AU2011253943A1

AU2011253943A1 - A gaming machine

Info

Publication number: AU2011253943A1
Application number: AU2011253943A
Authority: AU
Inventors: Drazen Lenger
Original assignee: Aristocrat Technologies Australia Pty Ltd
Current assignee: Aristocrat Technologies Australia Pty Ltd
Priority date: 2008-03-26
Filing date: 2011-12-09
Publication date: 2012-01-12

Description

AUSTRALIA Patents Act 1990 COMPLETE SPECIFICATION Standard Patent Applicantss: Aristocrat Technologies Australia Pty Limited Invention Title: A GAMING MACHINE The following statement is a full description of this invention, including the best method for performing it known to me/us: AUSTRALIA Patents Act 1990 COMPLETE SPECIFICATION Standard Patent Applicant: Aristocrat Technologies Australia Pty Limited Invention Title: CASINO GAME DOWNLOAD SYSTEM AND METHOD OF USE The following statement is a full description of this invention, including the best method for performing it known to me/us: 30136091 (GHMatters) P80980.AU.1 - 2 A GAMING MACHINE Related Application s This application is a divisional application of Australian application no. 2009201191 filed 26 March 2009, the disclosure of which is incorporated herein by reference. Field 10 The present invention relates to a gaming machine and a method of conducting a software update of a gaming machine. is Background to the Invention Program code to be run on gaming machines sometimes needs to be updated to address problems with existing code or to add a capability. Given the nature of gambling 20 regulations, there is a need for a high degree of confidence in the security of an electronic gaming machines. Accordingly, current software updates are performed by physically swapping memory components of a gaming machine. There is a need for an alternative 25 techniques for updating software which provides and a high degree of security. Summary of the Invention 30 In a first aspect, the invention provides a method of conducting a software update of a gaming machine, comprising: starting a boot process of the gaming machine; determining during the boot process that a memory 35 device potentially containing at least one software component more recent than a corresponding software component currently stored in gaming machine memory is in C:\NRPortbl\GHMaters\DEBORAM\3013973_1.DOC 9/12/11 - 3 data communication with the gaming machine; determining that the memory device contains at least one authentic, more recent software component; and updating gaming machine memory with each more recent 5 software component. In an embodiment, updating the gaming machine comprises replacing each corresponding software component with each io more recent software component. In an embodiment, determining that the memory device contains at least one authentic software component which is more recent than a corresponding software component 15 currently stored in a memory of the gaming machine comprises: authenticating each software component stored on the memory device; and determining that a version number of each 20 authenticated software component stored on the memory device is indicative of a more recent version of the software component than a corresponding software component stored in the memory of the gaming machine. 25 In an embodiment, authenticating each software component stored on the memory device by using a public key stored at the gaming machine to verify that the software component has been signed with the corresponding public key. 30 In an embodiment, the method comprises determining that the version number is more recent if it is higher than a version of the corresponding software component. 35 In an embodiment, the method comprises determining that a main door of the gaming machine is open prior to updating each more recent authentic software component. C:\NRPortblIGHMatters\DEBORAM\30139731. DOC 9112/11 - 4 In an embodiment, the method comprises determining that a logic door of the gaming machine is open prior to updating each more recent authentic software component. 5 In an embodiment, the method comprises restarting the boot process subsequent to completion of the update. In an embodiment, the method comprises continuing the boot process subsequent to completion of the update. 10 In an embodiment, the method comprises determining that the memory device is connected to a USB port of the gaming machine. 15 In an embodiment, conduct of the boot process is caused by a processor of the gaming machine executing instruction stored in gaming machine memory. In a second aspect, the invention provides a gaming machine comprising: 20 a processor; gaming machine memory storing updateable software components and storing instructions to cause the processor to conduct a boot process, the gaming machine arranged to: 25 determine during the boot process that a memory device potentially containing at least one software component more recent than a corresponding software component currently stored in gaming machine memory is in 30 data communication with the gaming machine; determine that the memory device contains at least one authentic, more recent software component; and conduct an update process of gaming machine memory in respect of each more recent software component. 