EP2821976B1 - Method and device for recording events in self-service machines - Google Patents

Method and device for recording events in self-service machines Download PDF

Info

Publication number
EP2821976B1
EP2821976B1 EP13174518.4A EP13174518A EP2821976B1 EP 2821976 B1 EP2821976 B1 EP 2821976B1 EP 13174518 A EP13174518 A EP 13174518A EP 2821976 B1 EP2821976 B1 EP 2821976B1
Authority
EP
European Patent Office
Prior art keywords
control unit
teller machine
automatic teller
monitoring
safe
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP13174518.4A
Other languages
German (de)
French (fr)
Other versions
EP2821976A1 (en
Inventor
Alexander Drichel
Steffen Priesterjahn
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wincor Nixdorf International GmbH
Original Assignee
Wincor Nixdorf International GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wincor Nixdorf International GmbH filed Critical Wincor Nixdorf International GmbH
Priority to EP13174518.4A priority Critical patent/EP2821976B1/en
Publication of EP2821976A1 publication Critical patent/EP2821976A1/en
Application granted granted Critical
Publication of EP2821976B1 publication Critical patent/EP2821976B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/207Surveillance aspects at ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/205Housing aspects of ATMs
    • G07F19/2055Anti-skimming aspects at ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/209Monitoring, auditing or diagnose of functioning of ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/02Devices for alarm or indication, e.g. when empty; Advertising arrangements in coin-freed apparatus
    • G07F9/026Devices for alarm or indication, e.g. when empty; Advertising arrangements in coin-freed apparatus for alarm, monitoring and auditing in vending machines or means for indication, e.g. when empty

