The electronic casino gaming system consists of several system components, including a microprocessor (12), a main memory unit (13) that is typically a random access memory, and a system boot ROM (14). Also included in the electronic casino gaming system are a non-volatile RAM (17), a mass storage unit (18), a disk subsystem (19), and a PCI bus (20). The disk subsystem (19) preferably supports SCSI-2 with options of fast and wide. A video subsystem (22) is also included in the electronic casino gaming system and is coupled to the PCI bus (20) to provide full color still images and MPEG movies.

PTO Wrapper PDF
Dossier Espace Google
Patent
   RE39368
Priority
Jun 29 1995
Filed
Jun 17 1996
Issued
Oct 31 2006
Expiry
Jun 29 2015
Inventors
Alcorn, Al…
Assg.orig
IGT
Assg.curr
IGT
Entity
unknown
Referenced by
20
References
87
Maint.:
EXPIRED
BRIEF DESCRIPTION OF…
DETAILED DESCRIPTION…
0. 31. A casino gaming apparatus, comprising:
a casino game console;
a video display unit;
a main memory providing an executable space for a processor disposed in said casino game console;
a disk memory having gaming data relating to a casino game including program data and image data stored therein;
a memory storing software for controlling the disk memory wherein the software is authenticated prior to the gaming data related to the casino game; and
a nonvolatile memory operable to store gaming data at least related to the play of the casino game;
the processor disposed in said casino game console and being operatively coupled to said video display unit, said main memory, said memory, said nonvolatile memory and said disk memory, and
said processor operable to cause said gaming data to be authenticated based on a comparison of a first hash value generated from at least a portion of said gaming data relating to the casino game with a second hash value generated from known gaming data.
0. 49. A casino gaming apparatus, comprising:
a casino game console;
a video display unit;
a main memory providing an executable space for a processor, said main memory being disposed in said casino game console;
a disk memory, said disk memory having gaming data relating to a casino game stored therein; and
a memory storing system logic for reading files in a file system on the disk memory wherein the system logic is authenticated prior to authenticating the gaming data, said memory being disposed in said casino game console;
the processor disposed in said casino game console and being operatively coupled to said video display unit, said main memory, said memory and said disk memory,
said processor operable to cause said gaming data to be authenticated based on a comparison of data generated by said processor from a hash function applied to said gaming data with data generated from the hash function applied to known gaming data, and
said processor operable to cause a remedial action to be taken based on an outcome of said authentication of said gaming data.
0. 69. A casino gaming apparatus comprising:
a casino game console;
a video display unit;
a main memory providing an executable space for a processor being disposed in said casino game console;
a disk memory having gaming data relating to a casino game stored therein;
a memory storing an operating system adapted to control the disk memory wherein the operating system is authenticated prior to an authentication of the gaming data; and
at least one peripheral device coupled to the casino game console wherein the peripheral device includes a memory device for storing a fixed data set, a program or combinations thereof and wherein prior to allowing the program or the fixed data set to participate in system operations on the casino gaming apparatus, the casino gaming apparatus is operable to authenticate the fixed data set, the program or the combinations stored on the peripheral device;
the processor disposed in said casino game console and being operatively coupled to said video display unit, said main memory, said memory, the peripheral device and said disk memory,
said processor operable to cause said gaming data, the fixed data or the program to be checked based on a comparison of information generated from said gaming data, the fixed data or the program with previously generated data, and
said processor causing a remedial action to be taken based on an outcome of said checking of said gaming data, the fixed data or the program.
0. 16. A casino gaming apparatus, comprising:
a casino game console;
a video display unit;
a main memory providing an executable space for a processor, said main memory being disposed in said casino game console;
a disk memory having gaming data relating to a casino game stored therein;
a nonvolatile memory operable to store gaming data at least related to the play of the casino game; and
a memory storing an operating system, said memory being disposed in said casino game console, wherein the operating system is enabled to control the disk memory and wherein the operating system is authenticated prior to the gaming data relating to the casino game;
the processor disposed in said casino game console and being operatively coupled to said video display unit, said main memory, said nonvolatile memory, said memory and said disk memory,
said processor operable to cause said gaming data stored in said disk memory to be transferred to said main memory,
said processor operable to cause said gaming data that was transferred from said disk memory to said main memory to be authenticated based on comparison of a message digest generated by performing a one-way hash function on said gaming data being authenticated with a message digest previously generated by performing a one-way hash function on known gaming data, each of said one-way hash functions producing a fixed-size string of bits, and
said processor causing a remedial action to be taken if said gaming data transferred from said disk memory to said main memory is not authentic as determined by said processor.
0. 1. An electronic gaming system for providing authentication of a data set associated with a casino type game, said system comprising:
(a) a first storage means for storing a game data set and a game signature comprising an encrypted version of a unique primary abbreviated game bit string computed from said game data set;
(b) a second storage means for storing,
an anchor application including a first authentication program capable of determining the validity of said game data set by,
computing a complementary abbreviated game bit string from said game data set,
decrypting said game signature set to recover said primary abbreviated game bit string,
comparing said complementary abbreviated game bit string with said primary abbreviated game bit string to determine whether a match is present, and
an anchor signature including an encrypted version of a unique primary abbreviated anchor bit string computed from said anchor application;
(c) a third storage means for storing a second authentication program capable of determining the validity of said anchor application by,
computing a complementary abbreviated anchor bit string from said anchor application,
decrypting said anchor signature to recover said primary abbreviated anchor bit string, and
