Skip to main content
SpringerLink
Log in

Automated teller machines: their history and authentication protocols

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

“Money is like a sixth sense—and you can’t make use of the other five without it.”

W. Somerset Maugham

“Money is better than poverty, if only for financial reasons.”

Woody Allen

“The trick is to stop thinking of it as your money.”

IRS Dogma.

Abstract

Luther Simjian filed a patent in 1959 for perhaps the first ATM; he convinced the City Bank of New York (now Citibank) to run a 6-month field test of his Bankmatic. The test was, however, not extended due to lack of demand. Simjian suggested that the only customers using the machine were a small number of prostitutes and gamblers who did not want to deal with bank tellers face to face. Nature abhors a vacuum and is also the mother of invention; John Shepherd-Barron (OBE), managing director of London’s De La Rue Instruments succeeded in 1964 with help from Barclay’s Bank. The DACS (De La Rue Automatic Cash System) was installed at their branch in Enfield, North London, on June 27, 1967. Since banks are guardians of your money, it was necessary to institute controls on who could get the moolah or lolly! JSB and his many successors required an ATM user to provide two identifiers: the first, a PAN—proof of the existence of a bank account—though not necessary well funded—and the second, a PIN—proof of identity, the creation of James Goodfellow of Chubb’s Integrated System. The PAN in time would ultimately be recorded magnetically on an ATM bankcard, the PIN entered at the ATM’s keyboard. Goodfellow’s invention was followed by ATM inventions of Geoffrey Constable (also of Chubb) and in the US by Donald C. Wetzel. He was former baseball player (shortstop) for a farm team of the San Francisco (née New York) Giants, IBM sales person and then vice president of Docutel. Since pickpockets were plentiful in London, a substantial part of the security rested with knowledge of the PIN. But how were the PAN and PIN related and how was this tested during an ATM transaction? These remained to be discovered. The IBM Corporation entered the scene in 1968 with a contact to design an ATM. Horst Feistel working at their Yorktown Research Center developed the first cryptographic algorithm to relate the PIN and PAN. Feistel’s algorithm LUCIFER was modified and affirmed in 1976 as the Data Encryption Standard (DES) in the US by the National Bureau of Standards. It evolved into Triple DES (3DES), currently the guardian of most PINs today. This paper is a summary of the achievements of the inventors, the problems encountered and the necessary technical enhancements needed and introduced.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. I remember the difficulty trying to cash a check drawn on a New York bank on my first extended visit to California in 1963.

  2. http://paysimple.com/articles/echeck_processing.html claims that it costs $1.22 to process a check. The cost of an ATM transaction (at your home bank’s banking network) is in the pennies. The fees at a bank outside of your home bank’s banking network range from $2 to $5. The website of ATMDepot.com which sells the machines to merchants, calls the ATM, the Amazing Money Machine and suggests “Get an ATM, Make Money”.

  3. The term provenance refers to the place of origin or earliest known history of an object.

  4. Four to six of the digits 0, 1, 2,..., 9.

  5. Luther also filed and was issued a later patent [8] which incorporates an ATM photographing the deposited check. It was brought to my attention in email from Bernardo Bátiz-Lazo.

  6. In [6] Bátiz-Lazo and Reid observe that Simjian’s patent describes less than a full-function ATM. However, Simjian’s patent writes “... the apparatus described hereafter is well adapted for such applications as cashing of checks, that is, accepting a check for ‘deposit and dispensing in exchange therefore money in pre-determined amounts...”

  7. Bernard Bátiz-Lazo and Robert Reid’s papers [5, 6] explain the history and patenting of Cash Dispensing in the UK. It contradicts JSB’s Saturday bank closing story stating that “... it was not until 1969, well after cash dispensers had proven their effectiveness, that banks stopped servicing retail clients on Saturday mornings”. As a romantic, I prefer Barron’s explanation, but as a mathematician I am obligated at least in footnotes to veritatem tantum scribere.

  8. Barclays’ website claims that it has more than 300 years of history from its beginnings in Lombard Street (London).

  9. The invention of then PIN is attributed to James Goodfellow (Sect. 3.3). Bernard Bátiz-Lazo and Robert Reid’s paper [5] writes “ ... prior to activating the machine, a manual signature was the first form of individual customers’ identification and authorization.” Of course, I like the explanation involving his wife more.

