EP0824732B1 - Tamper protection and activation method for an electronic gaming device and device therefor - Google Patents

Tamper protection and activation method for an electronic gaming device and device therefor Download PDF

Info

Publication number
EP0824732B1
EP0824732B1 EP96914253A EP96914253A EP0824732B1 EP 0824732 B1 EP0824732 B1 EP 0824732B1 EP 96914253 A EP96914253 A EP 96914253A EP 96914253 A EP96914253 A EP 96914253A EP 0824732 B1 EP0824732 B1 EP 0824732B1
Authority
EP
European Patent Office
Prior art keywords
game
housing
encryption key
stored
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP96914253A
Other languages
German (de)
French (fr)
Other versions
EP0824732A1 (en
Inventor
François BERNHARD
Patrice Bremaud
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Info Telecom SA
Original Assignee
Info Telecom SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=9478579&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=EP0824732(B1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Info Telecom SA filed Critical Info Telecom SA
Publication of EP0824732A1 publication Critical patent/EP0824732A1/en
Application granted granted Critical
Publication of EP0824732B1 publication Critical patent/EP0824732B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C15/00Generating random numbers; Lottery apparatus
    • G07C15/005Generating random numbers; Lottery apparatus with dispensing of lottery tickets

Definitions

  • This housing then also constitutes the transaction element for the payment of the gain and includes all the elements necessary for the verification of it.
  • the invention therefore firstly proposes an activation method and fraud protection of an electronic gaming device comprising at least one housing, as well as at least one portable object capable of cooperate with the housing.
  • the digital data is deported game, that is to say the application or the game software, outside the electronic box and we incorporate it into a memory of an object portable which can come in different forms, such as card credit, domino, token, etc.
  • Result information that will be encrypted in the case before being transferred to the portable object naturally depends on the nature of the game. This may for example be binary information from the type "won” or “lost”, or even, for example, of a information representative of a gain level.
  • all digital game data is transferred to the working memory of the case (in practice these data are by example read in the portable object then copied into the memory of work of the case) so that the cooperation between the portable object and the case could possibly be removed during the course of the game at the housing.
  • the invention therefore avoids the use of software means complex that would require the direct operation of the game software the portable object by the processing unit of the case without transfer in the memory of the case. Also, according to an embodiment of the process according to the invention, it is advantageously provided that the assembly of play data from a portable object be read through a serial protocol between the portable object and the case. Which allows minimize the hardware and software resources of the portable object.
  • the game software is operated directly by the processing of the case directly in the working memory thereof.
  • the device according to the invention generally comprises several cases and several portable objects. Also, when authentication of the game dataset of one of the objects portable was checked and that said set was stored in the working memory of one of the boxes, we then forbid advantageously any subsequent exploitation by any of the housings, from the game dataset of this portable object.
  • Verification authentication of the game dataset then involves a recalculation of the authentication certificate within the box and a comparison between the recalculated authentication certificate and the authentication certificate stored in the portable object.
  • Authentication of the set of game data stored in the portable object can then include at least partial encryption of this set of game data, or information related to this data set game (e.g. authentication certificate), using the key encryption-game, and this, before reading by the processing unit of the case, from the game data set of the portable object.
  • the verification of game dataset authentication then includes a decryption within the housing using the key game encryption. In other words, the encrypted transfer of the application, or associated authentication certificate, avoids loading of a fraudulent application inevitably leading to obtaining gain.
  • the housing processing unit is able to also communicate unencrypted result information to the communication-box interface for the purpose of its storage in the object result memory.
  • the treatment facilities are then further able to read the unencrypted result information via the communication-station interface. They then include means of encryption-station capable of encrypting said result information not encrypted using the encryption-result key, as well as means of comparison to compare the encrypted result information recalculated, with encrypted result information stored in the portable object result memory. This comparison allows to verify the result information.
  • each validation station ST includes a processing block based on a PR processor connected to an input / output interface ESS capable of cooperating with the ESC input / output interface of the object portable.
  • the station is connected via a appropriate link to a central TB file containing information necessary, as will be seen in more detail below, for the verification of the result information contained in the portable object.
  • a key to encryption-box Kf (step 4).
  • the case is then also ready to be released to the public.
  • the portable object is powered by through the box or the station. All the functions that have just been described in relation to the data stored or to store in portable object, including tampering with certificate authentication, can be done directly so software by the unit's processing unit.
  • the portable object CPU microprocessor can be omitted. This being, the existence of such a microprocessor allows these operations to be carried out alteration (or invalidation) and verification of alteration then possible prohibition of writing the encrypted result information, directly at the portable object.
  • the existence of a microprocessor CPU on the portable object possibly allows a encryption of the game software on the portable object before transfer in the working memory of the case.
  • This ICR information can for example be the key to encryption-result itself or an identifier of the box which is associated in a one-to-one way with the case and consequently with the key of encryption-box Kf which has been stored.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Pinball Game Machines (AREA)
  • Fittings On The Vehicle Exterior For Carrying Loads, And Devices For Holding Or Mounting Articles (AREA)
  • Lock And Its Accessories (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)
  • Saccharide Compounds (AREA)
  • Reverberation, Karaoke And Other Acoustics (AREA)
  • Thermal Transfer Or Thermal Recording In General (AREA)

Abstract

An electronic gaming device has one or more housings with at least one result-encryption key stored therein, as well as a portable article adapted for co-operating with the housing and with a set of authenticatable digital game data representative of a game stored therein. The portable article is made to co-operate with the housing. The set of game data is authenticated in the housing and stored in a working memory of the housing so as to authorise the progression of the game in the housing. After completion of at least part of the game, result information dependent on said game is encrypted in the housing by means of at least one result-encryption key, and the encrypted result information is stored in a result memory of the portable article, which then co-operates with a validation station capable of accessing the result-encryption key, whereafter said station verifies the result information.

Description

L'invention concerne l'activation et la protection anti-fraude d'un dispositif électronique de jeu et le dispositif correspondant.The invention relates to activation and anti-fraud protection of an electronic game device and the corresponding device.

On connaít actuellement différents jeux, notamment des jeux de hasard, permettant à un joueur de gagner des sommes d'argent moyennant le paiement d'une mise de départ. Ainsi, par exemple dans le jeu appelé "Loto" (marque déposée) le joueur coche une série de chiffres sur un ticket qu'il fait valider auprès d'un organisme spécialisé en acquittant un prix correspondant à la mise de départ. Un tirage au sort ultérieur est effectué sous contrôle dans un endroit choisi et, les joueurs en possession d'un ticket gagnant peuvent retirer leurs gains auprès d'un organisme payeur.We currently know different games, including games of chance, allowing a player to win sums of money upon payment of a starting bet. So for example in the game called "Loto" (registered trademark) the player checks a series of figures on a ticket which he has validated with an organization specialist by paying a price corresponding to the initial bet. A subsequent draw is carried out under control in a place chosen and, players in possession of a winning ticket can withdraw their earnings from a paying agency.

D'autres jeux consistent à se procurer un ticket et à gratter celui-ci en des endroits désignés de façon à découvrir des informations permettant de définir si le ticket en question est gagnant ou perdant.Other games include getting a ticket and scratching this one in designated places so as to discover information allowing to define if the ticket in question is winning or losing.

Par rapport à ces jeux classiques nécessitant un support-papier, il a déjà été envisagé de proposer, dans le brevet français n° 92 13 239, un concept radicalement différent de dispositif de jeu de hasard.Compared to these classic games requiring a paper support, it has already been envisaged to propose, in the French patent n ° 92 13 239, a radically different concept of game device hazard.

Selon ce concept, il est prévu un boítier portable destiné à permettre à un joueur d'effectuer une ou plusieurs épreuves de jeux de hasard, la réussite ou l'échec auxdites épreuves conditionnant un score ou un niveau de gain suivant des règles de jeu prédéterminées. Ce boítier constitue alors également l'élément de transaction pour le paiement du gain et comporte tous les éléments nécessaires pour la vérification de celui-ci. According to this concept, there is a portable case intended for allow a player to perform one or more rounds of chance, success or failure in said tests conditioning a score or a gain level according to predetermined game rules. This housing then also constitutes the transaction element for the payment of the gain and includes all the elements necessary for the verification of it.

Cependant, de par sa conception et notamment pour des raisons de sécurité, chaque boítier autonome ne peut être utilisé qu'une seule et unique fois. Ceci pose naturellement un problème économique et écologique en raison de cette utilisation unitaire combinée avec une diffusion estimée de l'ordre de plusieurs dizaines de millions d'unités par mois.However, by design and especially for security reasons, each autonomous box can only be used one one and only time. This naturally poses an economic problem and ecological due to this unitary use combined with a estimated distribution of several tens of millions of units per month.

Outre le fait que ce type de boítier ne peut être utilisé qu'une seule fois, il est par ailleurs associé à un type de jeu unique. Or, le marché actuel des jeux de hasard montre que la durée de vie d'un type de jeu est généralement courte et que ceux-ci doivent être renouvelés souvent ce qui conduit alors le fabricant du boítier à concevoir en permanence de nouvelles formes extérieures pour le produit ainsi que de nouvelles interfaces logicielles.Besides the fact that this type of box can only be used only once, it is also associated with a unique type of game. However, the current gambling market shows that the lifespan of a type is usually short and these need to be renewed often which then leads the manufacturer of the case to design in constantly new external forms for the product as well as new software interfaces.

L'invention vise à apporter une solution à ces problèmes.The invention aims to provide a solution to these problems.

Un but de l'invention est de proposer un dispositif électronique de jeu capable d'être utilisable plusieurs fois avec éventuellement différents types de jeu.An object of the invention is to propose a device game electronics capable of being used multiple times with possibly different types of play.

