Cash dispensing automated banking machine diagnostic device

Abstract

An automated banking machine (10) includes a lockable first fascia portion (20) which when unlocked enables access to a chest lock input device (104), inputs to which enable opening a chest door (18) of the machine. Opening the first fascia portion also enables access to an actuator (116) which enables moving a second fascia portion (22) for conducting service activities. A controller (72) in the machine selectively illuminates light emitting devices (118, 126) for purposes of facilitating user operation of the machine. Sensing devices (128) adjacent a card reader slot (28) on the machine enables the controller to detect the presence of unauthorized card reading devices. Servicing the machine is facilitated through use of a portable diagnostic article (98) which enables the controller to access diagnostic data stored in memory and which provides data indicative of the significance of the diagnostic data.

Claims

1. Apparatus comprising:

a diagnostic article adapted to be operatively connected to and disconnected from an ATM capable of dispensing cash, wherein the diagnostic article includes computer readable ATM service data capable of being read through operation of the ATM, wherein at least a portion of the ATM service data is encrypted and is capable of being decrypted by diagnostic software operating in at least one processor of the ATM, wherein the decrypted ATM service data is capable of being used by the diagnostic software operating in the at least one processor of the ATM to enable visual information to be provided through a display device of the ATM, at least some of which visual information is provided responsive to ATM service data read from the diagnostic article and diagnostic data stored in at least one data store of the ATM, which diagnostic data concerns at least one operational characteristic of at least one transaction function device of the ATM.

2. The apparatus according to claim 1 wherein the diagnostic article comprises a portable storage medium.

3. The apparatus according to claim 2 wherein the portable storage medium comprises a CD.

4. The apparatus according to claim 2 wherein the portable storage medium comprises a DVD.

5. The apparatus according to claim 2 wherein the portable storage medium comprises a portable flash memory device.

6. The apparatus according to claim 1, wherein the ATM service data includes data capable of being used by the diagnostic software operating in the at least one processor of the ATM to cause the visual information to be provided through the display device, which visual information includes indicia indicative of significance of the diagnostic data.

7. The apparatus according to claim 6, wherein the decrypted ATM service data enables the at least one processor to output the indicia indicative of significance.

8. The apparatus according to claim 6, wherein the indicia indicative of significance corresponds to diagnostic data stored in at least one data store of the ATM concerning at least one operational characteristic of a cash dispenser of the ATM.

9. The apparatus according to claim 1, wherein the diagnostic article includes data corresponding to at least one code capable of being read from the diagnostic article through operation of the ATM, wherein the at least one code is capable of being authenticated through operation of the at least one processor of the ATM, wherein successful authentication of the at least one code is operative to enable the diagnostic software operating in the at least one processor of the ATM to cause the visual information to be provided through the display device of the ATM, and wherein unsuccessful authentication of the at least one code is operative to prevent the diagnostic software operating in the at least one processor of the ATM from causing the visual information to be provided through the display device of the ATM.

10. The apparatus according to claim 9, wherein the encrypted ATM service data corresponds to the at least one code.

11. The apparatus according to claim 9, wherein the at least one code is capable of being authenticated with respect to at least one of a date determined through operation of the at least one processor, an input provided through an input device of the ATM, and data stored in the ATM.

12. The apparatus according to claim 11, wherein the diagnostic article includes the diagnostic software capable of being read from the diagnostic article by the at least one processor of the ATM, wherein the diagnostic software is operative in the at least one processor of the ATM to authenticate the at least one code.

13. The apparatus according to claim 1, wherein the diagnostic article includes at least a portion of the diagnostic software stored thereon.

14. The apparatus according to claim 13, wherein the diagnostic software includes a browser capable of selectively accessing different portions of ATM service data from the diagnostic article.

15. The apparatus according to claim 1, wherein the diagnostic article includes diagnostic instructions capable of enabling the at least one processor to interact with at least one of a plurality of transaction function devices in the ATM to operate to conduct at least one diagnostic test.

16. An article comprising:

computer readable media adapted to be selectively operatively connected with and disconnected from a cash dispensing automated banking machine, wherein the computer readable media includes computer executable instructions including service manual data corresponding to a plurality of service procedures for a cash dispensing automated banking machine, wherein the instructions are capable of being processed through operation of browser software to produce a plurality of outputs corresponding to a plurality of service procedures, and wherein when the article is in operative connection with a cash dispensing automated banking machine, at least one processor of the machine is operative responsive to the instructions to access diagnostic data stored in at least one data store of the machine concerning operation of at least one transaction function device of the machine, wherein the at least one transaction function device is operative to cause cash to be dispensed from the machine, and wherein the at least one processor of the machine is operative responsive to browser software operating in the at least one processor, the accessed diagnostic data and service manual data to cause at least one output device of the machine to output indicia corresponding to at least one service procedure for the machine.

Description

TECHNICAL FIELD

This invention relates to automated banking machines. Specifically this invention relates to automated banking machine apparatus, systems and methods that provide for improved reliability and serviceability.

BACKGROUND ART

Automated banking machines are known. A common type of automated banking machine used by consumers is an automated teller machine ("ATM"). ATMs enable customers to carry out banking transactions. Examples of banking transactions that are sometimes carried out with ATMs include the dispensing of cash, the making of deposits, the transfer of funds between accounts, the payment of bills, the cashing of checks, the purchase of money orders, the purchase of stamps, the purchase of tickets, the purchase of phone cards and account balance inquiries. The types of banking transactions a customer can carry out at an ATM are determined by the particular banking machine, the system in which it is connected and the programming of the machine by the entity responsible for its operation.

Other types of automated banking machines may be operated in other types of environments. For example certain types of automated banking machines may be used in a customer service environment. For example certain types of automated banking machines may be used for purposes of counting currency or other items that are received from or which are to be given to a customer. Other types of automated banking machines may be used to validate items which provide the customer with access, value or privileges such as tickets, vouchers, checks or other financial instruments. Other examples of automated banking machines may include machines which are operative to provide users with the right to merchandise or services in an attended or a self-service environment. For purposes of this disclosure an automated banking machine shall be deemed to include any machine which may be operated to carry out transactions including transfers of value.

ATMs may include various types of transaction function devices. These devices are operated to carry out transactions. Different types of ATMs include different types of devices. The different types of devices enable the ATM to carry out different types of transactions. For example, some types of ATMs include a depository for accepting deposits while other ATMs do not. Some ATMs have a "touch screen" while others have separate displays and input buttons. ATMs can also be fitted with devices such as cash and coin acceptors, statement printers, check validators, bill acceptors, thumb print readers and other types of devices, while other ATMs do not include such devices.

Many financial institutions wish to add new functionality to their existing ATMs. For example, a bank with ATMs for dispensing cash may wish to add a statement printer to each of the ATMs for printing a customer's banking statement. Such new functionality usually requires additional software modifications to the ATM in addition to the new hardware. Unfortunately, the process of updating ATM software is typically complicated by the fact that many financial institutions purchase ATM hardware from more than one manufacturer. Thus, to add new software for performing a new function such as printing banking statements, separate applications must be written or modified for each vendor-specific ATM platform. Compounding this complexity, vendor-specific ATM platforms may similarly incorporate transaction function devices from a variety of other sources so within a vendor-specific ATM platform, significant variation may also be present in vendor-specific transaction function device drivers. Porting applications to multiple ATM platforms, significantly reduces the productivity of the ATM software developers. Consequently, there exists a need for an architecture that enables developers to write ATM applications that work with minimal modification on a plurality of proprietary ATM platforms, with a plurality of proprietary transaction function devices.

To achieve this goal, industry standards are being developed which are designed to enable ATM hardware and software to be cross-vendor compatible. One example of such a standard is WOSA/XFS (Windows Open Services Architecture/eXtensions for Financial Services) which is defined by the CEN/ISSS XFS standard committee. FIG. 26 shows a schematic view of an exemplary WOSA/XFS architecture. An exemplary WOSA/XFS enabled ATM 1110 may include a WOSA/XFS Manager 1112. The WOSA/XFS Manager 1112 includes a standardized interface to enable an ATM terminal application 1114 to communicate with ATM transaction function devices 1116. Each transaction function device 1116 includes a corresponding service provider interface component 1118. The service providers 1118 are supplied by the vendors of the ATM devices 1116 and are specially designed to accept requests from the WOSA/XFS Manager 1112 and pass those requests on to the corresponding device 1116. Theoretically, the ATM terminal application 1114 will be able to run on any vendor's ATM hardware 120 as long as both the ATM terminal application 1114 and the vendor's implementation of the service providers 1118 adhere to the WOSA/XFS specifications.

Another example of an emerging industrial standard for an ATM hardware/software architecture is J/XFS (Java/eXtensions for Financial Services). Unlike WOSA-XFS which is designed for Microsoft Windows® platforms only, J/XFS is a Java-based architecture that may be implemented on any hardware/software platform that supports a Java Virtual Machine (JVM). As shown in FIG. 27, an exemplary J/XFS enabled ATM 1210 may include a J/XFS Kernel. The J/XFS Kernel is similar in functionality to the previously described WOSA/XFS Manager 1112, however the J/XFS Kernel runs in a JVM 1224. The J/XFS Kernel is operative responsive to commands from an ATM terminal application 1214 to have a device service layer 1220 control the operation of ATM devices 1216. Like the previously described service providers 1118, the device service layer 1220 includes vendor provided device services 1218 that correspond to the vendor's hardware devices 1216.

In general the previously described XFS architectures define a standard for the lowest common denominator of ATM hardware features. Unfortunately, by including only those features that are common to all ATM hardware devices, the XFS standards cannot include interfaces to unique features associated with a vendor's particular implementation of a transaction function device. One example of unique features that are not implemented in the XFS interfaces includes access to low level diagnostic testing of individual hardware components of a device. Such control over low level hardware functionality can be very useful when troubleshooting problems with a specific component such as a motor or sensor. Unfortunately, as each vendor may mechanically and/or electronically construct a particular type of device completely differently than another vendor, the XFS standards have not attempted to implement methods for testing low level vendor specific hardware.

It is desirable to keep automated banking machines in operation at all appropriate times to the extent possible. If a machine should experience a malfunction, it is useful to return the machine to service as quickly as possible. The inability to perform low-level diagnostic testing, and the wide variation in vendor developed transaction function device diagnostic testing methods and capabilities may create significant delays in diagnosing and resolving such malfunctions. Thus there exists a need for low level diagnostic tools and testing of ATM hardware which may be used in either single vendor or cross-vendor XFS enabled terminals. There further exists a need for improvements in the operation, reliability, servicing and repair of automated banking machines.

DISCLOSURE OF INVENTION

It is an object of an exemplary embodiment of the invention to provide an automated banking machine.

It is a further object of an exemplary embodiment of the invention to provide an automated banking machine which provides improved access for servicing.

It is a further object of an exemplary embodiment of the invention to provide an automated banking machine which enables controlling the temperature of machine components to extend service life.

It is a further object of an exemplary embodiment of the invention to provide an automated banking machine which provides for reliable illumination of transaction areas while facilitating servicing of the machine.