35 In an embodiment, the gaming machine comprises at least one USB port, the gaming machine arranged to determine C:\NRPortbl\GHMatters\DEBORAM\30139731. DOC 9/12/11 -5 that a memory device in the form of a USB compatible drive is connected to the USB port. In an embodiment, the gaming machine comprises a main door s and arranged to determine that the main door is open prior to updating each more recent authentic software component. In an embodiment, the gaming machine comprises a logic door and arranged to determine that the logic door is open io prior to updating each more recent authentic software component. In an embodiment, the gaming machine is arranged to only mount the USB drive for the duration of the boot process. 15 In an embodiment, the gaming machine is arranged to update the gaming machine by replacing each corresponding software component with each more recent software component. 20 In an embodiment, the gaming machine is arranged to determine that the memory device contains at least one authentic software component which is more recent than a corresponding software component currently stored in a 25 memory of the gaming machine by: authenticating each software component stored on the memory device; and determining that a version number of each authenticated software component stored on the memory 30 device is indicative of a more recent version of the software component than a corresponding software component stored in the memory of the gaming machine. In an embodiment, the gaming machine is arranged to 35 authenticate each software component stored on the memory device by using a public key stored at the gaming machine to verify that the software component has been signed with C:\NRPortbRlGHMatters\DEBORAM\3013973_1.DOC 9/12/11 -6 the corresponding public key. In an embodiment, the gaming machine is arranged to determine that the version number is more recent if it is 5 higher than a version of the corresponding software component. Brief Description of the Invention 10 Exemplary embodiments of the invention will now be described in relation to the following drawings in which: Figure 1 is a perspective view of a gaming machine; is Figure 2 is a schematic diagram of the main components of the gaming machine of a first embodiment that relate to implementation of a boot process featuring software update; and 20 Figures 3 is a flow chart of the software update process. Detailed Description Referring to the drawings, there is shown an embodiment of 25 an electronic gaming machine arranged to implement a software update process. A gaming machine 10 is illustrated in Figure 1. The gaming machine 10 includes a console 12 having a display 14 on 30 which is displayed representations of a game 16 that can be played by a player. A mid-trim 20 of the gaming machine 10 houses a bank of buttons 22 for enabling a player to interact with the gaming machine, in particular during game play. The mid-trim 20 also houses a credit 35 input mechanism 24 which in this example includes a coin input chute 24A and a bill collector 24B. Other credit input mechanisms may also be employed, for example, a card CAN RPortbl\GHMatters\DEBORAM\3013973_1. DOC 9/12/11 - 7 reader for reading a smart card, debit card or credit card. A reading device may also be provided for the purpose of reading a player tracking device, for example as part of a loyalty program. The player tracking device 5 may be in the form of a card, flash drive or any other portable storage medium capable of being read by the reading device. A top box 26 may carry artwork 28, including for example io pay tables and details of bonus awards and other information or images relating to the game. Further artwork and/or information may be provided on a front panel 29 of the console 12. A coin tray 30 is mounted beneath the front panel 29 for dispensing cash payouts 15 from the gaming machine 10. The display 14 shown in Figure 1 is in the form of a video display unit, particularly a cathode ray tube screen device. Alternatively, the display 14 may be a liquid 20 crystal display, plasma screen, any other suitable video display unit, or the visible portion of an electromechanical device. The top box 26 may also include a display, for example a video display unit, which may be of the same type as the display 14, or of a different 25 type. Figure 2 illustrates one embodiment of a boot process which is described in more detail in Australian patent application 2007203243, the disclosure of which is 30 incorporated herein by reference. The electronic gaming machine has a central processing unit (CPU) 210. Boot program code is stored in BIOS 220. Logically the boot program code consists of a BIOS loader, a boot-loader and a BIOS-control-program. 