Un problème très important inhérent à de tels dispositifs de jeu réside dans la sécurité anti-fraude, en particulier lorsque certains types de jeu sont associés à des gains importants.A very important problem inherent in such devices game lies in anti-fraud security, especially when certain types of play are associated with significant payouts.

L'invention vise par conséquent à intégrer cette notion de sécurité dans un dispositif de jeu multi-applications et multi-utilisations.The invention therefore aims to integrate this notion of security in a multi-application and multi-use game device.

L'invention, selon la revendication 1, propose donc tout d'abord un procédé d'activation et de protection anti-fraude d'un dispositif électronique de jeu comportant au moins un boítier, ainsi qu'au moins un objet portatif capable de coopérer avec le boítier. Selon ce procédé, on stocke dans le boitier au moins une clé de cryptage-résultat et on stocke dans l'objet portatif un ensemble de données numériques de jeu authentifiable et représentatif d'un jeu, on fait coopérer l'objet portatif avec le boítier. On vérifie au sein du boítier l'authentification de l'ensemble de données de jeu et on stocke cet ensemble de données de jeu dans une mémoire de travail du boítier, de façon à autoriser le déroulement du jeu au niveau du boítier. Puis, après le déroulement d'au moins une partie du jeu, on crypte au sein du boítier une information de résultat dépendante dudit jeu, à l'aide au moins de ladite clé de cryptage-résultat. On stocke cette information de résultat cryptée dans une mémoire de résultat de l'objet portatif. Puis, on fait coopérer l'objet portatif avec une station de validation ayant accès à ladite clé de cryptage-résultat, ladite station effectuant un traitement de validation à partir au moins de ladite information de résultat cryptée et de ladite clé de cryptage-résultat.The invention, according to claim 1, therefore firstly proposes an activation method and fraud protection of an electronic gaming device comprising at least one housing, as well as at least one portable object capable of cooperate with the housing. According to this process, we store in the box at least one encryption-result key and we stores a set of digital game data in the portable object authentifiable and representative of a game, the portable object is made to cooperate with the case. We verify within the box the authentication of the data set and we store this set of game data in a memory of work of the case, so as to authorize the progress of the game at level of the housing. Then, after at least part of the game, we encrypt within the box a result information dependent on said game, using at least said encryption-result key. We store this encrypted result information in a portable object result memory. Then, we make the object cooperate portable with a validation station having access to said key encryption-result, said station performing validation processing from at least said encrypted result information and said encryption-result key.

Ainsi, selon l'invention, on déporte les données numériques de jeu, c'est-à-dire l'applicatif ou le logiciel de jeu, à l'extérieur du boítier électronique et on l'incorpore dans une mémoire d'un objet portatif qui peut se présenter sous différentes formes, telles que carte de crédit, domino, jeton, etc.Thus, according to the invention, the digital data is deported game, that is to say the application or the game software, outside the electronic box and we incorporate it into a memory of an object portable which can come in different forms, such as card credit, domino, token, etc.

Quant au boítier électronique, celui-ci peut être vendu une seule fois et être utilisable plusieurs fois avec tout objet portatif contenant un logiciel de jeu.As for the electronic box, it can be sold a once and be usable multiple times with any portable object containing game software.

Selon l'invention c'est donc l'objet portatif qui est destiné à contenir à la fois les données numériques de jeu définissant le jeu proprement dit, ainsi que l'information de résultat permettant au joueur de faire valider ce résultat de façon à toucher éventuellement son gain. En d'autres termes, l'objet portatif constitue ici l'élément de transaction tandis que le boítier ne sert uniquement au joueur que pour jouer.According to the invention, it is therefore the portable object which is intended for contain both the digital game data defining the game itself, as well as the result information allowing the player to validate this result so as to eventually touch his gain. In other words, the portable object constitutes here the element of transaction while the case is only used by the player for to play.

La notion de "cryptage" doit s'interpréter très largement comme étant une "protection à l'aide de moyens cryptographiques". Ceci étant, à des fins de simplification, seuls les termes cryptage, décryptage, crypter, décrypter seront employés dans la suite du texte.The concept of "encryption" must be interpreted very widely as "protection using cryptographic means". However, for the sake of simplification, only the terms encryption, decryption, encryption, decryption will be used in the rest of the text.

L'information de résultat qui va être cryptée dans le boítier avant d'être transférée dans l'objet portatif, dépend naturellement de la nature du jeu. Il peut s'agir par exemple d'une information binaire du type "gagné" ou "perdu", ou bien encore, par exemple, d'une information représentative d'un niveau de gain.Result information that will be encrypted in the case before being transferred to the portable object, naturally depends on the nature of the game. This may for example be binary information from the type "won" or "lost", or even, for example, of a information representative of a gain level.

Pour des raisons de sécurité, l'ensemble de données numériques de jeu stocké dans l'objet portatif est authentifiable de façon à permettre la vérification de son authentification au sein du boítier. Au sens de la présente invention, le mot "authentifiable" doit être interprété de façon large incluant par exemple un stockage en "clair" des données numériques de jeu proprement dites conjointement à un certificat d'authentification obtenu, à partir de ces données numériques de jeu, par un algorithme approprié, ou bien encore un cryptage au moins partiel de cet ensemble, ou par exemple un cryptage du certificat d'authentification.For security reasons, the dataset game digital stored in the portable object is authenticated from so as to allow verification of its authentication within the housing. Within the meaning of the present invention, the word "authentifiable" must be interpreted in a broad way including for example a storage in "clear" digital game data proper together to an authentication certificate obtained, from this data digital game, by an appropriate algorithm, or even a at least partial encryption of this set, or for example an encryption the authentication certificate.

La vérification de l'authentification de l'ensemble de données de jeu peut s'effectuer avant, pendant ou après le stockage de celui-ci dans la mémoire de travail du boítier.Verification of data set authentication can be done before, during or after storage in the working memory of the case.

Il convient également de remarquer ici que, selon l'invention, l'ensemble des données numériques de jeu est transféré dans la mémoire de travail du boítier (en pratique ces données sont par exemple lues dans l'objet portatif puis recopiées dans la mémoire de travail du boítier) de sorte que la coopération entre l'objet portatif et le boítier pourrait éventuellement être supprimée pendant le déroulement du jeu au niveau du boítier.It should also be noted here that, according to the invention, all digital game data is transferred to the working memory of the case (in practice these data are by example read in the portable object then copied into the memory of work of the case) so that the cooperation between the portable object and the case could possibly be removed during the course of the game at the housing.

L'invention évite donc ainsi l'emploi de moyens logiciels complexes que nécessiterait l'exploitation directe du logiciel de jeu de l'objet portatif par l'unité de traitement du boítier sans transfert dans la mémoire du boítier. Aussi, selon un mode de mise en oeuvre du procédé selon l'invention, il est avantageusement prévu que l'ensemble de données de jeu d'un objet portatif soit lu par l'intermédiaire d'un protocole série entre l'objet portatif et le boítier. Ce qui permet de minimiser les moyens matériels et logiciels de l'objet portatif. L'exploitation directe du logiciel de jeu s'effectue par l'unité de traitement du boítier directement dans la mémoire de travail de celui-ci.The invention therefore avoids the use of software means complex that would require the direct operation of the game software the portable object by the processing unit of the case without transfer in the memory of the case. Also, according to an embodiment of the process according to the invention, it is advantageously provided that the assembly of play data from a portable object be read through a serial protocol between the portable object and the case. Which allows minimize the hardware and software resources of the portable object. The game software is operated directly by the processing of the case directly in the working memory thereof.

D'une façon très générale, le traitement de validation effectué par la station de validation doit permettre de déterminer et/ou de vérifier l'information de résultat à partir du contenu de l'objet portatif. En effet seul ce contenu mémorisé doit faire foi pour autoriser un paiement éventuel d'un gain.Generally speaking, the validation processing carried out by the validation station must make it possible to determine and / or check the result information from the contents of the portable object. Indeed only this memorized content must be authentic to authorize a possible payment of a gain.

Le traitement de validation effectué par la station de validation peut comporter un décryptage de l'information de résultat cryptée et stockée dans la mémoire de résultat de l'objet portatif, à l'aide de la clé de cryptage-résultat.The validation processing carried out by the validation may include decryption of the result information encrypted and stored in the result memory of the portable object, at using the encryption-result key.

En variante, ce traitement de validation peut s'effectuer d'une manière différente. Plus précisément, on peut stocker dans l'objet portatif, conjointement avec l'information de résultat cryptée, l'information de résultat non cryptée c'est-à-dire "en clair". La station vérifie alors ladite information de résultat en recryptant, à l'aide de la clé de cryptage-résultat, l'information de résultat non cryptée qui est stockée dans l'objet portatif et en comparant cette information de résultat recryptée avec l'information de résultat cryptée et stockée dans la mémoire de résultat de l'objet portatif.As a variant, this validation processing can be carried out different way. More specifically, we can store in the object portable, together with the encrypted result information, unencrypted result information, that is to say "in the clear". The station then verifies said result information by re-encrypting, using the encryption-result key, the unencrypted result information which is stored in the portable object and comparing this information from result re-encrypted with encrypted and stored result information in the result memory of the portable object.

Afin d'augmenter encore la sécurité, il est avantageusement prévu que lorsque l'authentification de l'ensemble de données de jeu de l'objet portatif a été vérifié et que ledit ensemble a été stocké dans la mémoire du travail du boítier, on interdise toute exploitation ultérieure par le boítier, de l'ensemble de données de jeu de cet objet portatif.In order to further increase security, it is advantageously expected that when the authentication of the game dataset of the portable object has been verified and that said assembly has been stored in the memory of the work of the case, any exploitation is prohibited subsequent by the case, of the set of game data of this object portable.

