Patent Grant
7104383
The present invention relates to validators and in particular, relates to validators having a removable flash memory module.
A host of different types of validators receive and process banknotes to determine the authenticity thereof. The banknotes are moved past sensors which evaluate different properties of the banknotes and the sensed properties of the banknotes are compared relative to a predetermined standard maintained in memory of a central processing unit of the validator. Based on this comparison a prediction as to the authenticity of the banknote is made.
The cost of a validator typically increases as the number of properties being sensed increases and the degree of precision increases. A compromise is normally made between the degree of accuracy a validator must meet and the percentage of bills being rejected on average. As the degree of accuracy increases, the variation between the properties of the sensed bill and the standard decreases. This typically results in some authentic bills being rejected by the validator. For example, an authentic bill may be somewhat worn and the validator may reject it.
A further factor is the introduction of new banknotes by different governments. To a certain extent this practice is to reduce and deter fraudulent activities. Unfortunately this renders existing validators obsolete or only suitable for processing some banknotes. Under these circumstances, it is desirable to replace the software used by the central processing unit in determining whether bills are authentic.
To alter the software used by a central processing unit of a validator, a skilled technician downloads new software to the central processing unit typically from a portable computer. This process is both expensive and time consuming. It would be desirable to provide a more practical approach for updating validators while still providing a high level of security against fraudulent activities.
A banknote validator according to the present invention comprises a banknote processing channel, a series of sensors located along the channel for scanning a banknote as it moves past the sensors, a central processing unit for controlling the operation of the validator and receiving and processing the signals from the sensors. The validator includes a removable memory storage arrangement insertable in a receiving location of the validator. The removable memory storage arrangement, when received in the receiving location, forms an electrical communication path with the central processing unit and provides to the central processing unit the logic for operating the validator.
According to an aspect of the invention, the removable memory storage arrangement is a serial flash module.
According to yet a further aspect of the invention, the removable memory storage arrangement includes an electronic address available to the central processing unit and the electronic address is used to confirm the encoded software remains unchanged.
According to yet a further aspect of the invention, the serial flash module contains information to be downloaded to the central processing unit for controlling the operation of the validator. As a security feature the central processing unit of the validator will not allow the validator to operate if a serial flash memory module is not inserted therein.
According to yet a further aspect of the invention, the removable flash module contains encrypted algorithms used by the central processing unit to evaluate banknotes for authenticity and the central processing unit includes decryption software for using the algorithms. In this way, the information contained in the removable memory storage arrangement is not easily available for misuse.
According to a further aspect of the invention, the serial flash module includes a read only memory which includes an identification code specific to the serial flash memory module and a rewritable memory containing encrypted operating software for operating the validator, said encrypted software including encryption of at least part of said identification code, and the validator includes encryption software for decoding said operating software for use by said validator, said validator providing a security check by comparing the at least part of the identification code which has been decoded with said identification code in said read only memory and only operates when a match is present.
The present invention is also directed to a method of updating software used by a validator in assessing banknotes and to a removable memory arrangement for upgrading a validator.
Preferred embodiments of the invention are shown in the drawings, wherein:
The validator 2 shown in
The validator includes a receiving slot 22 for receiving the removable flash memory module 20. There are several different manufacturers of flash memory modules. One such flash memory module is NX25F011 sold by NexFlash.
These serial flash modules are available in various capacities and the common capacities today are between 128 KB–4 MB. They are quite small in size and have fast data transfer rates. This flash memory module has a simple interface with four or eight PIN contact. Information which is to be downloaded to the central processing unit (CPU) of the validator is encrypted in the removable flash memory module and is therefore difficult to access and/or corrupt.
The flash memory module 20 is divided into two distinct segments namely a read only memory and a rewritable memory. The read only memory is used by the manufacture to assign an identification code to each module. Preferably this identification code uniquely identifies the module. As this portion of the module is a read only memory it can not change. The rewritable memory is available to users to record information and in this case is used for recording encrypted software used by the validator banknote evaluation. The encrypted software also includes encryption of at least part of the identification code as a safe guard against tampering as will be more e fully explained.