It is a further object of an exemplary embodiment of the invention to provide an automated banking machine that facilitates the detection of fraudulent activity which may be attempted at the machine.

It is a further object of an exemplary embodiment of the invention to provide an architecture including standardized low level interfaces for hardware devices made by a plurality of vendors.

It is a further object of an exemplary embodiment of the invention to provide an automated banking machine with improved diagnostic capabilities.

It is a further object of an exemplary embodiment of the invention to provide an automated banking machine which reduces the risk of unauthorized access to devices and operations of the machine.

Further objects of exemplary embodiments will be made apparent in the following Best Modes for Carrying Out Invention and the appended claims.

The foregoing objects are accomplished in some exemplary embodiments by an automated banking machine which is an ATM. The ATM includes a plurality of transaction function devices. In the exemplary embodiment the transaction function devices include input and output devices which are part of a user interface. In the exemplary embodiment the transaction function devices also include devices for carrying out types of banking transactions such as a currency dispenser device and a deposit accepting device. The exemplary embodiment of the ATM also includes at least one computer which is generally referred to herein as a controller, and which is operative to cause the operation of the transaction function devices in the machine.

In some exemplary embodiments the controller may include a module interface framework which provides a uniform interface between an ATM application and a plurality of modules, generally comprising transaction function devices. An exemplary module interface framework includes a device server which is operative as a device dispatcher and manager. The device server may be accessed by a terminal application, XFS service provider component (SP), and/or a diagnostic application through at least one module interface application program interface ("API"). The device server is operative to selectively direct transaction function devices to operation through use of one of module interface components which corresponds to the transaction function devices. The use of a module interface framework enables the use of a consistent set of commands for use by one or more applications to control a plurality of vendor specific transaction function devices which may be incorporated in any individual ATM

In some embodiments, it may be desirable to use a cross-vendor ATM terminal application, in which case an XFS layer, using a service provider for each transaction function device may be employed between the ATM terminal application and the module interface framework or in parallel with the module interface framework.

In an exemplary embodiment the ATM includes a housing with a secure chest portion and an upper housing area. The chest portion houses certain transaction function devices such as the currency dispenser device. The chest portion includes a chest door which is generally secured but which is capable of being opened when unlocked by authorized persons.

In the exemplary embodiment the upper housing area includes a first portion and a second portion. Access to the first and second portions are controlled by independently movable first and second fascia portions. In the exemplary embodiment one or more devices that must be manipulated in order to unlock the chest door are positioned within the first housing area. Access to the first portion of the upper housing is controlled by a fascia lock in operative connection with the first fascia portion. Thus when servicing of devices within the chest portion is required, a servicer first accesses the first portion of the upper housing area by unlocking the fascia lock to gain access to the chest lock input devices located within the upper housing area in the first portion. Once access to the first portion is achieved, the servicer provides one or more inputs to the chest lock input device to enable unlocking the chest door. In the exemplary embodiment this may be accomplished without moving the second fascia portion or moving the transaction function devices which are located within the second portion of the upper housing area.

In some exemplary embodiments the display types used as part of the user interface of the automated banking machine generate considerable heat. The combination of the heat generated by the display as well as other devices within the housing of the machine can cause elevated temperatures within the housing. This problem may occur more frequently within machines that are located in an outdoor environment where the external temperature may often become elevated. Unduly high temperatures within the machine may cause damage to the display or other machine components, or may shorten component life.

In the exemplary embodiment the housing is provided with an air cooling opening in proximity with the display so as to facilitate a flow of cooling air therethrough. In a further exemplary embodiment a baffle structure is provided in intermediate relation between the air cooling opening and the display and other components within the machine, so as to reduce the risk of moisture and other contaminants entering the interior of the machine as well as to reduce the risk of unauthorized access. In an exemplary embodiment the baffle structure is adapted to direct moisture and other contaminants to the outside of the housing of the machine while facilitating access to the transaction function devices for servicing.

In some exemplary embodiments during operation of the ATM, the transaction areas are illuminated to facilitate operation of the machine by users. Such transaction areas include in an exemplary embodiment, recessed pockets on the machine housing from which users can receive currency to be delivered to them, as well as where a user inputs deposit items. Further in an exemplary embodiment the controller of the ATM is operative to illuminate the transaction areas at those times when the user would be expected to receive or place items in such transaction areas during the conduct of transactions. This facilitates guiding the user to the particular transaction area on the machine even when the machine is being operated during daylight hours.

In an exemplary embodiment the transaction areas are positioned on components of the machine that are relatively movable during servicing activities. To facilitate the illumination of such areas while enabling relative movement, a light transmissive window is provided adjacent to certain transaction areas in the exemplary embodiment. In an operative position of the machine the window is aligned with an illumination source located in another portion of the housing. A controller of the machine initiates illumination of the illumination source at appropriate times in the conduct of transactions which causes illumination of the transaction area. However, when servicing the machine the transaction area and the illumination source may be relatively moved without making special accommodations such as disconnecting electrical connectors or light guides in order to gain access to conduct servicing activities.

In some exemplary embodiments the capability of illuminating selected areas of the machine during certain transaction steps may be utilized in conjunction with an anti-fraud device. In an exemplary embodiment the anti-fraud device is used to reduce the risk that an unauthorized card reading device is installed externally of the machine adjacent to the card reader slot of the machine fascia. Criminals are sometimes ingenious and in the past some have produced reading devices that can intercept magnetic stripe data on cards that are being input to an ATM by a consumer. By intercepting this data, criminals may be able to conduct unauthorized transactions with the consumer's card number. Such external reading devices may be made to appear to be a part of the normal ATM fascia.

In an exemplary embodiment the housing in surrounding relation of the card reader slot is illuminated responsive to operation of the controller. In some exemplary machines the housing is operative to illuminate an area generally entirely surrounding the slot so as to make it more readily apparent to a user that an unauthorized modification or attachment to the fascia may have been made.

In some exemplary embodiments during normal operation, the illumination of the area surrounding the fascia card slot is operative to help to guide the user to the slot such as during a transaction when a user is required to input or take their card. The exemplary ATM is provided with radiation sensing devices positioned adjacent to the illumination devices that are operative to illuminate the area surrounding the card reader slot. The exemplary controller is programmed to sense changes in the magnitude of radiation sensed by the one or more radiation sensing devices. The installation of an unauthorized card reading device in proximity to the card reading slot generally produces a change in the magnitude of the radiation sensed by the radiation sensing devices. The exemplary controller is programmed to recognize such changes and to take appropriate action in response thereto so as to reduce the possibility of fraud. Such action may include in some exemplary embodiments, the machine sending a status message through a network to a person to be notified of a possible fraud condition. Such actions may also include in some embodiments, warning the user of the machine to look for the installation of a possible fraud device. Of course these approaches are exemplary and in other embodiments other approaches may be used.

In some exemplary embodiments of the ATM an improved diagnostic system may be provided for authorized servicers of the machine. The improved diagnostic system may include security features so as to reduce the risk of unauthorized persons using service and diagnostic capabilities of the machine for unauthorized purposes.

In an exemplary embodiment authorized servicers are provided with a portable diagnostic article bearing computer readable instructions such as a CD, DVD, smart card, portable memory device, compact flash card, portable hard drive, portable computing device, or any other portable device which is operative to provide diagnostic information to an ATM. When an authorized servicer is to service the machine, the portable diagnostic article is placed into operative engagement with a diagnostic article reading device. This may include for example a CD drive located within the chest portion of the housing of the ATM. This exemplary approach may reduce the risk that persons who do not have access to the chest area are enabled to access the diagnostic article reading device. However, in other embodiments other approaches may be used.

In an exemplary embodiment the diagnostic article provides to the controller of the machine one or more secret codes. The secret codes may then be manipulated through the operation of the controller to determine if the diagnostic article is authorized. In some embodiments a servicer may also be required to input identifying information through one or more input devices on the ATM. Such identifying information may also be utilized in the determination as to whether the diagnostic article is authorized. Further in some exemplary embodiments the secret codes in the diagnostic article may be date, location and/or device sensitive such that the diagnostic article with the secret codes may be employed only during particular times and/or during a particular calendar period, at particular machines or for only certain devices in the machine. Of course these security procedures are exemplary and in other embodiments other or additional approaches may be used.

In some exemplary embodiments the ATM controller responsive to authentication of the diagnostic article is operative to enable the machine to output protected diagnostic data which is stored in one or more data stores within the machine. This may include for example information concerning performance of devices, information concerning sensed malfunctions or near malfunctions, data concerning statistical operational trends of various transaction function devices and/or other information that may be useful in diagnosing a malfunction of the machine and/or in preventing a future malfunction. In the exemplary embodiment this diagnostic data is stored in a protected manner in the data store of the machine so as to prevent access thereto by unauthorized persons. However, when the machine is engaged with an authorized diagnostic article such data, or information based thereon, is enabled to be output either through output devices on the machine, such as a screen, and/or other devices, such as a portable terminal or cell phone carried by a servicer.

In some exemplary embodiments, the ATM controller responsive to authentication of the diagnostic article is operative to enable the machine to switch to a diagnostic application. The diagnostic application may include, for example graphical representations of the system, module, and component status by displaying a graphical representation of the system, or selected module, or component. In addition, the diagnostic application may include a plurality of icons which identify portions of the system, module, or component about which more information is available, or for which diagnostic tests or other options may be available. In some embodiments of a diagnostic application, options available to the servicer may include the ability to direct a transaction function device to selectively perform one or more low level actions, such as turning on an indicator light, a motor, or sensor. In some embodiments, the availability of such information may be announced by other output means, such as textually or aurally or audibly. In some exemplary embodiments, such information, tests, or other options may be accessed or initiated by touching or clicking the related icon or textual description. In some embodiments, the information available may include suggested recovery actions, ranked by likelihood. This diagnostic application may further be operable responsive to a servicer input to switch from a graphical diagnostic and testing mode to a non-graphical diagnostic and mode.

In some exemplary embodiments the diagnostic article further includes service data which is useful in diagnosing and/or correcting problems which have or which may occur at the machine. In some embodiments the service data may be included within or interoperable with electronic service manual data which describes various features of the machine and instructions for remedial actions and preventive maintenance. In some exemplary embodiments the service data may include instructions which are operative to cause the controller within the machine to conduct at least one diagnostic test of one or more transaction function devices. In some embodiments the service data may further be operative to enable the controller to output suggested remedial actions or suggest further testing based on one or more results of a diagnostic test. In some embodiments, the diagnostic application may be operative responsive to servicer selection of a recovery action to display the relevant service manual data in a browser window. In further exemplary embodiments a servicer may be enabled to browse through service manual data or other information included in or on the diagnostic article so as to receive outputs that facilitate servicing and maintaining the machine.

In some exemplary embodiments, the diagnostic application may be made more accessible to a variety of servicers by use of a diagnostics toolkit. The diagnostics toolkit makes common functions available through the use of sample code, templates, and high level objects in programming environments such as Microsoft NET and/or Suns Microsystems JAVA for example. The use of such a toolkit allows a company to create diagnostic applications in a variety of languages and for a variety transaction function devices.