Definitions

  • the invention relates to a method and a device for recording events in ATMs.
  • Self-service (SB) machines often have a number of components that have to be connected to one another. As a rule, these machines have a standardized PC platform that meets special security requirements. On this PC platform (motherboard), e.g. Via USB interfaces (Universal Serial Bus) keyboards, payment units (banknote separation module), card readers, monitors, and other devices connected. It should also be noted that cash cassettes that are to be authenticated are inserted into ATMs (ATM) or that the ATM has to authenticate itself to the cassette so that it activates its functionality. Furthermore, these machines include the option of connecting to another computer so that, for example, a maintenance engineer can connect to the self-service machine with his laptop.
  • ATM ATMs
  • USB or other serial (V24) connections are used to interconnect the devices.
  • an ATM security-relevant component in a self-service machine
  • a security-relevant component in a self-service machine
  • Such a component could be a hardware module such as a cash cassette, but also a software component such as a firmware update or peripheral devices as described above.
  • PC the ATM
  • the US 2002/000913 A1 discloses a central monitoring unit equipped with a battery and driving a camera and a microphone facing outwards to record the surroundings of the machine.
  • the object of the present invention is to provide a system which carries out further monitoring independently of the operation of the ATM (Automatic Teller Machine), an external power supply not being necessary in order to log what is currently being done.
  • the log of the system can provide further information on the perpetrators or their procedure, making it easier to prove. In this way, the system can not only log the state of the system, but also record additional information such as image or sound material.
  • this consists of a safe and a control unit that controls the supply of money from the safe.
  • This control unit is usually the PC described above, which interacts with the user.
  • Access can be logged via a camera in the safe.
  • the system could be connected to the ATM's PC via network or USB and record information there via a software agent.
  • the status of the PC can also be logged.
  • the invention relates to an automated teller machine comprising a control unit and a safe.
  • This unit is additionally characterized by a monitoring unit which is arranged in the safe and which carries out acoustic, optical and / or electronic monitoring of the control unit by means of an independent power supply.
  • the arrangement in the safe can be designed in such a way that physical partitioning from the cash cassettes within the safe is also possible. I.e. the monitoring unit can be arranged in a further safe within the safe. This means that even a person who is authorized to open the safe cannot necessarily access the monitoring unit.
  • the monitoring unit So that operation is possible even without an external power supply, for example if the attacker disconnects the cable to the mains power supply, the monitoring unit is provided with its own power supply, which enables operation for a certain period of time. This period can range from several hours to days. If the external power supply also no longer provides any power, the monitoring unit shuts down and stores the data permanently on a hard disk, a magnetic memory tape, flash units or other permanent memory units. As soon as there is a power supply again, the monitoring unit moves independently high. Appropriate cooling is ensured, for example, by using the housing of the safe as a cooling surface. Other cooling techniques are conceivable.
  • the own power supply is provided by batteries or accumulators that recharge during operation on the network. It is also conceivable that the power supply is provided by a hydrogen cell. As a rule, these are high-quality lithium batteries that provide the highest possible performance, other types of batteries are of course conceivable.
  • the monitoring unit has a camera and / or a microphone and a storage medium which is designed to permanently record the data from the camera and / or the microphone.
  • the camera is located inside the safe and can only be monitored through a hole in the safe.
  • the camera is usually aligned so that it can fully monitor the control unit. As a rule, it is a very wide-angle camera that can monitor a large room and that is also very bright so that it can also take pictures in dark areas. It is also conceivable for a large number of cameras to be arranged at different points in the safe, which are as inconspicuous as possible, so that they cannot be immediately recognized by an intruder. Even if one camera were recognized, other cameras could still go undetected.
  • the microphone is also arranged so that it can effectively pick up noises. For this it is necessary that noises can penetrate the safe accordingly. This can be achieved with an appropriate hole. It goes without saying that the units are designed in such a way that they generally only record data if corresponding movements or unusual noises can be detected. This is intended to reduce the amount of data that would otherwise arise from continuous recording. For example, the camera can be set to only record when certain areas of the image have changed. The microphone is recorded when the Volume level is above a certain level of noise that is adjustable. The microphone can also be arranged in a multiple embodiment in the safe.
  • the monitoring unit has means for monitoring interfaces of the control unit.
  • the control unit generally has many interfaces, such as interfaces to hard disks, graphics cards, payment systems, monitors, keyboards, which are addressed with different standards, for example USB, VGA, SAS, SATA, etc. It goes without saying that this list is not exhaustive. Rather, all interfaces are to be covered, which are provided by known PCs, and which serve to control peripheral devices. There can be different approaches for checking the interfaces. On the one hand, software modules can be arranged on the control unit in order to check the correct use of the interface and the peripheral device during operation.
  • These software modules are in turn connected to the monitoring unit via an interface, such as a USB or a network interface, and regularly transmit information about the peripheral devices, the state of the interface and the state of the control system.
  • an interface such as a USB or a network interface
  • mechanical monitoring systems can also be used, which are placed on cables or interposed between cables. If, for example, a cable is disconnected or a peripheral device is detached from the control unit, such detachment can be detected via mechanical switches or electronic contacts, even if the control system is not switched on.
  • the plugs of a hard disk are provided on both sides with appropriate monitoring modules that recognize whether a hard disk has been detached or not. The same can be used for USB or an interface.
  • These units can also be used to analyze the data traffic on the corresponding interfaces and, if necessary, to cut this data traffic.
  • the transfer of data from the monitoring units to the Interfaces can be plugged in wirelessly or via a network.
  • Bluetooth or WLAN can be used for wireless transmission.
  • This approach enables the exchange of a storage unit in the control unit, in particular a hard disk, to be monitored.
  • contact units that recognize an exchange.
  • the contact plugs are arranged on a hard disk cable so that it is recognized when the storage unit is replaced or the contents of the hard disk have changed.
  • the connector can save or create a hash value from the hard disk at regular intervals in order to check whether the hash value has then changed. In particular, this is possible for certain storage areas on the hard disk on which encoded information is stored.
  • the connector unit queries this corresponding data, one can also speak of a signature, and can then send a warning message to the checking unit if the data on the hard disk has changed or the hard disk has been replaced and no longer has this signature area.
  • the plug can be designed such that it checks the signature when it is shut down and, if necessary, stores a hash value of the hard disk on it. It is also conceivable that a hash value is created for certain data areas and not for the entire hard disk. When the hard disk is started, this area is checked in order to then generate a warning if necessary or even to deactivate the hard disk or to prevent a connection to the control unit.
  • Components connected to the control unit can also be monitored, in particular the payout device, keyboard and / or monitor.
  • the monitoring unit has means to record interfaces to the components.
  • the monitoring unit has its own physical connection to the payer, through which monitoring takes place. So it is possible service interfaces to Record payers or other devices.
  • the payer in addition to the USB connection, the payer also has a serial interface for service purposes. Deactivating the encryption or compromising the device by third-party software can be detected as a result, even if the payer is no longer connected to the ATM PC / control unit.
  • the monitoring unit it is of course also possible for the monitoring unit to permanently deactivate the control unit or certain components in the event of a possible attack that fits into an attack pattern. So it is possible to switch off the payer so that it cannot be configured again. It is also conceivable to prevent the control unit from booting. Furthermore, components such as power supplies or other components can be deactivated so that they cannot be restarted.
  • the Figure 1 shows a standard ATM, which has a safe, which is arranged in its lower region.
  • a payout is arranged within the safe and is responsible for issuing the money or the banknotes from the safe.
  • This payer is controlled by a control unit.
  • the control unit is often a conventional PC, which is equipped with appropriate software.
  • the conventional PC is usually connected to a card reader through which the credit card data is read.
  • the card reader can read both digital data from a card's chip and a magnetic stripe.
  • the control unit is connected to an EPP, which in is usually designed as a keyboard, or is designed in the form of a touch-sensitive screen. Corresponding secret numbers or pins are entered via this input device or a user dialog is conducted.
  • a monitor on which the user guidance takes place is not shown. This monitor is also controlled via the PC.
  • an ATM with a security box is shown.
  • This security box is arranged inside the safe and has both a camera, which is arranged in the housing of the ATM and is directed towards the user (who stands in front of the device), as well as a camera, which is arranged inside the safe, for taking pictures of the To make payers and the PC.
  • a microphone is arranged in the safe, which is also connected to the security box in order to carry out noises and voice recordings.
  • the orientation of the cameras in the Figure 2 is only an example.
  • the Security Box is also connected between the interfaces of the PC so that it can log the communication between the peripheral devices (EPP, card reader) and record the data.
  • the Security Box is also able to analyze whether the devices were removed at short notice and reattached.
  • the SB can thus be designed as a USB hub to connect the PC to the SB on the one hand and the peripheral devices to the PC on the other.
  • a corresponding reading of the data stream can be achieved via the hub function.
  • An interface to a hard drive within the PC is not shown. However, this can be ensured by appropriate cabling and external elements. These external elements can then be found in the PC and transfer their data to the Security Box via a cable.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Description

Die Erfindung betrifft ein Verfahren und eine Vorrichtung zur Aufzeichnung von Ereignissen in Geldautomaten.The invention relates to a method and a device for recording events in ATMs.

Gebiet der Erfindung:Field of the Invention:

Selbstbedienungs- (SB) Automaten weisen oftmals eine Reihe von Komponenten auf, die miteinander zu verbinden sind. In der Regel weisen diese Automaten eine standardisierte PC-Plattform auf, die besonderen Sicherheits-Anforderungen gerecht wird. An dieser PC-Plattform (Motherboard) werden, z.B. über USB-Schnittstellen (Universal Serial Bus) Tastaturen, Auszahleinheiten (Geldnoten-Vereinzelungs-Modul), Kartenlesegeräte, Monitore, und andere Geräte angeschlossen. Auch ist zu beachten, dass in Geldautomaten (ATM) Geldkassetten eingeschoben werden, die zu authentifizieren sind bzw. der Geldautomat hat sich gegenüber der Kassette zu authentifizieren, damit diese ihre Funktionsfähigkeit einschaltet. Weiterhin umfassen diese Automaten die Möglichkeit, sich mit einem anderen Computer zu verbinden, damit sich zum Beispiel ein Wartungs-Ingenieur mit seinem Laptop mit dem SB-Automat verbinden kann.Self-service (SB) machines often have a number of components that have to be connected to one another. As a rule, these machines have a standardized PC platform that meets special security requirements. On this PC platform (motherboard), e.g. Via USB interfaces (Universal Serial Bus) keyboards, payment units (banknote separation module), card readers, monitors, and other devices connected. It should also be noted that cash cassettes that are to be authenticated are inserted into ATMs (ATM) or that the ATM has to authenticate itself to the cassette so that it activates its functionality. Furthermore, these machines include the option of connecting to another computer so that, for example, a maintenance engineer can connect to the self-service machine with his laptop.

