AU758509B2 - Casino gaming apparatus with gaming data check and disk memory - Google Patents

Casino gaming apparatus with gaming data check and disk memory Download PDF

Info

Publication number
AU758509B2
AU758509B2 AU27591/02A AU2759102A AU758509B2 AU 758509 B2 AU758509 B2 AU 758509B2 AU 27591/02 A AU27591/02 A AU 27591/02A AU 2759102 A AU2759102 A AU 2759102A AU 758509 B2 AU758509 B2 AU 758509B2
Authority
AU
Australia
Prior art keywords
casino
gaming
data
memory
read
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired
Application number
AU27591/02A
Other versions
AU2759102A (en
Inventor
Allan E. Alcorn
Michael Barnett
Louis D Giacalone
Adam E Levinthal
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Game Technology
Original Assignee
Silicon Gaming Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Silicon Gaming Inc filed Critical Silicon Gaming Inc
Priority to AU27591/02A priority Critical patent/AU758509B2/en
Publication of AU2759102A publication Critical patent/AU2759102A/en
Application granted granted Critical
Publication of AU758509B2 publication Critical patent/AU758509B2/en
Assigned to SILICON GAMING-NEVADA reassignment SILICON GAMING-NEVADA Alteration of Name(s) in Register under S187 Assignors: SILICON GAMING, INC.
Assigned to IGT reassignment IGT Alteration of Name(s) in Register under S187 Assignors: SILICON GAMING-NEVADA
Anticipated expiration legal-status Critical
Expired legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2109Game systems

