Director, Professional Services, Wind River
For an insider in the automated teller machine (ATM) industry, January 14, 2020, is a meaningful date. That is the day when Microsoft Windows 7 will reach end-of-life and lose official support from Microsoft. The seemingly logical solution is to upgrade to Windows 10, especially since it has upgraded security features and is supported. Unfortunately, it’s not that simple. Most ATMs are running on older Intel® motherboards that are no longer supported by Windows 10. This means that ATM maintainers must spend approximately $2,500 per ATM to upgrade each motherboard to a supported model. Multiply this by a significant portion of the 4 million worldwide ATMs in 2020, and we have a $4–$6 billion problem for the industry.
Wind River® recently collaborated with a major global bank on a proof of concept to address this problem and see how a software solution could help. This paper will outline the results of the proof of concept project and demonstrate a viable solution that will avoid a large portion of the motherboard upgrade costs.
A simplified view of the typical ATM architecture is shown below. Most have a Windows 7 operating system, 32-bit Windows drivers, and run on an older Intel PC motherboard (think Core i5). Each bank has unique software and user interfaces, most on top of a middleware stack that consists of CEN/XFS—a somewhat standardized financial API stack for Windows. Additionally, the typical ATM has a number of peripherals connected via USB—pin pads, card readers, receipt printers, cash drawers, and so on.
The default path forward is to replace the Windows 7 operating system with Windows 10, which generally also results in an upgrade to 64-bit Windows drivers. And because Windows 10 is only supported on newer Intel motherboards, often a new modern motherboard is required. The diagram below shows the resulting architecture, with the new items highlighted in gray.
Proof of Concept
With the objective of avoiding motherboard replacement, our PoC approach consists of adding Wind River Linux and a hypervisor into the software stack to yield the diagram below. Wind River Linux is based on the open source Yocto Project (www.yoctoproject.org) and has the necessary long-term support required by the ATM industry. The changed components are, again, in gray below:
Let’s consider these two new components and the value they bring. Linux has one valuable feature when compared to other operating systems: It usually supports things for a long time. In this case, while the motherboards are not supported on Windows 10, they are supported on the distribution of Linux we chose. So adding Linux to the solution provides a supported solution. We used an open source, commercially supported version of Linux targeted at embedded devices; it offers long-term support, including kernel patches and ongoing security monitoring.
Hypervisors (HVs) have been in use since the 1970s. There are several different types, but most allow you to separate the operating system from the hardware, and they allow you to create and manage one or more virtual machines, or “guests,” on top of a “host” machine. In our proof of concept, the hypervisor is essentially a software layer that sits on top of Linux and mimics the hardware that Windows 10 wants to see. It presents itself as generic Intel hardware that Windows supports.
We loaded this software stack onto two modern ATMs. We chose the two largest ATM providers: NCR and Diebold. These ATMs were located in the banks lab environment and consisted of typical ATM hardware and peripherals, with typical software including AppLocker, BitLocker, and other security software.
Our use case was as follows:
- Enter an ATM card.
- Use the card reader to read and authenticate it.
- Allow the user to use the touchscreen to select a cash withdrawal.
- Activate the cash dispenser to distribute the cash.
- Use the printer to print a receipt.
- Return the card to the user.
The results of the proof of concept were successful on both ATMs—we successfully operated the ATM per our use case. We have proven that a Windows 10 operating system in a Linux hypervisor environment works with older Intel motherboards. All typical Windows functions worked as expected, with no performance degradation:
- The ATMs booted normally and presented the user with the default screens.
- When the ATM card was entered, the ATM read and validated it.
- The user could then enter the transaction and dollar amount to withdraw.
- The cash dispenser was activated.
- A receipt was printed and the card was returned to the user.
As those in the ATM industry know, cash dispensers are equipped with multiple security measures, and the proof of concept proved that these continued to work well under the new scenario. The cash dispenser would not distribute the cash given that the pairing between the motherboard and dispenser had been disrupted. However, this problem should not be a showstopper when the project moves to pilot stage and we work with ATM vendors so that they can understand and control this interaction.
Mike Lee, CEO of the ATM Industry Association (ATMIA), reviewed the results and said, “This proof of concept is a true breakthrough for the global ATM industry, at just the right time. With the 2020 migration to Windows 10 now imminent, the biggest fear for banks and independent ATM deployers (IADs) is the cost of upgrades associated with migrating to the new operating system. Using Linux and a hypervisor platform has the potential to address this significant pain point for our industry.”
Now that the proof of concept is complete, the project should move to a pilot stage in partnership with one or more ATM vendors, to prove that the cash dispenser will indeed dispense cash. It will also open up testing to a large number of ATM models. Further, we can verify that other ATM peripherals, such as cash recyclers and check deposit drawers, also work as expected.
A supported, commercial solution could be made available in advance of the January 14, 2020 deadline.
Much work is ongoing within the industry to make ATM operating systems agonistic. In fact, ATMIA’s next-generation ATM project is squarely focused on this effort. This exciting work will also open up additional services on ATMs. See www.atmia.com/connections/committees/consortium-for-next-gen-atms for more information on this effort.
Interestingly, on the way to this next-generation ATM, the solution proposed above will allow some “baby steps” to happen. For example, the architecture could be expanded as shown below:
We have identified three specific future opportunities so far. First, “micro services” could be run in a completely separate virtual machine on Windows, Linux, or any other operating system supported by the hypervisor. This would keep them completely separated from the ATM functions. They could talk to web-based or financial institution back-end systems as required. Example micro services could include the purchase of lottery tickets, paying bills, buying bus tickets, or paying for parking.
Second, Linux offers some advanced security measures beyond a Windows-only solution. Secure boot chains, advanced hard disk encryption, and application attestation all come to mind.
Third, by using virtual machines, there is the potential for a significant reduction in new software distribution time. It is possible to spin up a new virtual machine, download the new software, and make a hot swap to the new version within minutes. This can all be accomplished in an over-the-air format. Software upgrades that take hours today—and often take the ATM is out of service for hours—could be reduced to minutes.
The ATM industry is facing a substantial expense over the next year, as millions of ATM motherboards need to be replaced to support Windows 10. Our proof of concept has shown that Wind River Linux and a hypervisor can provide a viable software solution that avoids the motherboard replacement cycle. Additional validation with ATM vendors is required in early 2019 to completely prove the solution. This platform also has the advantage of being able to support additional new services until the ATMIA’s next-generation ATM is up and running.