Everybody accesses goods and services on a daily basis. By way of example only, each time we take a cup of coffee, we access goods (i.e. a cup filled with coffee) and a service (i.e. the preparation of coffee). Generally, the access to these different goods and/or services needs to be controlled such that only authorised users can effectively access them.
In the last decades, automated points of sale (in particular the so called vending machines) have been used more and more frequently all over the world. These vending machines are generally devices which are able of dispensing different goods or services (e.g. coffee, sandwiches, tobacco products, consumer products of all kinds, newspapers, etc.) in an automated way. To this end, such vending machines generally comprise more or less sophisticated machinery that can store these items and dispense them in an appropriate way when they have been selected by a user.
Generally, in order to obtain access to goods and/or services from such a vending machine, the user is required to insert coins or paper money into them. More sophisticated vending machines accept credit or debit cards, or some kind of tokens issued specially for this purpose. Even more sophisticated machines also allow accessing goods and/or services using an electronic wallet, for example rechargeable chips and/or mobile phones (or other similar devices).
However, all current methods for acquiring goods and/or services at a vending machine have some drawbacks. More specifically, “classic” vending machines require personnel for emptying the repository for banknotes, coins or tokens. In case the vending machine is configured to work also with credit or debit cards, chips, badges or other similar electronic payment means, the vending machine must comprise a reading means for reading the data from these supports and for identifying the user identity and/or his (or her) credit prior to allowing access to the required goods and/or services. However, such an identification process requires a sophisticated processing unit at the vending machine itself and a possibility to access the identification databases in a secure way which makes the vending machines both costly and vulnerable to attacks from non-authorised users. For example, if a user pays goods and/or services using the credit card, the vending machine needs to read out all data required by the credit card issuing company in order to authorise the purchase, including also the security parameters such as PIN codes, passwords, and similar. Thus, if this data is obtained by a non-authorised user, they can be used in a fraudulent way.