comparing said complementary abbreviated anchor bit string with said primary abbreviated anchor bit string to determine whether a match is present; and
(d) processing means for enabling said first authentication program to determine the validity of said game data set and for enabling said second authentication program to determine the validity of said anchor application.
0. 2. An electronic gaming system as recited in claim 1 further comprising a fourth storage means for storing basic input/output system (BIOS) code.
0. 3. An electronic gaming system as recited in claim 2 wherein said fourth storage means is an unalterable ROM device.
0. 4. An electronic gaming system as recited in claim 1 wherein said third storage means further stores operating system code, operating system drivers, and bootstrap code.
0. 5. An electronic gaming system as recited in claim 1 wherein said first storage means and said second storage means comprise a single mass storage means.
0. 6. An electronic gaming system as recited in claim 1 wherein said first storage means is a mass storage memory device.
0. 7. An electronic gaming system as recited in claim 1 wherein said third storage means is an unalterable read only memory.
0. 8. An electronic gaming system as recited in claim 1 wherein said first storage means is a CD ROM.
0. 9. An electronic gaming system as recited in claim 1 wherein said first storage means is a hard disk drive.
0. 10. An electronic gaming system as recited in claim 1 wherein said first storage means comprises a network storage system which is remote from the electronic gaming system.
0. 11. An electronic gaming system as recited in claim 1 wherein said second storage means comprises a network storage system which is remote from the electronic gaming system.
0. 12. An electronic gaming system as recited in claim 1 wherein said game data set is a game-modifying data set for changing game rules parameters of the casino type game.
0. 13. An electronic gaming system as recited in claim 12 wherein said game-modifying data set includes a money handler modifying data set for changing money handling parameters of the casino type game.
0. 14. An electronic gaming system as recited in claim 12 wherein said game-modifying data sets include a graphics modifying data set for changing graphics parameters of the casino type game.
0. 15. An electronic gaming system as recited in claim 12 wherein said game-modifying data sets include a sound driver modifying data set for changing sound parameters of the casino type game.
0. 17. The casino gaming apparatus as defined in claim 16 wherein the operating system is adapted for allowing access to files in a file system on the disk memory.
0. 18. The casino gaming apparatus as defined in claim 16 wherein said disk memory comprises an optical disk.
0. 19. The casino gaming apparatus as defined in claim 16 further comprising at least one peripheral device coupled to the gaming console, the peripheral device including a memory device wherein the processor is operable to authenticate contents of the memory device.
0. 20. The casino gaming apparatus as defined in claim 16 wherein said disk memory comprises a magnetic hard disk.
0. 21. The casino gaming apparatus as defined in claim 16 wherein said disk memory is operable as a read-only memory.
0. 22. The casino gaming apparatus as defined in claim 16 wherein the disk memory is disposed in said casino game console.
0. 23. The casino gaming apparatus as defined in claim 16 wherein the disk memory is disposed in a remote location separate from said casino game console.
0. 24. The casino gaming apparatus as defined in claim 16 wherein the nonvolatile memory is disposed in said casino game console.
0. 25. The casino gaming apparatus as defined in claim 16 wherein the nonvolatile memory is disposed in a remote location separate from said casino game console.
0. 26. The casino gaming apparatus as defined in claim 16 wherein the video display unit is disposed in a remote location separate from said casino game console.
0. 27. The casino gaming apparatus as defined in claim 16 further comprising a video subsystem, operatively coupled to the video display unit and operatively coupled to the processor, the video subsystem adapted for displaying still images, motion video or combinations thereof.
0. 28. The casino gaming apparatus as defined in claim 16 wherein the processor is operable to generate a plurality of different casino games and wherein the plurality of different games are stored on the disk memory.
0. 29. The casino gaming apparatus as defined in claim 16 wherein in response to receiving a selection of a first casino game from a plurality of different casino games, the casino gaming apparatus is operable to generate a play of the first casino game on the casino gaming apparatus.
0. 30. The casino gaming apparatus as defined in claim 16 further comprising a sound-generating apparatus operatively coupled to the processor.
0. 32. The casino gaming apparatus as defined in claim 31 further comprising a memory storing logic for an operating system.
0. 33. The casino gaming apparatus as defined in claim 32 further comprising a secure loader adapted to control a loading of the portions of the gaming data related to the casino game from the disk memory.
0. 34. The casino gaming apparatus as defined in claim 32 wherein the logic for the operating system is authenticated prior to loading the portions of the casino game from the disk memory.
0. 35. The casino gaming apparatus as defined in claim 31 wherein the operating system is adapted for allowing access to files in a file system on the disk memory.
0. 36. The casino gaming apparatus as defined in claim 31 wherein said disk memory comprises an optical disk.
0. 37. The casino gaming apparatus as defined in claim 31 further comprising at least one peripheral device coupled to the gaming console including a memory device wherein the processor is operable to authenticate contents of the memory device.
0. 38. The casino gaming apparatus as defined in claim 31 wherein said disk memory comprises a magnetic hard disk.
0. 39. The casino gaming apparatus as defined in claim 31 wherein said disk memory is operable as a read-only memory.
0. 40. The casino gaming apparatus as defined in claim 31 wherein the disk memory is disposed in said casino game console.
0. 41. The casino gaming apparatus as defined in claim 31 wherein the disk memory is disposed in a remote location separate from said casino game console.
0. 42. The casino gaming apparatus as defined in claim 31 wherein the nonvolatile memory is disposed in said casino game console.
0. 43. The casino gaming apparatus as defined in claim 31 wherein the nonvolatile memory is disposed in a remote location separate from said casino game console.
0. 44. The casino gaming apparatus as defined in claim 31 wherein the video display unit is disposed in a remote location separate from said casino game console.
0. 45. The casino gaming apparatus as defined in claim 31 further comprising a video subsystem, operatively coupled to the video display unit and operatively coupled to the processor, adapted for displaying still images, motion video or combinations thereof.
