WO2004104907A1 - Authentication system - Google Patents

Authentication system Download PDF

Info

Publication number
WO2004104907A1
WO2004104907A1 PCT/IB2004/001627 IB2004001627W WO2004104907A1 WO 2004104907 A1 WO2004104907 A1 WO 2004104907A1 IB 2004001627 W IB2004001627 W IB 2004001627W WO 2004104907 A1 WO2004104907 A1 WO 2004104907A1
Authority
WO
WIPO (PCT)
Prior art keywords
player
gaming server
authorised
biometric parameter
authentication system
Prior art date
Application number
PCT/IB2004/001627
Other languages
French (fr)
Inventor
Martin Moshal
Original Assignee
Waterleaf Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to GB0311672.0 priority Critical
Priority to GB0311672A priority patent/GB0311672D0/en
Application filed by Waterleaf Limited filed Critical Waterleaf Limited
Publication of WO2004104907A1 publication Critical patent/WO2004104907A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/12Video games, i.e. games using an electronically generated display having two or more dimensions involving interaction between a plurality of game devices, e.g. transmisison or distribution systems
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F2300/00Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game
    • A63F2300/40Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterised by details of platform network
    • A63F2300/401Secure communication, e.g. using encryption or authentication
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F2300/00Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game
    • A63F2300/50Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterized by details of game servers
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F2300/00Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game
    • A63F2300/50Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterized by details of game servers
    • A63F2300/53Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterized by details of game servers details of basic data processing
    • A63F2300/532Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterized by details of game servers details of basic data processing using secure communication, e.g. by encryption, authentication
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F2300/00Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game
    • A63F2300/50Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterized by details of game servers
    • A63F2300/55Details of game data or player data management
    • A63F2300/5546Details of game data or player data management using player registration data, e.g. identification, account, preferences, game history

Abstract

An authentication system comprises a gaming server operating under stored program control to regulate the progress of a number of different games and a register of players authorised to access the gaming server to play any of the number of different games. The register includes, for each authorised player, stored identification data corresponding uniquely to that authorised player, such as a biometric parameter of that player. The player's unique biometric parameter is obtained at registration by means of a biometric scanner such as a fingerprint or retinal scanner.

Description

AUTHENTICATION SYSTEM

Field of the Invention

This invention relates to an authentication system and, more particularly, but not exclusively, to an authentication system that can be applied to authenticate players in gaming applications and, still more particularly, online gaming applications. The invention extends to a method for authenticating players in gaming applications.

Background to the Invention

This invention will be described with particular reference to the authentication of players wishing to play games at an online casino. It is to be clearly understood, however, that the scope of the invention is not limited to this particular application.

Online casinos that offer a choice of multiple different casino games for play have become increasingly popular as sources of entertainment. As with land-based casinos, for reasons of public policy, it is desirable to prevent access to such casino games by minors or other particular groups of persons. In order to access an online casino, a would-be player is first required to complete a registration process by supplying personal information such as a first name, a surname, a physical address, an e-mail address, a telephone number and a date of birth. Once the registration process has been completed, the would-be player is assigned a user name and is required to select a private password known only to the would-be player. Subsequent log-ins to the online casino can be achieved by means of the username and private password only.

It will be appreciated that this registration procedure does not include any checks to prevent minors from registering as players by submitting, for example, a false date of birth. Further, security can be breached when a legitimate username and private password falls into the hands of an unauthorised person, whether an adult or a minor, allowing such unauthorised person to access the online casino.

It is desired to increase the security and integrity of such authentication systems to prevent access to online services by unauthorised persons.

Object of the Invention

It is an object of this invention to provide an authentication system for online gaming applications, and a method of authenticating players in online gaming applications that will, at least partially, alleviate the abovementioned difficulties and disadvantages.