In der bevorzugten Ausführungsform werden USB oder andere serielle (V24) Verbindungen genutzt, um die Geräte miteinander zu verbinden.In the preferred embodiment, USB or other serial (V24) connections are used to interconnect the devices.

Es gibt Fälle, in denen eine sicherheitsrelevante Komponente in einem SB-Automat, im Folgenden als Geldautomat bezeichnet, gewechselt werden soll. Eine solche Komponente könnte dabei ein Hardwaremodul wie z.B. eine Geldkassette sein, aber auch eine Softwarekomponente wie z.B. ein Firmware-Update, oder auch periphere Geräte, wie sie oben beschrieben wurden. Entscheidend bei diesem Vorgang ist, dass sich der Geldautomat (PC) gegenüber der neuen Komponente authentisiert bzw. der Geldautomat die Authentizität der Komponente prüfen kann. Nur nach erfolgreicher Authentisierung verrichtet die neue Komponente ihren Dienst.There are cases in which a security-relevant component in a self-service machine, hereinafter referred to as an ATM, is to be replaced. Such a component could be a hardware module such as a cash cassette, but also a software component such as a firmware update or peripheral devices as described above. It is crucial in this process that the ATM (PC) authenticates itself to the new component or the ATM can check the authenticity of the component. The new component does its job only after successful authentication.

Oft werden ATMs durch Manipulation an der Hardware angegriffen.ATMs are often attacked by hardware manipulation.

Oder das Personal versucht durch Ausnutzen von Hardwarefehlern Zugriff auf das Gerät zu bekommen, um sich zu bereichern. Da die ATMs während einer Wartung, in der sie heruntergefahren werden und abgeschaltet werden, zeitweise keine Möglichkeit haben die Hardware eigenständig zu überwachen, sind die Geräte insbesondere dann angreifbar und können sich selbst nur schwerlich überprüfen. Die US 2002/000913 A1 offenbart eine zentrale Überwachungseinheit, die mit einer Batterie ausgestattet ist, und eine Kamera und ein Mikrofon antreiben, die nach außen gerichtet sind, um die Umgebung des Automaten aufzuzeichnen.Or the staff tries to gain access to the device by taking advantage of hardware errors to enrich themselves. Since the ATMs sometimes have no possibility of independently monitoring the hardware during maintenance, in which they are shut down and switched off, the devices are particularly vulnerable and can hardly be checked by themselves. The US 2002/000913 A1 discloses a central monitoring unit equipped with a battery and driving a camera and a microphone facing outwards to record the surroundings of the machine.

Andere Überwachungssysteme sind zum Beispiel in der Dokumenten US 5,253,167 B1 , US 2005/0280703 A1 , JP H 06 325 244 A und US 7,183,915 B2 offenbart.Other surveillance systems are for example in the documents US 5,253,167 B1 , US 2005/0280703 A1 , JP H 06 325 244 A and US 7,183,915 B2 disclosed.

Überblick über die Erfindung:Overview of the invention:

Aufgabe der vorliegenden Erfindung ist die Bereitstellung eines Systems, das unabhängig vom Betrieb des ATM (Automatic Teller Machine) eine weitere Überwachung vornimmt, wobei eine externe Stromzufuhr nicht notwendig ist, um zu protokollieren was momentan vorgenommen wird. Im Falle einer Manipulation oder eines Schadens am ATM kann das Protokoll des Systems weitere Hinweise auf die Täter oder deren Vorgehensweise liefern, so dass ein Nachweis leichter zu führen ist. So kann das System nicht nur den Zustand des Systems protokollieren, sondern auch weitere Informationen wie zum Beispiel Bild- oder Tonmaterial aufnehmen.The object of the present invention is to provide a system which carries out further monitoring independently of the operation of the ATM (Automatic Teller Machine), an external power supply not being necessary in order to log what is currently being done. In the event of tampering or damage to the ATM, the log of the system can provide further information on the perpetrators or their procedure, making it easier to prove. In this way, the system can not only log the state of the system, but also record additional information such as image or sound material.

Im Falle eines ATM's besteht diese aus einem Tresor und einer Steuereinheit, die die Geldzufuhr aus dem Tresor steuert. Diese Steuereinheit ist in der Regel der oben beschriebene PC, der die Interaktion mit dem Benutzer vornimmt.In the case of an ATM, this consists of a safe and a control unit that controls the supply of money from the safe. This control unit is usually the PC described above, which interacts with the user.

In der vorliegenden Erfindung kann z.B. über eine Kamera im Tresor ein Zugriff protokolliert werden. Während der Laufzeit könnte das System per Netzwerk oder USB mit dem PC des Geldautomaten verbunden sein und dort über einen Software-Agenten Informationen aufnehmen. Außerdem kann der Status des PCs protokolliert werden.In the present invention e.g. Access can be logged via a camera in the safe. During the runtime, the system could be connected to the ATM's PC via network or USB and record information there via a software agent. The status of the PC can also be logged.

Bei vielen Software-Angriffen ist es so, dass versucht wird auf dem PC ein fremdes Betriebssystem zu starten oder zusätzliche Software aufzubringen. Durch die vorliegende Einheit können zusätzliche autonome Einheiten dann solche Angriffe protokollieren und melden. Eine Zusatzsoftware auf dem PC ist dagegen immer angreifbar.With many software attacks, it is attempted to start an external operating system on the PC or to install additional software. Additional autonomous units can then use the present unit to log and report such attacks. Additional software on the PC, however, is always vulnerable.

