SSTs are public access devices that provide goods and/or services to customers in an unattended environment and/or in an unassisted manner. One common type of SST is an Automated Teller Machine (ATM). To ensure that ATMs remain operational, ATM vendors typically provide management software for performing settlement, diagnostic, upgrade, and maintenance tasks on the ATM. This management software is typically referred to as a supervisor application (although it may be included within the ATM's transaction application). To access the supervisor application, a servicing person (not an ATM customer) typically presses a switch that changes the ATM from transaction mode (where a customer can enter a transaction) to supervisor mode (where settlement, diagnostic and maintenance tasks can be performed).
The Payment Card Industry (PCI) has implemented a Payment Application Data Security Standard (PA-DSS) that requires ATMs (i) to restrict access to certain supervisor functions to authorised personnel, and (ii) to maintain an audit of any servicing personnel who access those restricted functions available in supervisor mode. Details of this standard are available at https://www.pcisecuritystandards.org.
Some ATM vendors comply with PA-DSS by securely storing passcodes and usernames for authorised personnel either on the ATM or remotely on a networked server.
Managing these passcodes and usernames creates a significant overhead for the ATM owners because (i) there may be a large number of authorised personnel, and (ii) authorised personnel have to be added and deleted over time.
Local storage has the disadvantage that each ATM must store an up-to-date list of authorised personnel, together with their associated passcodes. Remote storage requires the ATM's communications connection to be working before a person can be authenticated, but if the person was despatched to fix a communications problem on the ATM, then that person cannot be authenticated by that ATM since the communications connection is needed to access the remote network.