Abstract: A digital computing device controlling the access to encrypted digital information includes a control unit, peripheral devices connected to the control unit, a hard disk connected to the control unit storing the digital data, and a data encryption key configured for encrypting the digital data. The control unit is configured to detect the peripheral devices, read identification information from the peripheral devices that denotes the respective peripheral device, generate for the peripheral devices a respective key encryption key on the basis of the read identification information, initially store at least one encrypted data encryption key that is generated by encrypting the data encryption key using the respective key encryption key, in a memory area of the hard disk, and after the initial storage determine the data encryption key by decrypting the encrypted data encryption key using the respective key encryption key derived from the respective identification information.

Abstract: A peripheral digital storage device has an interface allowing a connection to a self-service machine for performing maintenance operation to the self-service machine. The device provides a storage area divided into a set of partitions which are interpretable by the self-service machine as independent storage areas for file operation when connected to the self-service machine. A control unit which is configured to control the access to the partitions by refusing or granting the self-service machine an access to the partition depending on identity information receivable from the self-service machine for providing access to individual partitions for each assigned self-service machine connectable to the interface.

Abstract: A method and a device for secure verification of opening of a safe door of a safe, in particular a safe door of a safe of an automated teller machine, includes a safe door and storage compartments for cash boxes that are arranged relative to each other such that the cash boxes can only be removed from and inserted into the storage compartments when the safe door is open. A control unit verifies an opening of the safe door by checking if cash boxes have been removed from the safe and have been inserted into the safe in swapped order compared to a first operating state.

Abstract: A digital computing device controlling the access to encrypted digital information includes a control unit, peripheral devices connected to the control unit, a hard disk connected to the control unit storing the digital data, and a data encryption key configured for encrypting the digital data. The control unit is configured to detect the peripheral devices, read identification information from the peripheral devices that denotes the respective peripheral device, generate for the peripheral devices a respective key encryption key on the basis of the read identification information, initially store at least one encrypted data encryption key that is generated by encrypting the data encryption key using the respective key encryption key, in a memory area of the hard disk, and after the initial storage determine the data encryption key by decrypting the encrypted data encryption key using the respective key encryption key derived from the respective identification information.

Abstract: A digital computing device controlling the access to encrypted digital information includes a control unit, peripheral devices connected to the control unit, a hard disk connected to the control unit storing the digital data, and a data encryption key configured for encrypting the digital data. The control unit is configured to detect the peripheral devices, read identification information from the peripheral devices that denotes the respective peripheral device, generate for the peripheral devices a respective key encryption key on the basis of the read identification information, initially store at least one encrypted data encryption key that is generated by encrypting the data encryption key using the respective key encrypt ion key, in a memory area of the nerd disk, and after the initial storage determine the data encryption key by decrypting the encrypted data encryption key using the respective key encryption key derived from the respective identification information.

Abstract: According to various embodiments, a document of value processing device may include: a secured chamber configured to accommodate one or more documents of value and to protect at least one handling device from unauthorized access; the at least one handling device disposed inside the secured chamber to handle at least an output of the one or more documents of value out of the secured chamber may; a control circuit coupled to the at least one handling device to control an operation of the at least one handling device; and a security circuit disposed inside the secured chamber. The security circuit is configured to receive a cryptographically processed signal, to verify the received cryptographically processed signal, and to disable or enable the operation of the at least one handling device based on a verification result.

Abstract: A method and a device for secure verification of opening of a safe door of a safe, in particular a safe door of a safe of an automated teller machine, includes a safe door and storage compartments for cash boxes that are arranged relative to each other such that the cash boxes can only be removed from and inserted into the storage compartments when the safe door is open. A control unit verifies an opening of the safe door by checking if cash boxes have been removed from the safe and have been inserted into the safe in swapped order compared to a first operating state.

Abstract: A peripheral digital storage device has an interface allowing a connection to a self-service machine for performing maintenance operation to the self-service machine. The device provides a storage area divided into a set of partitions which are interpretable by the self-service machine as independent storage areas for file operation when connected to the self-service machine. A control unit which is configured to control the access to the partitions by refusing or granting the self-service machine an access to the partition depending on identity information receivable from the self-service machine for providing access to individual partitions for each assigned self-service machine connectable to the interface.

Abstract: A method is provided for controlling access to the BIOS/(U)EFI or for controlling sub-functions of the BIOS of a self-service machine. The password of the BIOS is calculated via a deterministic algorithm incorporating code-generating information that changes over time. The method includes displaying code-generating information that changes over time on a screen of the self-service machine during access to the BIOS of the self-service machine. The method proceeds by inputting the code-generating information in a program on a second computer that also has the deterministic algorithm for calculating the password for the BIOS, and calculating and displaying the password on the second computer. The method then includes inputting the password on the self-service machine and checking the password by the deterministic algorithm to allow access to the BIOS if the password is correct.

