The invention relates to a method and an arrangement for authorizing an action on a self-service system.
Modern self-service systems—such as, for example, ATMs or other devices of banking automation—involve complex protective mechanisms to counter external attackers. For service operations by a service technician, however, it is necessary that these protective mechanisms be at least partially switched off. This is necessary, for example, when unforeseen software updates or hardware updates have to be performed by a service technician.
Since self-service systems are networked highly variably, it is customary to perform an offline authorization directly on the self-service system. For this purpose the service technician is given a technician token—that is to say, a hardware component for his/her identification—the rights of the service technician in respect of service operations having been stored on such a technician token. In the course of a technician operation, the self-service system checks these rights and reacts accordingly. The technician token is realized, for example, as a USB stick with built-in flash memory, which is inserted into the USB port of the system PC.
Such an offline authorization of a service technician, however, has its drawbacks. A first drawback consists in the fact that an authorization is only undertaken locally in relation to the self-service system. A reliable logging of service operations and hence a reliable traceability are therefore not possible. A second drawback consists in the fact that a withdrawal of rights is only possible to a limited extent. Accordingly, technician tokens conventionally have long time windows for the stored rights. A withdrawal of rights ultimately requires the collecting-in of the technician token, which may be associated with practical difficulties.
A further drawback consists in the fact that the proprietors of self-service systems frequently close the USB ports of such systems for external components, in order to prevent the transfer of harmful software via this route. In this case an offline authorization is not possible from the outset.
One drawback of an offline authorization consists, moreover, in the fact that in the case where a service technician is threatened directly there is no possible way to block the access of the service technician or to send an emergency signal unnoticed.