0. 46. The casino gaming apparatus as defined in claim 31 wherein the processor is operable to generate a plurality of different casino games and wherein the plurality of different games are stored on the disk memory.
0. 47. The casino gaming apparatus as defined in claim 31 wherein in response to receiving a selection of a first casino game from a plurality of different casino games, the casino gaming apparatus is operable to generate a play of the first casino game on the casino gaming apparatus.
0. 48. The casino gaming apparatus as defined in claim 31 further comprising a sound-generating apparatus operatively coupled to the processor.
0. 50. The casino gaming apparatus as defined in claim 49 wherein the memory is an unalterable memory separate from the main memory and separate from the disk the memory.
0. 51. The casino gaming apparatus as defined in claim 49 wherein the memory is an alterable memory separate from the main memory and separate from the disk memory.
0. 52. The casino gaming apparatus as defined in claim 49 wherein the processor is operable to cause information related to the authentication to be transferred to a remote storage device.
0. 53. The casino gaming apparatus as defined in claim 49 wherein the system logic is a function of an operating system.
0. 54. The casino gaming apparatus as defined in claim 49 further comprising a first memory storing a secure loader for loading the system logic.
0. 55. The casino gaming apparatus as defined in claim 49 wherein said disk memory comprises an optical disk.
0. 56. The casino gaming apparatus as defined in claim 49 further comprising at least one peripheral device coupled to the gaming console including a memory device wherein the processor is operable to authenticate contents of the memory device.
0. 57. The casino gaming apparatus as defined in claim 49 wherein said disk memory comprises a magnetic hard disk.
0. 58. The casino gaming apparatus as defined in claim 49 wherein said disk memory is operable as a read-only memory.
0. 59. The casino gaming apparatus as defined in claim 49 wherein the disk memory is disposed in said casino game console.
0. 60. The casino gaming apparatus as defined in claim 49 wherein the disk memory is disposed in a remote location separate from said casino game console.
0. 61. The casino gaming apparatus as defined in claim 49 wherein the video display unit is disposed in a remote location separate from said casino game console.
0. 62. The casino gaming apparatus as defined in claim 49 further comprising a video subsystem, operatively coupled to the video display unit and operatively coupled to the processor, adapted for displaying still images, motion video or combinations thereof.
0. 63. The casino gaming apparatus as defined in claim 49 wherein the processor is operable to generate a plurality of different casino games and wherein the plurality of different games are stored on the disk memory.
0. 64. The casino gaming apparatus as defined in claim 49 wherein in response to receiving a selection of a first casino game from a plurality of different casino games, the casino gaming apparatus is operable to generate a play of the first casino game on the casino gaming apparatus.
0. 65. The casino gaming apparatus as defined in claim 49 further comprising a sound-generating apparatus operatively coupled to the processor.
0. 66. The casino gaming apparatus as defined in claim 49 further comprising a nonvolatile memory operable to store gaming data at least related to the play of the casino game.
0. 67. The casino gaming apparatus as defined in claim 66 wherein the nonvolatile memory is disposed in said casino game console.
0. 68. The casino gaming apparatus as defined in claim 66 wherein the nonvolatile memory is disposed in a remote location separate from said casino game console.
0. 70. The casino gaming apparatus as defined in claim 69 wherein the at least one peripheral device is selected from the group consisting of a NV-RAM device, a sound system device, a video subsystem device, a money handling device, a general purpose input/output (GPIO) interface, a network interface device, a video display, a disk controller, display lights and a manually actuable switch.
0. 71. The casino gaming apparatus as defined in claim 69 further comprising a network interface coupled to the casino game console for connecting to a network.
0. 72. The casino gaming apparatus as defined in claim 71 wherein the network includes wireless links or wired links.
0. 73. The casino gaming apparatus as defined in claim 71 wherein the casino gaming apparatus is operable to send gaming information via the network interface to a remote device controlled by a regulatory body.
0. 74. The casino gaming apparatus as defined in claim 69 wherein the casino gaming apparatus is operable to transfer the gaming data relating to the casino game from a remote storage unit connected to the gaming apparatus via a network to a memory location disposed on the gaming console.
0. 75. The casino gaming apparatus as defined in claim 69 wherein said processor utilizes decryption in checking said gaming data.
0. 76. The casino gaming apparatus as defined in claim 69 wherein said disk memory comprises an optical disk.
0. 77. The casino gaming apparatus as defined in claim 69 wherein said disk memory comprises a magnetic hard disk.
0. 78. The casino gaming apparatus as defined in claim 69 wherein said disk memory is operable as a read-only memory.
0. 79. The casino gaming apparatus as defined in claim 69 wherein the disk memory is disposed in said casino game console.
0. 80. The casino gaming apparatus as defined in claim 69 wherein the disk memory is disposed in a remote location separate from said casino game console.
0. 81. The casino gaming apparatus as defined in claim 69 wherein the video display unit is disposed in a remote location separate from said casino game console.
0. 82. The casino gaming apparatus as defined in claim 69 further comprising a video subsystem, operatively coupled to the video display unit and operatively coupled to the processor, said video subsystem adapted for displaying still images, motion video or combinations thereof.
0. 83. The casino gaming apparatus as defined in claim 69 wherein the processor is operable to generate a plurality of different casino games and wherein the plurality of different games are stored on the disk memory.
0. 84. The casino gaming apparatus as defined in claim 69 wherein in response to receiving a selection of a first casino game from a plurality of different casino games, the casino gaming apparatus is operable to generate a play of the first casino game on the casino gaming apparatus.
0. 85. The casino gaming apparatus as defined in claim 69 further comprising a sound-generating apparatus operatively coupled to the processor.
0. 86. The casino gaming apparatus as defined in claim 69 further comprising a nonvolatile memory operable to store gaming data at least related to the play of the casino game.
0. 87. The casino gaming apparatus as defined in claim 86 wherein the nonvolatile memory is disposed in said casino game console.
0. 88. The casino gaming apparatus as defined in claim 86 wherein the nonvolatile memory is disposed in a remote location separate from said casino game console.