Bei der Erfindung handelt es sich um einen Geldautomaten umfassend eine Steuereinheit und einen Tresor. Diese Einheit ist zusätzlich gekennzeichnet durch eine Überwachungseinheit, die im Tresor angeordnet ist, und die durch eine selbständige Stromversorgung eine akustische, optische und/oder elektronische Überwachung der Steuereinheit vornimmt. Die Anordnung kann im Tresor so ausgebildet sein, dass eine physikalische Abschottung gegenüber den Geldkassetten innerhalb des Tresors ebenfalls möglich ist. D.h. die Überwachungseinheit kann in einem weiteren Tresor innerhalb des Tresors angeordnet sein. Somit kann auch eine Person, die berechtigt ist, den Tresor zu öffnen, nicht zwangsweise auch auf die Überwachungseinheit zugreifen.The invention relates to an automated teller machine comprising a control unit and a safe. This unit is additionally characterized by a monitoring unit which is arranged in the safe and which carries out acoustic, optical and / or electronic monitoring of the control unit by means of an independent power supply. The arrangement in the safe can be designed in such a way that physical partitioning from the cash cassettes within the safe is also possible. I.e. the monitoring unit can be arranged in a further safe within the safe. This means that even a person who is authorized to open the safe cannot necessarily access the monitoring unit.

Damit ein Betrieb auch ohne externe Stromversorgung möglich ist, wenn zum Beispiel der Angreifer das Kabel zur Netz-Stromversorgung trennt, ist die Überwachungseinheit mit einer eigenen Stromversorgung versehen, die einen Betrieb für einen gewissen Zeitraum ermöglicht. Dieser Zeitraum kann mehrere Stunden bis Tage betragen. Sollte die externe Stromversorgung ebenfalls keinerlei Leistung mehr bereitstellen, so fährt sich die Überwachungseinheit herunter und speichert die Daten dauerhaft auf einer Festplatte, einem Magnet-Speichertape, Flash-Einheiten oder anderen dauerhaften Speicher-Einheiten. Sobald eine Stromversorgung wiederum gegeben ist, so fährt sich die Überwachungseinheit selbständig hoch. Für eine entsprechende Kühlung wird gesorgt, indem zum Beispiel das Gehäuse des Tresors als Kühloberfläche verwendet wird. Ander Kühlungstechniken sind denkbar.So that operation is possible even without an external power supply, for example if the attacker disconnects the cable to the mains power supply, the monitoring unit is provided with its own power supply, which enables operation for a certain period of time. This period can range from several hours to days. If the external power supply also no longer provides any power, the monitoring unit shuts down and stores the data permanently on a hard disk, a magnetic memory tape, flash units or other permanent memory units. As soon as there is a power supply again, the monitoring unit moves independently high. Appropriate cooling is ensured, for example, by using the housing of the safe as a cooling surface. Other cooling techniques are conceivable.

So ist es denkbar, dass die eigene Stromversorgung durch Batterien oder Akkumulatoren erfolgt, die sich im Betrieb am Netz wieder aufladen. Es ist auch denkbar, dass die Stromversorgung durch eine Wasserstoffzelle erfolgt. In der Regel handelt es sich dabei um hochwertige Lithium- Akkus, die eine möglichst hohe Leistung bereitstellen, andere Akkutypen sind natürlich denkbar.So it is conceivable that the own power supply is provided by batteries or accumulators that recharge during operation on the network. It is also conceivable that the power supply is provided by a hydrogen cell. As a rule, these are high-quality lithium batteries that provide the highest possible performance, other types of batteries are of course conceivable.

Zur Überwachung weist die Überwachungseinheit eine Kamera und/oder ein Mikrofon auf und ein Speichermedium, das ausgebildet ist, um die Daten von der Kamera und/oder dem Mikrofon dauerhaft aufzuzeichnen. Hierbei ist zu beachten, dass die Kamera innerhalb des Tresors angeordnet ist und lediglich durch eine Bohrung aus dem Tresor heraus die Überwachung durchführen kann. Die Kamera ist in der Regel so ausgerichtet, dass sie die Steuereinheit vollständig überwachen kann. In der Regel handelt es sich um eine sehr weitwinkelige Kamera, die einen großen Raum überwachen kann und die auch sehr Licht stark ist, um in dunklen Bereichen ebenfalls Aufnahmen durchzuführen. Es ist ebenfalls denkbar, dass eine Vielzahl von Kameras an unterschiedlichen Stellen des Tresors angeordnet ist, die möglichst unauffällig sind, so dass sie für einen Eindringling nicht sofort erkennbar sind. Selbst wenn eine Kamera erkannt werden würde, könnten jedoch andere Kameras weiterhin unentdeckt bleiben. Ebenfalls ist das Mikrofon so angeordnet, dass es Geräusche wirksam aufnehmen kann. Hierfür ist es notwendig, dass Geräusche entsprechend in den Tresor eindringen können. Mit einer entsprechenden Bohrung ist so etwas zu erreichen. Es versteht sich, dass die Einheiten so ausgebildet sind, dass sie in der Regel nur dann Daten aufzeichnen, wenn entsprechende Bewegungen oder unübliche Geräusche detektiert werden können. Hierdurch soll die Datenmenge reduziert werden, die sonst bei einer kontinuierlichen Aufzeichnung entstehen würde. So kann bei der Kamera eine Einstellung vorgenommen werden, dass lediglich eine Aufzeichnung erfolgt, wenn sich bestimmte Bildbereiche verändert haben. Bei dem Mikrofon wird eine Aufzeichnung durchgeführt, wenn der Lautstärkepegel oberhalb eines bestimmten Geräuschpegels ist, der einstellbar ist. Auch das Mikrofon kann in mehrfacher Ausführungsform im Tresor angeordnet sein.For monitoring purposes, the monitoring unit has a camera and / or a microphone and a storage medium which is designed to permanently record the data from the camera and / or the microphone. It should be noted that the camera is located inside the safe and can only be monitored through a hole in the safe. The camera is usually aligned so that it can fully monitor the control unit. As a rule, it is a very wide-angle camera that can monitor a large room and that is also very bright so that it can also take pictures in dark areas. It is also conceivable for a large number of cameras to be arranged at different points in the safe, which are as inconspicuous as possible, so that they cannot be immediately recognized by an intruder. Even if one camera were recognized, other cameras could still go undetected. The microphone is also arranged so that it can effectively pick up noises. For this it is necessary that noises can penetrate the safe accordingly. This can be achieved with an appropriate hole. It goes without saying that the units are designed in such a way that they generally only record data if corresponding movements or unusual noises can be detected. This is intended to reduce the amount of data that would otherwise arise from continuous recording. For example, the camera can be set to only record when certain areas of the image have changed. The microphone is recorded when the Volume level is above a certain level of noise that is adjustable. The microphone can also be arranged in a multiple embodiment in the safe.

