Registers – Systems controlled by data bearing records – Banking systems
Reexamination Certificate
1999-03-26
2001-03-20
Frech, Karl D. (Department: 2876)
Registers
Systems controlled by data bearing records
Banking systems
C235S380000, C235S382000, C902S014000
Reexamination Certificate
active
06202924
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to authenticating application programs, and is particularly directed to a method of authenticating an application program for use in an unattended system such as at a self-service terminal (SST) or an automated teller machine (ATM).
A typical authentication scheme to authenticate a user in an unattended system having a number of installed application programs relies upon the user having some secret knowledge (such as a personal identification number) to allow the user to gain access to valuable system resources of the unattended system. While this authentication scheme may provide adequate security in an attended system, such an authentication scheme may not provide the level of security desired in an unattended system, such as at a SST or ATM. The level of security desired may not be provided by the known authentication scheme because it is still possible to introduce an altered and/or fraudulent application program into the SST or ATM without subsequent users knowing the application program has been altered and/or is fraudulent.
SUMMARY OF THE INVENTION
In accordance with one aspect of the present invention, a method of authenticating an executable application program installed in an unattended system in response to a transactional request from a user of the unattended system requiring execution of the application program comprises the steps of accepting the transactional request from the user of the unattended system, obtaining a signature associated with the application program, comparing the signature with a number of signatures stored in a look-up table to determine if the signature matches one of the signatures stored in the look-up table, and authenticating the application program only when a match occurs.
In accordance with another aspect of the present invention, an unattended system comprises a memory unit for storing an executable application program and a processing unit for executing the application program stored in the memory unit. A user interface provided for accepting a transactional request from a user of the unattended system that the application program stored in the memory unit be executed by the processing unit. A register unit is provided for storing a number of signatures associated with a number of executable application programs. The processing unit includes (i) means for obtaining a signature associated with the application program, (ii) means for comparing the signature associated with the application program with the signatures stored in the register unit, and (iii) means for authenticating the application program only when the signature associated with application program matches at least one of the signatures stored in the register unit.
Preferably, the user interface comprises a front panel of an automated teller machine (ATM). The front panel of the ATM includes (i) a card reader having a card slot through which a user identifying card of an ATM customer can be received and (ii) a key pad for inputting data after the user identifying card has been inserted into the card slot, read by the card reader, and verified by the processing unit. The memory unit and the register unit comprise separate storage media.
REFERENCES:
patent: 4471216 (1984-09-01), Herve
patent: 4544833 (1985-10-01), Ugon
patent: 4575621 (1986-03-01), Dreifus
patent: 4590365 (1986-05-01), Okada
patent: 4623782 (1986-11-01), Faber
patent: 4709137 (1987-11-01), Yoshida
patent: 5191608 (1993-03-01), Geronimi
patent: 5341290 (1994-08-01), Lu
patent: 5442645 (1995-08-01), Ugon et al.
patent: 5619558 (1997-04-01), Jhetta
patent: 5648648 (1997-07-01), Chou et al.
patent: 5917421 (1999-06-01), Saunders
patent: 0644511 (1995-03-01), None
George I. Davida et al., “Defending Systems Against Viruses Through Cryptographic Authentication”, Proceedings of the Symposium on Security and Privacy, US, Washington, IEEE Comp. Soc. Press, vol. -, pp. 312-318.
Chan Michael
Cyr Daniel St.
Frech Karl D.
NCR Corporation
LandOfFree
Method of authenticating an application program and a system... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of authenticating an application program and a system..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of authenticating an application program and a system... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2516938