In one aspect, the invention is directed to a casino gaming apparatus, comprising: a casino game console; a video display unit; a read/write memory having a data storage capacity, said read/write memory being disposed in said casino game console; a disk memory having a data storage capacity that is larger than said data storage capacity of said read/write memory, said disk memory having gaming data relating to a casino game stored therein, said disk memory being disposed in said casino game console; and a processor disposed in said casino game console and being operatively coupled to said video display unit, said read/write memory and said disk memory, said processor causing said gaming data to be checked based on a comparison of data generated by said processor from said gaming data with previously generated data, and said processor causing a remedial action to be taken based on an outcome of said checking of said gaming data.

In another aspect, the invention is directed to a casino gaming apparatus, comprising: a casino game console; a video display unit; a sound-generating apparatus; a read/write memory having a data storage capacity, said read/write memory being disposed in said casino game console; a nonvolatile memory that stores gaming data; a disk memory having a data storage capacity that is larger than said data storage capacity of said read/write memory, said disk memory having gaming data relating to a casino game stored therein, said disk memory being disposed in said casino game console; and a processor disposed in said casino game console and being operatively coupled to said video display unit, said sound-generating apparatus, said read/write memory, said nonvolatile memory and said disk memory, said processor causing said gaming data stored in said disk memory to be transferred to said read/write memory, said processor causing said gaming data that was transferred from said disk memory to said read/write memory to be authenticated based on comparison of a message digest generated by performing a one-way hash function on said gaming data being authenticated with a message digest previously generated by performing a one-way hash function on known gaming data, each of said one-way hash functions producing a fixed-size string of bits, and said processor causing a remedial action to be taken if said gaming data transferred from said disk memory to said read/write memory is not authentic as determined by said processor.

Other aspects of the invention are defined by the claims set forth at the end of this patent.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block digram of a system incorporating the invention;

FIG. 2 is a schematic diagram illustrating the contents of the read only memory and the mass storage device;

FIG. 3 is a more detailed schematic view of the authentication program stored in the ROM and the game data stored in the mass storage unit;

FIG. 4 is a diagram illustrating the preparation of the game data set;

FIG. 5 is a diagram illustrating the authentication procedure for the game data set; and

FIG. 6 is a diagram illustrating an alternative approach to the secure loading of software into the system.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Turning now to the drawings, FIG. 1 is a block diagram of an electronic casino gaming system incorporating the invention. As seen in this figure, the system consists of several system components under software control. These system components include a microprocessor 12, which may comprise any general purpose microprocessor, such as a Pentium-based microprocessor from Intel Corporation. A main memory unit 13 is provided, which is typically a random access memory having a capacity of between 32 and 64 megabytes for storing the majority of programs and graphics elements during game play. A system boot ROM 14 provides the initialization software required when power is first applied to the system. ROM 14 contains additional programs in read only form, including the operating system, related drivers and the authentication software described in detail below. A non-volatile RAM 17 is a battery backed static RAM capable of maintaining its contents through power cycle. NV RAM 17 stores significant information relating to game play, such as the number of player credits, the last game outcome and certain diagnostic and error information not critical to an understanding of the invention.

A mass storage unit implemented in the FIG. 1 system as a magnetic hard disk drive unit 18 is coupled to and controlled by a disk subsystem 19 of conventional design and operation. Disk drive unit 18 provides storage for the game specific data set, which includes both program data and image data specifying the rules of the various different casino games or single casino game variations, and the types of images and image sequences to be displayed to the game players. The size of the disk drive unit 18 is a function of the number of games and game variations provided for a given system, as well as the amount of data required for each specific game. In general, the more motion video designed into a particular casino game, the more storage required for that casino game software. A disk drive unit 18 with a 4-gigabyte capacity will usually provide sufficient storage capacity. Disk subsystem 19 comprises a disk controller connected to a PCI bus 20 for controlling the disk drive unit 18. Controller 19 preferably supports SCSI-2, with options of fast and wide. It should be noted that a number of different types of locally-based disk drive units may be used in the FIG. 1 system, including a CD-ROM storage unit. Also, the mass storage unit need not be physically located within the game console along with the other elements depicted in FIG. 1: the mass storage unit may be located remotely from the game console and coupled thereto by means of an appropriate network, such as an ethernet, an R5232 link, or some other hard-wired or wireless network link. This latter alternate arrangement is indicated by the inclusion of a network subsystem 21 of appropriate configuration and functional characteristics, which may have ethernet, R5232 serial, or other network compatibility.

A video subsystem 22 is coupled to the PCI bus and provides the capability of displaying full color still images and MPEG movies with a relatively high frame rate (e.g. 30 frames per second) on an appropriate monitor (not shown). Optional 3D texture mapping may be added to this system, if desired.

A sound subsystem 23 having a stereo sound playback capability with up to 16 bit CD quality sound is coupled to an ISA bus 24. A general purpose input/output unit 25 provides interfaces to the game mechanical devices (not illustrated) such as manually actuatable switches and display lights. A first bridge circuit 27 provides an interface between microprocessor 12, ROM 14, main memory 13 and PCI bus 20. Bridge circuit 27 is preferably a TRITON chip set available from INTEL Corporation. A second bridge circuit 28 provides an interface between the PCI bus 20 and the ISA bus 24. Bridge circuit 28 is preferably a type 82378 chip available from Intel Corporation.

FIG. 2 illustrates the types of information stored in the system ROM 14 and the mass storage unit. As seen in FIG. 2, the ROM unit 14 used in the FIG. 1 system comprises two separate ROM elements: ROM 29 and ROM 30. ROM 29 must be an unalterable device, such as a Toshiba type C53400 512K×8 bit mask programmed ROM. ROM 30 is preferably an unalterable device like ROM 29, but may comprise a different type of ROM, such as a type 29FO40 field programmable flash ROM available from Intel Corp. ROM 29 contains the system initialization or boot code, an authentication program, a random number generator program and an initial portion of the executive/loader programs. ROM 30 contains the operating system program, the system drivers and the remainder of the executive/loader programs as noted below. The mass storage unit contains the applications, which include the game image and sound data, rules of game play and the like, and the signature associated to each particular casino game.