Description

AUSTRALIA
Patents Act 1990 COMPLETE SPECIFICATION STANDARD PATENT Applicant(s): SILICON GAMING, INC.
Invention Title: ELECTRONIC CASINO GAMING SYSTEM WITH IMPROVED PLAY CAPACITY, AUTHENTICATION AND SECURITY The following statement is a full description of this invention, including the best method of performing it known to me/us: -la- 11 12 12 S 13 14 16 17 7 18 19 S 20 21 .22 23 24 26 27 28 29 31 32 33 Specification ELECTRONIC CASINO GAMING SYSTEM WITH IMPROVED PLAY CAPACITY, AUTHENTICATION AND SECURITY BACKGROUND OF THE INVENTION Field of the Invention This invention relates to microprocessor based gaming Systems used in gambling casinos.
Brief Description of the Prior Art Microprocessor based gaming systems are known which are used in gambling casinos to augment the traditional slot machine games three reel single or multiline games) and card games, such as poker and black jack. In a typical gaming system of this type, a microprocessor, based system includes both hardware and software components to provide the game playing capabilities. The hardware components include a video display for displaying the game play, mechanical switches for enabling player selection of additional cards or game play choices, coin acceptors and detectors and the electronic components usually found in a microprocessor based system, such as random access memory (RAM), read only memory (ROM), a processor and one or more busses. The software components include the initialization software, credit and payout routines, the game image and rules data set, and a random number generator algorithm. In order to be acceptable for casino use, an electronic gaming system must provide both security and authentication for the software components. For this reason, gaming commissions have heretofore required that all software components of an electronic gaming system be stored in unalterable memory, which is typically an unalterable ROM. In addition.
a copy of the contents of the ROM or a message digest of the contents (or both) are normally kept on file in a secure location designated by the gaming commission so that the contents of an individual ROM removed from a gaming machine can be verified against the custodial version.
In a typical arrangement, a message digest of the ROM contents is initially generated prior to the installation of the ROM in the machine by using a known 1 2 3 4 6 7 8 9 11 12 13 13 14 16 17 18 S* 19 21 22 23 24 26 27 28 29 algoritlhm usually referred to as a hash function. A hash function is a computation procedure that produces a fixed-size string of bits from a variable-size digital input.
The fixed-sized string of bits is termed the hash value. If the hash function is difficult to invert termed a one-way hash function the hash function is also termed a message digest function, and the result is termed the message digest. The message digest is unique to any given variable size input data set, the game data set stored in the ROM. When it becomes necessary to later authenticate the ROM from any given machine, the ROM is physically removed from the game console and the message digest of the ROM contents is computed directly from the ROM using the original hash function. The computed message digest is compared with the message digest on file at the designated custodial location (typically in the casino itself). This procedure is typically carried out whenever a machine produces a payoff beyond a given threshold value. If the two message digests match, then the contents of the ROM are considered to be authenticated (verified) and the payout is made to the player.
While such electronic casino gaming systems have been found to be useful in promoting casino game play, the restriction requiring that the casino game program be stored in unalterable ROM memory, leads to a number of disadvantageous limitations. First, due to the limited capacity of the ROM storage media traditionally used to hold the program, the scope of game play available with such systems is severely limited. For sophisticated games using motion video and audio multi-media elements, much more memory capacity, on the order of hundreds of megabytes, is necessary. However, physical verification of such a large quantity of physical devices is not practical, and has thus far been an impediment to creating sophisticated games with more player appeal. Second, the authentication check is only conducted on a limited basis (usually after a jackpot) or other significant winning game outcome, and the authentication procedure requires that game play be halted until the ROM contents have been found to be authentic.
SUMMARY OF THE INVENTION The invention comprises an electronic casino gaming system which greatly expands casino game play capability and enhances security and authentication capabilities. More particularly, the invention comprises an electronic casino gaming 3 system and method having greatly expanded mass storage capability for storing a multiplicity of high resolution, high sound quality casino type games, and provides enhanced authentication of the stored game program information with a high security factor.
According, to a first aspect of the invention there is provided A casino gaming apparatus, comprising: a casino game console; a video display unit; a sound-generating apparatus; a read/write memory having a data storage capacity, said read/write memory being disposed in said eeeS0 S5 casino game console; .555 Sga nonvolatile memory that stores gaming data; 15 a disk memory having a data storage capacity that is larger than said data storage capacity of said read/write oO memory, said disk memory having gaming data relating to a S°casino game stored therein, said disk memory being disposed in said casino game console; and a processor disposed in said casino game console 5* and being operatively coupled to said video display unit, SOOS said sound-generating apparatus, said read/write memory, •00o said nonvolatile memory and said disk memory, said processor causing said gaming data stored in said disk memory to be transferred to said read/write memory, said processor causing said gaming data that was 55.5 eeoc transferred from said disk memory to said read/write memory to be authenticated based on comparison of a message digest generated by performing a one-way hash function on said gaming data being authenticated with a message digest previously generated by performing a oneway hash function on known gaming data, each of said oneway hash functions producing a fixed-size string of bits, and said processor causing a remedial action to be taken if said gamingdata transferred from said disk H:\Sue\Keep\speci\P45381.SPEC.2.doc 20/09/02 4 memory to said read/write memory is not authentic as determined by said processor.