In einer weiteren möglichen Ausführungsform weist die Überwachungseinheit Mittel auf, um Schnittstellen der Steuereinheit zu überwachen. Die Steuereinheit weist in der Regel viele Schnittstellen auf, wie Schnittstellen zu Festplatten Grafikkarten, Auszahl-System, Monitoren, Tastaturen, die mit unterschiedlichen Standards zum Beispiel USB, VGA, SAS, SATA etc. angesprochen werden. Es versteht sich, dass diese Aufzählung nicht abschließend ist. Vielmehr sollen alle Schnittstellen abgedeckt werden, die durch bekannte PCs bereitgestellt werden, und die dazu dienen Peripheriegeräte anzusteuern. Für die Überprüfung der Schnittstellen kann es unterschiedliche Ansätze geben. Einerseits können Software-Module auf der Steuereinheit angeordnet sein, um während des Betriebes die korrekte Nutzung der Schnittstelle und des Peripheriegerätes zu überprüfen. Diese Software-Module stehen wiederum über eine Schnittstelle, wie zum Beispiel eine USB oder eine Netzwerk-Schnittstelle, mit der Überwachungseinheit in Verbindung, und übermitteln regelmäßig Informationen über die Peripheriegeräte, den Zustand der Schnittstelle und den Zustand des Steuerungssystems. Andererseits können auch mechanische Überwachungssysteme eingesetzt werden, die auf Kabeln aufgesetzt werden bzw. zwischen Kabel zwischengeschaltet werden. Sollte zum Beispiel ein Kabel abgezogen werden bzw. ein Peripheriegerät von der Steuereinheit gelöst werden, so kann über mechanische Schalter oder elektronische Kontakte ein solches Lösen erkannt werden, auch wenn das Steuerungssystem nicht angeschaltet ist. So ist es zum Beispiel denkbar, dass die Stecker einer Festplatte auf beiden Seiten mit entsprechenden Modulen zur Überwachung versehen sind, die erkennen, ob eine Festplatte gelöst wurde oder nicht. Das Gleiche kann für USB oder eine Schnittstelle verwendet werden. Diese Einheiten können ebenfalls dazu genutzt werden den Datenverkehr auf den entsprechenden Schnittstellen zu analysieren und gegebenenfalls um diesen Datenverkehr mit zuschneiden. Die Übertragung der Daten von den Überwachungseinheiten, die auf die Schnittstellen gesteckt werden, kann kabellos erfolgen oder ebenfalls über ein Netzwerk. Bei der kabellosen Übertragung können zum Beispiel Bluetooth oder WLAN verwendet werden.In a further possible embodiment, the monitoring unit has means for monitoring interfaces of the control unit. The control unit generally has many interfaces, such as interfaces to hard disks, graphics cards, payment systems, monitors, keyboards, which are addressed with different standards, for example USB, VGA, SAS, SATA, etc. It goes without saying that this list is not exhaustive. Rather, all interfaces are to be covered, which are provided by known PCs, and which serve to control peripheral devices. There can be different approaches for checking the interfaces. On the one hand, software modules can be arranged on the control unit in order to check the correct use of the interface and the peripheral device during operation. These software modules are in turn connected to the monitoring unit via an interface, such as a USB or a network interface, and regularly transmit information about the peripheral devices, the state of the interface and the state of the control system. On the other hand, mechanical monitoring systems can also be used, which are placed on cables or interposed between cables. If, for example, a cable is disconnected or a peripheral device is detached from the control unit, such detachment can be detected via mechanical switches or electronic contacts, even if the control system is not switched on. For example, it is conceivable that the plugs of a hard disk are provided on both sides with appropriate monitoring modules that recognize whether a hard disk has been detached or not. The same can be used for USB or an interface. These units can also be used to analyze the data traffic on the corresponding interfaces and, if necessary, to cut this data traffic. The transfer of data from the monitoring units to the Interfaces can be plugged in wirelessly or via a network. For example, Bluetooth or WLAN can be used for wireless transmission.