35 The different portion of code contains components for different security features. Specifically: BIOS loader C:\NRPortbl\GHMatters\DEBORAM\30139731. DOC 9/12/11 -8 contains an RSA master public key; and the BIOS control program contains an RSA signature of the BIOS control program SHA 1 hash that is signed by the RSA master private key corresponding to the RSA master public key. 5 When the electronic gaming machine is reset such that a boot process is started, the CPU (processor) 210 of electronic gaming machine begins executing the first instruction of the BIOS loader stored in the BIOS 220. io The monitoring device 230 snoops every read access to the BIOS loader to thereby monitor reading of the BIOS BIOS loader by the CPU 210. The monitoring device is implemented by a field programmable gate array and contains a duplicate copy of the BIOS loader monitors is access to the BIOS 220 that provides validation code that can be used to determine that the BIOS loader is valid. The monitoring device verifies that the BIOS loader read out by the CPU matches the validation copy of the BIOS loader stored in the monitoring device. If it does not 20 match, the monitoring device halts operation in such a manner that this will ultimately cause the electronic gaming machine to fail booting. This ensures that the electronic gaming machine is running a valid, unmodified copy of the BIOS loader and hence that the code to check 25 the validity of the BIOS control program (as described in further detail below) is still present and will be executed by CPU 210. The BIOS loader calculates a hash of the BIOS control 30 program and copies the BIOS control program to RAM. The BIOS loader then retrieves a RSA signature from the BIOS control-program and retrieves the RSA master public key from the BIOS loader. The BIOS loader decrypts the signature of the BIOS-control-program hash and determines 35 whether the hashes match. If the hashes fail to match booting is failed. Otherwise the verification is successful and execution is transferred to the BIOS C:\NRPortbl\GHMatters\DEBORAM\3013973_1. DOC 9/12/11 -9 control-program now stored in RAM. The BIOS-control program then seeks to verify any external BIOSes 240 by reference to a signed table of external BIOS hashes 250. The CPU 220 calculates a hash of each external BIOS 360. s It decrypts the signed table of external BIOS hashes 250 using RSA and the RSA master public key contained in the boot-loader. Each external bios 240 is hashed and compared to the now decrypted stored hash 365. Any external BIOSES not matched are ignored. Otherwise io control is transferred to the external BIOSes. These steps ensure the electronic gaming machine is running a BIOS control program that has been signed by a master private key. 15 Before the BIOS-control-program transfers control to the master boot record of the active boot partition on the active boot device 260 it verifies the active boot partition and boot cylinder by calculating a hash of the 20 active boot partition and the hash of the boot cylinder and verifying the hash against the RSA signature stored on the active boot device using the RSA master key and RSA. If they do not match the boot is failed. 25 The active boot partition is comprised of a number of different partitions including a game partition, a platform partition and an operating system partition, each of which are verified independently. The operating system may be Linux. 30 If the verification is successful, the process proceeds to load the master boot record which in turn loads the boot loader in the boot cylinder. The boot loader verifies the contents of the game, platform and operating system 35 partition using the RSA public keys stored in the boot loader against the RSA signatures stored in files in each of the partitions. If the verification is successful, the C:\NRPort1\GHMatters\DEBORAM\3013973_1.DOC 9/12/11 - 10 process proceeds to load and execute the operating system. These steps ensure the electronic gaming machine is running an operating system and system software that had previously signed by the RSA master key. The operating s system then loads the platform software from main memory 220 being software components specific to the hardware on which the operating system is running and the game is expected to run. Once the platform is established, the game software is loaded. 10 As described in Figure 3, at an appropriate point after the boot process is started 305 an update process is started. In this embodiment, early in the process of the operating system loading the platform software, the update is process 300 involves checking 310 whether a USB memory device 290 is attached to the USB port 280 and mounting any such USB drive 315. If no memory device 290 is attached, the boot process is continued 320. 20 In this embodiment, if a memory device 290 is attached a number of additional checks are made before any code can be stored to a memory of the gaming device. These checks have the advantage of increasing the likelihood that the software update is legitimate and not an attempt to 25 illegitimately access the gaming machine. In this respect, the memory to which the code is ultimately stored will vary depending on the specific embodiment and the type of code being updated, for example, it could be used to update code in BIOS 220 or main memory 295 (which may be 30 compact flash, for example). Herein, "gaming machine memory" is used to refer to memory normally resident within the gaming machine including the BIOS 220 and main memory 295. 