In some exemplary embodiments the diagnostic article may include service or other data in an encrypted format. Various types of standard and nonstandard encryption may be used in various embodiments. The controller may be operative to decrypt such encrypted data so as to facilitate the output of the data from the ATM. Further in some exemplary embodiments the diagnostic article may include browser software thereon. Such browser software may be loaded from the diagnostic article to the controller of the machine and used to interpret the service data from the diagnostic article. In some embodiments the browser software may be operative to interpret embedded instructions of a nonpublic and/or nonstandard nature which may be included within the service data. This may facilitate the provision of service data on the diagnostic article while preventing access by unauthorized users. In some exemplary embodiments the diagnostic article may further include instructions or devices which prevent the permanent loading of the browser software and/or service data onto another computer and/or may operate to cause such items to be erased from memory of a computer when the diagnostic article is removed from operative engagement with a computer.

In some exemplary embodiments the diagnostic article may be utilized with computer devices that are separate from the ATM. This may include for example devices such as notebook computers, PCs, PDAs or cell phones. In such exemplary embodiments the service article may be utilized with such devices to provide access to service data thereon such as for example electronic service manuals. Security provisions may be provided in the manner previously discussed or in other manners to assure that use is not made of the diagnostic article by unauthorized users. Further, in exemplary embodiments instructions from the service article that may be operative to cause a controller of an ATM to interact with transaction function devices may be rendered inoperative when the service article is installed in connection with a computer device which is not an ATM.

As will be appreciated, the foregoing objects and examples are exemplary and embodiments of the invention need not meet all or any of the foregoing objects, and need not include all or any of the exemplary features described above. Additional aspects and embodiments within the scope of the claims will be devised by those having skill in the art based on the teachings set forth herein.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is an isometric external view of an exemplary embodiment of an automated banking machine which is an ATM.

FIG. 2 is a front plan view of the ATM shown in FIG. 1.

FIG. 3 is a transparent side view showing schematically some internal features of the ATM.

FIG. 4 is a schematic view representative of the software architecture of an exemplary embodiment.

FIG. 5 is a front view showing the fascia portion moved to access a first portion of an upper housing of the machine.

FIG. 6 is a partially transparent side view showing air flow through an air cooling opening of the machine.

FIG. 7 is an isometric view showing a baffle structure used in an exemplary embodiment.

FIG. 8 is an isometric view showing a fascia portion in an operative position adjacent the baffle.

FIG. 9 is a transparent rear isometric view showing blowers, air openings and an air moving duct within a housing of an exemplary embodiment.

FIG. 10 is an isometric view of the ATM shown in FIG. 1 with the components of the upper housing portion removed and showing aspects of the illumination system for the transaction areas supported on the chest portion of the housing.

FIG. 11 is a schematic side view of the housing showing schematically the illumination system for the transaction areas and representing in phantom the movement of the upper fascia portion so as to provide access for servicing.

FIG. 12 and FIG. 13 show a schematic view of an exemplary embodiment of logic that may be used in servicing the machine through use of a diagnostic article.

FIG. 14 is a schematic view of an illumination and anti-fraud sensing device which bounds a card reader slot of an exemplary embodiment.

FIG. 15 is a schematic side view of an unauthorized card reading device in operative connection with a housing of the anti-fraud sensor.

FIG. 16 is a schematic view of an exemplary embodiment of logic for purposes of detecting the presence of an unauthorized card reading device in proximity to the card reader during operation of the ATM.

FIG. 17 is a schematic view representative of the software architecture of an exemplary embodiment.

FIG. 18 is a schematic view representative of the software architecture of an exemplary embodiment.

FIG. 19 shows a representative system status screen of a diagnostic application.

FIG. 20 shows a representative module status screen of a diagnostic application, including an information icon.

FIG. 21 shows a representative system status screen of a diagnostic application, including a problem icon.

FIG. 22 shows a representative module status screen of a diagnostic application, including an unknown problem icon and suggested recovery actions.

FIG. 23 shows a representative diagnostic application text screen.

FIG. 24 shows a representative article which may be displayed in a browser.

FIG. 25 is a schematic view representative of the software architecture of an exemplary embodiment of a diagnostic toolkit.

FIG. 26 is a schematic view representative of an exemplary WOSA/XFS enabled ATM.

FIG. 27 is a schematic view representative of an exemplary J/XFS enabled ATM.

FIG. 28 is a schematic view representative of an exemplary embodiment of an XFS enabled ATM.

FIG. 29 is a schematic view representative of an exemplary embodiment of a terminal application that includes an exemplary card reader TEC to interact with exemplary ODS components.

FIG. 30 is a schematic view representative of an exemplary embodiment of a diagnostic application.

FIGS. 31 and 32 show exemplary embodiments of outputs through a display device of an ATM that are produced by the diagnostic application.

FIG. 33 shows an exemplary embodiment of an ATM which includes a security manager application.

BEST MODES FOR CARRYING OUT INVENTION

Referring now to the drawings and particularly to FIG. 1, there is shown therein an exemplary embodiment of an automated banking machine generally indicated 10. In the exemplary embodiment automated banking machine 10 is a drive up ATM, however the features described and claimed herein are not necessarily limited to ATMs of this type. The exemplary ATM includes a housing 12. Housing 12 includes an upper housing area 14 and a secure chest portion 16 in a lower portion of the housing. Access to the chest portion 16 is controlled by a chest door 18 which when unlocked by authorized persons in the manner later explained, enables gaining access to the interior of the chest area.

The exemplary ATM 10 further includes a first fascia portion 20 and a second fascia portion 22. Each of the fascia portions is movably mounted relative to the housing as later explained, which in the exemplary embodiment facilitates servicing.

The ATM includes a user interface generally indicated 24. The exemplary user interface includes input devices such as a card reader 26 (shown in FIG. 3) which is in operative connection with a card reader slot 28 which extends in the second fascia portion. Other input devices of the exemplary user interface 24 include function keys 30 and a keypad 32. The exemplary ATM 10 also includes a camera 34 which also may serve as an input device for biometric features and the like. The exemplary user interface 24 also includes output devices such as a display 36. Display 36 is viewable by an operator of the machine when the machine is in the operative connection to an opening 38 in the second fascia portion 22. Further output devices in the exemplary user interface include a speaker 40. A headphone jack 42 also serves as an output device. The headphone jack 42 may be connected to a headphone provided by a user who is visually impaired to provide the user with voice guidance in the operation of the machine. The exemplary machine further includes a receipt printer 44 (see FIG. 3) which is operative to provide users of the machine with receipts for transactions conducted. Transaction receipts are provided to users through a receipt delivery slot 46 which extends through the second fascia portion. Exemplary receipt printers that may be used in some embodiments are shown in U.S. Pat. Nos. 5,729,379 and 5,850,075, the disclosures of which are incorporated by reference herein. It should be understood that these input and output devices of the user interface 24 are exemplary and in other embodiments, other or different input and output devices may be used.

In the exemplary embodiment the second fascia portion 22 has included thereon a deposit envelope providing opening 48. Deposit envelopes may be provided from the deposit envelope providing opening 48 to users who may place deposits in the machine. The first fascia portion 20 also includes a fascia lock 50. Fascia lock 50 is in operative connection with the first fascia portion 20 and limits access to the first portion of the upper housing area behind the fascia to authorized persons. In the exemplary embodiment fascia lock 50 comprises a key type lock. However, in other embodiments other types of locking mechanisms may be used. Such other types of locking mechanisms may include for example, other types of mechanical and electronic locks that are opened in response to items, inputs, signals, conditions, actions or combinations or multiples thereof.

The exemplary ATM 10 further includes a delivery area 52. Delivery area 52 is in connection with a currency dispenser device 54 which is positioned in the chest portion 16 and is shown schematically in FIG. 3. The delivery area 52 is a transaction area on the machine in which currency sheets are delivered to a user. In the exemplary embodiment the delivery area 52 is positioned and extends within a recessed pocket 56 in the housing of the machine.

ATM 10 further includes a deposit acceptance area 58. Deposit acceptance area 58 is an area through which deposits such as deposit envelopes to be deposited by users are placed in the machine. The deposit acceptance area 58 is in operative connection with a deposit accepting device positioned in the chest portion 16 of the ATM. Exemplary types of deposit accepting devices are shown in U.S. Pat. Nos. 4,884,769 and 4,597,330, the disclosures of which are incorporated herein by reference.

In the exemplary embodiment the deposit acceptance area 58 serves as a transaction area of the machine and is positioned within a recessed pocket 60. It should be understood that while the exemplary embodiment of ATM 10 includes an envelope deposit accepting device and a currency sheet dispenser device, other or different types of transaction function devices may be included in automated banking machines and devices encompassed by the present invention. These may include for example, check and/or money order accepting devices, ticket accepting devices, stamp accepting devices, card dispensing devices, money order dispensing devices and other types of devices which are operative to carry out transaction functions.

In the exemplary embodiment illustrated in FIG. 1, the ATM 10 includes certain illuminating devices which are used to illuminate transaction areas, some of which are later discussed in detail. First fascia portion 20 includes an illumination panel 62 for illuminating the deposit envelope providing opening 48. Second fascia portion 22 includes an illumination panel 64 for illuminating the area of the receipt delivery slot 46 and the card reader slot 28. Further, an illuminated housing 66 later discussed in detail, bounds the card reader slot 28. Also, in the exemplary embodiment an illuminating window 68 is positioned in the recessed pocket 56 of the delivery area 52. An illuminating window 70 is positioned in the recessed pocket 60 of the deposit acceptance area 58. It should be understood that these structures and features are exemplary and in other embodiments other structures and features may be used.

As schematically represented in FIG. 3, the ATM 10 includes one or more internal computers. Such internal computers include one or more processors. Such processors may be in operative connection with one or more data stores. In some embodiments processors may be located on certain devices within the ATM so as to individually control the operation thereof. Examples such as multi-tiered processor systems are shown in U.S. Pat. Nos. 6,264,101 and 6,131,809, the disclosures of which are incorporated herein by reference.

For purposes of simplicity, the exemplary embodiment will be described as having a single controller which controls the operation of devices within the machine. However it should be understood that such reference shall be construed to encompass multicontroller and multiprocessor systems as may be appropriate in controlling the operation of a particular machine. In FIG. 3 the controller is schematically represented 72. Also as schematically represented, the controller 72 is in operative connection with one or more data stores 78. Such data stores 78 in exemplary embodiments are operative to store program instructions, values and other information used in the operation of the machine. Although the controller 72 is schematically shown in the upper housing area 14 of ATM 10, it should be understood that in alternative embodiments controllers may be located within various portions of the automated banking machine.

In order to conduct transactions the exemplary ATM 10 communicates with remote computers. The remote computers are operative to exchange messages with the machine and authorize and record the occurrence of various transactions. This is represented in FIG. 3 by the communication of the machine through a network 76 with a bank 78, which has at least one computer which is operative to exchange messages with the ATM through a network 76. For example, the bank 78 may receive one or more messages from the ATM requesting authorization to allow a customer to withdraw $200 from their account. The remote computer at the bank 78 will operate to determine that such a withdrawal is authorized and will return one or more messages to the machine through the network 76 authorizing the transaction. After the ATM conducts the transaction, the ATM will generally send one or more messages back through the network 76 to the bank 78 indicating that the transaction was successfully carried out. Of course these messages are merely exemplary.