FIG. 3 illustrates the authentication and application program information in more detail. As seen in this figure, the authentication program stored in unalterable ROM 29 comprises a message digest algorithm component 32, a decryption algorithm component 33, and a decryption key component 34. The message digest algorithm component 32 stored in ROM 29 comprises an exact copy of a hash function program routine used to originally compute a message digest from the loadable game data set 36 in the manner described below. The decryption algorithm component 33 stored in ROM 29 comprises the algorithm required to decrypt any encrypted casino game data set signature using the decryption key component 34.

The decryption key component 34 comprises the decryption key that is required to decrypt any of the encrypted signatures 37 in the manner described below during the authentication routine.

FIG. 4 illustrates the manner in which an encrypted data set signature 37 is generated. A loadable casino game data set 36 is processed using a hash function 41 to generate a message digest 42 which is unique to the loadable game data set 36. The hash function employed may be one of a number of known hash functions, such as the MD2, MD4, and MD5 hash functions and the SHS hash function; or any other suitable hash function capable of producing a unique abbreviated bit string from a variable size input data set. For further information about these hash functions, reference should be had to the publication entitled “Answers To Frequently Asked Questions About Today's Cryptography”, Revision 2.0, Oct. 5, 1993, published by RSA Laboratories, Redwood City, Calif., and the publications listed in the references section thereof, the disclosures of which are hereby incorporated by reference. After generation, the message digest 42 is then encrypted with an encryption algorithm 43 using a private encryption key 44 to generate a signature 37 of the message digest. In the preferred embodiment, the two-key (private/public key) encryption technique developed by RSA Data Security, Inc. of Redwood City, Calif., is used. This technique is disclosed and described in U.S. Pat. Nos. 4,200,770, 4,218,582 and 4,405,829, the disclosures of which are hereby incorporated by reference. The signature 37 of the message digest 42 is then stored in the mass storage unit along with the loadable data set 36.

FIG. 5 illustrates the authentication routine carried out in accordance with the invention, when the authentication routine is called (see below), the loadable casino game data set 36 is transferred from the mass storage unit to main memory 13 (unless already there), and the message digest of casino game data set 36 is computed using the message digest algorithm 32. Message digest algorithm 32 uses the same hash function 41 as that used by the manufacturer to prepare the original message digest 42. The result is an unencrypted version 46 of the message digest computed from the casino game data set 36 currently present in the mass storage unit. The encrypted data set signature 37 is decrypted using the public decryption key 34 matching the private key 44 used to originally encrypt the message digest 42 of the casino game data set 36. The message digest 47 decrypted with decryption key 34 is then compared with the message digest 46 computed from the casino game data set 36. If the two message digests match, then the casino game data set 36 is deemed authentic and game play may proceed. If there is no match, either the casino game data set 36 or the signature 37 is deemed corrupted and not authentic. Game play is prohibited and appropriate actions can be taken: e.g. alerting a security employee using a suitable messaging system (an audible alarm, flashing lights, or a network message from the game console to a central security area).

In order to ensure that the authentication routine cannot be bypassed by tampering with the loader program stored in ROM 30, an initial part of the loader program is incorporated into unalterable ROM 29. This initial portion of the loader program requires that the authentication program be called prior to the initiation of any casino game play. Since this initial portion of the loader program is located in the unalterable ROM 29, and since no casino game play can occur until the particular casino game application data set 36 is loaded into main memory 13, the authentication procedure cannot be bypassed by tampering with the software stored in ROM 30.

Since authentication of the game data set 36 and signature 37 is entrusted to the contents of ROM 29, a procedure must be provided to verify the ROM 29 contents. For this purpose, a message digest is computed for the authentication program stored in ROM 29, and this message digest is stored in a secure manner with the casino operator or the gaming commission (or both) along with the hash function used to produce the message digest. This hash function may be the same hash function used to compute the message digest 42 of the casino game data set or a different hash function. In this way, the authenticity of the ROM 29 can be easily checked in the same way as that now performed in prior art devices; viz. computing the message digest directly from the ROM 29 and comparing the message digest thus computed with the custodial version of the message digest. If required by a given gaming commission or deemed desirable by a casino operator, the system may also display the message digest 42 of each particular data set 36 or the encrypted signature version 37 for auditing purposes. In addition, the system may transmit this information via networking subsystem 21 to an on-site or off-site remote location (such as the office of the gaming commission). The message digest displayed or transmitted may comprise the decrypted version or the computed version (or both).

The authentication procedure carried out by means of the message digest program 32, decryption program 33 and decryption key 34 stored in unalterable ROM 29 in the manner described above is also used to authenticate the contents of all memory devices in the FIG. 1 system, such as the contents of ROM 30 (see FIG. 2), the fixed data portions and program components stored in NV RAM 17 and the program and fixed data contents of any memory devices stored in the networking subsystem 21, video subsystem 22, sound subsystem 23, PCI-ISA interface 24, and GPIO unit 25. Each program or fixed data set stored in any memory device in any of these units has an associated signature, which is encrypted from a message digest of the original program or fixed data set using a hash function, which is preferably the same hash function used to prepare the message digest of the casino game data set. Prior to permitting any such program or fixed data set to participate in the system operation, that program or fixed data set is subjected to the authorization procedure to ensure that the message digest computed from the current version of the program or fixed data set matches the message digest decrypted from the encrypted signature associated to the program or fixed data set. In addition, the authentication procedure can be run on each such program or fixed data set at periodic or random intervals (on demand) in a manner essentially identical to that described above with respect to the casino game data set authentication procedure. As a consequence, the integrity of all software in the system is checked prior to the use of that particular software in order to reveal any unauthorized changes to the software portion of the casino gaming system.