  10. Bernard Bátiz-Lazo and Robert Reid’s paper [6] questions the timing of the use of the PIN in a DACS explaining they were used in later models of the DACS and were developed for the Royal Dutch Shell Corporation. Additionally, it explains “ The idea [of vouchers] was that customers would purchase the vouchers from Barclays’ retail branches (during normal opening hours). These were valid for 6 months from the date of issue”.

  11. I hope the California Bar will not investigate me for practicing without a license. Perhaps English intellectual property rules are different than our rule, but in U.S. patent law, the specification of a patent is a description of a way in which the inventor intends to implement the invention. It need not be the only way in which the invention can be practiced. The description must only be such that a person of ordinary skill in the art should be able to build it. He could have patented it and kept his ideas still secret.

  12. ATM card.

  13. Lines 30–31 in the Specification describe the PIN as being composed of the digits 0–9. The inventors use the term plurality of numbers rather than specifying the PIN length.

  14. In mathematics, a function y = F(x) describes a correspondence between the values x and y. Cryptographic encipherment is an example of a correspondence.

  15. Email on 3/7/2015.

  16. Constable is also named as the inventor on a patent [11] filed and issued later.

  17. Two trials were held in Washington, DC at which counsel for Chubb included Stuart A. White of New York City and Thomas Vande Sande of Hall, Vande Sande & Pequignot, Potomac (Maryland). I consulted for Chubb and also testified on their behalf. The first trial found, as my analysis and testimony had concluded, that NCR infringed on Chubb; the second trial assessed damages. As preparation for my experience, I received extensive explanations of patent law from both White and Vande Sande. Subsequent education on patents during consulting for Robert Haslam, then at Heller-Ehrman (San Francisco, California), continued my legal education.

  18. The term means in a patent refers to some device performing some function.

  19. An ATM bank card might be a token.

  20. Plurality, a multitude, state of being numerous; in the world of patent law, plurality, just means more than one.

  21. Keyboard for PIN entry might be a second means.

  22. The PIN.

  23. Dispense cash.

  24. A flat piece of material.

  25. In a lengthy email on 3-10-15 from Mr. Constable.

  26. The encoded token contained the account number (8 digits), (national) sort code (6 digits), an expiry date (6 digits) and a PIN (at least 4 digits).

  27. In biology, cloning is the process of producing similar populations of genetically identical individuals that occurs in nature. In technology, the term also refers to the production of multiple copies of a product such as digital media or software. The term clone is derived from the Greek word, referring to the process whereby a new plant can be created from a twig.

  28. References [1, 3] cite John D. White and Kenneth Goldstein of Docutel as inventors. They filed the patent “Credit Card Automatic Currency Dispenser” on an earlier date July 29, 1970, and it was granted as US #3,662,343 on May 9, 1972, The assignee was also the Docutel Corporation, Remarkable coincidence perhaps, but the White and Goldstein patent contains the same three figures as shown in Wetzel et al. Novelty is a necessary condition for patentability as described in 35 U.S. Code § 102. For Wetzel to obtain a patent on the same idea and after the filing date of the White patent must mean something. Perhaps this should be referred to the disciplinary committee of ...

  29. The term clearing refers to the settlement process for checks between the banks.

  30. The National Physical Laboratory (NPL) was founded in 1900 “for standardizing and verifying instruments, for testing materials, and for the determination of physical constants.” It is one of the oldest standardizing laboratories in the world.

  31. See Figure 1 in [5, p. 36].

  32. The Burroughs Corporation was a major American manufacturer of business equipment. The company was founded in 1886 as the American Arithmometer Company, and after the 1986 merger with Sperry Univac was renamed Unisys.

  33. The Centre for Applied Cryptographic Research (CACR) is located at the University of Waterloo in Waterloo, Ontario, Canada. They carry out research in the field of cryptography.

  34. The word cryptography is derived from the Greek words kryptos, meaning hidden, and graphien, meaning to write.

  35. Described in 35 U.S.C. 184 Filing of Patent Application in a Foreign Country.

  36. Creative ideas that are not limited by current thinking or beliefs.

  37. In addition to Horst Feistel’s patent, IBM also was issued, US #3,962,539 “Product Block Cipher System for Data Security” describing the design of DES was filed by IBM Kingston on June 28, 1976. Listed as inventors were William Friedrich Ehrsam, Carl H. W. Meyer, Robert Lowell Powers, John Lynn Smith and Walter Leonard Tuchman.

  38. Never by me!

  39. A consortium of German banks.

  40. For GBP PIN calculations m is set to 4 and n is set to 6.

  41. The IBM Reference Guide [21] describes this mode of DES3 in which the keys K1 (=K3) and K2 are 8 bytes (64 bits) long. A key is coded using IBM’s traditional Extended Binary Coded Decimal Interchange Code (EBCDIC. This 8-bit character encoding is used mainly on IBM mainframe and IBM midrange computer operating systems.