Abstract: A digital computing device controlling the access to encrypted digital information includes a control unit, peripheral devices connected to the control unit, a hard disk connected to the control unit storing the digital data, and a data encryption key configured for encrypting the digital data. The control unit is configured to detect the peripheral devices, read identification information from the peripheral devices that denotes the respective peripheral device, generate for the peripheral devices a respective key encryption key on the basis of the read identification information, initially store at least one encrypted data encryption key that is generated by encrypting the data encryption key using the respective key encrypt ion key, in a memory area of the nerd disk, and after the initial storage determine the data encryption key by decrypting the encrypted data encryption key using the respective key encryption key derived from the respective identification information.

Abstract: According to various embodiments, a document of value processing device may include: a secured chamber configured to accommodate one or more documents of value and to protect at least one handling device from unauthorized access; the at least one handling device disposed inside the secured chamber to handle at least an output of the one or more documents of value out of the secured chamber may; a control circuit coupled to the at least one handling device to control an operation of the at least one handling device; and a security circuit disposed inside the secured chamber. The security circuit is configured to receive a cryptographically processed signal, to verify the received cryptographically processed signal, and to disable or enable the operation of the at least one handling device based on a verification result.

Abstract: A method is provided for controlling access to the BIOS/(U)EFI or for controlling sub-functions of the BIOS of a self-service machine. The password of the BIOS is calculated via a deterministic algorithm incorporating code-generating information that changes over time. The method includes displaying code-generating information that changes over time on a screen of the self-service machine during access to the BIOS of the self-service machine. The method proceeds by inputting the code-generating information in a program on a second computer that also has the deterministic algorithm for calculating the password for the BIOS, and calculating and displaying the password on the second computer. The method then includes inputting the password on the self-service machine and checking the password by the deterministic algorithm to allow access to the BIOS if the password is correct.

Abstract: The invention relates to a method for evaluating the authenticity of peripheral devices of a self-service machine having an operating system that provides at least one global mutex, having software layers, that are arranged on the operating system, having processes that run on the self-service machine and that access the operating system and/or the software layers, comprising the steps of: evaluating of authenticity of a connected peripheral device by a first process; if it was determined during the evaluation that the peripheral device could not be authenticated, setting of the mutex; evaluating the mutex by a second process based on an event and, if the mutex is set, switching the self-service machine to an error state.

Abstract: Method for recognizing attacks to at least one interface of a computer system, in particular an automated self-service machine, comprising: monitoring the interface in order to determine changes at the interface; if changes occur, the change is used to determine the probability that an unallowed attack is occurring at the interface; if the probability is beyond a defined threshold, defensive maneuvers are introduced.

Abstract: The invention relates to a method for evaluating the authenticity of peripheral devices of a self-service machine having an operating system that provides at least one global mutex, having software layers, that are arranged on the operating system, having processes that run on the self-service machine and that access the operating system and/or the software layers, comprising the steps of: evaluating of authenticity of a connected peripheral device by a first process; if it was determined during the evaluation that the peripheral device could not be authenticated, setting of the mutex; evaluating the mutex by a second process based on an event and, if the mutex is set, switching the self-service machine to an error state.

Abstract: A method and a device (DET) are proposed to defend against electronic spying during the transmission of image data (Sb) or image signals (Sa) that are generated by a camera (CAM) installed at a self-service terminal (ATM), said camera recording an area (A0) that covers an operating area of the self-service terminal (ATM). As soon as events occurring at the self-service terminal (ATM) in the recording area (A0) or outside of said area, in particular actuation of a key pad (KBD) and/or insertion of a card into a card slot (SLT), are detected, the generation of the image signals (Sa) and/or the transmission of the image data (Sb) is controlled as a function thereof, for instance at least the sensitive areas or partial image data (Sb?) in the image data obtained (Sb) are blanked out or replaced by artificially generated data.

Abstract: Method for recognizing attacks to at least one interface of a computer system, in particular an automated self-service machine, comprising: monitoring the interface in order to determine changes at the interface; if changes occur, the change is used to determine the probability that an unallowed attack is occurring at the interface; if the probability is beyond a defined threshold, defensive maneuvers are introduced.

Abstract: To determine the position of a chip card (14) in the card cage of a card reader the invention provides for the presence of the chip contact surface (18) to be detected in the four possible positions in which the chip (16) of the card (14) inserted into the card reader can be situated. To this end a sensor (20) for detecting the chip card surface (18) and linked to an evaluation unit (28) is arranged opposite each of the possible positions.