When the flash memory module 20 is inserted into a validator, the CPU communicates to the flash memory module through the serial interface 40. As part of an initial communication, the CPU obtains the identification code of the module from the read only memory. In addition the CPU obtains the encrypted software. The CPU includes the capability to decode the encrypted software and carries out this function. This includes decoding and identification of the identification code or part thereof that was encrypted in the software being downloaded. This code is checked for a match with the code in the read only memory. If there is agreement it is assumed the software is authentic and has not been exposed to corruption.
With this arrangement corruption of a removable memory module is extremely difficult. The software is encrypted and includes an encrypted identification somewhere therewithin. Corruption requires decoding and the security level can be very high. Duplication of the entire sensor module is difficult due to the read only memory. Even if this was possible the module would still provide authentic software to be used for validation. The validator is designed to only function when a memory module is present such that updating of several validators requires an equal number of new memory modules.
As shown in
The serial flash memory module 20 includes new processing software for use by the validator. When the serial flash memory module 20 is inserted into the slot 22, it forms a connection with the serial interface 40 and cooperates with the CPU 30. The main program of the CPU associated with the Read Only memory 32 controls the downloading of the software from the flash memory module 20 to the internal flash memory 36 and includes decoding of the information being downloaded and the security check.
When the validator is turned on, as shown in
When a flash memory module is first inserted into a validator, a communication sequence or exchange occurs between the CPU and the flash memory module. The serial number or other unique information of the memory module is read by the CPU from the read only memory of the flash memory module and stored in the CPU. The CPU then downloads and decodes the encrypted software and performs the security check with respect to the identification code which was also encoded. If all steps are satisfactory the validator has been updated and will function with the updated software.
If the memory module is removed and inserted in a different validator a similar process will occur. The original validator will not function until a memory module is inserted therein and will go through the process again.
With the above arrangement where the flash memory module becomes a necessary part of the validator for operation thereof. In this way, the software is controlled in an effective manner and appropriate software for each validator is required. Furthermore, the information contained in the flash memory module is encrypted, and therefore, it is not possible to easily determine the controlling software used by the validator. The validator includes its own encryption software to allow decoding of information downloaded to the validator from the flash memory module.
As can be seen in
Returning to the flow chart of
As can be appreciated form the schematics of
The operating software of the memory module is preferably downloaded to the internal flash memory of the validator.
With this system, the CPU of the validator, can at the time of manufacture, include in a secure manner, the necessary programming and logic which will allow updating thereof by downloading information from the flash memory module. It is initially provided with its own removable flash memory module and could operate for its entire useful life without any updating. On the other hand, if it is found that it is necessary to update the validator to increase the security features thereof, or to allow the validator to detect new banknotes, the programming of the validator can be updated.
This is accomplished by sending to the owner, or otherwise providing at the validator, a new flash memory module, and replacing the existing flash memory module with the new module. The validator is then turned on and goes through its own logic sequence to download the new program to the validator. It also writes certain information to the flash memory module, such that flash memory module cannot be used with other validators. As can be appreciated, the validator effectively carries out the downloading and the verification sequences when a new module is inserted, and therefore, this can be accomplished by an unskilled, authorized person. It does not require a skilled technician nor does it require special tools or other expertise. These flash memory modules, once programmed, can be sent by mail to the owner of the validators and he can arrange for updating by any one who is familiar with the units, such as someone who is servicing the validators to remove banknotes stacked in the cassette. This arrangement provides full security with the ease of convenient updating.