  42. Lamont Cranston, alias the Shadow, was a 1940s super hero battling villainy.

    phan\(\cdot \)tom noun: a ghost, a figment of the imagination, denoting a financial arrangement or transaction that has been invented for fraudulent purposes but that does not really exist.

  43. Cryptanalysis refers to the study of cryptosystems with a view to finding weaknesses in them that will permit retrieval of the plaintext from the ciphertext, without necessarily knowing the key or the algorithm.

  44. http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/.

  45. In 1996, Andrew Stone, a computer security consultant from Hampshire in the UK, was convicted of stealing more than £1 million by pointing high-definition video cameras at ATMs from a considerable distance, and by recording the card numbers, expiry dates, etc. from the embossed detail on the ATM cards along with video footage of the PINs being entered. After getting all the information from the videotapes, he was able to produce clone cards which not only allowed him to withdraw the full daily limit for each account, but also allowed him to sidestep withdrawal limits by using multiple copied cards. In court, it was shown that he could withdraw as much as £10,000 per hour by using this method. Stone was sentenced to 5 years and 6 months in prison.

  46. Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information.

  47. See Sect. 5.8 for the analog in ATM-like transactions.

  48. It was the precursor of what is universally referred to as a Hardware Security Module which will be discussed in more detail starting in Sect. 5.4.

  49. To cut down on fraud, videos of a transaction at an ATM were made. In modern day ATM theft, criminals also use cameras ATM has a secret skimmer installed over the card entry slot to steal your card info and a fake panel with a tiny hole for the cell phone camera behind it that might actually capture your PIN number as you’re typing your PIN number into the pad.

  50. Rightmost 12 digits of PAN excluding check digits.

  51. In science, computing, and engineering, a black box is a device, system or object which can be viewed in terms of its inputs and outputs (or transfer characteristics), without any knowledge of its internal workings. Its implementation is “opaque” (black).

  52. Here’s bank loyalty; even though I once had a mortgage with them, the Bank of America refused to reveal to me even the number of HSMs serving their thirteen branches in Santa Barbara.

  53. Asymmetric digital subscriber line.

  54. The Norwegian vendor EMC Satcom Technologies is looking up!

  55. TCP/IP provides end-to-end connectivity specifying how data should be packetized, addressed, transmitted, routed and received at the destination. This functionality is organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved.

    The Transmission Control Protocol (TCP) is a core protocol of the Internet Protocol Suite along with the Internet Protocol (IP). TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets between applications running on hosts communicating over an IP network. TCP is the protocol for the applications including World Wide Web, email, remote administration and file transfer to rely on. Applications that do not require reliable data stream service may use the User Datagram Protocol (UDP), which provides a connectionless datagram service that emphasizes reduced latency over reliability.

  56. Email from Thales on 3-25-15.

  57. JPOS.org provides consulting and information on a variety of open-source, mission-critical enterprise software, based on International Organization for Standardization transaction card originated messages standard (ISO-8583).

  58. In 1982, I applied for and received a Visa card issued by the Bank of America which now has thirteen banks in my area. I. Because of the high costs of an HSM, not each Bank of America branch is an issuing bank.

  59. There are 7102 known living languages in the world according to https://www.ethnologue.com/. Fortunately, the number of keys, variables, counters and accoutrements of HSM and DUKPT (Sect. 5.8) is smaller, but philologists are a bit nervous.

  60. The keys are referred to in different presentations by other names, for example

    PVK : PIN Verification Key \(\leftrightarrow \) PDK

    KEK : Key Encryption Key \(\leftrightarrow \) KWK

    MFK : Master File Key \(\leftrightarrow \) KSK, TMK.

  61. To be discussed in Sect. 5.8.3.

  62. A key K consists of an identifier K_ID and a key token; the identifier points to a location in the tamper-resistant device where the key token is stored. There may be many different applications of DUPKT; for example, for exchange of health records, ATM transactions, POS transactions and so forth. DUPKT is a methodology and each application will have its only base derivation key. For APOS transactions, it maybe denoted at BKD-POS_ID.

  63. The ZPK is used to encrypt the PIN blocks that traverse the network between institutions, aka the working key. DUPKT participants are obligated to change the working key at agreed-upon intervals, typically advocate every 12 h. It is analogous to the HSM’s Pin Working Key (KWP).

