Abstract: A card reader of a terminal is cryptographically verified upon initialization, power up, connection, or start of day processing of the terminal. A cryptographic and signed token is provided from and verified by an Encrypted Personal Identification Number (PIN) pad (EPP) of the terminal. Each time the reader initializes, the token is verified by the EPP and a new token is generated and provided to the reader for use during a next initialization cycle of the reader. If the reader lacks a token when the EPP has record that is should have the token, the reader is not authorized to perform card transactions for the terminal. If a token provided by the reader during an initialization cycle is not verified, the reader is not authorized to perform card transactions for the terminal.

Abstract: A Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) on a Self-Service Terminal (SST) loads ATM resources into volatile memory of the SST during a boot of the SST in a predefined order. Each time, during an SST boot, where the order is attempting to be changed; a credential is required to change the predefined order and the credential has to be authenticated before the predefined order is changed during the SST boot.

Abstract: A Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) on a Self-Service Terminal (SST) processes during a boot of the SST. When a new hard disk is detected as being present and an identifier for the new hard disk is missing from a whitelist, a signed hard disk identifier is verified from storage on the new hard disk. If the signed hard disk identifier is verified: the new hard disk is authenticated, the whitelist is updated to include the new hard disk identifier, a unique identifier for BIOS/UEFI and the new hard disk identifier are written to the storage of the new hard disk, and the boot process is permitted to continue for the SST.

Abstract: A Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) on a Self-Service Terminal (SST) processes during a boot of the SST. When a new hard disk is detected as being present and an identifier for the new hard disk is missing from a whitelist, a signed hard disk identifier is verified from storage on the new hard disk. If the signed hard disk identifier is verified: the new hard disk is authenticated, the whitelist is updated to include the new hard disk identifier, a unique identifier for BIOS/UEFI and the new hard disk identifier are written to the storage of the new hard disk, and the boot process is permitted to continue for the SST.

Abstract: A Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) on a Self-Service Terminal (SST) loads ATM resources into volatile memory of the SST during a boot of the SST in a predefined order. Each time, during an SST boot, where the order is attempting to be changed; a credential is required to change the predefined order and the credential has to be authenticated before the predefined order is changed during the SST boot.

Abstract: One embodiment is in the form of a Self-Service Terminal (SST), such as an automated teller machine (ATM). The SST includes a peripheral device, such as a cash dispenser, and a security controller device including a memory device and a coupling to the peripheral device. The security controller device is operable to perform data processing activities including receiving peripheral device identifying data from the peripheral device and transmitting a public key (SCpk) of the security controller device to the peripheral device. The security controller may then decrypt a received peripheral device encryption key (Ki) according to SCpk, generate a first security controller encryption key (Ke1), and generate a first message authentication code key and encrypt the first message authentication code key according to Ke1 to obtain (Km1)Ke1. (Km1)Ke1 may then be stored in the memory device and transmitted to the peripheral device.

Abstract: One embodiment is in the form of a Self-Service Terminal (SST), such as an automated teller machine (ATM). The SST includes a peripheral device, such as a cash dispenser, and a security controller device including a memory device and a coupling to the peripheral device. The security controller device is operable to perform data processing activities including receiving peripheral device identifying data from the peripheral device and transmitting a public key (SCpk) of the security controller device to the peripheral device. The security controller may then decrypt a received peripheral device encryption key (Ki) according to SCpk, generate a first security controller encryption key (Ke1), and generate a first message authentication code key and encrypt the first message authentication code key according to Ke1 to obtain (Km1)Ke1. (Km1)Ke1 may then be stored in the memory device and transmitted to the peripheral device.