Another feature of the invention is the ease of programming the validator by the manufacturer. The programming by the sensor module also allows ease in changing from one currency to another. The validator can include removable sensor modules as shown in
The validator 62 of
The sensor modules are located in recesses 81 and 83 to opposite sides of the path. Each sensor module includes an electrical connection 85 for connection with an electrical connection of the validator. As shown in
The removable memory module can cooperate with the CPU of the validator in other ways. For example the CPU can personalize the removable memory module such that it can not be used with other validators once it has been used to update a particular validator. The flash memory module 20 can include a writable address which is written to by the validator to personalize the module to the validator. When the flash memory module 20 is inserted into a validator, the CPU communicates to the flash memory module through the serial interface 40. As part of an initial communication, the CPU writes to the writable address of the flash memory module, the serial number of the CPU and the flash memory maintains this address as a one time write memory. As such this information can not be changed or over written. This arrangement is particularly advantageous in that the serial flash memory module, once inserted in an appropriate validator, has the serial number of that validator written to the flash memory module.
The interaction between the CPU and the flash memory module is such that the flash memory module cannot be used for updating other validators. It is also possible to have the CPU write to this one time writable memory once updating of the CPU has been completed successfully. In this way the memory module is not limited to a particular validator until the validator has been updated. The CPU is programmed to look to this writable memory upon insertion of the module and confirm it has not been used to update a different validator.
When a flash memory module is first inserted into a validator, a communication sequence or exchange occurs between the CPU and the flash memory module. The serial number or other unique information of the validator is forwarded from the CPU to the flash memory module and stored in a one time writable address associated with the flash memory module. This step then dedicates that particular flash memory module to that particular validator. If that flash memory module is removed and inserted in a similar type validator, the CPU of the second validator will start an initial communication with the flash memory module and it will be determined that the identity of that second validator is not the same as the address or code which has been written into the writable area of the flash memory module. This recognition will then stop any downloading of information and result in an error message.
A further feature of the system is that the validator will not function without the flash memory module 20.
The personalizing of the memory module to a validator provides additional control on the use of the memory module and provides additional control for the manufacturer as the updates are being carried out to a large extent outside of his control. Updating of each validator requires a new memory module and therefore some control is returned to the manufacturer.
This feature of rendering the memory module dedicated to a particular validator can be used in combination with the security feature associated with the serial number of the memory module and the encrypted software previously described.
In some cases the updated validator can benefit form having additional memory capacity available to it for the normal operation thereof. The removable memory arrangement can have additional capacity over and above that needed for software to be downloaded which is available to the CPU. It is also possible, although not preferred to delete the dwonloaded software and thus make this memory space available. This modification would also require modification of the initial power up procedure of the validator.
Although various preferred embodiments of the present invention have been described herein in detail, it will be appreciated by those skilled in the art, that variations may be made thereto without departing from the spirit of the invention or the scope of the appended claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5557518 | Rosen | Sep 1996 | A |
| 5774553 | Rosen | Jun 1998 | A |
| 5799087 | Rosen | Aug 1998 | A |
| 5909502 | Mazur | Jun 1999 | A |
| 5909794 | Molbak et al. | Jun 1999 | A |
| 5940623 | Watts et al. | Aug 1999 | A |
| 5947255 | Shimada et al. | Sep 1999 | A |
| 5964336 | Itako et al. | Oct 1999 | A |
| 6012565 | Mazur | Jan 2000 | A |
| 6024288 | Gottlich et al. | Feb 2000 | A |
| 6039645 | Mazur | Mar 2000 | A |
| 6044952 | Haggerty et al. | Apr 2000 | A |
| 6079018 | Hardy et al. | Jun 2000 | A |
| 6142284 | Saltsov | Nov 2000 | A |
| 6142285 | Panzeri et al. | Nov 2000 | A |
| 6233566 | Levine et al. | May 2001 | B1 |
| 6241069 | Mazur et al. | Jun 2001 | B1 |
| 6301344 | Meyer et al. | Oct 2001 | B1 |
| 6318536 | Korman et al. | Nov 2001 | B1 |
| 6334190 | Silverbrook et al. | Dec 2001 | B1 |