Ceci permet notamment d'éviter qu'un joueur ne s'entraíne à jouer à un type de jeu, en particulier lorsque celui-ci est en fait un jeu de réflexe.This especially helps prevent a player from training play a type of game, especially when it is actually a game of reflex.

Au sens de la présente invention, l'interdiction de toute exploitation ultérieure doit s'entendre dans un sens très large signifiant par exemple que, soit le boítier ne peut plus lire l'ensemble de données, soit il ne peut plus vérifier son authentification. En d'autres termes, le boítier sera alors inapte au jeu avec cet objet portatif.Within the meaning of the present invention, the prohibition of any further exploitation must be understood in a very broad sense meaning for example that either the case can no longer read the whole or he can no longer verify his authentication. In other words, the case will then be unfit for play with this object portable.

Le dispositif selon l'invention comprend généralement plusieurs boítiers et plusieurs objets portatifs. Aussi, lorsque l'authentification de l'ensemble de données de jeu de l'un des objets portatifs a été vérifiée et que ledit ensemble a été stocké dans la mémoire de travail de l'un des boítiers, on interdit alors avantageusement toute exploitation ultérieure par l'un quelconque des boítiers, de l'ensemble de données de jeu de cet objet portatif.The device according to the invention generally comprises several cases and several portable objects. Also, when authentication of the game dataset of one of the objects portable was checked and that said set was stored in the working memory of one of the boxes, we then forbid advantageously any subsequent exploitation by any of the housings, from the game dataset of this portable object.

Selon un mode de mise en oeuvre du procédé selon l'invention, on peut authentifier l'ensemble de données de jeu stocké dans l'objet portatif en y adjoignant un certificat d'authentification lié de façon biunivoque aux données numériques de jeu. La vérification de l'authentification de l'ensemble de données de jeu comporte alors un recalcul du certificat d'authentification au sein du boítier et une comparaison entre le certificat d'authentification recalculé et le certificat d'authentification stocké dans l'objet portatif.According to an embodiment of the method according to the invention, we can authenticate the set of stored game data in the portable object by adding a linked authentication certificate unequivocally to digital game data. Verification authentication of the game dataset then involves a recalculation of the authentication certificate within the box and a comparison between the recalculated authentication certificate and the authentication certificate stored in the portable object.

Ainsi, on peut interdire toute exploitation ultérieure d'un ensemble de données de jeu en altérant dans l'objet portatif correspondant, au moins partiellement ledit certificat d'authentification et/ou au moins partiellement les données de jeu proprement dites. On peut à cet effet envisager de modifier arbitrairement la valeur de certains des bits du certificat d'authentification et/ou de certaines des données numériques de jeu. De ce fait, si un joueur essaye de rejouer avec le même objet portatif, l'unité de traitement du boítier recalculera un certificat d'authentification qui diffèrera du certificat d'authentification altéré, ce qui interdira toute activation du jeu.Thus, one can prohibit any further exploitation of a set of game data by altering in the portable object corresponding, at least partially said certificate authentication and / or at least partially the game data proper. We can for this purpose consider modifying arbitrarily the value of some of the certificate bits authentication and / or some of the digital game data. Therefore, if a player tries to replay with the same portable object, the housing processing unit will recalculate a certificate authentication which will differ from the altered authentication certificate, which will prohibit any activation of the game.

Toujours dans le but d'augmenter la sécurité, notamment en ce qui concerne le paiement de gains éventuels, on autorise avantageusement le stockage de l'information de résultat cryptée dans l'objet portatif que si l'on a, au préalable, interdit toute exploitation ultérieure de l'ensemble de données de jeu de cet objet portatif.Always with the aim of increasing security, in particular by Regarding the payment of possible winnings, we authorize advantageously the storage of the encrypted result information in the portable object that if one has previously prohibited any exploitation of the play data set for this portable object.

Selon un mode de mise en oeuvre du procédé, on peut stocker dans le boítier au moins une clé de cryptage-jeu.According to an embodiment of the method, it is possible to store in the box at least one game encryption key.

L'authentification de l'ensemble de données de jeu stocké dans l'objet portatif peut comporter alors un cryptage au moins partiel de cet ensemble de données de jeu, ou d'une information reliée à cet ensemble de données de jeu (par exemple le certificat d'authentification), à l'aide de la clé de cryptage-jeu, et ce, avant lecture par l'unité de traitement du boítier, de l'ensemble de données de jeu de l'objet portatif. La vérification de l'authentification de l'ensemble de données de jeu comporte alors un décryptage au sein du boítier à l'aide de la clé de cryptage-jeu. En d'autres termes, le transfert crypté de l'applicatif, ou du certificat d'authentification associé, permet d'éviter le chargement d'un applicatif frauduleux conduisant inéluctablement à l'obtention d'un gain. Authentication of the set of game data stored in the portable object can then include at least partial encryption of this set of game data, or information related to this data set game (e.g. authentication certificate), using the key encryption-game, and this, before reading by the processing unit of the case, from the game data set of the portable object. The verification of game dataset authentication then includes a decryption within the housing using the key game encryption. In other words, the encrypted transfer of the application, or associated authentication certificate, avoids loading of a fraudulent application inevitably leading to obtaining gain.

On peut éventuellement ne crypter et ne décrypter que le certificat d'authentification.We can possibly only encrypt and decrypt only the certificate of authentication.

Lorsqu'une clé de cryptage-boítier est stockée dans le boítier, on peut stocker dans le boítier la clé de cryptage-jeu qui a été au préalable cryptée à l'aide de la clé de cryptage-boítier. Ceci permet encore d'augmenter la sécurité et de rendre encore plus difficile la connaissance par un tiers de la clé de cryptage-jeu.When an encryption-box key is stored in the box, you can store in the box the encryption-game key that has been previously encrypted using the encryption-box key. this allows further increase security and make it even more difficult the knowledge by a third party of the game encryption key.

La clé de cryptage-jeu peut être commune à tous les boítiers et à tous les objets portatifs. La clé de cryptage-boítier est quant à elle de préférence différente pour chaque boítier. La clé de cryptage-boítier d'un boítier est stockée dans celui-ci avant le stockage de la clé de cryptage-jeu, par exemple lors de sa fabrication. Par ailleurs, l'ensemble de données de jeu d'un objet portatif peut être stocké dans celui-ci, déjà au moins partiellement crypté, ou associé à une information déjà au moins partiellement cryptée, à l'aide de la clé de cryptage-jeu. En d'autres termes, lors de la fabrication en usine des objets portatifs, on peut par exemple déterminer in situ le certificat d'authentification correspondant, crypter ce dernier, et stocker dans l'objet portatif, avant diffusion dans le public, les données de jeu proprement dites suivies de leur certificat d'authentification crypté.The encryption-game key can be common to all the boxes and all portable objects. The encryption-box key is preferably different for each box. The encryption-box key a case is stored in it before storing the key of game encryption, for example during its manufacture. Otherwise, the set of game data for a portable object can be stored in this one, already at least partially encrypted, or associated with a information already at least partially encrypted, using the game encryption. In other words, during the factory production of portable objects, we can for example determine in situ the certificate corresponding authentication, encrypt the latter, and store in the portable object, before dissemination to the public, the game data proper followed by their encrypted authentication certificate.

D'une façon générale, la clé de cryptage-résultat peut être la clé de cryptage-boítier, ou bien la clé de cryptage-jeu, ou bien être obtenue à partir d'une combinaison de ces deux clés.Generally, the encryption-result key can be the encryption-box key, or the encryption-game key, or else be obtained from a combination of these two keys.

Lorsque la clé de cryptage-résultat est la clé de cryptage-jeu, toute station de validation connaít cette clé de cryptage-jeu puisqu'elle est commune à tous les éléments du dispositif. Ceci étant, lorsque la clé de cryptage-résultat n'est pas connue à l'avance par la station de validation, il est prévu que l'on stocke dans l'objet portatif coopérant avec le boítier, une information de clé associée de façon biunivoque à ladite clé de cryptage-résultat, la station de validation ayant alors accès à ladite clé de cryptage-résultat en lisant ladite information de clé stockée dans l'objet portatif.When the encryption-result key is the encryption-game key, any validation station knows this encryption-game key since it is common to all the elements of the device. However, when the encryption-result key is not known in advance by the validation, provision is made for storing in the cooperating portable object with the box, key information which is unequivocally associated with said encryption-result key, the validation station then having access to said encryption-result key by reading said information from key stored in the portable object.

Ainsi, si par exemple la clé de cryptage-résultat est la clé de cryptage-boítier, il peut être avantageusement prévu d'associer à chaque boítier un identifiant le définissant de façon unique, et permettant d'identifier par là même la clé de cryptage-boítier qui a été stockée dans le boítier. Une table d'identifiants peut être par exemple stockée de façon protégée dans un ordinateur central auquel sont reliées toutes les stations de validation. L'identifiant du boítier est alors stocké avec l'information de résultat cryptée dans l'objet portatif. La station de validation ayant alors accès à l'identifiant ainsi qu'à la table de correspondance peut déterminer la clé de cryptage-résultat et décrypter l'information de résultat cryptée.So if for example the encryption-result key is the key to encryption-box, it can be advantageously provided to associate with each case an identifier defining it in a unique way, and thereby identifying the encryption-box key which has been stored in the case. A table of identifiers can for example be stored securely in a central computer to which are linked to all validation stations. The identifier of the case is then stored with the result information encrypted in the portable object. The validation station then having access to the identifier as well as to the lookup table can determine the encryption-result key and decrypt the encrypted result information.