From a process standpoint, this aspect of the invention comprises a method of authenticating data set of a casino style game which consists of two phases: a game data set preparation phase and a game data set checking phase. In the game data set preparation phase, the method proceeds by providing a data set for a casino game, computing a first abbreviated bit string unique to the casino game data set, encrypting the first abbreviated bit string to provide an encrypted signature of the casino game data set, and storing the casino game data set and 000000 S6 the signature in a mass storage device. The first 0060 oo..abbreviated bit string is preferably computed using a hash 0• 15 function to produce a message digest of the casino game data set. The signature is then encrypted from the message digest. After storage of the game data set and unique signature, this information is installed in a casino game console. The casino game data set checking phase proceeds by computing a second abbreviated bit 0 string from the stored casino game data set using the same o•hash function, decrypting the stored encrypted signature to recover the first abbreviated bit string, and comparing .00:.o the first and second abbreviated bit strings to determine whether the two strings match. If a match does occur, the casino game data set is deemed authentic; if there is .00o no match, authentication is denied and game play is *000 ee prohibited.
•The encryption/decryption process is preferably performed using a private key/public key technique in which the first abbreviated bit string is encrypted by the game manufacturer using a private encryption key maintained in the custody of the game manufacturer. The decryption of the signature is performed using a public key which is contained in an unalterable read only memory element located in the game console, along with the casino game data set. The casino game data set is preferably H:\SueB\Keep\speci\P45381. SPEC 2 .doc 20/09/02 5 stored in a mass storage device, such as a magnetic or CD- ROM disk drive unit or a network file unit, the selected unit having a relatively large capacity. The actual size of the mass storage device will depend upon the casino game storage requirements and can be tailored to any specific application. Each time a casino game data set is transferred from the mass storage device to the main memory of the system, the authentication routine is run.
The authentication routine can also be means of an operator switch mounted in the game console or remotely via a network. Consequently, the authenticity of the data set can be automatically checked whenever the transfer ooooo occurs and at other appropriate times. In order to detect
*OSO
S"o attempts to tamper with the contents of the unalterable o 15 read only memory element located in the game console, a =0 message digest computed for the authentication program stored therein is stored in a secure manner in a different location from the game console, such as the casino operator's security facilities or the facilities of a gaming commission (or both). The authenticity of the unalterable read only memory element is checked in the oo same way as that now performed in prior art devices: viz.
computing the message digest directly from the unalterable read only memory device, and comparing the message digest 0S thus computed with the custodial version.
According to a second aspect of the present S. invention there is provided A casino gaming apparatus, *005 oo comprising: a casino game console; a video display unit; a sound-generating apparatus; a read/write memory having a data storage capacity, said read/write memory being disposed in said casino game console; a nonvolatile memory that stores gaming data; a disk memory having a data storage capacity that is larger than said data storage capacity of said read/write H:\SueB\Keep\speci\P45381.SPEC. 2doc 20/09/02 6 memory, said disk memory having gaming data relating to a casino game stored therein, said disk memory being disposed in said casino game console; and a processor disposed in said casino game console and being operatively coupled to said video display unit, said sound-generating apparatus, said read/write memory, said nonvolatile memory and said disk memory, said processor causing said gaming data stored in said disk memory to be transferred to said read/write memory, and said processor causing said gaming data that was transferred from said disk memory to said read/write ooooo S0 memory to be checked based on a comparison of data generated from said transferred gaming data with data S'fo 15 generated from known gaming data.
According to a third aspect of the present invention there is provided a casino gaming apparatus, S•comprising: a casino game console; a video display unit; oO a read/write memory having a data storage eecapacity, said read/write memory being disposed in said "casino game console; •oa disk memory having a data storage capacity that
S.
is larger than said data storage capacity of said read/write memory, said disk memory having gaming data relating to a casino game stored therein, said disk memory c00.
o being disposed in said casino game console; and a processor disposed in said casino game console and being operatively coupled to said video display unit, said read/write memory and said disk memory, said processor causing said gaming data to be checked based on a comparison of data generated by said processor from said gaming data with data generated from known gaming data, and said processor causing a remedial action to be taken based on an outcome of said checking of said gaming H:\SueB\Keep\speci\P45381.SPEC.2 .doc 20/09/02 7 data.
According to a fourth aspect of the present invention there is provided a casino gaming apparatus, comprising: a casino game console; a video display unit; a read/write memory having a data storage capacity, said read/write memory being disposed in said casino game console; a disk memory having a data storage capacity that is larger than said data storage capacity of said read/write memory, said disk memory having gaming data oo Srelating to a casino game stored therein, said disk memory 0000 S•being disposed in said casino game console; and o 15 a processor disposed in said casino game console and being operatively coupled to said video display unit, said read/write memory and said disk memory, said processor causing said gaming data to be checked based on a comparison of data generated by said processor from said gaming data with previously generated data, and S000. *said processor causing a remedial action to be 0*o0•taken based on an outcome of said checking of said gaming '60:60data.
Electronic casino game systems incorporating the invention provide a vastly expanded capacity for more sophisticated and attractive casino-style games, while at 000.
o the same time improving the authentication of the games without compromising security. In addition, casino game systems incorporating the invention provide great flexibility in changing casino game play, since the casino game data sets representing the various games can be stored in alterable media rather than read only memory units as with present casino game systems.
