An Automated Teller Machine (ATM) is an example of a processing device to which access must be carefully controlled. Such machines are often the target of fraudsters due to the large amounts of money that they hold and also due to the confidential nature of data supplied thereto, both in the form of customer entered Personal Identification Numbers (PINs) and in the form of bank account details. However, ATMs must be accessible to authorized personnel as they require routine maintenance, replacement of parts, and updates to software. Such maintenance is carried out by field engineers, who are called out to an ATM to repair faults and to install new software and hardware.
In known systems, to access the full range of functions provided by servicing software on an ATM, a field engineer must provide a valid access token to the ATM. Without this access token, the field engineer will only be able to access a subset of the functions provided by the servicing software, namely, the non-restricted functions.
The access token is usually a machine readable device, for example a computer disk, or a USB (Universal Serial Bus) memory device, referred to herein as a USB key fob. Access tokens are granted for accessing particular ATMs for a licensed period of time. To access the full range of functions on an ATM, the access token must be valid for use on that ATM, and the current time must be between the start and end dates of the license period of the token. In addition, the field engineer is typically required to enter a valid password before access is permitted. The license period is held on the access token, and is typically in the form of a duration (in months) and an expiry date.
To reduce the possibility of a successful attack on the contents of the access token (for example, to circumvent the license dates), the access token is either encrypted (this is usual if the access token is a disk), or is implemented on a secure device, as in the case of a USB key fob. However, ensuring the security of the access token itself does not preclude fraudulent use of out-of-date access tokens. This is because an unauthorized field engineer could back-date a clock within the ATM and present an out-of-date access token. The ATM would accept the out-of-date token based on the current time shown on the ATM's clock.
It would be advantageous to reduce the possibility of this type of fraud occurring.