L'invention, selon la revendication 17, a également pour objet un dispositif électronique de jeu. Selon une caractéristique générale de l'invention, ce dispositif électronique de jeu comprend au moins un boítier, au moins un objet portatif et au moins une station de validation. L'objet portatif comporte une mémoire de jeu contenant un ensemble de données de jeu authentifiable et représentatif d'un jeu, une mémoire de résultat apte à contenir une information de résultat cryptée, une première interface de communication apte à coopérer avec une interface de communication-boítier, et une deuxième interface de communication apte à communiquer avec une interface de communication-station. Le boítier comporte une mémoire de clé contenant au moins une clé de cryptage-résultat, une mémoire de travail accessible en écriture et en lecture, et une unité de traitement reliée à ces mémoires ainsi qu'à l'interface de communication-boítier. L'unité de traitement est capable, lors d'une coopération entre l'interface de communication-boítier et la première interface de communication de l'objet, de vérifier l'authentification de l'ensemble de données de jeu mémorisé dans l'objet et de stocker ledit ensemble dans la mémoire de travail de façon à permettre le déroulement du jeu au niveau du boítier. L'unité de traitement du boítier est également capable de crypter une information de résultat dépendante dudit jeu, à l'aide de la clé de cryptage-résultat, et de communiquer cette information de résultat cryptée à l'interface de communication-boítier aux fins de son stockage dans la mémoire de résultat de l'objet. La station de validation comporte des moyens aptes à déterminer ladite clé de cryptage-résultat et des moyens de traitement-station aptes à lire l'information de résultat cryptée via l'interface de communication-station, lors d'une coopération entre l'objet portatif et la station, et à effectuer un traitement de validation à partir au moins de l'information de résultat cryptée et de la clé de cryptage-résultat.The invention, according to claim 17, also relates to an electronic device According to a general characteristic of the invention, this device electronic game includes at least one housing, at least one object portable and at least one validation station. The portable object contains a game memory containing a data set of authentic and representative game of a game, a memory of result able to contain encrypted result information, a first communication interface able to cooperate with a communication interface communication-box, and a second communication interface able to communicate with a station-communication interface. The case includes a key memory containing at least one key encryption-result, a working memory accessible in writing and in reading, and a processing unit connected to these memories as well as to the communication-box interface. The processing unit is capable, during a cooperation between the communication-box interface and the first communication interface of the object, to check authentication of the game dataset stored in the object and to store said set in the working memory of so as to allow the progress of the game at the housing. Unity is also capable of encrypting a result information dependent on said game, using the encryption-result, and communicate this result information encrypted at the communication-box interface for sound purposes storage in the result memory of the object. The station validation includes means capable of determining said key encryption-result and processing means-station capable of reading the result information encrypted via the communication-station interface, during cooperation between the portable object and the station, and perform validation processing based on at least the information encrypted result and encryption-result key.

Dans le cas où le dispositif électronique de jeu comprend plusieurs boítiers, plusieurs objets portatifs et plusieurs stations de validation, l'un quelconque des objets portatif est capable de coopérer avec l'un quelconque des boítiers et avec l'une quelconque des stations de validation.In the case where the electronic game device includes several boxes, several portable objects and several stations validation, any portable object is able to cooperate with any of the boxes and with any of the stations of confirmation.

Selon un mode de réalisation du dispositif selon l'invention, la première interface de communication de l'objet portatif est une interface série.According to one embodiment of the device according to the invention, the first communication interface of the portable object is a serial interface.

Par ailleurs, et pour des raisons d'économie, il est possible de prévoir que l'objet portatif ne comporte qu'une seule et même interface de communication capable de coopérer avec l'interface de communication-boítier ou avec l'interface de communication-station.Furthermore, and for reasons of economy, it is possible to provide that the portable object has only one and same communication interface capable of cooperating with the interface of communication-box or with the interface of communication-station.

Les moyens de traitement-station peuvent comporter des moyens de décryptage-station aptes à décrypter l'information de résultat cryptée aux fins de sa détermination.The processing station means may include decryption means-station capable of decrypting information from result encrypted for the purpose of its determination.

En variante, l'unité de traitement du boítier est apte à communiquer également l'information de résultat non cryptée à l'interface de communication-boítier aux fins de son stockage dans la mémoire de résultat de l'objet. Les moyens de traitement-station sont alors en outre aptes à lire l'information de résultat non cryptée via l'interface de communication-station. Ils comportent alors des moyens de cryptage-station aptes à crypter ladite information de résultat non cryptée à l'aide de la clé de cryptage-résultat, ainsi que des moyens de comparaison pour comparer l'information de résultat cryptée recalculée, avec l'information de résultat cryptée stockée dans la mémoire de résultat de l'objet portatif. Cette comparaison permet ainsi de vérifier l'information de résultat.As a variant, the housing processing unit is able to also communicate unencrypted result information to the communication-box interface for the purpose of its storage in the object result memory. The treatment facilities are then further able to read the unencrypted result information via the communication-station interface. They then include means of encryption-station capable of encrypting said result information not encrypted using the encryption-result key, as well as means of comparison to compare the encrypted result information recalculated, with encrypted result information stored in the portable object result memory. This comparison allows to verify the result information.

Lorsque l'ensemble de données de jeu authentifiable est associé à un certificat d'authentification, les moyens de vérification de l'authentification de cet ensemble de données de jeu comportent alors de préférence des moyens de calcul de certificat aptes à recalculer ledit certificat d'authentification au sein du boítier, à partir de l'ensemble de données de jeu, et des moyens de comparaison apte à comparer le certificat recalculé et le certificat stocké dans la mémoire de jeu de l'objet portatif.When the authenticated game dataset is associated with an authentication certificate, the means of verification of authentication of this set of game data then comprise preferably certificate calculation means able to recalculate said authentication certificate within the housing, from the set of game data, and means of comparison suitable for compare the recalculated certificate and the certificate stored in memory of portable object play.

Selon un mode de réalisation du dispositif, il est possible de prévoir des moyens de cryptage apte à crypter au moins partiellement l'ensemble de données de jeu authentifiable, ou une information reliée à cet ensemble de données de jeu (par exemple le certificat d'authentification), à partir d'au moins une clé de cryptage-jeu. La mémoire de clé du boítier est alors apte à contenir cette clé de cryptage-jeu tandis que les moyens de vérification de l'authentification de l'ensemble de données de jeu comportent des moyens de décryptage reliés à la mémoire de clé. Ces moyens de cryptage peuvent ne crypter que le certificat d'authentification.According to one embodiment of the device, it is possible to provide encryption means capable of at least partially encrypting the set of authenticated game data, or related information to this set of game data (e.g. the certificate authentication), using at least one game encryption key. The key memory of the case is then able to contain this key of game encryption while authentication verification means of the game data set include decryption means connected to the key memory. These encryption means may not encrypt as the authentication certificate.

Ces moyens de cryptage peuvent être incorporés au sein d'une unité de fabrication de façon à délivrer directement un ensemble de données de jeu au moins partiellement crypté ou un certification d'authentification déjà au moins partiellement crypté, qui sera destiné à être stocké tel quel dans l'objet portatif. Cependant, on peut prévoir en variante que les moyens de cryptage soient incorporés à l'objet portatif, notamment lorsque celui-ci comporte un micro-contrôleur contenant de façon logicielle ces moyens de cryptage.These encryption means can be incorporated into a manufacturing unit so as to deliver directly a set of game data at least partially encrypted or authentication certification already at least partially encrypted, which will be intended to be stored as is in the object portable. However, it can alternatively be provided that the means of encryption are incorporated into the portable object, especially when it includes a microcontroller containing software encryption means.

De même, le fait de prévoir un objet portatif "intelligent", c'est-à-dire pourvu d'une unité centrale par exemple, permet également d'incorporer dans l'objet portatif des moyens permettant d'interdire toute exploitation ultérieure d'un ensemble de données de jeu d'un objet portatif après une première exploitation. Ce moyens, qui peuvent être réalisés par exemple de façon logicielle, sont ainsi par exemple aptes à modifier la valeur de certains des bits de l'ensemble de données de jeu ou de son certificat d'authentification.Similarly, the fact of providing an "intelligent" portable object, that is to say provided with a central unit for example, also allows incorporate in the portable object means allowing to prohibit any subsequent use of a set of game data from a portable object after a first use. This means, which can be done for example in software, so are for example able to change the value of some of the bits in the set of game data or its authentication certificate.

D'autres avantages et caractéristiques de l'invention apparaítront à l'examen de modes de mise en oeuvre et de réalisation de l'invention, nullement limitatifs, et des dessins annexés sur lesquels :

  • la figure 1 représente très schématiquement l'architecture matérielle d'un objet portatif d'un dispositif selon l'invention,
  • la figure 2 représente très schématiquement l'architecture matérielle d'un boítier du dispositif selon l'invention,
  • la figure 3 représente très schématiquement l'architecture matérielle d'une station de validation du dispositif selon l'invention,
  • les figures 4a et 4b illustrent schématiquement un mode de mise en oeuvre du procédé selon l'invention, et
  • les figures 5 et 6 illustrent deux variantes de mise en oeuvre du procédé selon l'invention.
Other advantages and characteristics of the invention will appear on examining modes of implementation and embodiment of the invention, in no way limitative, and the appended drawings in which:
  • FIG. 1 very schematically represents the hardware architecture of a portable object of a device according to the invention,
  • FIG. 2 very schematically represents the hardware architecture of a housing of the device according to the invention,
  • FIG. 3 very schematically represents the hardware architecture of a validation station of the device according to the invention,
  • FIGS. 4a and 4b schematically illustrate an embodiment of the method according to the invention, and
  • Figures 5 and 6 illustrate two alternative embodiments of the method according to the invention.