Durch diesen Ansatz kann eine Überwachung des Austauschs einer Speichereinheit in der Steuereinheit erfolgen, insbesondere einer Festplatte. Hierbei sind Kontakteinheiten vorhanden, die einen Austausch erkennen. Die Kontaktstecker sind auf einem Festplattenkabel angeordnet, so dass erkannt wird, wenn die Speichereinheit ausgetauscht wird, oder sich der Inhalt der Festplatte verändert hat. Beim letztgenannten Ansatz, kann der Stecker in regelmäßigen Abständen einen Hashwert von der Festplatte speichern bzw. erstellen, um zu überprüfen, ob sich der Hashwert dann verändert hat. Insbesondere ist dies möglich für bestimmte Speicherbereiche der Festplatte, auf denen codierte Informationen abgelegt sind. Bei einem Starten einer Festplatte fragt die Stecker-Einheit diese entsprechenden Daten ab, man kann auch von einer Signatur sprechen, und kann dann eine Warnmeldung an die Überprüfungseinheit senden, falls sich die Daten der Festplatte verändert haben bzw. die Festplatte ausgetauscht wurde und nicht mehr diesen Signaturbereich aufweist. Der Stecker kann ausgebildet sein, dass er bei einem Herunterfahren die Signatur überprüft und gegebenenfalls einen Hashwert der Festplatte auf dieser hinterlegt. Es ist auch denkbar dass ein Hashwert für bestimmte Datenbereiche erstellt wird und nicht für die gesamte Festplatte. Beim Starten der Festplatte wird dieser Bereich geprüft, um dann gegebenenfalls eine Warnmeldung zu erzeugen oder sogar die Festplatte zu deaktivieren bzw. eine Verbindung zur Steuereinheit zu unterbinden.This approach enables the exchange of a storage unit in the control unit, in particular a hard disk, to be monitored. Here there are contact units that recognize an exchange. The contact plugs are arranged on a hard disk cable so that it is recognized when the storage unit is replaced or the contents of the hard disk have changed. With the latter approach, the connector can save or create a hash value from the hard disk at regular intervals in order to check whether the hash value has then changed. In particular, this is possible for certain storage areas on the hard disk on which encoded information is stored. When a hard disk is started, the connector unit queries this corresponding data, one can also speak of a signature, and can then send a warning message to the checking unit if the data on the hard disk has changed or the hard disk has been replaced and no longer has this signature area. The plug can be designed such that it checks the signature when it is shut down and, if necessary, stores a hash value of the hard disk on it. It is also conceivable that a hash value is created for certain data areas and not for the entire hard disk. When the hard disk is started, this area is checked in order to then generate a warning if necessary or even to deactivate the hard disk or to prevent a connection to the control unit.

Auch kann eine Überwachung von Komponenten, die mit der Steuereinheit verbunden sind, erfolgen, insbesondere von Auszahler, Tastatur und/oder Monitor. Die Überwachungseinheit weist dabei Mittel auf, um ein Mitschneiden von Schnittstellen zu den Komponenten durchzuführen. Die Überwachungseinheit weist eine eigene physikalische Verbindung zum Auszahler auf, durch den eine Überwachung erfolgt. So ist es möglich Serviceschnittstellen zum Auszahler oder anderen Geräten mitzuschneiden. Beim Auszahler ist z.B. zusätzlich zur USB-Verbindung noch eine serielle Schnittstelle für Servicezwecke vorhanden. Ein Deaktivieren der Verschlüsselung oder ein Kompromittieren des Gerätes durch Fremdsoftware kann dadurch detektiert werden, auch wenn der Auszahler nicht mehr mit dem ATM-PC/Steuereinheit verbunden ist.Components connected to the control unit can also be monitored, in particular the payout device, keyboard and / or monitor. The monitoring unit has means to record interfaces to the components. The monitoring unit has its own physical connection to the payer, through which monitoring takes place. So it is possible service interfaces to Record payers or other devices. For example, in addition to the USB connection, the payer also has a serial interface for service purposes. Deactivating the encryption or compromising the device by third-party software can be detected as a result, even if the payer is no longer connected to the ATM PC / control unit.

Es ist natürlich auch möglich, dass die Überwachungseinheit bei einem möglichen Angriff, der in ein Angriffsmuster passt, die Steuereinheit oder bestimmte Komponenten dauerhaft deaktiviert. So ist es möglich den Auszahler abzuschalten, so dass er nicht erneut konfiguriert werden kann. Auch ist es denkbar ein Booten der Steuereinheit zu unterbinden. Ferner können Komponenten, wie Netzteile oder andere Komponenten deaktiviert werden, so dass ein erneutes Starten nicht mehr möglich ist.It is of course also possible for the monitoring unit to permanently deactivate the control unit or certain components in the event of a possible attack that fits into an attack pattern. So it is possible to switch off the payer so that it cannot be configured again. It is also conceivable to prevent the control unit from booting. Furthermore, components such as power supplies or other components can be deactivated so that they cannot be restarted.

Figuren Beschreibung:Figures description:

  • Figur 1 zeigt einen ATM in seinem grundsätzlichen Aufbau mit einer Steuereinheit und einem Tresor. Figure 1 shows an ATM in its basic structure with a control unit and a safe.
  • Figur 2 zeigt einen ATM mit der Überwachungseinheit, die im Tresor angeordnet ist. Figure 2 shows an ATM with the monitoring unit, which is arranged in the safe.
  • Figur 2c zeigt die Symbole für Kamera und Mikrofon. Figure 2c shows the symbols for camera and microphone.
Beschreibung der Ausführungsform:Description of the embodiment:

Die Figur 1 zeigt einen Standard ATM, der einen Tresor aufweist, der in seinem unteren Bereich angeordnet ist. Innerhalb des Tresors ist ein Auszahler angeordnet, der für die Ausgabe des Geldes bzw. der Geldscheine aus dem Tresor zuständig ist. Dieser Auszahler wird von einer Steuereinheit angesteuert. Wie bereits oben ausgeführt wurde, ist die Steuereinheit oftmals ein herkömmlicher PC, der mit einer entsprechenden Software ausgestattet ist. Der herkömmliche PC ist in der Regel mit einem Kartenlesegerät verbunden, durch das die Daten der Kreditkarten eingelesen wird. Das Kartenlesegerät kann sowohl digitale Daten vom Chip einer Karte lesen als auch von einem Magnetstreifen. Weiterhin ist die Steuereinheit mit einem EPP verbunden, das in der Regel als Tastatur ausgebildet ist, oder in Form eines berührungsempfindlichen Bildschirms ausgebildet ist. Über dieses Eingabegerät werden entsprechende Geheimzahlen oder Pins eingegeben oder ein Benutzerdialog geführt. Nicht dargestellt ist ein Monitor, auf dem die Benutzerführung erfolgt. Dieser Monitor wird ebenfalls über den PC gesteuert.The Figure 1 shows a standard ATM, which has a safe, which is arranged in its lower region. A payout is arranged within the safe and is responsible for issuing the money or the banknotes from the safe. This payer is controlled by a control unit. As already explained above, the control unit is often a conventional PC, which is equipped with appropriate software. The conventional PC is usually connected to a card reader through which the credit card data is read. The card reader can read both digital data from a card's chip and a magnetic stripe. Furthermore, the control unit is connected to an EPP, which in is usually designed as a keyboard, or is designed in the form of a touch-sensitive screen. Corresponding secret numbers or pins are entered via this input device or a user dialog is conducted. A monitor on which the user guidance takes place is not shown. This monitor is also controlled via the PC.