  64. The ZMK as the key transportation vehicle; the key that the two parties use to encrypt and exchange new ZPKs. This key is established via a key ceremony. You keep a copy of the ZMK encrypted under the LMK in a file somewhere (you’ll see how it’s used here further down this post). Also referred to as the Key Exchange Key (KEK).

  65. Used to exchange keys with an HSM.

  66. No, not a Big-MAC or a MAC with cheese, but a Message Authentication Code which is used to test authenticity. Chulow writes [37, p. 35] “the MAC Generate call calculates a MAC over the user-supplied data using the given key. The MAC Verify call is used to verify that the data has not been modified. The issuing bank recalculates the MAC and compares it to the supplied MAC thereby confirming the authenticity of the data”.

  67. A key consists of an identifier (or handle) and a key token; the identifier points to a location in the HSM where the key token is stored.

  68. When I worked at IBM Research Center—a location which the distinguished American cryptographer A. A. Albert called IBM’s intellectual playground —I used to believe that “those who can, do research, while, those who cannot, teach. Perhaps, I was influenced as an amateur musician by Woody Allen who said “ ‘those who can’t do [research], teach. And those who can’t teach gym.” Of course, when I came to UCSB, it was necessary to modify my paradigm; I replaced teaching with standards making entities.

  69. Payment Card Industry (PCI), Security Council Standards.

  70. The idea of unintended consequences dates back at least to John Locke who discussed the unintended consequences of interest rate regulation in his letter to Sir John Somers, Member of Parliament. The idea was also discussed by Adam Smith, the Scottish Enlightenment. In the twentieth century, the sociologist Robert K. Merton popularized this concept.

  71. Assumed to be in.ISO-0 (Visa 1) format.

  72. According to Google translate, “when Giants fall!?

  73. Normally I would never propose letting a governmental agency decide anything, but I do not see any viable alternative.

  74. Perhaps, I should be more circumspect, adhering to Gilbert and Sullivan’s advice writing “well, hardly ever!”

  75. Cambridge University consists of 31 colleges founded between the 13th and 20th centuries, but most before 1596. I am a great fan of age!

  76. The Computer Laboratory is an academic department within Cambridge University that encompasses Computer Science, along with many aspects of Engineering, Technology and Mathematics. It consists of 41 academic staff, 29 support staff, 5 research fellows, 81 post-doctoral research workers and 119 PhD students. They have over 300 undergraduates studying for Part I, II and III of the Computer Science Tripos and 36 graduate students studying for the M.Phil in Advanced Computer Science.

  77. The password (PW) and User_ID which I enter when first establishing a secure html connection to Vendor.com via SSL/TLS are not only chosen by me, but the PW is not related to the User_ID. Having authenticated myself, I use my credit card without any additional security-based hurdles to climb. This is not the case in an ATM/POS transaction where the two tokens (PAN and PIN) are related.

References

  1. Bellis, M.: Automatic Teller Machines—ATM. http://inventors.about.com/od/astartinventions/a/atm.htm/

  2. McRobbie, L.R.: The ATM is dead. Long live the ATM! smithsonian.com, pp. 1–11 (January 8, 2015)

  3. Miller, A.: Who invented the ATM machine? http://www.atminventor.com/

  4. Campbell-Kelley, M.: John Sheperd-Barron Obituary. In: The Guardian (May 23, 2010)

  5. Bátez-Lazlo, B., Reid, R.J.K.: The development of cash dispensing technology in the UK. IEEE Ann. Hist. Comput. 33(3), 32–45 (2011)

  6. Bátez-Lazlo, B., Reid, R.J.K.: Evidence from the Patent Record on the Development of Cash Dispensing Technology History of Telecommunications Conference, pp. 110–114 (2008)

  7. Shimjian, L.G.: US Patent # 3,039,58. Subscriber controlled apparatus (April 9, 1959)

  8. Simjian, L.: US Patent 3,038,157. Deposit exchange machine including image recording means, pp. 1–14 (Filed February 26, 1960)

  9. Davies, A.I.O., Goodfellow, J.: US Patent 3,905,461. Access control equipment, pp. 1–8 (Filed May 1, 1967)

  10. Constable, G.E.P.: US. Patent 3,673,571. Credit-and access-control equipment, pp. 1–7 (Filed November 17, 1970)

  11. Constable, G.E.P.: US. Patent 3,892,948. Accesses or transaction control equipment, pp. 1–10 (Filed February 23, 1973)