BRIEF DESCRIPTION OF THE DRAWINGS A preferred embodiment of the present invention will now be described by way of example only with H:\Sue\Keep\speci\P45381.SPEC.2.doc 20/09/02 8 reference to the accompanying drawings in which: Figure 1 is a block diagram of a system incorporating the invention; Figure 2 is a schematic diagram illustrating the contents of the read only memory and the mass storage device; Figure 3 is a more detailed schematic view of the authentication program stored in the ROM and the game data stored in the mass storage unit; Figure 4 is a diagram illustrating the preparation of the game data set; Figure 5 is a diagram illustrating the *00000 authentication procedure for the game data set; and 0000 Figure 6 is a diagram illustrating an alternative 15 approach to the secure loading of software of into the system.
o DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Turning now to the drawings, Figure 1 is a block diagram of an electronic casino gaming system incorporating the invention. As seen in this figure, the 0:0. system consists of several system components under •esoftware control. These system components include a o ~microprocessor 12, which may comprise any general purpose microprocessor, such as a Pentium-based microprocessor 00 from Intel Corporation. A main memory unit 13 is provided, which is typically a random access memory having 0.0 a capacity of between 32 and 64 megabytes for storing the 0000 o majority of programs and graphics elements during game gO play. A system boot ROM 14 provides the initialisation software required when power is first applied to the system. ROM 14 contains additional programs in read only form, including the operating system, related drivers and the authentication software described in detail below. A non-volatile RAM 17 is a battery backed static RAM capable of maintaining its contents.
81. SPEC.2.doc 20/09/02 Sthrough power cycling. NV RAM 17 stores significant information relating to game 2 play, such as the number of player credits, the last game outcome and certain 3 diagnostic and error information not critical to an understanding of the invention.
4 A mass storage unit implemented in the Fig. I system as a magnetic hard disk drive unit 18 is coupled to and controlled by a disk subsystem 19 of conventional 6 design and operation. Disk drive unit 18 provides storage for the game specific data 7 set, which includes both program data and image data specifying the rules of the 8 various different casino games or single casino game variations, and the types of 9 images and image sequences to be displayed to the game players. The size of the disk drive unit 18 is a function of the number of games and game variations 11 provided for a given system, as well as the amount of data required for each specific 12 game. In general, the more motion video designed into a particular casino game, the 13 more storage required for that casino game software. A disk drive unit 18 with a 4- 14 gigabyte capacity will usually provide sufficient storage capacity. Disk subsystem 19 comprises a disk controller connected to a PCI bus 20 for controlling the disk drive 16 unit 18. Controller 19 preferably supports SCSI-2, with options of fast and wide. It 17 should be noted that a number of different types of locally-based disk drive units 18 may be used in the Fig. 1 system, including a CD-ROM storage unit. Also, the mass 19 storage unit need not be physically located within the game console along with the 20 other elements depicted in Fig. 1: the mass storage unit may be located remotely 21 from the game console and coupled thereto by means of an appropriate network, 22 such as an ethernet, an R5232 link, or some other hard-wired or wireless network 23 link. This latter alternate arrangement is indicated by the inclusion of a network 24 subsystem 21 of appropriate configuration and functional characteristics, which may have ethernet, R5232 serial, or other network compatibility.
26 A video subsystem 22 is coupled to the PCI bus and provides the capability 27 of displaying full color still images and MPEG movies with a relatively high frame 28 rate 30 frames per second) on an appropriate monitor (not shown). Optional 3D 29 texture mapping may be added to this system, if desired.
A sound subsystem 23 having a stereo sound playback capability with up to 31 16 bit CD quality sound is coupled to an ISA bus 24. A general purpose 32 input/output unit 25 provides interfaces to the game mechanical devices (not 33 illustrated) such as manually actuatable switches and display lights. A first bridge 3 4 6 7 8 9 12 13 14 16 17 18 19 20 t.
o* 21 22 23 24 26 27 28 29 31 32 33 circuit 27 provides an interface between microprocessor 12, ROM 14, main memory 13 and PCI bus 20. Bridge circuit 27 is preferably a TRITON chip set available from INTEL Corporation. A second bridge circuit 28 provides an interface between the PCI bus 20 and the ISA bus 24. Bridge circuit 28 is preferably a type 82378 chip available from Intel Corporation.
Fig. 2 illustrates the types of information stored in the system ROM 14 and the mass storage unit. As seen in Fig. 2, the ROM unit 14 used in the Fig. I system comprises two separate ROM elements: ROM 29 and ROM 30. ROM 29 must be an unalterable device, such as a Toshiba type C53400 512Kx8 bit mask programmed ROM. ROM 30 is preferably an unalterable device like ROM 29, but may comprise a different type of ROM, such as a type 29F040 field programmable flash ROM available from Intel Corp. ROM 29 contains the system initialization or boot code, an authentication program, a random number generator program and an initial portion of the executive/loader programs. ROM 30 contains the operating system program, the system drivers and the remainder of the executive/loader programs as noted below. The mass storage unit contains the applications, which include the game image and sound data, rules of game play and the like, and the signature associated to each particular casino game.
Fig. 3 illustrates the authentication and application program information in more detail. As seen in this figure, the authentication program stored in unalterable ROM 29 comprises a message digest algorithm component 32, a decryption algorithm component 33, and a decryption key component 34. The message digest algorithm component 32 stored in ROM 29 comprises an exact copy of a hash function program routine used to originally compute a message digest from the loadable game data set 36 in the manner described below. The decryption algorithm component 33 stored in ROM 29 comprises the algorithm required to decrypt any encrypted casino game data set signature using the decryption key component 34.
The decryption key component 34 comprises the decryption key that is required to decrypt any of the encrypted signatures 37 in the manner described below during the authentication routine.