In der Figur 2 ist ein ATM mit einer Security Box dargestellt. Diese Security Box ist innerhalb des Tresors angeordnet und weist sowohl eine Kamera auf, die im Gehäuse des ATM angeordnet ist und zum Benutzer gerichtet ist (der vor dem Gerät steht), als auch eine Kamera, die innerhalb des Tresors angeordnet ist, um Aufnahmen vom Auszahler und dem PC zu machen. Weiterhin ist ein Mikrofon im Tresor angeordnet, das ebenfalls mit der Security Box verbunden ist, um Geräusche und Sprachaufnahmen durchzuführen. Die Ausrichtung der Kameras in der Figur 2 ist lediglich beispielhaft. Ferner ist die Security Box zwischen die Schnittstellen des PCs geschaltet, so dass sie die Kommunikation zwischen den Peripheriegeräten (EPP, Kartenleser) loggen kann und die Daten aufzeichnen kann. Auch ist die Security Box in der Lage zu analysieren, ob die Geräte kurzfristig entfernt wurden und erneut angesteckt wurden. Hierzu gibt es entsprechende Schnittstellen an der Security Box, in die die Geräte einzustecken sind. Die SB kann somit als USB Hub ausgebildet sein, um einerseits den PC mit der SB zu verbinden und andererseits die Peripheriegeräte mit dem PC. Über die Hub-Funktion kann ein entsprechendes Mitlesen des Datenstroms erreicht werden. Nicht dargestellt ist eine Schnittstelle zu einer Festplatte innerhalb des PCs. Dies kann jedoch über eine entsprechende Verkabelung und externe Elemente sichergestellt werden. Diese externen Elemente finden sich dann im PC und übertragen ihre Daten über ein Kabel an die Security Box.In the Figure 2 an ATM with a security box is shown. This security box is arranged inside the safe and has both a camera, which is arranged in the housing of the ATM and is directed towards the user (who stands in front of the device), as well as a camera, which is arranged inside the safe, for taking pictures of the To make payers and the PC. Furthermore, a microphone is arranged in the safe, which is also connected to the security box in order to carry out noises and voice recordings. The orientation of the cameras in the Figure 2 is only an example. The Security Box is also connected between the interfaces of the PC so that it can log the communication between the peripheral devices (EPP, card reader) and record the data. The Security Box is also able to analyze whether the devices were removed at short notice and reattached. There are corresponding interfaces on the Security Box in which the devices are to be inserted. The SB can thus be designed as a USB hub to connect the PC to the SB on the one hand and the peripheral devices to the PC on the other. A corresponding reading of the data stream can be achieved via the hub function. An interface to a hard drive within the PC is not shown. However, this can be ensured by appropriate cabling and external elements. These external elements can then be found in the PC and transfer their data to the Security Box via a cable.

Claims (9)

  1. Automatic teller machine comprising a control unit in order to control the automatic teller machine, and a safe, wherein the control unit is arranged in the automatic teller machine and not in the safe,
    characterized by a monitoring unit, which is arranged in the safe and which performs acoustic, optical and/or electronic monitoring of the control unit by means of an independent power supply, so that operation of the monitoring unit is even possible without an external power supply, wherein the monitoring unit has a camera and/or a microphone and a storage medium, which is designed to record the data from the camera and/or the microphone permanently, wherein the camera and/or the microphone is aimed at the control unit in the interior of the automatic teller machine, wherein the camera and/or the microphone is arranged within the safe and only performs the monitoring of the control unit from the safe through a hole, in order to monitor manipulation of the control unit, in that data from the camera is recorded when movements are detected and/or in that data from the microphone is recorded when unusual noises are detected.
  2. Automatic teller machine according to the preceding claim, characterized in that the independent power supply also operates without mains power and is supplied by a battery or hydrogen cell.
  3. Automatic teller machine according to one or more of the preceding claims, wherein the monitoring unit monitors interfaces of the control unit on the basis of the driver of the control unit or mechanically through intermediate connectors which are arranged on the interfaces.
  4. Automatic teller machine according to one or more of the preceding claims, wherein in order to monitor the replacement of a storage unit, in particular a hard disk in the control unit, there are contact units which detect a replacement.
  5. Automatic teller machine according to one or more of the preceding claims, wherein a contact connector is arranged on a hard drive cable, so that it is possible to detect when the storage unit was replaced or the contents of the hard disk have changed.
  6. Automatic teller machine according to one or more of the preceding claims, wherein a software agent runs on the control unit, which logs changes and transmits them to the monitoring unit.
  7. Automatic teller machine according to one or more of the preceding claims, wherein monitoring of components which are connected to the control unit is carried out, in particular of dispenser, keyboard and/or monitor.
  8. Automatic teller machine according to the preceding claims, wherein the monitoring unit has means for making a recording of interfaces of the components.
  9. Automatic teller machine according to the preceding two claims, wherein the monitoring unit has a dedicated physical connection to the dispenser, through which monitoring is carried out.
EP13174518.4A 2013-07-01 2013-07-01 Method and device for recording events in self-service machines Active EP2821976B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP13174518.4A EP2821976B1 (en) 2013-07-01 2013-07-01 Method and device for recording events in self-service machines