It should be understood that in some embodiments the ATM may communicate with other entities and through various networks. For example as schematically represented in FIG. 3, the ATM will communicate with computers operated by service providers 80. Such communications may occur through a network 76. Such service providers may be entities to be notified of status conditions or malfunctions of the ATM as well as entities who are to be notified of corrective actions. An example of such a system for accomplishing this is shown in U.S. Pat. No. 5,984,178, the disclosure of which is incorporated by reference herein. Other third parties who may receive notifications from exemplary ATMs include entities responsible for delivering currency to the machine to assure that the currency supplies are not depleted. Other entities may be responsible for removing deposit items from the machine. Alternative entities that may be notified of actions at the machine may include entities which hold marketing data concerning consumers and who provide messages which correspond to marketing messages to be presented to consumers. Various types of messages may be provided to remote systems and entities by the machine depending on the capabilities of the machines in various embodiments and the types of transactions being conducted.

FIG. 4 shows schematically an exemplary software architecture which may be operative in the controller 72 of machine 10. The exemplary software architecture includes an operating system such as for example Microsoft® Windows, IBM OS/2® or Linux. The exemplary software architecture also includes an ATM application 82. The exemplary application 82 includes the instructions for the operation of the automated banking machine and may include, for example, an Agilis™ 91x application that is commercially available from Diebold, Incorporated which is a software application for operating ATMs, and which may further be a cross vendor application. A further example of a software application which may be used in some embodiments is shown in U.S. Pat. No. 6,289,320, the disclosure of which is incorporated herein by reference.

In the exemplary embodiment middleware software layer schematically indicated 84 is operative in the controller 72. In the exemplary embodiment the middleware software layer 84 operates to compensate for differences between various types of automated banking machines and transaction function devices used therein. The use of a middleware software layer 84 enables the more ready use of an identical software application on various types of ATM hardware. In the exemplary embodiment the middleware software layer 84 may be Involve® software which is commercially available from Nexus Software, a wholly owned subsidiary of the assignee of the present invention.

The exemplary software architecture further includes a diagnostics layer 86. The diagnostics layer 86 is operative as later explained to enable accessing and performing various diagnostic functions of the devices within the ATM. In the exemplary embodiment the diagnostics layer 86 operate in conjunction with a browser schematically indicated 88.

The exemplary software architecture may further include an XFS layer schematically indicated 90 which is described in more detail below. The XFS layer 90 presents a standardized interface to the software layers above the XFS layer and which facilitates the development of software which can be used in conjunction with different types of ATM hardware. Of course this software architecture is exemplary and in other embodiments other architectures may be used.

An example of an XFS enabled cross vendor architecture which may be used in an exemplary embodiment, includes an Agilis™ 91x application that is commercially available from Diebold, Incorporated. FIG. 28 shows a schematic view representative of an exemplary embodiment of a cross-vendor ATM architecture 1020. Here the ATM architecture 1020 includes a computer 1022 that is in operative connection with a plurality of transaction function devices 1042. Such transaction function devices may include for example such devices as a note dispenser, coin dispenser, card reader, printer, key pad, display device, function keys, depositor, cash acceptor or any other hardware device that may be operatively connected to an ATM.

The computer 1022 may include software components including a terminal application 1024 that is operative to control the operation of the transaction function devices 1042. The computer 1022 may further include an XFS layer 1028 that corresponds to a multi-vendor supported interface for ATM devices such as the WOSA/XFS Manager or the J/XFS Kernel. A current release of the XFS layer includes XFS 3.0. Exemplary embodiments of the components described herein which communicate with the XFS layer may be compatible with the XFS 3.0 standard or any other older or new XFS standard that is developed.

In addition, the computer 1022 may further include a device driver layer 1030 which includes a plurality of device driver components 1038 that interface with the XFS layer. For example, if the XFS layer corresponds to the WOSA/XFS Manager, the device driver components 1038 correspond to the WOSA/XFS service provider interfaces. If the XFS layer corresponds to the J/XFS Kernel, the device driver components 1038 correspond to the J/XFS device services. In an exemplary embodiment which includes a J/XFS Kernel terminal applications may use Sun Microsystems' Java®. Examples of automated transaction machines that include a Java-based terminal application are found in U.S. application Ser. No. 09/193,637 which, is incorporated herein by reference in its entirety. As used herein device drivers which correspond to either WOSA/XFS service provider interfaces or J/XFS device services are referred to as service provider components 1038 or SP components.

For each transaction function device 1042, an SP 1038 must be installed in the computer that is operative to enable commands passed through the XFS layer 1028 to control the operation of the transaction function devices 1042. In one exemplary embodiment the SPs 1038 are manually installed from a portable physical media such as a disk or CD supplied by the manufacture of the device. In another exemplary embodiment the SPs are operatively downloaded from a data store of SPs that is in operative connection with the computer. In a further exemplary embodiment the SPs are retrieved by the computer 1022 from the transaction function devices 1042 themselves using a service configuration protocol such as Sun Microsystems JINI™, Microsoft Universal Plug and Play™, or other plug and play architecture.

Each of the SPs 1038 are operative responsive to the XFS layer 1028 to have at least one transaction function device 1042 perform a function. For example, a card reader SP is operative responsive to a read card request from the XFS layer 1028 to have its corresponding card reader device physically read information from a card and return the information through the XFS layer. Another SP such as a note dispenser SP is operative responsive to a dispense request from the XFS layer 1028 to have its corresponding cash dispenser dispense an amount of notes.

In this described exemplary embodiment the terminal application 1024 is operative to control transaction function devices 1042 through communication with the XFS layer 1028. However, rather than having the terminal application 1024 communicate with the XFS layer directly, the exemplary embodiment includes an ODS layer 1026 operative in the computer 1022 between the terminal application 1024 and the XFS layer 1028. An example of an ODS layer may include the previously described Involve® software.

In this described exemplary embodiment, the ODS layer 1026 is operative responsive to the terminal application 1024 to control the functionality of transaction function devices 1042 through communication with the XFS and device driver layers 1028 and 1030. The ODS layer 1026 includes a plurality of ODS components 1036 that generally correspond to the SPs 1038 and/or the transaction function devices 1042. For example, the exemplary embodiment may include a card reader ODS component that corresponds to a card reader SP for a card reader. An exemplary embodiment may also include a note dispenser ODS component that corresponds to a note dispenser SP for a note dispenser.

When SPs from two or more vendors generally communicate with the XFS layer in a consistent manner, a single ODS component may be used when either of the drivers are installed in the ATM. However, if the vendor-specific SPs implement communication with the XFS layer in a different manner, vendor-specific ODS components may be operatively programmed for each of the vendor-specific SPs. A vendor specific ODS component may then be installed in the ODS layer responsive to whichever vendor-specific SP is installed in the ATM. The vendor specific ODS component is operative to communicate through the XFS layer in a manner that is appropriate for the particular implementation of the vendor-specific driver.

Although each vendor-specific ODS component may communicate with the XFS layer in a different manner, all of the vendor specific ODS components for a particular type of device share a common interface for access by external applications such as the terminal application 1024. The ODS layer 1026 is thus operative to isolate the inconsistencies in communication between different SPs, and to present the terminal application 1024, or any other application, with a common set of methods, properties and events for communicating with transaction function devices from different vendors.

The described exemplary embodiment encompasses a testing process that is operative to identify unique characteristics and/or inconsistencies in a vendor's implementation of a SP and to operatively adapt ODS components to include those features that are necessary to properly and consistently communicate with the SP through the XFS layer.

In general the testing process includes the configuration of the particular vendor's hardware device and corresponding SP on an XFS enabled test platform. The test platform typically includes a computer system with an XFS layer and an ODS component that corresponds to the particular type of the vendor's device. For example, if the particular device being tested is a note dispenser, an ODS component that corresponds to an SP for a note dispenser is installed in the test platform.

The test platform further includes a testing application. The testing application is operative to interface with the ODS component and issue a plurality of commands through the ODS component to control the operation of the vendor's device. A user may monitor and/or interact with the device and the test application to determine which functions of the device may or may not work properly with the ODS component.

For example, when testing a card reader the testing application enables a user to issue a command to the ODS component to have the device read a card. The testing application is further operative to output to the user the results of the operation. If the operation appears to work correctly, the testing application may display the contents of the information read from the card. A user may then verify that the contents are correct. If the operation failed, the user may evaluate the error messages that are generated. In addition, if the operation triggers an unexpected event through the XFS layer, the testing application is further operative to report what events have been triggered as a result of the operation.

In addition to monitoring the testing application, the user may also monitor the actual device to determine if the operation produces the correct function. For example, if the device corresponds to a note dispenser, the testing application may include an operation to dispense a certain amount of cash or number of notes through communication with a cash dispenser ODS. By monitoring the cash dispenser the user can determine if the correct amount of cash was dispensed, for example. After functional problems between the current ODS component and the device have been identified, the ODS component may be operatively modified to compensate for the idiosyncrasies associated with the vendor's implementation of the SP. The modified ODS component may then be further tested on the testing platform to either uncover further inconsistencies or to certify that the ODS component works properly. Once an ODS component has been certified, it may be installed in any ATM that includes the tested vendor's device, SP and corresponding XFS layer to enable a terminal application to properly control the device's functionality.

In the exemplary embodiment the terminal application 1024 may be based on any programming architecture that is operative to communicate with the ODS layer 1026. In one exemplary embodiment the terminal application may be a Microsoft Windows-based application comprised of one or more Windows-based executable programs. In an exemplary embodiment the Windows-based application may include a plurality of .Net components and applications. In an alternative exemplary embodiment the terminal application may include a browser based application with a user interface comprised of web pages. Such web pages may include static web pages and/or dynamically generated web pages using Active Server pages, .Net, PHP, and CGI for example. In addition, the web pages may include HTML, DHTML, XML, Java Script, Active X, .Net components, Java applets, or any other markup language, component or script. In further exemplary embodiments the terminal application may be a Java application that is operative in a Java Virtual Machine (JVM).

In an exemplary embodiment, the ODS layer may be based on any programming architecture that is operative to communicate with the XFS layer 28. For example, if the XFS layer corresponds to a J/XFS Kernel running in a JVM 48 of the computer 22, the ODS components may be constructed as Java Beans that are operative in the JVM. If the XFS layer corresponds to the WOSA/XFS Manager, the ODS components may be constructed as a plurality of Windows-based DLLs and or .Net components. If portions of the XFS layer and/or terminal application are both Windows-based and Java-based, the ODS layer may include components operative in the JVM and components operative as DLLs. In other embodiments, the ODS layer and terminal application may be configured as other types of applets, modules or libraries which are appropriate for the operating system architecture and the XFS layer.