Le dispositif selon l'invention comporte plusieurs boítier électroniques autonomes BT, plusieurs objets portatifs OB et plusieurs stations de validation ST.The device according to the invention comprises several cases LV autonomous electronics, several OB portable objects and several ST validation stations.

Tel qu'illustré sur la figure 1, chaque objet portatif OB, par exemple une carte du type carte à puce, un jeton, ou un module, comporte, par exemple au sein d'un ASIC (Application Specific Integrated Circuit) un micro-contrôleur CPU relié par l'intermédiaire d'un bus à une interface d'entrée sortie ESC du type série, à une mémoire de jeu MJ, ainsi qu'à une mémoire de résultat MR, telle qu'un registre.As illustrated in FIG. 1, each portable object OB, by example a card of the smart card type, a token, or a module, includes, for example within an ASIC (Application Specific Integrated Circuit) a microcontroller CPU connected via from a bus to a serial type ESC input / output interface, to a game memory MJ, as well as a result memory MR, such as a register.

Comme on le verra plus en détail ci-après, la mémoire de jeu MJ, par exemple une mémoire morte, est destinée à recevoir un ensemble de données numériques de jeu, ou logiciel de jeu, représentatif d'un type particulier de jeu.As will be seen in more detail below, the game memory MJ, for example a read only memory, is intended to receive a digital game dataset, or game software, representative of a particular type of game.

Le registre MR est destiné quant à lui à recevoir une information de résultat cryptée provenant du boítier BT après le déroulement d'au moins une partie du jeu.The MR register is intended to receive a encrypted result information from the BT box after the progress of at least part of the game.

L'interface ESC comporte des moyens de coopération avec une interface homologue ESB du boítier BT (figure 2) et une interface homologue ESS de la station ST (figure 3). Ces moyens de coopération peuvent consister en un connecteur mécanique ou bien en des moyens de couplage capacitif/inductif, ou optique.The ESC interface includes means of cooperation with an ESB homologous interface of the BT box (Figure 2) and an interface ESS counterpart to the ST station (Figure 3). These means of cooperation may consist of a mechanical connector or alternatively of means capacitive / inductive, or optical coupling.

Comme illustrée plus particulièrement sur la figure 2, la structure électronique matérielle du boítier portable BT s'articule autour d'une unité de traitement UT, telle qu'un microprocesseur ou un micro-contrôleur. Cette unité de traitement UT est reliée par l'intermédiaire d'un bus à une mémoire de travail MT, accessible en écriture et en lecture, par exemple une mémoire à accès aléatoire (RAM), à une mémoire de programme MM ainsi qu'à une mémoire type de clé MC qui est une mémoire protégée pouvant être une partie de la mémoire MM.As illustrated more particularly in FIG. 2, the electronic structure of the BT portable box is articulated around a UT processing unit, such as a microprocessor or a microcontroller. This UT processing unit is connected by via a bus to a working memory MT, accessible by write and read, for example a random access memory (RAM), to a program memory MM as well as to a standard memory of MC key which is a protected memory which can be a part of the memory MM.

L'unité de traitement est également reliée à un écran d'affichage à cristaux liquides AF ainsi qu'à un clavier Cl comportant par exemple des touches de commande de mouvements dans deux directions orthogonales. Enfin, l'unité de traitement est reliée à une interface de communication-boítier ESB apte à coopérer avec l'interface de communication ESC, et pouvant par exemple comporter un connecteur mécanique disposé dans un logement dans lequel peut être inséré le connecteur de l'objet portatif. L'interface ESB comporte également des moyens de conversion série/parallèle reliés au bus interne du boítier.The processing unit is also connected to a screen AF liquid crystal display and a keyboard Cl comprising for example movement control keys in two orthogonal directions. Finally, the processing unit is connected to a ESB communication-box interface able to cooperate with the ESC communication interface, which may for example include a mechanical connector arranged in a housing in which can be inserted the connector of the portable object. The ESB interface includes also serial / parallel conversion means connected to the bus internal of the case.

L'ensemble des moyens de ce boítier est alimenté par des moyens d'alimentation autonomes AL tels que des piles. Tout ou partie des composants de ce boítier peuvent être réalisés sous la forme d'un Asic.All of the means of this box is powered by autonomous AL power supplies such as batteries. All or part components of this housing can be made in the form of a Asic.

La mémoire de travail MT est dimensionnée de façon à pouvoir recevoir l'applicatif de jeu stocké dans la mémoire MJ de l'objet tandis que la mémoire MM contient le programme de gestion interne du boítier (gestion des entrées/sorties, gestion du clavier, de l'écran, programme de chargement de l'applicatif dans la mémoire de travail...).The working memory MT is dimensioned so as to be able to receive the game application stored in the MJ memory of the object while the memory MM contains the management program internal of the box (management of inputs / outputs, management of the keyboard, the screen, program for loading the application into the memory of job...).

Selon l'exemple de réalisation décrit en référence à la figure 3, chaque station de validation ST comporte un bloc de traitement articulé autour d'un processeur PR relié à une interface d'entrée/sortie ESS capable de coopérer avec l'interface d'entrée sortie ESC de l'objet portatif. Par ailleurs, la station est reliée par l'intermédiaire d'une liaison appropriée, à un fichier central TB contenant des informations nécessaires, comme on le verra plus en détail ci-après, à la vérification de l'information de résultat contenue dans l'objet portatif.According to the embodiment described with reference to the figure 3, each validation station ST includes a processing block based on a PR processor connected to an input / output interface ESS capable of cooperating with the ESC input / output interface of the object portable. In addition, the station is connected via a appropriate link to a central TB file containing information necessary, as will be seen in more detail below, for the verification of the result information contained in the portable object.

Le processeur PR de la station incorpore de façon logicielle les différents moyens fonctionnels nécessaires au fonctionnement de celle-ci (cryptage, décryptage, comparaison, lecture...). The station's PR processor incorporates software the different functional means necessary for the operation of this one (encryption, decryption, comparison, reading ...).

On va maintenant décrire plus en détail, en se référant particulièrement aux figures 4a à 4b, un premier mode de mise en oeuvre du procédé selon l'invention.We will now describe in more detail, referring particularly in FIGS. 4a to 4b, a first mode of implementation work of the method according to the invention.

Sur un site de fabrication, l'ensemble de données de jeu numériques JE, formant le logiciel applicatif de jeu, est traité par des moyens de traitement comportant un algorithme de calcul de certificat d'authentification du type SHA (Secure Hash Algorithm) bien connu de l'homme du métier. Ce dernier pourra cependant, pour plus de détails, se référer à la publication 180-1 du 31 mai 1994 diffusée par le FIPS (Federal Information Processing Standards).On a manufacturing site, the set of game data digital JE, forming the game application software, is processed by processing means including a certificate calculation algorithm well known SHA (Secure Hash Algorithm) type authentication of the skilled person. The latter may, however, for more than details, refer to publication 180-1 of May 31, 1994 issued by FIPS (Federal Information Processing Standards).

Ces moyens de calcul déterminent un certificat d'authentification CTF à partir de fonctions logiques opérant sur les bits des données numériques de jeu (étape 1). Ainsi, pour un bloc de 1 kilo octet d'applicatif, le certificat d'authentification comporte par exemple 120 bits.These calculation methods determine a certificate CTF authentication from logical functions operating on bits of digital game data (step 1). So for a block of 1 kilobyte of application, the authentication certificate includes example 120 bits.

A partir d'une clé de cryptage-jeu Km, commune à tous les objets portatifs, à tous les boítiers et à toutes les stations de validation, des moyens de cryptage, par exemple utilisant l'algorithme de cryptage DES (Data Encryption Standard) effectuent un cryptage du certificat d'authentification CTF (étape 2) de façon à délivrer un certificat d'authentification crypté CTFc. Les données numériques de jeu et le certificat d'authentification crypté sont alors stockés dans la mémoire de jeu MJ de l'objet portatif (étape 3).From a Km game encryption key, common to all portable objects, to all cases and to all stations validation, encryption means, for example using the algorithm Data Encryption Standard (DES) encryption CTF authentication certificate (step 2) so as to issue a CTFc encrypted authentication certificate. The digital data of game and the encrypted authentication certificate are then stored in the game memory MJ of the portable object (step 3).

L'objet portatif est alors prêt à être diffusé dans le public.The portable object is then ready to be distributed to the public.

Quant au boítier, on stocke dans la mémoire de clé MC de celui-ci, par exemple lors de sa fabrication sur site, une clé de cryptage-boítier Kf (étape 4). Le boítier est alors également prêt à être diffusé dans le public.As for the case, we store in the key memory MC of this, for example during its manufacture on site, a key to encryption-box Kf (step 4). The case is then also ready to be released to the public.

Un joueur peut se procurer un tel boítier auprès d'une station de validation du type de la station ST. Lors de cette opération, on fait coopérer le boítier et la station par l'intermédiaire d'interfaces de communication respectives de façon à lire (étape 5) la clé de cryptage-boítier Kf stockée dans la mémoire de clé du boítier. Ces interfaces peuvent être, notamment quand elles sont du type à couplage capacité/inductif, les mêmes que les interfaces ESB et ESS. Elles peuvent être également distinctes de ces dernières, par exemple du type mécanique à connecteurs. Le processeur PR de la station de validation connaissant la clé de cryptage-jeu Km, (par exemple stockée dans le fichier central TB) effectue alors par l'intermédiaire de moyens de cryptage du type DES un cryptage (étape 6) de la clé Km à l'aide de la clé de cryptage/boítier Kf. Cette clé de cryptage-jeu cryptée sous Kf, et référencée Kmc, est alors stockée (étape 7) dans la mémoire de clé du boítier.A player can get such a box from a station validation of the ST station type. During this operation, we do cooperate the housing and the station via interfaces respective communication so as to read (step 5) the encryption-box key Kf stored in the key memory of the box. These interfaces can be, especially when they are of the coupling type capacity / inductive, the same as the ESB and ESS interfaces. They can also be distinct from the latter, for example from mechanical type with connectors. The station's PR processor validation knowing the encryption key-game Km, (for example stored in the central file TB) then performs via DES type encryption means an encryption (step 6) of the key Km to using the encryption key / box Kf. This game encryption key encrypted under Kf, and referenced Kmc, is then stored (step 7) in the key memory of the case.