Fig. 4 illustrates the manner in which an encrypted data set signature 37 is generated. A loadable casino game data set 36 is processed using a hash function 4 I to generate a message digest 42 which is unique to the loadable game data set 36.
.1 -lI- I The hash function employed may be one of a number of known hash functions, such 2 as the MD2, MD4, and MD5 hash functions and tile SI-IS hash function; or any other 3 suitable hash function capable of producing a unique abbreviated bit string from a 4 variable size input data set. For further information about these hash functions.
reference should be had to the publication entitled "Answers To Frequently Asked 6 Questions About Today's Cryptography", Revision 2.0, October 5, 1993, published 7 by RSA Laboratories, Redwood City, California, and the publications listed in the 8 references section thereof, the disclosures of which are hereby incorporated by 9 reference. After generation, the message digest 42 is then encrypted with an encryption algorithm 43 using a private encryption key 44 to generate a signature 37 11 of the message digest. In the preferred embodiment, the two-key (private/public key) 'e 12 encryption technique developed by RSA Data Security, Inc., of Redwood City, 13 California, is used. This technique is disclosed and described in U.S. Patent Nos.
14 4,200,770, 4,218,582 and 4,405,829, the disclosures of which are hereby incorporated by reference. The signature 37 of the message digest 42 is then stored in the mass 16 storage unit along with the loadable data set 36.
17 Fig. 5 illustrates the authentication routine carried out in accordance with the 18 invention, when the authentication routine is called (see below), the loadable casino 19 game data set 36 is transferred from the mass storage unit to main memory 13 20 (unless already there), and the message digest of casino game data set 36 is 21 computed using the message digest algorithm 32. Message digest algorithm 32 uses 22 the same hash function 41 as that used by the manufacturer to prepare the original 23 message digest 42. The result is an unencrypted version 46 of the message digest 24 computed from the casino game data set 36 currently present in the mass storage unit. The encrypted data set signature 37 is decrypted using the public decryption key 26 34 matching the private key 44 used to originally encrypt the message digest 42 of 27 the casino game data set 36. The message digest 47 decrypted with decryption key 28 34 is then compared with the message digest 46 computed from the casino game data 29 set 36. If the two message digests match, then the casino game data set 36 is deemed authentic and game play may proceed. If there is no match, either the casino game 31 data set 36 or the signature 37 is deemed corrupted and not authentic. Game play is 32 prohibited and appropriate actions can be taken: e.g. alerting a security employee I using a suitable messaging system (an audible alarm, flashing lights, or a network 2 message from the game console to a central security area).
In order to ensure that the authentication routine cannot be bypassed by 4 tampering with the loader program stored in ROM 30, an initial part of the loader program is incorporated into unalterable ROM 29. This initial portion of the loader 6 program requires that the authentication program be called prior to the initiation of 7 any casino game play. Since this initial portion of the loader program is located in 8 the unalterable ROM 29, and since no casino game play can occur until the particular 9 casino game application data set 36 is loaded into main memory 13, the authentication procedure cannot be bypassed by tampering with the software stored 11 in ROM 12 Since authentication of the game data set 36 and signature 37 is entrusted to 13 the contents of ROM 29, a procedure must be provided to verify the ROM 29 14 contents. For this purpose, a message digest is computed for the authentication program stored in ROM 29, and this message digest is stored in a secure manner 16 with the casino operator or the gaming commission (or both) along with the hash 1" 17 function used to produce the message digest. This hash function may be the same 18 hash function used to compute the message digest 42 of the casino game data set or 19 a different hash function. In this way, the authenticity of the ROM 29 can be easily 20 checked in the same way as that now performed in prior art devices: viz. computing 21 the message digest directly from the ROM 29 and comparing the message digest thus 22 computed with the custodial version of the message digest. If required by a given 23 gaming commission or deemed desirable by a casino operator, the system may also 24 display the message digest 42 of each particular data set 36 or the encrypted signature version 37 for auditing purposes. In addition, the system may transmit this 26 information via networking subsystem 21 to an on-site or off-site remote location 27 (such as the office of the gaming commission). The message digest displayed or 28 transmitted may comprise the decrypted version or the computed version (or both).
29 The authentication procedure carried out by means of the message digest program 32, decryption program 33 and decryption key 34 stored in unalterable 31 ROM 29 in the manner described above is also used to authenticate the contents of 32 all memory devices in the Fig. I system, such as the contcnts of ROM 30 (see Fig.
33 the fixed data portions and program components stored in NV RAM 17 and the -13- I program and fixed data contents of any memory devices stored in the networking 2 subsystem 21, video subsystem 22, sound subsystem 23, PCI-ISA interface 24, and 3 GPIO unit 25. Each program or fixed data set stored in any memory device in any 4 of these units has an associated signature, which is encrypted from a message digest of the original program or fixed data set using a hash function, which is preferably 6 the same hash function used to prepare the message digest of the casino game data 7 set. Prior to permitting any such program or fixed data set to participate in the 8 system operation, that program or fixed data set is subjected to the authorization 9 procedure to ensure that the message digest computed from the current version of the program or fixed data set matches the message digest decrypted from the encrypted 11 signature associated to the program or fixed data set. In addition, the authentication 12 procedure can be run on each such program or fixed data set at periodic or random 13 intervals (on demand) in a manner essentially identical to that described above with 14 respect to the casino game data set authentication procedure. As a consequence, the integrity of all software in the system is checked prior to the use of that particular 16 software in order to reveal any unauthorized changes to the software portion of the 17 casino gaming system.