35 In this embodiment, it is assumed that the memory device 290 is to be manually attached to a USB port 280 of the gaming machine. In other embodiments, a memory device may C:\NRPortbRGHMatters\DEBORAM\3013973_1.DOC 9/12111 - 11 be placed in data communication with the gaming machine in some other manner, for example, the gaming machine may have a network card and be configured to check for a memory device at a particular network address during the s update process. The first check 330 is that the main door of the gaming machine 10 is open. If it is not open, an error process 335 is initiated which can be resolved by removing the USB 10 memory device (the USB port may be externally accessible) in which case the boot process continues 320. The second check 340 is that the door of the logic cage is open. (The logic cage contains the main board of the 15 gaming machine.) Again an error process can be resolved in by removing the USB memory device 290 (the USB port may externally accessible of the logic cage when the main door is open) in which case the boot process continues 320. The first and second checks are designed to ensure that the 20 person attaching the USB drive is a technician authorized to access the logic cage and has done so in the correct manner. The third check 350 is to determine whether the memory 25 device contains any "authentic" software components, e.g. which pass a digitally signed authentication test which demonstrates that they have been signed by a private key corresponding, for example to the RSA master public key stored in the boot-loader. If there are no authentic 30 software components, a message is displayed to ask the technician to remove the USB drive 355 so that the boot process can continue 320. If there are one or more authentic software components, the process proceeds to the fourth check 360. 35 The fourth check 360 involves checking whether any of the authentic software components is more recent than the C:N RPortbl\GHMatters\DEBORAM\3013973_1.DOC 9/12/11 - 12 current version of the software component stored in a memory of the gaming machine. In this embodiment, code is more recent if it has a higher version number. If there are no more recent components, a message is displayed to s ask the technician to remove the USB drive 355 so that the boot process can continue 320. If there are one or more authentic and more recent software components the process proceeds to storing 365 the more recent components, typically by overwriting the previous version but the io previous version may be kept, for example, by renaming it to allow a restore. It is then determined 370 whether a re-boot is necessary based on the nature of the upgraded code and either the gaming machine is re-booted 375 or the boot process continues 320. After any re-boot, the method 15 involves performing a manual RAM reset. If a reboot is not necessary, the boot process continues 320 and the USB drive is demounted 325. Advantageously, this protects against the possibility that a person will attempt to illegitimately access the gaming machine via the USB port 20 while it is running. That is, USB drives will only be mounted during the boot process. The program code may be comprised of different code elements, depending on the particular implementation and 25 what it is desired to update, for example it may contain the most up to date boot loader code, the most up to date code for the boot partition, the most up to date system code, and or the most up to date game code for the gaming machine. Indeed, it may include some or all of the above 30 such that irrespective of the current state of code of the gaming machine, it is brought completely up to date by virtue of the update process 300. Persons skilled in the art will appreciate that there may 35 be variations on the above boot and update processes. For example, while the above embodiment employs SHA-1 hashes and RSA signatures, other cryptographic hashes and C:\NRPortbl\GHMatters\DEBORAM\30139731. DOC 9/12111 - 13 signatures maybe employed. For example SHA-1 HMAC or DSA or a mixture of techniques. There may also be some additional steps carried out before software is executed. For example, the signature of system and game software s components may be checked by checking the entire disk partitions, directories or individual files. Such checks may be performed on demand, that is immediately prior to a component being loaded or in advance, that is prior to any components being accessed. Further in some instances it io may be appropriate to check components with multiple signatures. This allows the loading of a component to be prevented if it has not be signed by all required parties which may include the manufacture of the gaming machine, a regulatory body or a third party developer. 15 Further, certificates rooted in the master public key may be stored with the software components rather than public keys. These and other variations will be apparent to persons skilled in the art and should be considered as 20 falling within the invention described herein. It will also be appreciated that other embodiments of the invention can be formed from the features described above. In the claims which follow and in the preceding 25 description of the invention, except where the context requires otherwise due to express language or necessary implication, the word "comprise" or variations such as "comprises" or "comprising" is used in an inclusive sense, i.e. to specify the presence of the stated features but 30 not to preclude the presence or addition of further features in various embodiments of the invention. Further, any reference herein to prior art is not intended to imply that such prior art forms or formed a part of the 35 common general knowledge in Australia or any other country. C:\NRPortbl\GHMatters\DEBORAM\3013973_1.DOC 9/12/11