To enhance the productivity of programmers who develop a terminal application, the described exemplary embodiment may comprise the integration of transaction element components (TECs) 1034 with the terminal application 1024. TECs are objects or classes such as ActiveXs, .Net object, or Java Beans that encapsulate the complex operation of one or more transaction function devices 1042 into a package of streamlined methods, properties and events. The TEC objects include the necessary functionality to communicate with the ODS layer. In the exemplary embodiment an entire terminal application can be constructed from TEC objects. Although the ODS components 1036 may generally have a one to one relationship with corresponding SPs 1038 and/or transaction function devices 1042, the TEC objects combine logical groupings of functions for different devices resulting in the TEC objects having a generally one to many relationship with ODS components.

FIG. 29 shows an exemplary terminal application 1050. The terminal application includes a card reader TEC 1052. The application 1050 is operative to invoke methods 1054 of the card reader TEC 1052 such as enable card reader, read a card, write a card, return a card and retain a card. The application 1050 is further operative to set properties 1056 of the card reader TEC 1052 such as the time out value before a card is returned by the card reader. In addition, the application is further operative to monitor one or more events 1058 that are triggered through the card reader TEC.

The exemplary card reader TEC 1052 is operative to communicate with three different hardware devices including a card reader device 1060, a lead through indicator device 1061 and a beeper device 1062. The exemplary card reader TEC 1052 interfaces with these devices through communication with three corresponding ODS components including a card reader ODS 1063, an indicator ODS 1064 and a beeper ODS 1065.

Through communication with the card reader ODS 1063, the card reader TEC 1052 is operative to have the card reader device 1060 perform a plurality of functions such as enabling the card reader, reading a card and returning the card to a customer. The card reader ODS communicates with the card reader device through the XFS layer 1068 and the card reader driver 1067. When enabling the card reader, the exemplary card reader TEC 1052 is further operative to automatically activate a lead thru indicator light 1061 to draw a customer's attention to the card reader 1060. This is performed by communicating with a sensors and indicators SP 1066 through interaction with the indicators ODS 1064. In addition, when a beeping sound is desired to signal the customer to remove their card, the exemplary card reader TEC 1052 interacts with the beeper ODS 1065 to have the sensors and indicators driver 1066 activate the beeper device 1062. The exemplary embodiments of the TECs are operative to combine device interaction in a logical manner by communicating with more than one ODS component and corresponding devices in response to various methods of the TEC being invoked.

In addition to enabling the generation of cross-vendor compatible terminal applications that either include TEC Objects, or that are operative to interface with the ODS layer directly, the exemplary embodiment encompasses adapting pre-existing and proprietary terminal control software of one vendor to run on another vendor's ATM hardware. Such proprietary terminal control software typically communicates with a plurality of proprietary device drivers directly without accessing the previously described XFS layer. Consequently proprietary terminal control software has previously been limited to running only on a specific vendor's hardware platform. However, the exemplary embodiment is further operative to enable such proprietary software to properly control another vendor's transaction function devices when installed on another vendor's ATM platform. This is achieved by adapting the proprietary software to communicate with ODS components rather than proprietary device drivers. Once the proprietary terminal control software has been so adapted, the software is operative to run on another vendor's ATM platform that includes an XFS layer and corresponding SPs.

As shown in FIG. 28, the SPs 1038 of an exemplary embodiment may further include or be associated with diagnostic interfaces 1040 in addition to their interfaces with the XFS layer 1028. The diagnostic interfaces 1040 may include additional low level hardware control functions that may be accessed using function calls by external applications without using an XFS layer. The low level functions for example may access specific motors, sensors and other components in the corresponding transaction function devices 1042. By employing a diagnostic application 1044 to access these low level functions of the SP 1038 directly, individual mechanical and electronic functions specific to the device can be tested, analyzed and possibly corrected.

For example a cash dispenser SP may be adapted to include an interface for manipulating individual motors or sensors in a corresponding cash dispenser transaction function device. Such access is provided to applications independently of the XFS layer. In an exemplary embodiment, the diagnostic application may be operatively programmed to access the diagnostic interfaces of a plurality of different SPs. Further exemplary embodiments of the diagnostic application may also be adapted to use the XFS layer to deactivate one or more devices from XFS communication. Once the devices have been taken off-line with respect to the XFS components, the diagnostic application may enable a service technician to directly access ATM hardware through the corresponding diagnostic interface for trouble shooting, repair and other maintenance purposes.

In a further exemplary embodiment, the diagnostic interfaces 1040 of the SPs 1038 may include an authentication system which is operative to validate that the application attempting to access the low level functions of the device is authorized to do so. In one exemplary embodiment of the authentication system, the diagnostic interface 1040 is operative to detect that a valid hardware device such as a dongle is in operative connection with the ATM before an external application is granted access to the transaction function device 1042 through the diagnostic interface 1040.

In an alternative exemplary embodiment of the authentication system, the diagnostic interface 1040 is operative to detect whether a valid license key is present. Such a license key for example may be located on a removable media in operative connection with the ATM such as a floppy disk, CD, magnetic stripe card, smart card, or any other portable medium that the diagnostic interface is operative to access through the machine. The license key may also be associated with the specific application such as the diagnostic application 1044 that is operatively programmed to access the diagnostic interfaces of SPs 1038. Communications from the diagnostic application may be required to include a valid license key before the diagnostic interface enables the diagnostic application to access the transaction function device.

In a further exemplary embodiment of the authentication system, the diagnostic interfaces 1040 may include a secret password or digital certificate which may be used by the diagnostic interface to determine if an application is allowed access to functions of a corresponding transaction function device. For example, a diagnostic interface of a SP may require communications from a diagnostic application to be digitally signed. The diagnostic interface may then authenticate the digital signature associated with the communication using one or more digital certificates and/or public keys stored in operative connection with the diagnostic interface. When the digital signature is valid, the diagnostic interface is operative to enable the diagnostic application to access the transaction function device through the diagnostic interface. When the digital signature is determined to be invalid, the diagnostic application is denied access to the transaction function device by the diagnostic interface.

In a further exemplary embodiment, the diagnostic application may be required to send a valid digital certificate to the diagnostic interface prior to being granted access to the transaction function device. The digital certificate may be validated by the diagnostic interface using a trusted public key of a certificate authority that issued the digital certificate. The digital certificate may also be evaluated by the diagnostic interface to determine if it has expired. When the digital certificate has expired or is otherwise invalid, the exemplary embodiment of the diagnostic interface may be operatively programmed to return a message to the calling application which indicates that the digital certificate is not valid and access to the transaction function device is denied. In further exemplary embodiments other software and/or hardware encryption and/or authentication systems may be combined with the diagnostic interfaces of the SPs to enable the selective validation of users and/or applications attempting to access transaction function devices through communication with the diagnostic interfaces of SPs.

The described exemplary embodiment may further comprises a terminal Manager 1046. The terminal Manager 1046 is a software application that is operative to configure and manage the ATM through interaction with the ODS layer.

FIG. 30, shows a further exemplary embodiment of an ATM 1500 which includes an XFS layer 1502. Here, the XFS layer may include an application interface portion 1504 and hardware interface portion 1506. The ATM may include one or more terminal applications 1508 such as a user interface application which provides selectable options through input and output devices of the ATM for enabling a user to perform transaction functions with the ATM. The user interface applications may use the previously described TEC components. In addition the ATM may include the previously described ODS Layer 1509. As used herein the one or more terminal applications, user interface applications 1508, TEC components, and/or the ODS layer 1509 shall be referred to as the application layer 1510 of the ATM. The application layer 1510 of the ATM is adapted to communicate with the application interface portion 5104 of the XFS layer.

In addition as discussed previously, the ATM may include a device driver layer 1511 which may include the previously described XFS compatible device drivers such as the WOSA/XFS service providers 1513 or the J/XFS device services. In the exemplary embodiment the SPs may include interfaces which are compatible with the XFS 3.0 standard and are operative responsive to XFS layer communications from the hardware interface portion of the XFS layer to control the operation of hardware devices.

In addition in this described exemplary embodiment, the device driver layer 1511 may include unified base release (UBR) components 1515. Such UBR components may provide an additional layer of abstraction between the SPs and the hardware devices 1518. One or more of the SPs may be programmed to control hardware devices through communication with UBR components rather than directly communicating with one or more hardware devices. Thus, communication between the SPs and the hardware device may be implemented through the UBR components. In the exemplary embodiment, there may be a one to one correspondence between each UBR component and a hardware device. However, it is to be understood that in alternative exemplary embodiments, a UBR component may provide an interface to more than one hardware device. Also in exemplary embodiments, the UBR components may include the previously described diagnostic interface 1040 (FIG. 28) which provides access to low level manipulation of motors, sensors, and other components of a hardware device independently of the XFS layer.

As used herein the device driver layer 1511 and the hardware devices 1518 shall be referred to as the hardware layer 1512 of the ATM. The hardware layer 1512 of the ATM is adapted to communicate with the hardware interface portion 1506 of the XFS layer. In the exemplary embodiment, the application layer 1510 communicates with the XFS layer through calls to an application interface portion 1504 of the XFS layer. In response to the communications received with the application interface portion 1504, the XFS layer communicates with the hardware layer 1512 through the hardware interface portion 1506 to cause one or more functions to be performed by the hardware devices 1518.

FIG. 17 shows schematically another exemplary embodiment of a software architecture which maybe used in an ATM 2110. Here the exemplary software architecture also includes at least one terminal application 2100 which communicates with devices 2310-2313 of the ATM including transaction function devices through a device layer 2109 that includes a module interface layer or framework 2108. In an exemplary embodiment the terminal application 2100 may include a proprietary terminal control software application for an ATM. However as shown in FIG. 18, in other exemplary embodiment, the terminal application may correspond to an XFS enabled terminal application or application layer 2102 which communicates with transaction function devices through the previously described elements of an XFS layer 2104, and SPs 2106. In this described exemplary embodiment, the device driver layer 2109 includes the module interface layer or framework 2108, and other associated device driver components 2230, 2240, 2242, 2260, 2262 associated with the ATM hardware devices 2310-2313. For exemplary embodiments which include an XFS layer 2104 (FIG. 18), the device driver layer further comprises the SPs 2106.

In this described exemplary embodiment, the module interface layer or framework 2108 like the previously described UBR 1515 in FIG. 5, provides an additional level of abstraction between the service provide components 2106 (FIG. 18) and the hardware devices 2310-2313. For non XFS enabled terminal applications 2100 (FIG. 17), the module interface framework 2108 is likewise operative to provide an additional level of abstraction between a proprietary terminal control software application and the hardware devices 2310-2313.

In the exemplary embodiment a module interface framework 2108 may be comprised of a plurality of software components operative in the controller 72 or computer of the ATM. An exemplary module interface framework may include a device server application or process operating in the computer of the ATM which is referred to herein as a device dispatcher and manager 2170 Terminal applications 2100 and/or service provide components may be adapted to communicate with the device dispatcher and manager 2170 through a module interface API 2120. In an exemplary embodiment, the module interface API may correspond to one or more DLLs or other libraries which comprise standardized functions for communicating with the device dispatcher and manager 2170.