  12. Allison, D.K.: NMAH interview with Mr. Don Wetzel, pp. 1-30. http://americanhistory.si.edu/comphist/wetzel.htm#B (September 21, 1, 1995)

  13. Kansas City Federal Reserve: A guide to the ATM and debit card industry, pp. 1–140. https://www.kansascityfed.org/publicat/PSR/BksJournArticles/ATMPaper.pdf (2003)

  14. Langford, S.: PIN Security: Management and Concerns. In: 1st CACR Information Security Workshop Secure Provision of Cryptographic Services Centre for Applied Cryptographic Research (CACR) University of Waterloo, Waterloo, Ontario, Canada (November 24, 1998)

  15. Konheim, A.G.: The impetus to creativity (to appear in Cryptologia) (October 2015)

  16. Konheim, A.G.: The early life of Horst Feistel (to appear in Cryptologia) (January 2016)

  17. Feistel, H.: Cryptography and computer privacy. Sci. Am. 228(5), 15–23 (1973)

  18. Smith, J.L.: US Patent #3,796,830. Recirculating block cipher cryptographic system (Filed November 1971)

  19. Sorkin, A.: LUCIFER: a cryptographic algorithm. Cryptologia 8(1), 22–41 (1984)

  20. National Bureau of Standards “ Federal Information Processing Standards Publication 46–1, “Data Encryption Standard (DES)”, National Bureau of Standards, January 22, 1988; superseded by Federal Information Processing Standards Publication 46–2, December 30, 1993, and reaffirmed as FIPS PUB 46–3, October 25, 1999

  21. IBM Corporation z/OS Cryptographic Services ICSF Application Programmer’s Guide: IBM PIN Algorithms SA22-7522-16b

  22. Anderson, R.: Why cryptosystems fail. In: Proceedings of the 1993 ACM conference on computer and communication security. 37(11), pp. 33–40 (1993)

  23. Arthur, C.: How ATM Fraud Nearly Brought Down British Banking: Phantoms and Rogue Banks, pp. 1–9. http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/ (2005)

  24. Cox, E.B.: Developing an Electronic Funds Transfer System: Incentives and Obstacles, pp. 15–45. https://www.bostonfed.org/economic/conf/conf13/conf13c.pdf (1974)

  25. Sienkiewicz, S.: The Evolution of EFT Networks from ATMs to New On-Line Debit Payment Products Workshop of the Payment Cards Center of the Federal Reserve Bank of Philadelphia on the evolution of the electronic funds transfer (EFT) industry, pp. 1–12. http://philadelphiafed.org/consumer-credit-and-payments/payment-cards-Center/publications/discussion-papers/2002/EFTNetworks_042002 (June 2001)

  26. Konheim, A.G.: Cryptography: Primer. Wiley, New York (1981)

  27. American National Standards Institute: ANSI X9.8-1:2003 Banking–Personal Identification Number Management and Security—Part 1: PIN protection principles and techniques for online PIN verification in ATM & POS systems

  28. National Institute of Standards: Federal Information Processing Standards Publication 140-2. Security requirements for cryptographic modules. May 25, 2001; updated December 3, 2002

  29. Snouffer, R., Lee, A., Oldehoeft, A.: A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140–1 and FIPS 140–2. NIST Special Publication 800-29, pp. 1–291 (June 2001)

  30. Jpos.org: Some HSM basics and how they work. http://jpos.org/wiki/HSM_basics. September 24 (2005)

  31. Demaertelaere, F.: Hardware security modules. Atos worldwide, pp. 1–53. http://secappdev.org/handouts/2010/Filip%20Demaertelaere/HSM.pdf (2010)

  32. Hines, L., Hopkins, D., Kalibjian, J., Langford, S., Wierenga, S.: Hardware Security Module Use in Banking and Electronic Commerce Applications. Hewlett Packard Corporation http://www.openmpe.com/cslproceed/HPW04CD/papers/3327.pdf (2004)

  33. Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processor—a survey. Cambridge University Computer Laboratory Technical Report #641, pp. 1–19 (August 2005)

  34. American National Standards Institute: ANSI X9.24-1: Retail financial services symmetric key management part 1: using symmetric techniques (10/13/09)

  35. Tiwari, D.: How ATM plastic PIN money works. http://devesh-tiwari.blogspot.com/ (2005)

  36. Marvis.com: Derived unique key per transaction, DUPKT. www.maravis.com/library/derived-unique-key-per-transaction-dukpt/ (June 2009)