Lorsque le joueur souhaite jouer à un jeu particulier, il se procure auprès d'un détaillant spécialisé un objet portatif contenant le logiciel de jeu correspondant. Le joueur insère alors l'objet portatif dans le logement correspondant du boítier de façon à faire coopérer les interfaces respectives ESC et ESB de l'objet et du boítier.When the player wishes to play a particular game, he obtains from a specialized retailer a portable object containing the matching game software. The player then inserts the portable object in the corresponding housing of the housing so as to make the respective ESC and ESB interfaces of the object and the housing.

Les moyens de décryptage, par exemple du type DES, incorporés de façon logicielle dans l'unité de traitement UT du boítier décryptent la clé de cryptage-jeu crypté Kmc. L'unité de traitement lit les données numériques de jeu ainsi que le certificat d'authentification crypté CTFc stockés dans l'objet portatif, par l'intermédiaire d'un protocole série via l'interface ESB. L'unité de traitement UT recalcule alors un certificat d'authentification à partir des données numériques de jeu JE, décrypte le certificat d'authentification crypté CTFc à l'aide de la clé de cryptage-jeu Km, compare le certificat d'authentification recalculé et le certificat d'authentification stocké de façon à vérifier l'authenticité du logiciel de jeu (étape 8).The decryption means, for example of the DES type, software incorporated into the UT processing unit of the housing decrypt the encrypted game key encryption Kmc. The processing unit reads the digital game data as well as the authentication certificate encrypted CTFc stored in the portable object, via a serial protocol via the ESB interface. The UT processing unit recalculates then an authentication certificate from digital data of game JE, decrypts the encrypted authentication certificate CTFc using of the encryption key Km, compare the authentication certificate recalculated and the authentication certificate stored so as to verify the authenticity of the game software (step 8).

L'ensemble de données numériques de jeu JE est stocké dans la mémoire de travail MT du boítier de façon à pouvoir être exploité ultérieurement et directement par l'unité de traitement UT aux fins d'exécution du jeu.The JE digital game dataset is stored in the working memory MT of the box so that it can be used subsequently and directly by the processing unit UT for the purposes execution of the game.

Il convient de noter ici que, notamment lorsqu'on utilise un certificat de type SHA, la vérification de l'authentification du logiciel de jeu JE peut se faire soit "au fil de l'eau", soit lorsque l'ensemble du logiciel a été transféré dans la mémoire de travail MT, cette dernière solution nécessitant une plus grande capacité de mémoire vive.It should be noted here that, especially when using a SHA type certificate, software authentication verification JE play can be done either "on the water" or when the entire software has been transferred to the working memory MT, the latter solution requiring a larger memory capacity.

A ce stade, le boítier est apte au jeu et le joueur peut jouer à l'aide de son boítier (étape 9). At this point, the box is fit for play and the player can play using its housing (step 9).

A la fin du jeu, ou en cours de celui-ci selon le type de jeu employé ou l'issue de celui-ci, une information de résultat IFR est délivrée par le logiciel de jeu, et celle-ci est cryptée (étape 10) par l'unité de traitement UT en utilisant une clé de cryptage-résultat qui est, dans le cas présent, identique à la clé de cryptage-jeu Km. On obtient alors une information de résultat cryptée IFRc qui est transférée via les interfaces respectives du boítier et de l'objet portatif de façon à être stockée (étape 11) dans la mémoire de résultat MR de l'objet.At the end of the game, or during it depending on the type of game employee or the outcome thereof, IFR result information is delivered by the game software, and it is encrypted (step 10) by the processing unit UT using an encryption-result key which is, in this case, identical to the Km encryption-game key. then obtains an IFRc encrypted result information which is transferred via the respective interfaces of the housing and the portable object so as to be stored (step 11) in the result memory MR of the object.

Le joueur peut alors aller faire valider son résultat de façon à toucher éventuellement son gain.The player can then go to validate his result so as to possibly receive his gain.

Pour ce faire, le joueur retire l'objet portatif du boítier, et le communique à une station de validation, qui peut être la même que celle auprès de laquelle il s'est procuré son boítier, ou bien une autre. On établit alors une coopération entre l'objet portatif et la station. Le processeur PR de la station lit alors dans la mémoire de résultat de l'objet portatif (étape 12) l'information de résultat cryptée IFRc et les moyens de décryptage de cette station, par exemple du type DES, connaissant la clé de cryptage-jeu Km, décryptent l'information IFRc de façon à obtenir l'information de résultat IFR et permettre le paiement du gain.To do this, the player removes the portable object from the case, and communicates to a validation station, which can be the same as the one from which he obtained his case, or another. Cooperation is then established between the portable object and the station. The station PR processor then reads from the result memory of the portable object (step 12) the IFRc encrypted result information and the decryption means of this station, for example of the DES type, knowing the Km encryption-game key, decrypt the IFRc information so as to get the IFR result information and allow the payment of the gain.

Si le joueur décide ultérieurement de jouer à nouveau, il lui suffit de se procurer un autre objet portatif contenant un jeu du même type ou d'un type différent et de le faire coopérer avec son boítier pour jouer.If the player later decides to play again, he just get another portable item containing a game of the same type or a different type and have it cooperate with its case to to play.

Dans la variante de mise en oeuvre illustrée sur la figure 5, et destinée à augmenter la sécurité du dispositif, il est prévu une altération 20 du certificat d'authentification crypté CTFc de l'objet portatif après que la vérification de l'authentification du logiciel de jeu a été effectuée par l'unité de traitement du boítier. Cette altération consiste par exemple en une modification de la valeur de certains au moins des bits du certificat d'authentification.In the implementation variant illustrated in FIG. 5, and intended to increase the safety of the device, there is provided a alteration 20 of the object's CTFc encrypted authentication certificate portable after verification of software authentication game was performed by the processing unit of the housing. This alteration consists for example of a change in the value of some at minus bits of the authentication certificate.

Par ailleurs, avant de stocker l'information de résultat cryptée IFRc dans la mémoire de résultat de l'objet, on vérifie si cette altération a eu lieu (étape 21). Dans l'affirmative, on autorise le stockage dans la mémoire de résultat MR et dans la négative, on interdit ce stockage.By the way, before storing the encrypted result information IFRc in the result memory of the object, we check if this alteration has taken place (step 21). If so, allow the storage in the MR result memory and in the negative, we prohibits this storage.

D'une façon générale, l'objet portatif est alimenté par l'intermédiaire du boítier ou de la station. Toutes les fonctions qui viennent d'être décrites en relation avec les données stockées ou à stocker dans l'objet portatif, notamment l'altération du certificat d'authentification, peuvent être effectuées directement de façon logicielle par l'unité de traitement du boítier. Dans ce cas, le microprocesseur CPU de l'objet portatif peut être omis. Ceci étant, l'existence d'un tel microprocesseur permet d'effectuer ces opérations d'altération (ou d'invalidation) et de vérification d'altération puis d'interdiction éventuelle d'écriture de l'information de résultat cryptée, directement au niveau de l'objet portatif. De même, l'existence d'un microprocesseur CPU sur l'objet portatif permet éventuellement un cryptage du logiciel de jeu au niveau de l'objet portatif avant transfert dans la mémoire de travail du boítier.Generally, the portable object is powered by through the box or the station. All the functions that have just been described in relation to the data stored or to store in portable object, including tampering with certificate authentication, can be done directly so software by the unit's processing unit. In this case, the portable object CPU microprocessor can be omitted. This being, the existence of such a microprocessor allows these operations to be carried out alteration (or invalidation) and verification of alteration then possible prohibition of writing the encrypted result information, directly at the portable object. Likewise, the existence of a microprocessor CPU on the portable object possibly allows a encryption of the game software on the portable object before transfer in the working memory of the case.

Il se peut également que la clé de cryptage-résultat utilisée pour crypter l'information de résultat ne soit pas la clé de cryptage-jeu Km et ne soit pas connue à l'avance par la station de validation. Il peut en être ainsi lorsque la clé de cryptage-résultat est tout simplement la clé de cryptage-boítier Kf. Dans ce cas, le mode de mise en oeuvre illustré sur la figure 6 prévoit non seulement le stockage de l'information de résultat cryptée IFRc dans la mémoire de résultat de l'objet (étape 11) mais aussi le stockage, dans cette mémoire de résultat ou dans une autre mémoire (étape 30, d'une information de clé ICR permettant ultérieurement de déterminer la clé de cryptage-résultat qui a été utilisée pour crypter l'information de résultat.It is also possible that the encryption-result key used to encrypt the result information is not the game encryption key Km and is not known in advance by the validation station. he can to be so when the encryption-result key is simply the Kf encryption-box key. In this case, the mode of implementation illustrated in Figure 6 not only provides for the storage of IFRc encrypted result information in the result memory of the object (step 11) but also the storage, in this memory of result or in another memory (step 30) of key information ICR allowing later to determine the encryption-result key which was used to encrypt the result information.

Cette information ICR peut être par exemple la clé de cryptage-résultat proprement dite ou bien un identifiant du boítier qui est associé de façon biunivoque au boítier et par conséquent à la clé de cryptage-boítier Kf qui a été stockée.This ICR information can for example be the key to encryption-result itself or an identifier of the box which is associated in a one-to-one way with the case and consequently with the key of encryption-box Kf which has been stored.

