teller's machine and method thereof will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2478512