18 An alternative approach to the secure loading of software into the system is 19 depicted in FIG. 6. In this embodiment the basic input/output system (BIOS) 20 software is stored in a ROM 50, the first of two ROMs making up the system boot 21 ROM 14 (FIG. The boot strap code, operating system code OS drivers and 22 a secure loader are stored in a second ROM 52. An anchor application 54 including 23 graphics and sound drivers, system drivers, money-handling software, a second 24 secure loader, and a signature is stored in the mass storage 18 (FIG. 1).
When power is initially applied to the system on start-up, or when the system 26 experiences a warm restart, the CPU 12 will begin executing code from the BIOS 27 ROM 50. The BIOS is responsible for initializing the motherboard and peripheral 28 cards of the system. After the BIOS has completed the initialization, it jumps to the 29 boot strap code in ROM 252 causing the boot strap to copy the OS, OS drivers, and the secure loader into RAM.
31 Once in RAM, the OS is started and the secure loader stored in ROM 52 is 32 used to load the anchor application 54 from disk 18. On disk, the anchor application -14- 1 has a signature that is used during the load to verify the validity of the anchor 2 application.
3 After the anchor application 54 is started, it will be used to load all other 4 applications. The secure loader of the anchor application will check the validity of an application to be loaded by computing the signature and comparing it against the 6 one stored on disk with the application as described above.
7 An important advantage of the invention not found in 20 prior art systems 8 is the manner in which the casino game data set can be authenticated. In prior art 9 systems, authentication of the casino game data set is normally only done when a payout lying above a given threshold is required by the outcome of the game play, i 11 and this requires that the game be disabled while the ROM is physically removed and S 12 the ROM contents are verified. In systems incorporating the invention, the 13 authenticity of a given casino game data set can be checked in a variety of ways. For 14 example, the game data set 36 can be automatically subjected to the authentication procedure illustrated in Fig. 5 each time the game is loaded from the mass storage S16 unit into the main memory 13. Thus, as a player selects a casino game for game play 17 in the system, the authenticity of that game actually stored in the mass storage unit 18 is automatically checked using the authentication procedure described above without 19 removing the ROM 29. Further, if desired, the authentication procedure may be 20 initiated in response to the pull of a slot game handle, the detection of a coin insert, 21 the payout of coins or issuing of credit, or any other detectable event related to game 22 play. The authenticity of a given casino game data set 36 can also be checked on 23 demand, either locally at the game console or remotely via a network, by providing 24 a demand procedure. Such a procedure may be initiated, e.g. by providing a manually operable switch in the game console, accessible only to authorized persons, 26 for initiating the authentication routine. Alternatively, the Fig. 1 system may be 27 configured to respond to a demand command generated remotely in a security 28 area in the casino or off-site) and transmitted to the game console over a network to 29 the networking subsystem 21.
Another advantage of the invention lies in the fact that the game data set 31 storage capacity of a system incorporating the invention is not limited by the size of 32 a ROM, but is rather dictated by the size of the mass storage unit. As a consequence 3 3 ganes using high resolution, high motion video and high quality stereo sound can I be designed and played on systems incorporating the invention. Also, since the mass 2 storage unit need not be a read-only device, and need nor be physically located in the i guname console, the invention affords great flexibility in game content, scheduling and 4 changes. For example, to change the graphic images in a particular casino game or set of games, new casino game data sets can be generated along with new signatures 6 and stored in the mass storage unit by either exchanging disk drives, replacing disks 7 (for read only disk units), or writing new data to the media. In the networked mass 8 storage application, these changes can be made to the files controlled by the network 9 file server. Since the casino game data sets must pass the authentication procedure test, either periodically or on demand, corrupted data sets cannot go undetected. Thus 11 the invention opens up the field of electronic casino gaming systems to readily 12 modifiable games with flexible displays and rules, without sacrificing the essential 13 security of such systems. In fact, security is greatly enhanced by the ability of the 14 invention to authenticate all game data sets both regularly (for each handle pull) and at any time (on demand), without interfering with regular game play (unless no 16 match occurs between the two forms of message digest).
17 While the above provides a full and complete disclosure of the preferred 18 embodiments of the invention, various modifications, alternate constructions and 19 equivalents may be employed without departing from the true spirit and scope of the 20 invention. For example, while the RSA public/private key encryption technique is 21 preferred (due to the known advantages of this technique), a single, private key 22 encryption technique may be employed, if desired. In a system using this technique, 23 the single key would be stored in ROM 29 in place of the public key 34. Also, the 24 message digest 42 and signature 37 for a given application 36 need not be computed from the entire casino game data set. For example, for some casino games it may be 26 desirable to provide a fixed set of rules while permitting future changes in the casino 27 game graphics, sound or both. For such casino games, it may be sufficient to 28 compute the message digest 42 and signature 37 from only the rules portion of the 29 applications program 36. In other cases, it may be desirable or convenient to maintain the casino game video and audio portions constant. \while allowing future 31 changes to the rules of game play. For casino games of this category, the message 32 digest 42 and signature 37 may be computed from the graphics and sound portions 33 of the application program 36. It may also be desirable to compute a message digest -16- 1 42 and signature 37 from a subset of the rules, graphics or sound portions of a given 2 applications program 36, or from some other subset taken from a given applications 3 program 36. Therefore, the above should not be construed as limiting the scope of 4 the invention, which is defined by the appended claims.
*O
f «*O