Le processeur de la station de validation lit alors (étape 31) l'information de clé ICR et détermine à partir d'une table de correspondance entre les identifiants et les clés de cryptage-boítier, stockée, de préférence de façon protégée, dans le fichier TB, la clé de cryptage-résultat Kr (en l'espèce la clé Kf) qui a été utilisée (étape 32).The processor of the validation station then reads (step 31) ICR key information and determines from a table of correspondence between the identifiers and the encryption-box keys, stored, preferably in a protected manner, in the TB file, the key encryption-result Kr (in this case the key Kf) which was used (step 32).

Il peut être ensuite procédé au décryptage de l'information de résultat (étape 13).It can then be performed to decrypt the information of result (step 13).

Cette variante de l'invention permet en outre d'identifier précisément les boítiers ayant conduit à des jeux gagnants et d'effectuer éventuellement des statistiques. Ceci offre une possibilité supplémentaire de détection d'une fraude éventuelle si l'on s'aperçoit qu'un même boítier conduit très souvent à des jeux gagnants.This variant of the invention also makes it possible to identify precisely the boxes that led to winning games and possibly perform statistics. This offers a possibility additional detection of possible fraud if we notice that the same box very often leads to winning games.

Claims (29)

  1. Tamper protection and activation method for an electronic gaming device including at least one housing (BT), as well as at least one portable article (OB) capable of cooperating with the housing, in which method at least one result-encryption key is stored in the housing and an authenticatable set of digital game data (JE) representative of a game is stored in the portable article, the portable article is made to cooperate with the housing, the authentication of the set of game data is verified (8) within the housing and this set of game data is stored in a working memory (MT)of the housing, in such a way as to authorize the running (9) of the game in the housing, then, after the running of at least a part of the game, a result information item (IFR) dependent on the said game is encrypted (10) within the housing with the aid at least of the said result-encryption key, and this encrypted result information item (IFRc) is stored (11) in a result memory (MR) of the portable article, then, the portable article is made to cooperate with a validation station (ST) having access to the said result-encryption key, the said station performing a validation processing (13) on the basis at least of the said encrypted result information item and of the said result-encryption key.
  2. Method according to Claim 1, characterized in that the validation process includes decryption of the encrypted result information items.
  3. Method according to Claim 1, characterized in that the unencrypted result information item is stored in the portable article , jointly with encrypted result information item, and in that the validation processing includes re-encryption of the unencrypted result information item stored in the portable article and a comparison of this re-encrypted result information item with the encrypted result information item stored in the result memory of the portable article.
  4. Method according to one of Claims 1 to 3, characterized in that when the authentication of the set of game data of the portable article has been verified and the said set has been stored in the working memory of the housing, all subsequent utilization, by the housing, of the set of game data of this portable article is prohibited (20).
  5. Method according to Claim 4, characterized in that, the device comprising several housings and several portable articles, when the authentication of the set of game data of one of the portable articles has been verified and when the said set has been stored in the working memory of one of the housings, all subsequent utilization, by any one of the housings, of the set of game data of this portable article is prohibited.
  6. Method according to one of the preceding claims, characterized in that the set of game data stored in the portable article is authenticated by appending thereto an authentication certificate (CTF) linked in a one-to-one manner with the said set of game data (JE) and in that the verification of the authentication of the set of game data includes a recalculation of the authentication certificate within the housing and a comparison between the recalculated authentication certificate and the authentication certificate stored in the portable article.
  7. Method according to Claim 4 or 5 taken in combination with Claim 6, characterized in that all subsequent utilization of a set of game data is prohibited by altering, in the corresponding portable article, at least partially the said authentication certificate and/or at least partially the set of game data.
  8. Method according to one of the preceding claims taken in combination with Claim 4, characterized in that the storage of the encrypted result information item in the portable article is authorized (21) only if all subsequent utilization of the set of game data of this portable article has been previously prohibited.
  9. Method according to one of the preceding claims, characterized in that a housing-encryption key (Kf) is stored in the housing.
  10. Method according to one of the preceding claims, characterized in that at least one game-encryption key (Km) is stored in the housing, in that the authentication of the set of game data stored in the portable article includes at least partial encryption of this set of game data, or of an information item (CTF) linked with this set of game data, with the aid of the game-encryption key (Km), before reading by the housing, and in that the verification of the authentication of this set of game data includes decryption within the housing with the aid of the game-encryption key.
  11. Method according to Claims 6 and 10, characterized in that only the authentication certificate (CTF) is encrypted and decrypted.
  12. Method according to Claim 9 taken in combination with Claim 10 or 11, characterized in that the game-encryption key (Km) having been encrypted with the aid of the housing-encryption key (Kf) is stored in the housing.
  13. Method according to Claim 9 taken in combination with one of Claims 10 to 12, characterized in that, the device including several housings and several portable articles, a different housing-encryption key (Kf) is associated with each housing whilst the game-encryption key (Km) is common for all the housings and to all the portable articles, in that the housing-encryption key of a housing is stored in the latter before storage of the game-encryption key, and in that the set of game data of a portable article is stored in the latter, already at least partially encrypted, or associated with an information item (CTFc) already at least partially encrypted, with the aid of the game-encryption key.
  14. Method according to Claim 9 or one of Claims 10 to 13, characterized in that the result-encryption key (Kr) is the housing-encryption key (Kf), or the game-encryption key (Km), or is obtained from a combination of the housing-encryption key and of the game-encryption key.
  15. Method according to one of the preceding claims, characterized in that a key information item (ICR) associated in a one-to-one manner with the said result-encryption key is stored in the portable article cooperating with the housing, and in that the validation station has access to the said result-encryption key by reading the said key information item stored in the portable article.
  16. Method according to one of the preceding claims, characterized in that the set of game data (JE) of a portable article is read by way of a serial protocol between the portable article and the housing.
  17. Electronic gaming device, characterized in that it comprises at least one housing (BT), at least one portable article (OB), and at least one validation station (ST), in that the portable article includes a game memory (MJ) containing an authenticatable set of game data (JE) representing a game, a result memory (MR) able to contain an encrypted result information item (IFRc), a first communication interface (ESC) able to cooperate with a housing-communication interface (ESB), and a second communication interface (ESC) able to communicate with a station-communication interface (ESS), in that the housing includes a key memory (MC) containing a result-encryption key, a write- and read-accessible working memory (MT), and a processing unit (UT) linked to these memories as well as to the housing-communication interface, the processing unit being capable, during cooperation between the housing-communication interface and the first communication interface of the article, of verifying the authentication of the set of game data stored in the article and of storing the said set in the working memory so as to allow the running of the game in the housing, then of encrypting a result information item (IFR) dependent on the said game, with the aid of the result-encryption key, and of communicating this encrypted result information item (IFRc) to the housing-communication interface for the purposes of the storage thereof in the result memory of the article, and in that the validation station (ST) includes means (PR) able to determine the said result-encryption key and station-processing means (PR) able to read the encrypted result information item via the station-communication interface, during cooperation between the portable article and the station, and to perform a validation processing from at least this encrypted result information item and the result-encryption key.
  18. Device according to Claim 17, characterized in that the station-processing means include station-decryption means able to decrypt the encrypted result information item.
  19. Device according to Claim 17, characterized in that the processing unit of the housing is able also to communicate the unencrypted result information item to the housing-communication interface for the purposes of storage thereof in the result memory of the article, and in that the station-processing means are furthermore able to read the unencrypted result information item via the station-communication interface, and include station-encryption means able to encrypt the said unencrypted result information item with the aid of the result-encryption key, as well as comparison means for comparing the recalculated encrypted result information item with the encrypted result information item stored in the result memory of the portable article.
  20. Device according to one of Claims 17 to 19, characterized in that the first communication interface (SEC) of the portable article is a serial interface.
  21. Device according to one of Claims 17 to 20, characterized in that the authenticatable set of game data is associated with an authentication certificate and in that the means of verifying the authentication of this set of game data include certificate calculation means able to recalculate the said authentication certificate from the set of game data, and comparison means able to compare the recalculated certificate and the certificate stored in the game memory of the portable article.
  22. Device according to one of Claims 17 to 21, characterized in that it comprises encryption means able to encrypt at least partially the set of authenticatable game data (JE), or an information item (CTF) linked with this set of game data, from at least one game-encryption key, and in that the key memory of the housing is able to contain the said game-encryption key whilst the means of verifying the authentication of the set of game data include decryption means linked to the key memory.
  23. Device according to Claims 21 and 22, characterized in that the encryption means encrypt only the authentication certificate (CTF).
  24. Device according to Claim 22 or 23, characterized in that the encryption means (CPU) are incorporated with the portable article.
  25. Device according to one of Claims 22 to 24, characterized in that the game-encryption key is stored encrypted and in that the processing unit (UT) of the housing includes means for decrypting this game-encryption key.
  26. Device according to one of Claims 17 to 25, characterized in that it comprises means (CPU) for invalidating the authenticatable set of game data of a portable article.
  27. Device according to one of Claims 17 to 26, characterized in that it comprises means (CPU) for prohibiting the writing of the encrypted result information item to the result memory of the portable article.
  28. Device according to Claim 26 or 27, characterized in that the invalidation means (CPU) and/or the prohibiting means (CPU) are incorporated into the portable article.
  29. Device according to one of Claims 17 to 28, characterized in that it comprises several housings, several portable articles and several validation stations, any one of the portable articles being capable of cooperating with any one of the housings and with any one of the validation stations.
EP96914253A 1995-04-28 1996-04-26 Tamper protection and activation method for an electronic gaming device and device therefor Expired - Lifetime EP0824732B1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR9505175A FR2733613B1 (en) 1995-04-28 1995-04-28 ANTI-FRAUD ACTIVATION AND PROTECTION METHOD OF AN ELECTRONIC GAME DEVICE, AND CORRESPONDING DEVICE
FR9505175 1995-04-28
PCT/FR1996/000645 WO1996034368A1 (en) 1995-04-28 1996-04-26 Tamper protection and activation method for an electronic gaming device and device therefor