  37. Chulow, J.: The design and analysis of cryptographic application programming interfaces for security devices. Master of Science in Mathematics Dissertation, University of Natal, Durham (South Africa) (2003)

  38. RSA Laboratories, PKCS #11: Cryptographic Token Interface Standard, Version 2.2, pp. 1–407 (June 2004)

  39. International Standards Organization: ISO 9564, ISO 9564—Banking Personal Identification Number Package (ISO 9564-1 (Banking) 2002; ISO 9564-3(Banking) 2003; ISO 9564-4(Banking) 2004; ISO 9564-1(Financial) 2011; ISO 9564-2(Financial) 2012)

  40. Payment Card Industry (PCI): Security Council Standards Hardware Security Module (HSM) Security Requirements Version 1.0, pp. 26 (April 2009)

  41. Visa.com: Visa Best Practices for Tokenization Version 1.0, pp. 1–4. http://usa.visa.com/download/merchants/tokenization_best_practices.pdf (July 2010)

  42. MasterCard: Transaction Processing Rules. In: Cryptographic Algorithms and Their Uses, Eracom Workshop 2004, 11 December 2014, pp. 1–246 (2004). http://www.mastercard.com/us/merchant/pdf/TPR-Entire_Manual_public.pdf

  43. Bond, M., Zelinski, P.: “Decimalisation Table Attacks for PIN Cracking. Cambridge University Computer Laboratory Technical Report #540, pp. 1–14 (2003)

  44. Focardi, R., Luccio, F., Steel, G.: Blunting differential attacks on PIN processing APIs. In: Proceedings NordSec ’09 Proceedings of the 14th Nordic conference on secure IT systems: identity and privacy in the internet age, pp. 88–103 (2009)

  45. Steel, G.: Formal analysis of PIN block attacks. Theor. Comput. Sci. 367(1–2), 257–270 (2006)

  46. Coppersmith, D.: The Data Encryption Standard (DES) and its strength against attacks. IBM J. Res. Dev. 38(3), 243–250 (1994)

  47. Bilham, E., Shamir, A.: Differential Cryptanalysis of DES-Like Cryptosystems Advances in Cryptology—CRYPTO ’90. Springer-Verlag, Berlin (1990)

    Google Scholar 

  48. Bond, M., Chulow, J.: Encrypted? Randomized? Compromised? Cryptogr. Algorithms Uses Eracom Workshop 2004, 140–151 (2004)

  49. Kelsey, J., Schneier, B., Wagner, D.: Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES. International cryptology conference—CRYPTO, pp. 237–251 (1996)

  50. Bond, M.: Extracting a 3DES key from an IBM 4758. http://www.cl.cam.ac.uk/~rnc1/descrack/

  51. Bond, M.: Attacks on cryptoprocessor transaction sets. In: Proceedings of the CHES 2001 workshop, Paris 2001, pp. 220–234. Springer Verlag LNCS 2162 (2001)

  52. Federal Reserve System: The 2013 Federal Reserve Payments Study, pp. 1–43. https://www.frbservices.org/files/communications/pdf/research/2013_payments_study_summary.pdf (December 19, 2013)

Download references

Acknowledgments

I am in the debt of many people and wish to acknowledge with thanks their help; first, to the three current octogenarians who participated in the creation of the ATM machine.

I located Mr. Wetzel’s postal address in a Google search, snail-mailed him a letter and he returned the call. My new English acquaintances were introduced to me by a new friend Bernardo Batiz-Lazo who has written extensively about the history, evolution and economics of the ATM. Finally, my thanks to Devesh Tiwari of Gemalto.com, who was kind enough to explain some technical points.

Author information

Authors and Affiliations

  1. Emeritus Department of Computer Science, University of California at Santa Barbara, Santa Barbara, CA, 93106, USA

    Alan G. Konheim

Authors
  1. Alan G. Konheim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alan G. Konheim.

Additional information

W. Somerset Maugham: British playwright, novelist and short-story writer (1874–1965).

Woody Allen: Heywood “Woody” Allen is an American actor, writer, director, comedian, musician (clarinet), and playwright. He is very much alive expanding his career spans more than 50 years.

“In the bank, large amounts, I’m afraid these don’t grow on trees. You’ve got to pick-a-pocket or two”. from the Pickpocket song in Oliver—words and lyrics by Lionel Bart.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Konheim, A.G. Automated teller machines: their history and authentication protocols. J Cryptogr Eng 6, 1–29 (2016). https://doi.org/10.1007/s13389-015-0104-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-015-0104-3

Keywords

Search

Navigation