Claims (21)

1. A casino gaming apparatus, comprising: a casino game console; a video display unit; a sound-generating apparatus; a read/write memory having a data storage capacity, said read/write memory being disposed in said casino game console; a nonvolatile memory that stores gaming data; a disk memory having a data storage capacity that is larger than said data storage capacity of said read/write memory, said disk memory having gaming data relating to a egeggo S casino game stored therein, said disk memory being dic gs disposed in said casino game console; and S 15 a processor disposed in said casino game console and being operatively coupled to said video display unit, •oS •0 said sound-generating apparatus, said read/write memory, said nonvolatile memory and said disk memory, said processor causing said gaming data stored in said disk memory to be transferred to said read/write memory, *said processor causing said gaming data that was transferred from said disk memory to said read/write memory to be authenticated based on comparison of a 0 message digest generated by performing a one-way hash function on said gaming data being authenticated with a -•message digest previously generated by performing a one- way hash function on known gaming data, each of said one-
5. way hash functions producing a fixed-size string of bits, and said processor causing a remedial action to be taken if said gaming data transferred from said disk memory to said read/write memory is not authentic as determined by said processor. 2. A casino gaming apparatus as defined in claim 1 wherein said read/write memory has a data storage Zcapacity between 32 megabytes and 64 megabytes. H:ASueB\Keep\seci\P45381SPEC. 2 doc 20/09/02 18 3. A casino gaming apparatus as defined in claim 1 wherein said disk memory has a multi-gigabyte data storage capacity. 4. A casino gaming apparatus as defined in claim 1 wherein said disk memory comprises a CD-ROM. A casino gaming apparatus as defined in claim 1 wherein said disk memory comprises a magnetic hard disk.
6. A casino gaming apparatus, comprising: a casino game console; a video display unit; a sound-generating apparatus; S" a read/write memory having a data storage Scapacity, said read/write memory being disposed in said S 15 casino game console; a nonvolatile memory that stores gaming data; e• a disk memory having a data storage capacity that is larger than said data storage capacity of said read/write memory, said disk memory having gaming data relating to a casino game stored therein, said disk memory being disposed in said casino game console; and 000. a processor disposed in said casino game console and being operatively coupled to said video display unit, said sound-generating apparatus, said read/write memory, said nonvolatile memory and said disk memory, said processor causing said gaming data stored in *said disk memory to be transferred to said read/write 000S oo memory, and 0 0" said processor causing said gaming data that was transferred from said disk memory to said read/write memory to be checked based on a comparison of data generated from said transferred gaming data with data generated from known gaming data.
7. A casino gaming apparatus as defined in claim 6 wherein said disk memory comprises a CD-ROM.
8. A casino gaming apparatus as defined in claim 6 wherein said disk memory comprises a magnetic hard H:\SueB\Keep\speci\P45381.SPEC.2.doc 20/09/02 19 disk.
9. A casino gaming apparatus as defined in claim 6 wherein use of said gaming data is prevented if said gaming data being checked is determined to be corrupted. A casino gaming apparatus as defined in claim 6 wherein said processor utilizes a hashing function in checking said gaming data.
11. A casino gaming apparatus as defined in claim 6 wherein said processor utilizes decryption in checking said gaming data.
12. A casino gaming apparatus, comprising: a casino game console; a video display unit; 15 a read/write memory having a data storage capacity, said read/write memory being disposed in said S: casino game console; a disk memory having a data storage capacity that is larger than said data storage capacity of said read/write memory, said disk memory having gaming data ,o r relating to a casino game stored therein, said disk memory 6• being disposed in said casino game console; and a processor disposed in said casino game console and being operatively coupled to said video display unit, said read/write memory and said disk memory, said processor causing said gaming data to be checked based on a comparison of data generated by said o processor from said gaming data with data generated from known gaming data, and said processor causing a remedial action to be taken based on an outcome of said checking of said gaming data.
13. A casino gaming apparatus as defined in claim 12 wherein said read/write memory has a data storage capacity greater than 32 megabytes.
14. A casino gaming apparatus as defined in claim 12 wherein said disk memory has a multi-gigabyte H: \SueB\Keep\speci\P45381. SPEC. 2.doc 20/09/02 20 data storage capacity. A casino gaming apparatus as defined in claim 12 wherein said disk memory comprises a CD-ROM.
16. A casino gaming apparatus as defined in claim 12 wherein said disk memory comprises a magnetic hard disk. 17 A casino gaming apparatus as defined in claim 12 wherein said processor causes said gaming data stored in said disk memory to be transferred to said read/write memory before being checked by said processor.
18. A casino gaming apparatus as defined in claim 12 wherein said processor utilizes decryption in O S checking said gaming data.
19. A casino gaming apparatus, comprising: 15 a casino game console; e a video display unit; S. a read/write memory having a data storage capacity, said read/write memory being disposed in said casino game console; a disk memory having a data storage capacity that is larger than said data storage capacity of said L read/write memory, said disk memory having gaming data relating to a casino game stored therein, said disk memory being disposed in said casino game console; and 0G a processor disposed in said casino game console and being operatively coupled to said video display unit, said o°read/write memory and said disk memory, gem. checke said processor causing said gaming data to be checked based on a comparison of data generated by said processor from said gaming data with previously generated data, and said processor causing a remedial action to be taken based on an outcome of said checking of said gaming data.
20. A casino gaming apparatus as defined in claim 19 wherein said read/write memory has a data storage capacity greater than 32 megabytes. H:\SueB\Keep\speci\P45381 SPEC. 2 .doc 20/09/02 21
21. A casino gaming apparatus as defined in claim 19 wherein said disk memory has a multi-gigabyte data storage capacity.
22. A casino gaming apparatus as defined in claim 19 wherein said disk memory comprises an optical disk in the form of a CD-ROM.
23. A casino gaming apparatus as defined in claim 19 wherein said disk memory comprises an optical disk.
24. A casino gaming apparatus as defined in claim 19 wherein said disk memory comprises a magnetic hard disk.
25. A casino gaming apparatus as defined in claim 19 wherein said processor causes said gaming data 15 stored in said disk memory to be transferred to said read/write memory before being checked by said processor. e..
26. A casino gaming apparatus as defined in claim 19 wherein said processor utilizes decryption in checking said gaming data.
27. A casino gaming apparatus substantially as hereinbefore described with reference to the accompanying so drawings. Dated this 18th day of September 2002 SILICON GAMING, INC. eg By their Patent Attorneys GRIFFITH HACK Fellows Institute of Patent and •Trade Mark Attorneys of Australia be H:\SueB\Keep\speci\P45381.SPEC.2-doc 20/09/02
AU27591/02A 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check and disk memory Expired AU758509B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU27591/02A AU758509B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check and disk memory