Publications (2)

Publication Number Publication Date
EP0824732A1 EP0824732A1 (en) 1998-02-25
EP0824732B1 true EP0824732B1 (en) 1999-06-23

Family

ID=9478579

Family Applications (1)

Application Number Title Priority Date Filing Date
EP96914253A Expired - Lifetime EP0824732B1 (en) 1995-04-28 1996-04-26 Tamper protection and activation method for an electronic gaming device and device therefor

Country Status (10)

Country Link
EP (1) EP0824732B1 (en)
AT (1) ATE181609T1 (en)
AU (1) AU5767396A (en)
CA (1) CA2219634A1 (en)
DE (1) DE69603023T2 (en)
DK (1) DK0824732T3 (en)
ES (1) ES2132920T3 (en)
FR (1) FR2733613B1 (en)
GR (1) GR3030973T3 (en)
WO (1) WO1996034368A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7373507B2 (en) 2000-08-10 2008-05-13 Plethora Technology, Inc. System and method for establishing secure communication

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8858332B2 (en) 2006-01-27 2014-10-14 Wms Gaming Inc. Handheld device for wagering games
AU2007255019B2 (en) 2006-06-02 2012-04-05 Wms Gaming Inc. Handheld wagering game system and methods for conducting wagering games thereupon
US9489804B2 (en) 2012-09-28 2016-11-08 Bally Gaming, Inc. Community gaming system with varying eligibility criteria

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0596760A1 (en) * 1992-11-04 1994-05-11 Info Telecom Electrical device applied to games of chance

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4462076A (en) * 1982-06-04 1984-07-24 Smith Engineering Video game cartridge recognition and security system
US4882473A (en) * 1987-09-18 1989-11-21 Gtech Corporation On-line wagering system with programmable game entry cards and operator security cards
US5179517A (en) * 1988-09-22 1993-01-12 Bally Manufacturing Corporation Game machine data transfer system utilizing portable data units
US5276312A (en) * 1990-12-10 1994-01-04 Gtech Corporation Wagering system using smartcards for transfer of agent terminal data
FR2685510B1 (en) * 1991-12-19 1997-01-03 Bull Cps PROCESS FOR AUTHENTICATION, BY AN EXTERNAL MEDIUM, OF A PORTABLE OBJECT CONNECTED TO THIS MEDIA BY THE INTERMEDIATE OF A TRANSMISSION LINE, AND SYSTEM FOR IMPLEMENTATION

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0596760A1 (en) * 1992-11-04 1994-05-11 Info Telecom Electrical device applied to games of chance

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7373507B2 (en) 2000-08-10 2008-05-13 Plethora Technology, Inc. System and method for establishing secure communication

Also Published As

Publication number Publication date
DE69603023T2 (en) 2000-03-30
EP0824732A1 (en) 1998-02-25
ATE181609T1 (en) 1999-07-15
ES2132920T3 (en) 1999-08-16
AU5767396A (en) 1996-11-18
DK0824732T3 (en) 2000-01-24
DE69603023D1 (en) 1999-07-29
FR2733613A1 (en) 1996-10-31
GR3030973T3 (en) 1999-12-31
FR2733613B1 (en) 1997-07-18
CA2219634A1 (en) 1996-10-31
WO1996034368A1 (en) 1996-10-31

Similar Documents

Publication Publication Date Title
CA2261629C (en) System for secure data storage on cd-rom
EP0596760B1 (en) Electrical device applied to games of chance
EP0719438B1 (en) Access control system for restricting access to authorised hours and renewing it using a portable storage medium
EP0981808B1 (en) Security procedure for controlling the transfer of value units in a chip card gaming system
EP0253722B1 (en) Method for diversifying a basic key and for authenticating a key worked out from a predetermined basic key and system for operation
FR2731536A1 (en) METHOD FOR SECURE INFORMATION RECORDING ON A PORTABLE MEDIUM
FR2681165A1 (en) Process for transmitting confidential information between two chip cards
EP0552079B2 (en) Mass memory card for microcomputer
EP0425053A1 (en) Data processing system having memory card authenticating means, electronic circuit for use in that system and method for using this authentication
EP1086411B1 (en) Method for verifying the execution of a software product
WO1995030976A1 (en) Method for the production of a key common to two devices for implementing a common cryptographic procedure and associated apparatus
EP0824732B1 (en) Tamper protection and activation method for an electronic gaming device and device therefor
FR2788649A1 (en) METHOD FOR THE SECURE LOADING OF DATA BETWEEN SECURITY MODULES
FR2932294A1 (en) METHOD AND DEVICE FOR SECURING PORTABLE ELECTRONIC ENTITY
CA2252002A1 (en) Security access control system enabling transfer of authorisation to make keys
EP2016700A1 (en) Terminal activation method
FR2730076A1 (en) Authentication by server of holder of object incorporating microprocessor
WO1998006070A1 (en) System for managing the transfer of units of value in a chip card game system
WO2003056524A1 (en) Self-locking smart card and device for ensuring the security thereof
EP0910839B1 (en) Method for safely storing credit units in a smart card and monetary transaction system using same
FR2814575A1 (en) Encryption/identification message transfer process having two systems with public/secret whole numbers exchanging data using random drawn numbers/mathematical functions and reciprocal mathematics procedures.
CA2285642A1 (en) Rollup certification in a reader
FR2789774A1 (en) Security module for secure comparison of an authentication code with one stored in memory has additional auxiliary registers in which randomly chosen data words are placed for use in authenticating the code in the main registers
EP3032450A1 (en) Method for checking the authenticity of a payment terminal and terminal thus secured
EP1922856A2 (en) Method for authenticating a user and device therefor

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19971013

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17Q First examination report despatched

Effective date: 19980213

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

ITF It: translation for a ep patent filed

Owner name: BARZANO' E ZANARDO MILANO S.P.A.

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

REF Corresponds to:

Ref document number: 181609

Country of ref document: AT

Date of ref document: 19990715

Kind code of ref document: T

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 19990623

REF Corresponds to:

Ref document number: 69603023

Country of ref document: DE

Date of ref document: 19990729

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2132920

Country of ref document: ES

Kind code of ref document: T3

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: FRENCH

REG Reference to a national code

Ref country code: PT

Ref legal event code: SC4A

Free format text: AVAILABILITY OF NATIONAL TRANSLATION

Effective date: 19990811

REG Reference to a national code

Ref country code: DK

Ref legal event code: T3

PLBQ Unpublished change to opponent data

Free format text: ORIGINAL CODE: EPIDOS OPPO

PLBI Opposition filed

Free format text: ORIGINAL CODE: 0009260

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20000418

Year of fee payment: 5

PLBF Reply of patent proprietor to notice(s) of opposition

Free format text: ORIGINAL CODE: EPIDOS OBSO

26 Opposition filed

Opponent name: GEMPLUS SCA

Effective date: 20000323

NLR1 Nl: opposition has been filed with the epo

Opponent name: GEMPLUS SCA

PLBF Reply of patent proprietor to notice(s) of opposition

Free format text: ORIGINAL CODE: EPIDOS OBSO

PLBF Reply of patent proprietor to notice(s) of opposition

Free format text: ORIGINAL CODE: EPIDOS OBSO

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 20010315

Year of fee payment: 6

Ref country code: MC

Payment date: 20010315

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: SE

Payment date: 20010319

Year of fee payment: 6

Ref country code: DK

Payment date: 20010319

Year of fee payment: 6

Ref country code: AT

Payment date: 20010319

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IE

Payment date: 20010321

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: PT

Payment date: 20010322

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GR

Payment date: 20010329

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FI

Payment date: 20010330

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20010409

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20010411

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: CH

Payment date: 20010412

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: LU

Payment date: 20010413

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20010420

Year of fee payment: 6

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: BE

Payment date: 20010514

Year of fee payment: 6

PLBO Opposition rejected

Free format text: ORIGINAL CODE: EPIDOS REJO

PLBN Opposition rejected

Free format text: ORIGINAL CODE: 0009273

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: OPPOSITION REJECTED

27O Opposition rejected

Effective date: 20010528

REG Reference to a national code

Ref country code: GB

Ref legal event code: IF02

NLR2 Nl: decision of opposition
PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020426

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020426

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020426

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020426

Ref country code: FI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020426

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020426

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020427

Ref country code: ES

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020427

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020430

Ref country code: DK

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020430

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020430

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020430

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20020628

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20021031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20021101

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20021101

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20021105

EUG Se: european patent has lapsed

Ref document number: 96914253.8

REG Reference to a national code

Ref country code: DK

Ref legal event code: EBP

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20020426

NLV4 Nl: lapsed or anulled due to non-payment of the annual fee

Effective date: 20021101

REG Reference to a national code

Ref country code: PT

Ref legal event code: MM4A

Free format text: LAPSE DUE TO NON-PAYMENT OF FEES

Effective date: 20021031

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

REG Reference to a national code

Ref country code: ES

Ref legal event code: FD2A

Effective date: 20030514

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES;WARNING: LAPSES OF ITALIAN PATENTS WITH EFFECTIVE DATE BEFORE 2007 MAY HAVE OCCURRED AT ANY TIME BEFORE 2007. THE CORRECT EFFECTIVE DATE MAY BE DIFFERENT FROM THE ONE RECORDED.

Effective date: 20050426

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20010430