For one or more of the ATM hardware devices 2310-2313, the module interface framework 2108 may include corresponding module interface device components 2181-2184 such as DLLs or other device specific libraries. The module interface device components may be operative to provide device specific communications between the device dispatcher and manager 2170 and the low level vendor specific device drivers 2230, 2240, 2242, 2260, 2262 associated with the ATM hardware devices 2310-2313.

For ATM hardware devices which are compatible with a plug and play architecture of an operation system of the ATM, the device dispatcher and manager 2170 may further be operative to receive hardware event notifications for ATM hardware device 2313 directly from the plug and play manager 2280 of the operating system.

The described exemplary embodiment may further includes a diagnostic application 2140 which communicates with ATM hardware devices through the same module interface framework as the terminal applications 2100 and/or SPs 2106.

As with the diagnostic application 1044 described previously with respect to FIG. 28, the diagnostics application 2140 is operative to perform various diagnostic functions with the hardware devices 2310-2313 which are operative in the ATM. In the exemplary embodiment the diagnostics application 2140 operates in conjunction with the module interface framework 2108 to permit low level manipulation and diagnostic testing of the transaction function devices, and may work in conjunction with a separate diagnostic article, as discussed in more detail below.

As with the terminal applications 2100 and/or SPs 2106, a diagnostic application 2140 accesses the module interface framework using the module interface API 2120. The module interface API includes a standard set of functions which provide for both low and high level control of transaction function devices. Here the low level functions of the module interface API may correspond to the diagnostic interface 1040 discussed previously with respect FIG. 28.

A terminal application 2100, SP, and/or diagnostic application accesses the one or more functions of the module interface API to communicate the desired action or actions to the module interface dispatcher and manager 2170. In response to this communication, the module interface dispatcher and manager is operative to selectively call the module interface components 2181-2184 associated with the hardware devices 2310-2313 which may be required to perform requested action. The module interface components 2181-2184 are operative through the use of one or more DLLS 2230, 2240, 2242, 2260, 2262 associated with the transaction function devices to direct the actions of the appropriate hardware devices 2310-2313 through a USB port 2300, serial interface 2290, or other hardware communication port of the ATM.

Because the module interface API 2120 uses a standard set of functions, the terminal application 2100, SP 2106, and/or diagnostic application can be written to control the actions of the hardware devices 2310-2313 without regard to which particular model or make for each type of transaction function device will ultimately be incorporated in the ATM. Similarly, if a transaction function device later needs to be swapped out for a different transaction function device, the terminal application 2100, SP 2106, and/or diagnostic application may not require modification so long as the new device is operative to perform the same functions as the old device. In an exemplary embodiment, the module interface API 2120 provides a wide range of functional control over the transaction function devices.

In addition to providing high level control functions which cause transaction function devices to perform complete transaction functions, the module interface API 2120 also provides low level control functions. Such low level control functions may include for example outputting an audible tone, turning on a motor, disabling a keypad, or other low level operations which may be used by a diagnostic application to accurately diagnose the cause of a high level malfunction.

The module interface components 2181-2184 may be similarly uniformly standardized, with respect to the interface presented to the device dispatcher and manager 2170. The use of a standardized interface facilitates creating an extensible device dispatcher and manager 2170, which can manage a plurality of hardware devices 2310-2313 without requiring reprogramming each time a new hardware device 2310-2313 is added.

When a new transaction function device is added, a new module interface component 2181-2184 may be added to the module interface framework to enable the device dispatcher and manager to communicate with the new vendor provided device driver DLL or library associated with the new device. On the other hand, if the vendor provided device driver is compatible with a module interface component already incorporated in the module interface framework, a new module interface component may not be needed to operate the new transaction function device properly.

The described exemplary embodiment of the module interface framework 2108 may use a callback function 2130 associated with the terminal application 2100, SP 2106, and/or diagnostic application 2140. When a transaction function device is to perform an action on a delayed basis (i.e., an asynchronous event) a high level application may be programed to periodically poll of the status of the device to determine if the action or event has occurred. One example of an asynchronous event is when cash is to be presented to the customer for a fixed period, at the expiration of which the cash is retrieved if the cash has not been taken by the customer. A common method of determining whether the cash has been withdrawn is by repeated polling during the presentation period. To eliminate the inefficiencies associated with periodically polling a device, an exemplary embodiment of a terminal application, SP, or diagnostic application may provide the device dispatcher and manager with a callback function, which is called when the deleted action by the hardware device has completed.

For example an SP may through use of the module interface API register a call back function associated with the withdrawal of cash with the device dispatcher and manager. When the cash is later withdrawn, a notification is sent to the call back function from the device dispatcher manager, eliminating the need for status polling by the SP to determine whether the cash is still being offered to the customer. Similar call back functions of the terminal application, service provider, or diagnostic application may be registered with the device dispatcher and manager for receiving notification of events initiated by a transaction function device. Such events may correspond to unsolicited status messages. For example, when a card reader device detects the insertion of a card, the device may generate an unsolicited status message which is detected by the device dispatcher and manager and communicated to the terminal application, SP, or diagnostic application using a callback function registered to receive such messages.

Using the module interface API 2120, terminal application, SP and/or diagnostic application registers expected unsolicited events with the device dispatcher and manager 2170 during an initialization process. Similarly, when the terminal application, SP and/or diagnostic application relinquishes control to a hardware device 2310-2313 for performance of an asynchronous event, the event is registered with the device dispatcher and manager. When the device dispatcher and manager 2170 subsequently experiences a registered event, through interaction with a module interface device component 2181-2184, the device dispatcher and manager 2170 delivers notification of the event to the correct callback function in accordance with the directions provided when the event was registered.

As schematically represented in FIG. 4, a controller 72 is in operative connection with at least one communications bus 92. The communications bus 92 may in some exemplary embodiments be a universal serial bus (USB) or other standard or nonstandard type of bus architecture. The communications bus 92 is schematically shown in operative connection with transaction function devices 94. The transaction function devices 94 include devices in the ATM which are used to carry out transactions. These may include for example the currency dispenser device 54, card reader 26, receipt printer 44, keypad 32, as well as numerous other devices which are operative in the machine and controlled by the controller 72 to carry out transactions. In the exemplary embodiment one of the transaction function devices 94 in operative connection with the controller is a diagnostic article reading device 96 which is later discussed in detail, and which is operative to read a diagnostic article schematically indicated 98 used in servicing the machine. As later explained, in an exemplary embodiment the diagnostic article 98 comprises a CD which can be read by reader 96 as well as computer device 100 which is not generally associated with the operation of the ATM 10.

In the exemplary embodiment of ATM 10 the first fascia portion 20 and the second fascia portion 22 are independently movably mounted on the ATM housing 12. This is accomplished through the use of hinges attached to fascia portion 20. The opening of the fascia lock 50 on the first fascia portion 20 enables the first fascia portion 20 to be moved to an open position as shown in FIG. 5. In the open position of the first fascia portion 20 an authorized user is enabled to gain access to a first portion 102 in the upper housing area 14. In the exemplary embodiment there is located within the first portion 102 a chest lock input device 104. In this embodiment the chest lock input device 104 comprises a manual combination lock dial, electronic lock dial or other suitable input device through which a combination or other unlocking inputs or articles may be provided. In this exemplary embodiment input of a proper combination enables the chest door 18 to be moved to an open position by rotating the door about hinges 106. In the exemplary embodiment the chest door 18 is opened once the proper combination has been input by manipulating a locking lever 108 which is in operative connection with a boltwork. The boltwork which is not specifically shown, may be of a conventional or unconventional type that is operative to hold the chest door 18 in a locked position until the proper combination is input. Upon input of the correct combination the locking lever enables movement of the boltwork so that the chest door 18 can be opened. The boltwork also enables the chest door 18 to be held locked after the activities in the chest portion 16 have been conducted and the chest door 18 is returned to the closed position. Of course in other embodiments other types of mechanical or electrical locking mechanisms may be used. In the exemplary embodiment the chest lock input device 104 is in supporting connection with a generally horizontally extending dividing wall 110 which separates the chest portion 16 from the upper housing area 14. Of course this housing structure is exemplary and in other embodiments other approaches may be used.

An authorized servicer who needs to gain access to an item, component or device of the ATM located in the chest portion 16 may do so by opening the fascia lock 50 and moving the first fascia portion 20 so that the first portion 102 of the upper housing area 14 becomes accessible. Thereafter the authorized servicer may access and manipulate the chest lock input device 104 to receive one or more inputs, which if appropriate enables unlocking of the chest door 18. The chest door 18 may thereafter be moved relative to the housing and about its hinges 106 to enable the servicer to gain access to items, devices or components within the chest portion 16. These activities may include for example adding or removing currency, removing deposited items such as envelopes or checks, or repairing mechanisms or electrical devices that operate to enable the machine to accept deposited items or to dispense currency. When servicing activity within the chest portion 16 is completed, the chest door 18 may be closed and the locking lever 108 moved so as to secure the boltwork holding the chest door 18 in a closed position. Of course this structure and service method is exemplary and in other embodiments other approaches may be used.

In the exemplary embodiment the second fascia portion 22 is also movable relative to the housing of the machine. In the exemplary embodiment the second fascia portion 22 is movable in supporting connection with a rollout tray 112 schematically shown in FIG. 3. The rollout tray is operative to support components of the user interface thereon as well as the second fascia portion 22. The rollout tray 112 enables the second fascia portion 22 to move outward relative to the ATM housing thereby exposing components and transaction function devices supported on the tray and providing access to a second portion 114 within the upper housing area 14 and positioned behind the second fascia portion 22. Thus as can be appreciated, when the second fascia portion 22 is moved outward, the components on the rollout tray 112 are disposed outside the housing of the machine so as to facilitate servicing, adjustment and/or replacement of such components. Further components which remain positioned within the housing of the machine as the rollout tray 112 is extended become accessible in the second portion 114 of the upper housing area 14 as the second fascia portion 22 is disposed outward and away from the housing.

In the exemplary embodiment the rollout tray 112 is in operative connection with a releasible locking device. The locking device is generally operative to hold the tray in a retracted position such that the second fascia portion 22 remains in an operative position adjacent to the upper housing area 14 as shown in FIGS. 1, 2 and 3. This releasible locking mechanism may comprise one or more forms of locking type devices. In the exemplary embodiment the releasible locking mechanism may be released by manipulation of an actuator 116 which is accessible to an authorized user in the first portion 102 of the upper housing area 14. As a result an authorized servicer of the machine is enabled to move the second fascia portion 22 outward for servicing by first accessing portion 102 in the manner previously discussed. Thereafter by manipulating the actuator 116 the second fascia portion 22 is enabled to move outward as shown in phantom in FIG. 11 so as to facilitate servicing components on the rollout tray 112. Such components may include for example a printer or card reader. After such servicing the second fascia portion 22 may be moved toward the housing so as to close the second portion 114 of the upper housing area 14. Such movement in the exemplary embodiment causes the rollout tray 112 to be latched and held in the retracted position without further manipulation of the actuator 116. However, in other embodiments other types of locking mechanisms may be used to secure the rollout tray 112 in the retracted position. It should be understood that this approach is exemplary and in other embodiments other approaches may be used.