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US497662 1995-06-29
AU47184/00A AU4718400A (en) 1995-06-29 2000-07-12 Electronic casino gaming system with improved play capacity, authentication and security
AU27591/02A AU758509B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check and disk memory

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
AU47184/00A Division AU4718400A (en) 1995-06-29 2000-07-12 Electronic casino gaming system with improved play capacity, authentication and security

Publications (2)

Publication Number Publication Date
AU2759102A AU2759102A (en) 2002-06-06
AU758509B2 true AU758509B2 (en) 2003-03-20

Family

ID=3734076

Family Applications (8)

Application Number Title Priority Date Filing Date
AU47184/00A Abandoned AU4718400A (en) 1995-06-29 2000-07-12 Electronic casino gaming system with improved play capacity, authentication and security
AU27592/02A Expired AU758507B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check utilising decryption
AU27595/02A Expired AU758257B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check and dual memories
AU27593/02A Expired AU758204B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus, utilising hashing and decryption
AU27591/02A Expired AU758509B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check and disk memory
AU27594/02A Expired AU758203B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check and remote memory
AU2007200645A Expired AU2007200645B2 (en) 1995-06-29 2007-02-14 Electronic Casino Gaming System With Improved Play Capacity, Authentication and Security
AU2010201666A Expired AU2010201666B2 (en) 1995-06-29 2010-04-27 Electronic casino gaming system with improved play capacity, authentication and security

Family Applications Before (4)

Application Number Title Priority Date Filing Date
AU47184/00A Abandoned AU4718400A (en) 1995-06-29 2000-07-12 Electronic casino gaming system with improved play capacity, authentication and security
AU27592/02A Expired AU758507B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check utilising decryption
AU27595/02A Expired AU758257B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check and dual memories
AU27593/02A Expired AU758204B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus, utilising hashing and decryption

Family Applications After (3)

Application Number Title Priority Date Filing Date
AU27594/02A Expired AU758203B2 (en) 1995-06-29 2002-03-22 Casino gaming apparatus with gaming data check and remote memory
AU2007200645A Expired AU2007200645B2 (en) 1995-06-29 2007-02-14 Electronic Casino Gaming System With Improved Play Capacity, Authentication and Security
AU2010201666A Expired AU2010201666B2 (en) 1995-06-29 2010-04-27 Electronic casino gaming system with improved play capacity, authentication and security

Country Status (1)

Country Link
AU (8) AU4718400A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4218582A (en) * 1977-10-06 1980-08-19 The Board Of Trustees Of The Leland Stanford Junior University Public key cryptographic apparatus and method
US4752068A (en) * 1985-11-07 1988-06-21 Namco Ltd. Video game machine for business use
US4759064A (en) * 1985-10-07 1988-07-19 Chaum David L Blind unanticipated signature systems

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3316414A1 (en) * 1982-05-12 1983-12-22 Bally Manufacturing Corp., 60618 Chicago, Ill. DEVICE AND METHOD FOR ENSURE THE INTEGRITY OF A PLAYING DEVICE
US4727544A (en) * 1986-06-05 1988-02-23 Bally Manufacturing Corporation Memory integrity checking system for a gaming device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4218582A (en) * 1977-10-06 1980-08-19 The Board Of Trustees Of The Leland Stanford Junior University Public key cryptographic apparatus and method
US4759064A (en) * 1985-10-07 1988-07-19 Chaum David L Blind unanticipated signature systems
US4752068A (en) * 1985-11-07 1988-06-21 Namco Ltd. Video game machine for business use

Also Published As

Publication number Publication date
AU2759302A (en) 2002-05-30
AU2759202A (en) 2002-05-16
AU2010201666A1 (en) 2010-05-20
AU2759102A (en) 2002-06-06
AU758507B2 (en) 2003-03-20
AU2759402A (en) 2002-05-16
AU2007200645A1 (en) 2007-03-08
AU2759502A (en) 2002-05-16
AU2010201666B2 (en) 2013-01-31
AU758204B2 (en) 2003-03-20
AU758203B2 (en) 2003-03-20
AU2007200645B2 (en) 2010-01-28
AU4718400A (en) 2000-09-14
AU758257B2 (en) 2003-03-20

Similar Documents

Publication Publication Date Title
US6106396A (en) Electronic casino gaming system with improved play capacity, authentication and security
US6149522A (en) Method of authenticating game data sets in an electronic casino gaming system
US7203841B2 (en) Encryption in a secure computerized gaming system
US7783040B2 (en) Encryption in a secure computerized gaming system
AU2009206188B2 (en) Pass-through live validation device and method
US20030203755A1 (en) Encryption in a secure computerized gaming system
JP2005523668A (en) Authentication in an encrypted computerized game system
US20070021195A1 (en) Gaming system file authentication
CA2450201C (en) Method and apparatus for securing gaming machine operating data
US20140256419A1 (en) Multi-tiered static chain of trust
US8317607B2 (en) Wagering game machine digitally signed volume management
USRE39369E1 (en) Electronic casino gaming system with improved play capacity, authentication and security
EP1441464A1 (en) Electronic casino gaming system with authentication and security
AU2013205523A1 (en) Electronic casino gaming system with improved play capacity, authentication and security
AU758509B2 (en) Casino gaming apparatus with gaming data check and disk memory
AU2001245518B2 (en) Encryption in a secure computerized gaming system
AU2001245518A1 (en) Encryption in a secure computerized gaming system

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)
PC Assignment registered

Owner name: IGT

Free format text: FORMER OWNER WAS: SILICON GAMING, INC.

TH Corrigenda

Free format text: IN VOL 17, NO 44, PAGE(S) 1502 UNDER THE HEADING ASSIGNMENTS REGISTERED PLEASE DELETE ALL REFERENCES TO PATENT NUMBERS 758203, 758204, 758257 AND 758509

PC Assignment registered

Owner name: SILICON GAMING-NEVADA

Free format text: FORMER OWNER WAS: SILICON GAMING, INC.

PC Assignment registered

Owner name: IGT

Free format text: FORMER OWNER WAS: SILICON GAMING-NEVADA