1. Field of the Invention
The invention relates to a method and a system for testing the system integrity of a self-service machine using a mobile terminal.
2. Description of the Related Art
The control of modern cash machines or self-service machines is carried out according to prior art using a customary PC running a standard operating system, e.g. Microsoft Windows XP. Other operating systems, such as Linux/Unix or other Windows versions, are of course conceivable. These standard components are primarily intended for a workstation and do not essentially meet the security requirements in the automated teller machine environment. In particular, malware can be installed on the control computer via known security vulnerabilities in order to ascertain customer data illegally. As new security vulnerabilities are continually being discovered in such operating systems, it is necessary to check the integrity of the software on the control computer.
For a holistic concept to defend against attacks on a self-service machine/ATM (automated teller machine), it is necessary that the PC is protected for a variety of scenarios.
Such attack scenarios on the PC may be divided into roughly three categories:
Category I: External attack without direct access to PC interfaces, e.g. via the Internet.
Category II: Attacks in which the attacker gains access to the interfaces (USB, network, power) of the PC, e.g. by breaking open the fascia.
Category III: Attacks in which the attacker gains complete control over the PC, i.e. can also perform any manipulations inside the PC housing.
The procedures described below are used primarily to protect against attacks of category II but are not limited thereto if, for example, preparations should be made for the other categories.
Examples of such attacks are:                Connection of a USB data storage device and booting of an independent operating system from it in order to pull off information from the system installation.        Connection of a USB data storage device and booting of an independent operating system from it in order to manipulate the peripherals from this PC, e.g. to pay out money from the separator without authorisation.        Connection of a USB data storage device and booting of an independent operating system from it in order to manipulate the installation on the system PC, e.g. to sneak in a code of its own which records PINs.        
The use of existing barriers is not practicable in practice. For example, present-day PCs already have the ability via a BIOS setting to prohibit the possibility of booting from an external medium (an external medium in this case is understood to be any medium from which booting can be performed without the housing of the PC having to be opened, this also includes CDs in installed CD-ROM drives). This setting can be protected by means of a BIOS password so that unauthorised changes are prevented. Such a practice, however, is only feasible with individual passwords because if all the PCs in a bank are protected with the same password, which then has to be made known to a sizeable staff (service technicians, administrators), it can be assumed that this password will be generally known within a very short time.
With individual (but static) passwords per PC, it is necessary to clarify organisationally how the passwords are to be kept secret. Here there is a risk that the service technicians, for example, will store the passwords directly on the system (write them on the housing in felt tip so that they are immediately known at the next visit. If the individual passwords are managed in lists, again the risk very quickly arises that these lists will become known via the actual group of recipients who need them. In addition, these lists require regular maintenance.
Access to the BIOS must not be shut off completely as otherwise it is no longer possible to reconfigure the PC, e.g. after a disc failure.
The BIOS (basic input/output system) is the firmware in x86 PCs. It is stored in a non-volatile memory on the motherboard of a PC and is executed immediately after it is switched on. Among other things, the task of the BIOS is initially to make the PC operable and then to initiate the start-up of an operating system. It should be noted that there may be alternative forms of a BIOS, such as BIOS/(U)EFI, which also fall within the scope of the application.
In current language, the expression BIOS is sometimes also used now to mean BIOS settings.