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP13174518.4A EP2821976B1 (en) 2013-07-01 2013-07-01 Method and device for recording events in self-service machines

Publications (2)

Publication Number Publication Date
EP2821976A1 EP2821976A1 (en) 2015-01-07
EP2821976B1 true EP2821976B1 (en) 2020-04-29

Family

ID=48745754

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13174518.4A Active EP2821976B1 (en) 2013-07-01 2013-07-01 Method and device for recording events in self-service machines

Country Status (1)

Country Link
EP (1) EP2821976B1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2575267B (en) 2018-07-03 2023-02-01 Tcs John Huxley Europe Ltd Casino apparatus

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06325244A (en) * 1993-05-14 1994-11-25 Nec Corp Check device of cash processor
JPH11213223A (en) * 1998-01-26 1999-08-06 Sanyo Electric Co Ltd Automatic vending machine
DE19811433A1 (en) * 1998-02-20 1999-08-26 Maku Informationstechnik Gmbh Video monitoring device for security use e.g. in automated teller machine
US20050280703A1 (en) * 2004-06-22 2005-12-22 International Business Machines Corporation Sensor for imaging inside equipment
US7183915B2 (en) * 2004-08-05 2007-02-27 3Si Security Systems, Inc. Wireless ATM security system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2754745B2 (en) * 1989-06-15 1998-05-20 株式会社日立製作所 Remote maintenance system for automatic teller machine
JP3935923B2 (en) * 2000-05-18 2007-06-27 日立オムロンターミナルソリューションズ株式会社 Automatic transaction equipment
DE102008013634A1 (en) * 2008-03-11 2009-09-17 Wincor Nixdorf International Gmbh Method and apparatus for preventing attacks on systems with a Plug & Play function
DE102008049599B4 (en) * 2008-09-30 2024-08-14 Diebold Nixdorf Systems Gmbh Method and device for detecting attacks on a self-service machine

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06325244A (en) * 1993-05-14 1994-11-25 Nec Corp Check device of cash processor
JPH11213223A (en) * 1998-01-26 1999-08-06 Sanyo Electric Co Ltd Automatic vending machine
DE19811433A1 (en) * 1998-02-20 1999-08-26 Maku Informationstechnik Gmbh Video monitoring device for security use e.g. in automated teller machine
US20050280703A1 (en) * 2004-06-22 2005-12-22 International Business Machines Corporation Sensor for imaging inside equipment
US7183915B2 (en) * 2004-08-05 2007-02-27 3Si Security Systems, Inc. Wireless ATM security system

Also Published As

Publication number Publication date
EP2821976A1 (en) 2015-01-07

Similar Documents

Publication Publication Date Title
EP2959377B1 (en) Data loading device and data loading method for loading software into aircraft systems
DE112008000135B4 (en) Docking security system for portable computing systems
EP2668607A1 (en) Method for monitoring a tamper protection and monitoring system for a field device having tamper protection
DE102013003071A1 (en) Verification (blocking) method with authentication chip for identifying a system-level chip
DE102007033346A1 (en) Method and device for administration of computers
EP1902404A1 (en) System provided with several electronic devices and a security module
CN204423477U (en) A kind of monoblock type clearance equipment
CN204423476U (en) A kind of split type clearance equipment
EP2821976B1 (en) Method and device for recording events in self-service machines
EP2257903B1 (en) Method and device for defending against attacks to systems comprising a plug&play function
WO2003075164A2 (en) Monitoring and data exchange method of an external storage medium unit
JP2008027167A (en) Monitoring system for automatic teller machine
EP1761834B1 (en) Read device for card-type data carriers and operating method therefor
DE3820868A1 (en) System for retrieving games device data
CN103544759A (en) Door access control method and door access control device
CN105631358A (en) Important experimental data tamper-proof monitoring control system and use method therefor
EP3347880B1 (en) Method and device for determining the integrity of a card reading unit and a self-service terminal equipped with same
WO2016041843A1 (en) Method and arrangement for authorising an action on a self-service system
KR20210158595A (en) Black box for vehicles with memory security function
CN206411673U (en) A kind of medicine management system got it filled of meeting an urgent need
WO2018234464A1 (en) Method for checking the integrity of a dedicated physical environment for protecting data
EP2455925B1 (en) Method and device for defending against attempts to manipulate a camera system
CN209821962U (en) Full intelligent key management device
EP0411185A1 (en) Data input device
DE202004008380U1 (en) Secure card reader has additional electronic components for encrypting data to be transferred to an external unit and for detecting data access attempts

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20130701

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

R17P Request for examination filed (corrected)

Effective date: 20150630

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

17Q First examination report despatched

Effective date: 20160311

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20191121

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1264470

Country of ref document: AT

Kind code of ref document: T

Effective date: 20200515

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 502013014638

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: GERMAN

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20200429

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200729

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200829

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200831

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200730

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200729

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 502013014638

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20210201

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20200731

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200731

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200701

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200731

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200701

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200731

REG Reference to a national code

Ref country code: AT

Ref legal event code: MM01

Ref document number: 1264470

Country of ref document: AT

Kind code of ref document: T

Effective date: 20200701

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200701

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 10

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200429

REG Reference to a national code

Ref country code: GB

Ref legal event code: 732E

Free format text: REGISTERED BETWEEN 20230323 AND 20230329

REG Reference to a national code

Ref country code: GB

Ref legal event code: 732E

Free format text: REGISTERED BETWEEN 20230525 AND 20230601

REG Reference to a national code

Ref country code: DE

Ref legal event code: R081

Ref document number: 502013014638

Country of ref document: DE

Owner name: DIEBOLD NIXDORF SYSTEMS GMBH, DE

Free format text: FORMER OWNER: WINCOR NIXDORF INTERNATIONAL GMBH, 33106 PADERBORN, DE

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20230620

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20240620

Year of fee payment: 12

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20240619

Year of fee payment: 12