As best shown in FIG. 10 in which the components supported in the upper housing area 14 are not shown, the delivery area 52 and the deposit acceptance area 58 are in supporting connection with the chest door 18. As such when the chest door 18 is opened, the delivery area 52 and the deposit acceptance area 58 will move relative to the housing of the machine. The exemplary embodiment shown facilitates servicing of the machine by providing for the illumination for the transaction areas by illumination sources positioned in supporting connection with the rollout tray 112. As best shown in FIG. 6, these illumination sources 118 are movable with the rollout tray 112 and illuminate in generally a downward direction in the operative position of the second fascia portion 22 and the chest door 18. The illumination sources are generally aligned with apertures 120 and 122 which extend through the top of a cover 124 which generally surrounds the recessed pockets 60 and 56. As shown in FIG. 10 aperture 120 is generally vertically aligned with window 68 and aperture 122 is generally aligned with window 70. In an exemplary embodiment apertures 120 and 122 each have a translucent or transparent aperture cover positioned therein to minimize the risk of the introduction of dirt or other contaminants into the interior of the cover 124.

As can be appreciated from FIGS. 6 and 11, when the chest door 18 is closed and the second fascia portion 22 is moved to the operative position, the illumination sources 118 are positioned in generally aligned relation with apertures 120 and 122. As a result the illumination of the illumination devices is operative to cause light to be transmitted through the respective aperture 120, 122 and to illuminate the transaction area within the corresponding recessed pocket.

In operation of an exemplary embodiment, the controller 72 executes programmed instructions so as to initiate illumination of each transaction area at appropriate times during the conduct of transactions. For example in the exemplary embodiment if the user is conducting a cash withdrawal transaction, the controller 72 may initiate illumination of the delivery area 52 when the cash is delivered therein and is available to be taken by a user. Such illumination draws the user's attention to the need to remove their cash and will point out to the user that the cash is ready to be taken. In the exemplary embodiment the controller 72 is programmed so that when the user takes their cash the machine will move to the next transaction step. After the cash is sensed as taken, the controller 72 may operate to cease illumination of the delivery area 52.

Likewise in an exemplary embodiment if a user of the machine indicates that they wish to conduct a deposit transaction, the controller 72 may cause the machine to operate to initiate illumination of the deposit acceptance area 58. The user's attention is drawn to the place where they must insert the deposit envelope in order to have it be accepted in the machine. In the exemplary embodiment the controller 72 may operate to also illuminate the illumination panel 62 to illuminate the deposit envelope providing opening 48 so that the user is also made aware of the location from which a deposit envelope may be provided. In an exemplary embodiment the controller 72 may operate to cease illumination through the window 70 and/or the illumination panel 62 after the deposit envelope is indicated as being sensed within the machine.

In alternative embodiments other approaches may be taken. This may include for example drawing the customer's attention to the particular transaction area by changing the nature of the illumination in the recessed pocket to which the customer's attention is to be drawn. This may be done for example by changing the intensity of the light, flashing the light, changing the color of the light or doing other actions which may draw a user's attention to the appropriate transaction area. Alternatively or in addition, a sound emitter, vibration, projecting pin or other indicator may be provided for visually impaired users so as to indicate to them the appropriate transaction area to which the customer's attention is to be drawn. Of course these approaches are exemplary and in other embodiments other approaches may be used.

As can be appreciated the exemplary embodiment enables one or more illumination devices which are movable relatively with respect to the area to be illuminated to be used without the need for additional moving wiring harnesses or other releasable connectors. In addition the exemplary location of the illumination device 118, extending on the underside of the rollout tray 112 facilitates changing the illumination device 118 by extending the rollout tray 112 in the manner previously discussed and as is shown in FIG. 11. Of course it should be understood that the principles described can be applied to numerous types of banking machine structures and configurations which may be encompassed by the claims presented herein.

As previously discussed the exemplary embodiment of ATM 10 is also operative to draw a user's attention at appropriate times to the card reader slot 28. ATM 10 also includes features to minimize the risk of unauthorized interception of card data by persons who may attempt to install an unauthorized card reading device on the machine. As shown in FIG. 14, the exemplary card slot 28 extends through a card slot housing 66 which extends in generally surrounding relation of the card slot 28. It should be understood that although the housing 66 generally bounds the entire card slot 28, in other embodiments the principles described herein may be applied by bounding only one or more sides of a card slot 28 as may be appropriate for detecting unauthorized card reading devices. Further, it should be understood that while the exemplary embodiment is described in connection with a card reader that accepts a card into the machine, the principles being described may be applied to types of card readers that do not accept a card into the machine, such as readers where a user draws the card through a slot, inserts and removes a card manually from a slot and other card reading structures.

In the exemplary embodiment the housing 66 includes a plurality of radiation emitting devices 126. In the exemplary embodiment the radiation emitting devices 126 emit visible radiation which can be perceived by a user of the machine. However, in other embodiments the radiation emitting devices 126 may include devices which emit nonvisible radiation such as infrared radiation, but which nonetheless can be used for sensing the presence of unauthorized card reading devices adjacent to the card slot 28. In the exemplary embodiment the controller 72 operates to illuminate the radiation emitting devices 126 at appropriate times during the transaction sequence. This may include for example times during transactions when a user is prompted to input their card into the machine or alternatively when a user is prompted to take their card from the card slot 28. In various embodiments the controller 72 may be programmed to provide solid illumination of the radiation emitting devices 126 or may vary the intensity of the devices as appropriate to draw the user's attention to the card slot 28.

In the exemplary embodiment the card slot housing 66 includes therein one or more radiation sensing devices 128. The radiation sensing devices 128 are positioned to detect changes in the radiation reflected from the radiation emitting devices 126. The radiation sensing devices 128 are in operative connection with the controller 72. The controller 72 is operative to compare one or more values corresponding to the magnitude of reflected radiation sensed by one or more of the radiation sensing devices 128, to one or more stored values and to make a determination whether the comparison is such that there is a probable unauthorized card reading device installed on the fascia of the machine. In some embodiments the controller 72 may be operative to execute fuzzy logic programming for purposes of determining whether the nature of the change in reflected radiation is such that there has been an unauthorized device installed and whether appropriate personnel should be notified.

FIG. 15 shows a side view of the housing 66. An unauthorized card reading device 130 is shown attached externally to the housing 66. The unauthorized card reading device 130 includes a slot 132 generally aligned with card reader slot 28. The device 130 also includes a sensor shown schematically as 134 which is operative to sense the encoded magnetic flux reversals which represent data on the magnetic stripe of a credit or debit card. As can be appreciated, an arrangement of the type shown in FIG. 15 enables the sensor 134 if properly aligned adjacent to the magnetic stripe of a card, to read the card data as the card passes in and out of card reader slot 28. Such an unauthorized reading device 130 may be connected via RF or through inconspicuous wiring to other devices which enable interception of the card data. In some situations criminals may also endeavor to observe the input of the user's PIN number corresponding to the card data so as to gain access to the account of the user.

As can be appreciated from FIG. 15 the installation of the unauthorized card reading device 130 changes the amount of radiation from emitting devices 126 and that is reflected to the sensors 128. Depending on the nature of the device and its structure, the amount of reflected radiation may increase or decrease. However, a detectable change will often occur in the magnitude of sensed radiation between a present transaction and a prior transaction which was conducted prior to an unauthorized card reading device 130 being installed.

FIG. 16 demonstrates a simplified logic flow executed by a controller for detecting the installation of an unauthorized card reading device. It should be understood that this transaction logic is part of the overall operation of the machine to carry out transactions. In this exemplary logic flow the machine operates to carry out card reading transactions in a normal manner and to additionally execute the represented steps as a part of such logic each time a card is read. From an initial step 136 the controller in the machine is operative to sense that a card is in the reader within the machine in a step 138. Generally in these circumstances the controller will be operating the radiation emitting devices 126 as the user inserts their card and the card is drawn into the machine. In this exemplary embodiment the controller continues to operate the radiation emitting devices and senses the radiation level or levels sensed by one or more sensors 128. This is done in a step 140.

The controller is next operative to compare the signals corresponding to the sensed radiation levels to one or more values in a step 142. This comparison may be done a number of ways and may in some embodiments employ fuzzy logic so as to avoid giving false indications due to acceptable conditions such as a user having their finger adjacent to the card slot 28 during a portion of the transaction. In the case of a user's fingers for example, the computer may determine whether an unauthorized reading device is installed based on the nature, magnitude and changes during a transaction in sensed radiation, along with appropriate programmed weighing factors. Of course various approaches may be used within the scope of the concept discussed herein. However, based on the one or more comparisons in step 142 the controller is operative to make a decision at step 144 as to whether the difference between sensed value(s) from step 140 and the stored value(s) have a difference that is in excess of one or more thresholds which suggests that an unauthorized card reading device has been installed.

If the comparison does not indicate a result that exceeds the threshold(s) the ATM transaction function devices are run as normal as represented in a step 146. Further in the exemplary embodiment, the controller may operate to adjust the stored values as a function of more recent readings. This may be appropriate in order to compensate for the effects of dirt on the fascia or loss of intensity of the emitting devices or other factors. This is represented in a step 148. As represented in step 150 the controller operates the ATM to conduct transaction steps in the usual manner.

If in step 144 the difference between the sensed and stored values exceeds the threshold(s), then this is indicative that an unauthorized card reading device may have been installed since the last transaction. In the exemplary embodiment when this occurs, the controller is operative to present a warning screen to the user as represented in a step 152. This warning screen may be operative to advise the user that an unauthorized object has been set adjacent to the card reader slot. This may warn a user for example that a problem is occurring. Alternatively if a user has inadvertently placed innocently some object adjacent to the card reader slot, then the user may withdraw it. In addition or in the alternative, further logic steps may be executed such as prompting a user to indicate whether or not they can see the radiation emitting devices being illuminated adjacent to the card slot and prompting the user to provide an input to indicate if such items are visible. Additionally or in the alternative, the illuminating devices within the housing 66 may be operative to cause the emitting devices to output words or other symbols which a user can indicate that they can see or cannot see based on inputs provided as prompts from output devices of the machine. This may enable the machine to determine whether an unauthorized reading device has been installed or whether the sensed condition is due to other factors. It may also cause a user to note the existence of the reading device and remove it. Of course various approaches could be taken depending on the programming of the machine.

If an unauthorized reading device has been detected, the controller in the exemplary embodiment will also execute a step 154 in which a status message is sent to an appropriate service provider or other entity to indicate the suspected problem. In a step 156 the controller will also operate to record data identifying the particular transaction in which there has been suspected interception of the card holder's card data. In addition or in the alternative, a message may be sent to the bank or other institution alerting them to watch for activity in the user's card account for purposes of detecting whether unauthorized use is occurring. Alternatively or in addition, some embodiments may include card readers that change, add or write data to a user's card in cases of suspected interception. Such changed data may be tracked or otherwise used to assure that only a card with the modified data is useable thereafter. Alternatively or in addition, in some embodiments the modified card may be moved in transverse relation, moved irregularly or otherwise handled to reduce the risk that modified data is intercepted as the card is output from the machine. Of course these approaches are exemplary of many that may be employed.

