SSTs comprise machines which dispense goods to or perform services for a user. A common example of an SST is an ATM. When these machines develop a fault or are due for a service after they have been installed at a site, an engineer or maintenance operator is usually sent to diagnose the problem and/or correct the fault. Where correction of the fault requires installing a replacement component, there is a risk that that replacement component may be of a lower standard than the component initially installed by the manufacturer of the SST.
Taking the example of an ATM, there is a particular concern that the replacement component is of a high standard as an ATM is used as an interface for financial transactions. Moreover, ATMs are often the target of thieves, who could deliberately install a replacement component with a malicious purpose, for example, to gain access to security information entered by a subsequent user of the ATM.
In one prior art method, the problem is addressed by requiring an engineer to certify that replacement components are in good working order immediately following their installation. The process proceeds substantially as follows:
When an engineer is called to a faulty SST, he or she uses a device within the ATM known as an Operator Panel. An Operator Panel is a processing unit arranged to provide a user interface to the engineer and to guide the engineer through servicing and diagnostic procedures. In order to run the procedures, the engineer must pass a security clearance test. This is normally achieved by requiring the engineer to use a USB security dongle known in this context as a Service Security Key.
Whilst servicing the SST, the engineer may be required to replace a faulty component. The SST is arranged such that certification that the component is fully functional is required before the SST returns to normal operation. The certification is executed by the engineer through the Operator Panel and using the Service Security Key. A problem with this method is that should the engineer not have his or her Security Service Key, or should the Key itself be faulty, then the SST will not return to normal operation. Further, while the method ensures that the replacement component is functional, it does not ensure that the replacement component comes from a trusted source.