An alternative approach to the secure loading of software into the system is depicted in FIG. 6. In this embodiment the basic input/output system (BIOS) software is stored in a ROM 50, the first of two ROMs making up the system boot ROM 14 (FIG. 1). The boot strap code, operating system code (OS), OS drivers and a secure loader are stored in a second ROM 52. An anchor application 54 including graphics and sound drivers, system drivers, money-handling software, a second secure loader, and a signature is stored in the mass storage 18 (FIG. 1).

When power is initially applied to the system on start-up, or when the system experiences a warm restart, the CPU 12 will begin executing code from the BIOS ROM 50. The BIOS is responsible for initializing the motherboard and peripheral cards of the system. After the BIOS has completed the initialization, it jumps to the boot strap code in ROM 252 causing the boot strap to copy the OS, OS drivers, and the secure loader into RAM.

Once in RAM, the OS is started and the secure loader stored in ROM 52 is used to load the anchor application 54 from disk 18. On disk, the anchor application has a signature that is used during the load to verify the validity of the anchor application.

After the anchor application 54 is started, it will be used to load all other applications. The secure loader of the anchor application will check the validity of an application to be loaded by computing the signature and comparing it against the one stored on disk with the application as described above.

An important advantage of the invention not found in 20 prior art systems is the manner in which the casino game data set can be authenticated. In prior art systems, authentication of the casino game data set is normally only done when a payout lying above a given threshold is required by the outcome of the game play, and this requires that the game be disabled while the ROM is physically removed and the ROM contents are verified. In systems incorporating the invention, the authenticity of a given casino game data set can be checked in a variety of ways. For example, the game data set 36 can be automatically subjected to the authentication procedure illustrated in FIG. 5 each time the game is loaded from the mass storage unit into the main memory 13. Thus, as a player selects a casino game for game play in the system, the authenticity of that game actually stored in the mass storage unit is automatically checked using the authentication procedure described above without removing the ROM 29. Further, if desired, the authentication procedure may be initiated in response to the pull of a slot game handle, the detection of a coin insert, the payout of coins or issuing of credit, or any other detectable event related to game play. The authenticity of a given casino game data set 36 can also be checked on demand, either locally at the game console or remotely via a network, by providing a demand procedure. Such a procedure may be initiated, e.g. by providing a manually operable switch in the game console, accessible only to authorized persons, for initiating the authentication routine. Alternatively, the FIG. 1 system may be configured to respond to a demand command generated remotely (e.g. in a security area in the casino or off-site) and transmitted to the game console over a network to the networking subsystem 21.

Another advantage of the invention lies in the fact that the game data set storage capacity of a system incorporating the invention is not limited by the size of a ROM, but is rather dictated by the size of the mass storage unit. As a consequence, games using high resolution, high motion video and high quality stereo sound can be designed and played on systems incorporating the invention. Also, since the mass storage unit need not be a read-only device, and need not be physically located in the game console, the invention affords great flexibility in game content, scheduling and changes. For example, to change the graphic images in a particular casino game or set of games, new casino game data sets can be generated along with new signatures and stored in the mass storage unit by either exchanging disk drives, replacing disks (for read only disk units), or writing new data to the media. In the networked mass storage application, these changes can be made to the files controlled by the network file server. Since the casino game data sets must pass the authentication procedure test, either periodically or on demand, corrupted data sets cannot go undetected. Thus the invention opens up the field of electronic casino gaming systems to readily modifiable games with flexible displays and rules, without sacrificing the essential security of such systems. In fact, security is greatly enhanced by the ability of the invention to authenticate all game data sets both regularly (for each handle pull) and at any time (on demand), without interfering with regular game play (unless no match occurs between the two forms of message digest).

While the above provides a full and complete disclosure of the preferred embodiments of the invention, various modifications, alternate constructions and equivalents may be employed without departing from the true spirit and scope of the invention. For example, while the RSA public/private key encryption technique is preferred (due to the known advantages of this technique), a single, private key encryption technique may be employed, if desired. In a system using this technique, the single key would be stored in ROM 29 in place of the public key 34. Also, the message digest 42 and signature 37 for a given application 36 need not be computed from the entire casino game data set. For example, for some casino games it may be desirable to provide a fixed set of rules while permitting future changes in the casino game graphics, sound or both. For such casino games, it may be sufficient to compute the message digest 42 and signature 37 from only the rules portion of the applications program 36. In other cases, it may be desirable or convenient to maintain the casino game video and audio portions constant, while allowing future changes to the rules of game play. For casino games of this category, the message digest 42 and signature 37 may be computed from the graphics and sound portions of the application program 36. It may also be desirable to compute a message digest 42 and signature 37 from a subset of the rules, graphics or sound portions of a given applications program 36, or from some other subset taken from a given applications program 36. Therefore, the above should not be construed as limiting the scope of the invention, which is defined by the appended claims.

INVENTORS:

Alcorn, Allan E., Barnett, Michael, Giacalone, Jr., Louis D., Levinthal, Adam E.