In the exemplary embodiment the ATM is operated to conduct a transaction even in cases where it is suspected that an unauthorized card reading device has been installed. This is represented in a step 158. However, in other embodiments other approaches may be taken such as refusing to conduct the transaction. Other steps may also be taken such as capturing the user's card and advising the user that a new one will be issued. This approach may be used to minimize the risk that unauthorized transactions will be conducted with the card data as the card can be promptly invalidated. Of course other approaches may be taken depending on the programming of the machine and the desires of the system operator.

The exemplary embodiment of the ATM 10 is a machine that is generally constructed for outdoor use and operation. As such it may be subjected to extremes of temperatures. However, the components of the ATM such as the controller, currency dispenser, display and other items may be sensitive to temperature and may begin to malfunction if the temperature within the housing of the machine becomes too hot or too cold.

In the exemplary embodiment the display 36 comprises a high illumination flat panel type display. Some types of such displays generate considerable heat which if not properly dissipated can cause high temperatures and damage components of the machine. In the exemplary embodiment the risk of such damage is reduced by providing air flow cooling through the housing of the machine, and specifically by providing air flow inside the housing within the area adjacent the display 36.

As shown in FIG. 6, the exemplary embodiment of ATM 10 includes an air cooling opening 160. In the exemplary embodiment the air cooling opening 160 extends between the top wall 162 of the second fascia portion 22 and a baffle structure 164 which is fixedly attached to the housing of the machine. As further explained in detail hereafter, the baffle structure 164 is operative to enable cooling air flow to pass through the housing around the rear and sides of the display 36 and to pass out of the housing through the opening 160. However, the exemplary baffle structure 164 is operative to minimize the risk of infiltration of moisture such as liquid water, droplets, snow, condensation and other contaminants into the interior area of the housing. Further, the exemplary baffle structure 164 is adapted to direct contaminants to the outside of the housing so as to avoid the accumulation thereof on the baffle.

The exemplary baffle structure 164 is shown in greater detail in FIG. 7. The exemplary baffle structure 164 includes a vertically extending wall portion 166 that extends upward adjacent to the machine housing. As shown in FIG. 7 in the exemplary baffle structure 164, the vertically extending wall portion 166 extends above the generally flat top surface 168 of the housing. The exemplary baffle 164 further includes an arcuate surface 170. The arcuate surface 170 extends generally forward of the wall portion 166. In the operative position of the rollout tray 112 represented in FIG. 6, the arcuate surface 170 overlies the display 36 in a generally shroud like fashion.

In the exemplary embodiment the arcuate surface 170 has at the forward and side peripheries thereof, a lip 172. The lip 172 is operative to catch and direct moisture and other contaminants that may collect on the baffle structure 164 toward the area of the baffle structure 164 adjacent to the wall portion 166. Further as shown in FIG. 7, the arcuate surface 170 is generally angled to direct moisture toward the surface of the wall portion 166.

Positioned adjacent to the surface wall portion 166 is a moisture collecting trough 174. The moisture collecting trough 174 is operative to capture moisture and other contaminants that move toward the wall 166 and to direct them to the side of the arcuate surface and to the exterior of the housing in a manner that is later discussed. In the exemplary embodiment of the baffle structure 164, there are a plurality of fin portions 176 that extend generally outward from the arcuate surface 170. The fin portions 176 are generally disposed forward away from the wall portion 166 so as to avoid interfering with the flow of material through the moisture collecting trough 174. As can be appreciated the fin portions 176 are operative to direct air flow which passes across the baffle structure 164 as well as to minimize the potential cross flow of moisture across the arcuate surface 170 except in the area of the moisture collecting trough 174.

As shown in FIG. 8 when the second fascia portion 122 is moved to the operative position, the air cooling opening 160 extends generally between the top wall 162 of the second fascia portion 22 and the forward face of the vertically extending wall portion 166. This elongated opening provides sufficient area for air flow as required for maintaining the interior of the housing within the desired temperature range. Further, the configuration of the fascia portion 22 and the baffle structure 164 in the operative position causes the moisture collecting trough 174 to direct moisture and contaminants collected therein to the outside of the ATM housing through a base area 178 of the air cooling opening 160. This minimizes the opportunities for water and other contaminants to collect within the machine. As will be appreciated, the second fascia portion 22 and baffle structure 164 are symmetrical and thus the exemplary structure enables contaminants to exit from the housing of the machine on the sides of the first and second fascia portions 20, 22.

As shown in FIG. 9 the exemplary embodiment facilitates air flow through the machine for cooling purposes by providing an air opening 180 at the rear of the chest portion 16. As can be appreciated the air opening 180 is appropriately protected so as to prevent attack therethrough into the chest portion 16 of the housing. The air opening 16 is operatively connected through appropriate filters or other devices to one or more blowers 182. The blowers 182 are operative to provide forced air flow through the housing. In addition in exemplary embodiments of the invention heating and cooling devices may also be provided in proximity to the blowers so as to facilitate maintaining appropriate temperatures within the housing. Such devices may include for example, heat pumps, Peltier devices and other suitable devices for cooling, heating or otherwise conditioning air that flows through the housing. Appropriate sensors and other controls may be operated within the housing to maintain the components in the housing within a suitable temperature and/or humidity range.

In the exemplary embodiment a duct 184 is provided between the chest portion 16 and the upper housing area 14. The duct 184 enables air flow between the chest portion 16 and upper housing area 14 so as to facilitate the cooling or heating of components in both sections of the housing. As can be appreciated for purposes of maintaining the display in an appropriate temperature condition, air may be passed from the air opening 180 and through the duct 184 into the upper housing area 14. The positive pressure produced by the blower and the upper housing area 14 causes air flow through the upper housing area 14 and through the air cooling opening 160. In such circumstances air is directed around the rear and sides of the display 36 past the baffle structure 164 and out the opening 160. Alternatively under appropriate circumstances the blowers may be operated to reverse the air flow in which case the heat generated by a display 36 may be captured within the machine so as to supplement the heating capabilities of heaters within the machine to avoid components from becoming too cold. As can be appreciated in some embodiments the controller of the machine or other controllers may be operated to control the direction and rates of the blowers as well as the heating and cooling devices so as to maintain the interior of the housing within the appropriate temperature range. In the exemplary embodiment the structure of the display, baffle structure and second fascia portion facilitate cooling (and heating) the display and other components while minimizing the risk of the introduction of contaminants into the machine.

As can also be appreciated from the previous discussion, the baffle structure 164 is mounted in generally fixed relation with the housing. As a result the extension of the rollout tray 112 enables the display 36 and other components supported on the tray 112 to be extended outside the housing and away from the baffle structure 164 so as to facilitate servicing. Once such servicing is conducted the rollout tray 112 and second fascia portion 22 may be retracted so that the display 36 again moves in underlying relation of the baffle structure 164 and with the baffle structure 164 extended in intermediate relation between the display 64 and the air cooling opening 160 so as to provide protection. Of course it should be understood that these structures are exemplary and in other embodiments other approaches may be used.

In the exemplary embodiment the ATM 10 is provided with enhanced diagnostic capabilities as well as the ability for servicers to more readily perform remedial and preventive maintenance on the machine. This is accomplished in an exemplary embodiment by programming the controller and/or alternatively distributed controllers and processors associated with the transaction function devices, to sense and capture diagnostic data concerning the operation of the various transaction function devices. In an exemplary embodiment this diagnostic data includes more than an indication of a disabling malfunction. In some embodiments and with regard to some transaction function devices, the data may include for example instances of speed, intensity, deflection, vacuum, force, friction, pressure, sound, vibration, wear, or other parameters that may be of significance for purposes of detecting conditions that may be developing with regard to the machine and the transaction function devices contained therein. The nature of the diagnostic data that may be obtained will depend on the particular transaction function devices and the capabilities thereof as well as the programming of the controllers within the machine.

In the exemplary embodiment the controller is operative to process data representative of the condition of the various transaction function devices and to store such information in one or more data stores in a protected form. In an exemplary embodiment the protected form of the information is such that persons who are not authorized and do not have a suitable diagnostic article are not able to obtain access to such data. The nature of the protection used for the data may include in some cases encryption, storing such data in a memory device which erases the data in the event of tampering, or in other forms so as to protect such data from unauthorized persons.

In an exemplary embodiment authorized servicers are enabled to utilize the diagnostic data and to facilitate remedial and preventive maintenance on the machine by being issued a diagnostic article such as diagnostic article 98 previously mentioned in conjunction with FIG. 4. In the exemplary embodiment the diagnostic article is computer readable media such as a CD which may be operatively engaged with a diagnostic article reading device 96 such as a CD drive. Of course it should be understood that in other embodiments the diagnostic article may have other forms and may include for example a portable terminal such as a PDA or cell phone or may be a portable storage device such as a plug in USB memory module or smart card.

In the exemplary embodiment engaging the diagnostic article in operative connection with the controller enables a servicer to obtain access to the diagnostic data as well as to access information from the article which provides an indication of the significance of the diagnostic data being received. In an exemplary embodiment the diagnostic article includes service manual data which can be output through an output device of the ATM or other terminal, and which a servicer can utilize in a manner similar to repair instructions and other information which are usable to conduct servicing operations on the ATM. Further, in an exemplary embodiment, the diagnostic article includes diagnostic instructions that are operative to interpret results of diagnostic tests or operations that can be performed through operation of the controller.

In the exemplary embodiment the diagnostic article includes instructions which may be utilized by and interact with the controller of the machine. This enables the servicer to utilize the diagnostic data as well as service data from the diagnostic article to provide output indicia through an output device which may suggest to a servicer certain diagnostic tests. The controller may then be operated to enable a user to provide inputs through one or more input devices of the machine corresponding to such diagnostic tests. These diagnostic instructions which are included in the service data on the diagnostic article cause the controller to interact with the transaction function devices and to produce one or more results. Responsive to such results the controller in the machine is operative to cause the output of indicia which may indicate the result(s) to a servicer. Further responsive to the result(s) and the service data on the diagnostic article, the controller may operate to cause the output of indicia corresponding to other diagnostic tests which may be conducted as well as service or remedial actions which a servicer should consider taking in order to fix existing problems or minimize the risk of future ones. In an exemplary embodiment the service data included in the diagnostic article can be used to guide a servicer through service activities as well as to interact with the controller and provide servicer interaction at the machine so as to obtain test results and enable diagnosis of conditions within the machine. In addition, the exemplary embodiment of the service article when in operative connection with the controller, enables the output of indicia which may comprise textual, audible or graphical information so as to facilitate servicing activities at the machine by the servicer.

In the exemplary embodiment of the service article, the article provides to the controller one or more secret codes, commands, results or other things, all of which are referred to herein for brevity as secret codes. Such secret codes are analyzed through operation of the controller to determine if the diagnostic article is authorized. In some embodiments the controller may operate to require a user to input information which is utilized in making a determination as to whether the article is authorized. Such input user information may include for example, input codes to input devices on the machine or biometric inputs. In addition or in the alternative the secret codes which are derived from the diagnostic article may