Claims

1. A method of conducting a software update of a gaming machine, comprising: 5 starting a boot process of the gaming machine; determining during the boot process that a memory device potentially containing at least one software component more recent than a corresponding software component currently stored in gaming machine memory is in io data communication with the gaming machine; determining that the memory device contains at least one authentic, more recent software component; and updating gaming machine memory with each more recent software component. 15

2. A method as claimed in claim 1, wherein updating the gaming machine comprises replacing each corresponding software component with each more recent software component. 20

3. A method as claimed in claim 1 or claim 2, wherein determining that the memory device contains at least one authentic software component which is more recent than a corresponding software component currently stored in a 25 memory of the gaming machine comprises: authenticating each software component stored on the memory device; and determining that a version number of each authenticated software component stored on the memory 30 device is indicative of a more recent version of the software component than a corresponding software component stored in the memory of the gaming machine.

4. A method as claimed in claim 3, comprising 35 authenticating each software component stored on the memory device by using a public key stored at the gaming machine to verify that the software component has been C:\NRPortbl\GHMatters\DEBORAM\30139731. DOC 9/12/11 - 15 signed with the corresponding public key.

5. A method as claimed in claim 4 or claim 5, comprising determining that the version number is more recent if it s is higher than a version of the corresponding software component.

6. A method as claimed in any one of claims 1 to 5 comprising determining that a main door of the gaming 10 machine is open prior to updating each more recent authentic software component.

7. A method as claimed in any one of claims 1 to 6 comprising determining that a logic door of the gaming 15 machine is open prior to updating each more recent authentic software component.

8. A method as claimed in any one of claims 1 to 7 comprising restarting the boot process subsequent to 20 completion of the update.

9. A method as claimed in any one of claims 1 to 7 comprising continuing the boot process subsequent to completion of the update. 25

10. A method as claimed in any one of claims 1 to 9 comprising determining that the memory device is connected to a USB port of the gaming machine. 30

11. A method as claimed in any one of claims 1 to 10, wherein the conduct of the boot process is caused by a processor of the gaming machine executing instruction stored in gaming machine memory. 35

12. A gaming machine comprising: a processor; gaming machine memory storing updateable software C:\NRPortbl\GHMatters\DEBORAM\30139731. DOC 9/12/11 - 16 components and storing instructions to cause the processor to conduct a boot process, the gaming machine arranged to: determine during the boot process that a memory device potentially containing at least one software s component more recent than a corresponding software component currently stored in gaming machine memory is in data communication with the gaming machine; determine that the memory device contains at least one authentic, more recent software component; and 10 conduct an update process of gaming machine memory in respect of each more recent software component.

13. A gaming machine as claimed in claim 12 comprising at least one USB port, the gaming machine arranged to 15 determine that a memory device in the form of a USB compatible drive is connected to the USB port.

14. A gaming machine as claimed in claim 12 or claim 13, comprising a main door and arranged to determine that the 20 main door is open prior to updating each more recent authentic software component.

15. A gaming machine as claimed in any one of claims 12 to 14 comprising a logic door and arranged to determine 25 that the logic door is open prior to updating each more recent authentic software component.

16. A gaming machine as claimed in claim 13, arranged to only mount the USB drive for the duration of the boot 30 process.

17. A gaming machine as claimed in any one of claims 12 to 16, arranged to update the gaming machine by replacing each corresponding software component with each more 35 recent software component.

18. A gaming machine as claimed in any one of claims 12 C:N RPortbl\GHMetters\DEBORAM\30139731. DOC 9/12111 - 17 to 17, arranged to determine that the memory device contains at least one authentic software component which is more recent than a corresponding software component currently stored in a memory of the gaming machine by: s authenticating each software component stored on the memory device; and determining that a version number of each authenticated software component stored on the memory device is indicative of a more recent version of the 10 software component than a corresponding software component stored in the memory of the gaming machine.

19. A gaming machine as claimed in claim 18, arranged to authenticate each software component stored on the memory 15 device by using a public key stored at the gaming machine to verify that the software component has been signed with the corresponding public key.

20. A gaming machine as claimed in claim 18 or claim 19, 20 arranged to determine that the version number is more recent if it is higher than a version of the corresponding software component. C:\NRPortbl\GHMatters\DEBORAM\30139731. DOC 9/12/11