THIS PATENT IS REFERENCED BY THESE PATENTS:
Patent Priority Assignee Title
10490022, Dec 31 2013 Video Gaming Technologies, Inc.; VIDEO GAMING TECHNOLOGIES, INC System and method for authenticating storage media within an electronic gaming system
10713888, Mar 01 2018 AGS LLC Gaming system having boot locked validation of program installs, data installs and program launches
11113401, Mar 21 2019 Aristocrat Technologies Australia Pty Limited Secure bootloader for electronic gaming machines and other computing devices
11120138, Mar 21 2019 Aristocrat Technologies Australia Pty Limited Secure bootloader for electronic gaming machines and other computing devices
11495088, Dec 31 2013 Video Gaming Technologies, Inc. System and method for authenticating storage media within an electronic gaming system
11631298, Dec 31 2013 Video Gaming Technologies, Inc. System and method for authenticating storage media within an electronic gaming system
11651078, Mar 21 2019 Aristocrat Technologies Australia Pty Limited Secure bootloader for electronic gaming machines and other computing devices
7491122, Jul 09 2003 SG GAMING, INC Gaming machine having targeted run-time software authentication
7506381, Jun 15 2001 PROVEN NETWORKS, LLC Method for securing an electronic device, a security system and an electronic device
7753770, Mar 29 2005 IGT Methods and apparatus for determining hybrid wagering game sessions
8038530, Feb 28 2005 SG GAMING, INC Method and apparatus for filtering wagering game content
8140796, Dec 27 2007 IGT Serial advanced technology attachment write protection: mass storage data protection device
8423738, Dec 27 2007 IGT Serial advanced technology attachment write protection: mass storage data protection device
8579705, Jun 17 1998 Aristocrat Technologies Australia Pty Limited Software verification and authentication
8705739, Aug 29 2005 SG GAMING, INC On-the-fly encryption on a gaming machine
8939834, Jun 17 1998 Aristocrat Technologies Australia Pty Limited Software verification and authentication
9230392, Jul 19 2006 Aristocrat Technologies Australia Pty Ltd Gaming machine
9424712, Jun 27 2008 LNW GAMING, INC Authenticating components in wagering game systems
9503267, Dec 28 2011 Malikie Innovations Limited Generating digital signatures
9811972, Dec 31 2013 Video Gaming Technologies, Inc.; VIDEO GAMING TECHNOLOGIES, INC System and method for authenticating storage media within an electronic gaming system
THIS PATENT REFERENCES THESE PATENTS:
Patent Priority Assignee Title
3825905,
3838264,
4193131, Dec 05 1977 International Business Machines Corporation Cryptographic verification of operational keys used in communication networks
4200770, Sep 06 1977 Stanford University Cryptographic apparatus and method
4218582, Oct 06 1977 The Board of Trustees of the Leland Stanford Junior University Public key cryptographic apparatus and method
4354251, Apr 06 1979 Siemens Aktiengesellschaft Device for testing programs for numerical control of machine tools
4355390, Sep 28 1979 Siemens Aktiengesellschaft Method for checking data written into buffered write-read memories in numerically controlled machine tools
4405829, Dec 14 1977 Massachusetts Institute of Technology Cryptographic communications system and method
4458315, Feb 25 1982 PENTA SYSTEMS INTERNATIONAL, IN , A CORP OF MD Apparatus and method for preventing unauthorized use of computer programs
4462076, Jun 04 1982 Smith Engineering Video game cartridge recognition and security system
4467424, Dec 17 1979 Remote gaming system
4494114, Dec 05 1983 INTERNATIONAL ELECTRONIC TECHNOLOGY CORPORATION Security arrangement for and method of rendering microprocessor-controlled electronic equipment inoperative after occurrence of disabling event
4519077, Aug 30 1982 TEXAS INSTRUMENTS INCORPORATED, A CORP OF DE Digital processing system with self-test capability
4525599, May 21 1982 GCC TECHNOLOGIES, INC Software protection methods and apparatus
4582324, Jan 04 1984 SCIENTIFIC GAMES, INC Illusion of skill game machine for a gaming system
4607844, Dec 13 1984 Ainsworth Nominees Pty. Ltd. Poker machine with improved security after power failure
4652998, Jan 04 1984 SCIENTIFIC GAMES OPERATING CORP A DE CORPORATION Video gaming system with pool prize structures
4658093, Jul 11 1983 ALADDIN KNOWLEDGE SYSTEMS, INC Software distribution system
4727544, Jun 05 1986 Bally Gaming, Inc; Bally Gaming International, Inc Memory integrity checking system for a gaming device
4752068, Nov 07 1985 Namco Ltd. Video game machine for business use
4759064, Oct 07 1985 VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY Blind unanticipated signature systems
4817140, Nov 05 1986 International Business Machines Corp. Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor
4837728, Jan 25 1984 IGT Multiple progressive gaming system that freezes payouts at start of game
4845715, Oct 29 1984 Method for maintaining data processing system securing
4848744, Jan 22 1986 Automated video system with alignment of the video tube
4856787, Feb 05 1986 FORTUNET INC Concurrent game network
4865321, Oct 04 1985 Nintendo Company Limited Memory cartridge and information processor unit using such cartridge
4911449, Jan 02 1985 I G T Reel monitoring device for an amusement machine
4930073, Jun 26 1987 International Business Machines Corporation Method to prevent use of incorrect program version in a computer system
4944008, Feb 18 1988 GENERAL DYNAMICS C4 SYSTEMS, INC Electronic keying scheme for locking data
4951149, Oct 27 1988 QUIVANUS PROCESSING LLC Television system with variable aspect picture ratio
5004232, Oct 13 1989 Macronix, Inc. Computer game cartridge security circuit
5021772, Nov 20 1986 DRUMOYNE INVESTMENTS LTD Interactive real-time video processor with zoom pan and scroll capability
5050212, Jun 20 1990 Apple Inc Method and apparatus for verifying the integrity of a file stored separately from a computer
5103081, May 23 1990 IGT Apparatus and method for reading data encoded on circular objects, such as gaming chips
5109152, Jul 13 1988 Matsushita Electric Industrial Co., Ltd. Communication apparatus
