The present invention relates to a security system for a transaction processing system.
WOSA/XFS (Windows Open Services Architecture for Extended Financial Services) is an emerging standard enabling financial institutions, whose branch and office solutions run on the Windows NT platform, to develop applications independent of vendor equipment.
FIG. 1 shows the standard WOSA model. Using this model, an application 10 communicates hardware requests 12 to various hardware devices in an ATM 14 via a WOSA manager 20. The application issues transaction requests 12 which are hardware independent, and thus vendor independent. The requests are queued by the WOSA manager 20 which manages concurrent access to the ATM hardware 14 from any number of applications 10.
When a piece of hardware is installed on the ATM, it registers its controlling software, known as a service provider module (SPM) 30, with the WOSA manager by using, for example, the Windows registry. The WOSA manager 20 is thus able to relay a hardware request 12 to an appropriate SPM 30, using the Windows registry as a look-up table. The SPM 30 takes relayed hardware independent requests 16 from the WOSA manager and actuates the appropriate piece of hardware to process the requests. The results of a request can be returned by an SPM 30 synchronously via the WOSA manager 20 or asynchronously by generating a Windows event.
A number of companies other than the Applicant, including Microsoft Corporation, Keybank Incorporated of Cleveland, Ohio and Diebold Incorporated of Canton, Ohio have mooted the idea of using an automatic teller machine (ATM) to provide access to Internet services, for example, for executing financial transactions, ticket reservation and information retrieval.
It is an object of the present invention to provide a security system for a transaction processing system.
Accordingly, the present invention provides a security system for a transaction processing system in which a transaction manager runs in a first process and is responsive to transaction requests from one or more applications and a service provider layer is adapted to relay transaction requests passed from said transaction manager to associated hardware for execution; said security system comprising: a security module adapted to store application rights to execute transaction requests; and a supervisor application adapted to register with said security module, said supervisor application being adapted to communicate with the or each application to determine application rights to execute transaction requests and to store said access rights in said security module; wherein the security module is responsive to requests from the service provider layer to determine an application""s right to execute a transaction request.
It will be seen that the security system according to the invention enables a supervisor application to deny to other applications certain services provided by other peripheral SPMs controlling hardware in a simple and efficient manner.
In a second aspect the invention provides a transaction processing system including: a transaction manager running in a first process and responsive to transaction requests from one or more applications; a service provider layer including a set of service provider modules, each service provider module being adapted to relay transaction requests passed from said transaction manager to an associated hardware module; a security module adapted to store application rights to execute transaction requests; a supervisor application adapted to register with the security module, said supervisor application being adapted to communicate with the or each application to determine application rights to execute transaction requests and to store said access rights in said security module; wherein said service provider layer is adapted to communicate with said security module to determine if an application has appropriate access rights before executing a transaction request.
The invention further provides an ATM including the transaction processing system according to the invention.