5146575, Nov 05 1986 International Business Machines Corp. Implementing privilege on microprocessor systems for use in software asset protection
5155680, Oct 24 1986 Signal Security Technologies Billing system for computing software
5155768, Mar 16 1990 Sega Enterprises, Ltd. Security system for software
5161193, Jun 29 1990 HEWLETT-PACKARD DEVELOPMENT COMPANY, L P Pipelined cryptography processor and method for its use in communication networks
5179517, Sep 22 1988 Bally Gaming, Inc; Bally Gaming International, Inc Game machine data transfer system utilizing portable data units
5224160, Feb 23 1987 Fujitsu Siemens Computers GmbH Process for securing and for checking the integrity of the secured programs
5235642, Jul 21 1992 GOOGLE LLC Access control subsystem and method for distributed computer system using locally cached authentication credentials
5259613, Apr 08 1992 CAESARS ENTERTAINMENT OPERATING COMPANY, INC Casino entertainment system
5283734, Mar 10 1986 QUEST NETTECH CORPORATION System and method of communication with authenticated wagering participation
5288978, Oct 05 1990 Kabushiki Kaisha Toshiba Mutual authentication system and method which checks the authenticity of a device before transmitting authentication data to the device
5291585, Jul 29 1991 Dell USA L P Computer system having system feature extension software containing a self-describing feature table for accessing I/O devices according to machine-independent format
5297205, Oct 24 1989 EASTLEX MACHINE CORPORATION, A CORP OF KENTUCKY Portable electronic device to establish public loyalty to a medium or similar
5326104, Feb 07 1992 IGT, A CORP OF NEVADA Secure automated electronic casino gaming system
5342047, Apr 08 1992 Bally Gaming International, Inc Touch screen video gaming machine
5343527, Oct 27 1993 Lockheed Martin Corporation Hybrid encryption method and system for protecting reusable software components
5398932, Dec 21 1993 IGT Video lottery system with improved site controller and validation unit
5421006, May 07 1992 HEWLETT-PACKARD DEVELOPMENT COMPANY, L P Method and apparatus for assessing integrity of computer system software
5465364, Sep 22 1989 International Business Machines, Inc. Method and system for providing device driver support which is independent of changeable characteristics of devices and operating systems
5488702, Apr 26 1994 Unisys Corporation Data block check sequence generation and validation in a file cache system
5489095, Jul 01 1992 U S PHILIPS CORPORATION Device for protecting the validity of time sensitive information
5507489, Nov 04 1992 Info Telecom; La Francaise des Jeux Electronic game-of-chance device
5586766, May 13 1994 Digideal Corporation Blackjack game system and methods
5586937, May 19 1993 CRANWAY LIMITED Interactive, computerised gaming system with remote terminals
5604801, Feb 03 1995 IBM Corporation Public key data communications system under control of a portable security device
5611730, Apr 25 1995 ARISTOCRAT TECHNOLOGIES, INC Progressive gaming system tailored for use in multiple remote sites: apparatus and method
5643086, Jun 29 1995 IGT, a Nevada Corporation Electronic casino gaming apparatus with improved play capacity, authentication and security
5644704, Nov 30 1994 International Game Technology Method and apparatus for verifying the contents of a storage device
5655965, Oct 22 1992 Kabushiki Kaisha Ace Denken Screen display type slot machine with seemingly flowing condition of moving symbols
5668945, Feb 28 1994 Sega Enterprises, Ltd Data security apparatus and method
5704835, Dec 13 1995 REMBRANDT GAMING TECHNOLOGIES, LP Electronic second spin slot machine
5707286, Dec 19 1994 Zynga Inc Universal gaming engine
5725428, Mar 09 1995 GTECH Germany GmbH Video slot machine
5737418, May 30 1995 IGT Encryption of bill validation data
5742616, Mar 01 1995 International Business Machines Corporation System and method testing computer memories
5759102, Feb 12 1996 I G T Peripheral device download method and apparatus
5768382, Nov 22 1995 Inventor Holdings, LLC Remote-auditing of computer generated outcomes and authenticated biling and access control system using cryptographic and other protocols
5934672, Feb 20 1996 Digideal Corporation Slot machine and methods of operation
5991399, Dec 18 1997 HONEYMAN CIPHER SOLUTIONS LLC Method for securely distributing a conditional use private key to a trusted entity on a remote system
6071190, May 21 1997 ARISTOCRAT TECHNOLOGIES, INC Gaming device security system: apparatus and method
6104815, Jan 10 1997 IGT Method and apparatus using geographical position and universal time determination means to provide authenticated, secure, on-line communication between remote gaming locations
6149522, Jun 29 1998 IGT, a Nevada Corporation Method of authenticating game data sets in an electronic casino gaming system
6195587, Oct 29 1993 DEUTSCHE BANK AG NEW YORK BRANCH, AS COLLATERAL AGENT Validity checking
6620047, Jun 29 1995 IGT Electronic gaming apparatus having authentication data sets
6851607, Apr 11 1997 GEMALTO SA Secured method for monitoring the transfer of value units in a chip card gambling system
20040002381,
EP685246,
GB2121569,
JP6327831,
JP731737,
WO33196,
WO9965579,
ASSIGNMENT RECORDS    Assignment records on the USPTO
/
Executed onAssignorAssigneeConveyanceFrameReelDoc
Jun 17 1996IGT(assignment on the face of the patent)
MAINTENANCE FEES AND DATES:    Maintenance records on the USPTO
Date Maintenance Fee Events


Date Maintenance Schedule
Oct 31 20094 years fee payment window open
May 01 20106 months grace period start (w surcharge)
Oct 31 2010patent expiry (for year 4)
Oct 31 20122 years to revive unintentionally abandoned end. (for year 4)
Oct 31 20138 years fee payment window open
May 01 20146 months grace period start (w surcharge)
Oct 31 2014patent expiry (for year 8)
Oct 31 20162 years to revive unintentionally abandoned end. (for year 8)
Oct 31 201712 years fee payment window open
May 01 20186 months grace period start (w surcharge)
Oct 31 2018patent expiry (for year 12)
Oct 31 20202 years to revive unintentionally abandoned end. (for year 12)