Summary of the Invention

In accordance with this invention there is provided an authentication system, comprising: a gaming server operable under program control to regulate the progress of any one of a number of different selectable games; and a register of players authorised to access the gaming server to play any of the number of different games, the register including, for each authorised player, stored identification data corresponding uniquely to that authorised player, the gaming server legislating access by an authorised player to play any of the number of different games as a function of that player's unique identification data, characterised in that the stored identification data of each authorised player in the register includes a stored biometric parameter corresponding to that player.

Further features of the invention provide for the authentication system to include at least one player access facility operable by an authorised player to access the gaming server, and a communication network providing communication between the player access facility and the gaming server, for the player access facility to include a biometric scanning device capable of deriving a biometric parameter of a player operating the player access facility and of transmitting the derived biometric parameter to the gaming server by means of the communication network, and for the gaming server to prevent the player from accessing the gaming server to play any of the number of different games when the player's derived biometric parameter is substantially different to the player's stored biometric parameter.

Still further features of the invention provide for the gaming server to cause a player accessing the gaming server for a first time to complete a registration procedure in order to become an authorised player, the registration procedure causing the player's identification data to be stored in the register of authorised players, for the player's stored biometric parameter to be derived by the biometric parameter scanning device during the registration procedure, and for the biometric parameter to be a fingerprint and the biometric scanning device to be a fingerprint reader, alternatively for the biometric parameter to be a retinal scan and the biometric scanning device to be a retinal scanner. Preferably, the games are casino games, the communication network is the

Internet, and the player access facility is a computer workstation connectable to the World Wide Web of the Internet.

The invention extends to a method for authenticating players, comprising the steps of: operating a gaming server under program control to regulate the progress of any one of a number of different selectable games; establishing a register of players authorised to access the gaming server and to play any of the number of different games; and storing in the register unique identification data corresponding to each authorised player, the gaming server legislating access by an authorised player to play any of the number of different games as a function of that player's unique identification data, characterised in that the method includes a further step of including, as part of an authorised player's unique identification data, a stored biometric parameter corresponding to that player.

There is further provided for accessing the gaming server along a communication network by means of at least one player access facility operable by an authorised player, and for the method to includes the steps of: deriving, by means of a biometric scanning device, a biometric parameter of a player operating the player access facility; transmitting the derived biometric parameter to the gaming server by means of the communication network; and preventing the player from accessing the gaming server if the player's derived biometric parameter is substantially different from the player's stored biometric parameter. There is still further provided for the method to include the additional steps of: causing a player accessing the gaming server for a first time to complete a registration procedure in order to become an authorised player; and storing the player's identification data in the register of authorised players on completion of the registration procedure, and for deriving the player's stored biometric parameter by means of the biometric parameter scanning device.

Brief Description of the Drawings

A preferred embodiment of the invention is described below, by way of example only, and with reference to the abovementioned drawings, in which:

Figure 1 is a functional representation of an authentication system according to the invention.

Detailed Description of the Invention

Referring to Figure 1 , an authentication system is indicated generally by reference numeral (1).

The authentication system includes a gaming server (2) and a user access facility (3) in the form of a computer workstation having a display screen (4) and a pointing device (5), such as a mouse or, alternatively, a touchpad. The computer workstation (3) is remote from the gaming server (2) and is in communication therewith by means of a communication network (6) that is, in this embodiment, the Internet.

The authentication system includes, further, an administration server (7) that is also accessible from the computer workstation (3) and the gaming server (2) by means of the communication network (6). A biometric scanner (9) such as, for example, a fingerprint scanner is linked to the computer workstation (3) by means of a compatible interface (not shown).

The computer workstation (3) is a conventional personal computer operating under a Windows 2000 operating system, which is well known and commercially available from the Microsoft Corporation of Seattle, Washington, USA. The computer workstation (3) and the gaming server (2) each execute different components of an online game, such as a casino game, under instruction of a player through a man-machine interface (not shown) in the form of a graphical user interface (GUI) on the computer workstation.

The online game consists of a client component, or client process (not shown), that is executed in the computer workstation (3) and a server component, or server process (not shown), that is executed in the gaming server (2). The client process of the game simulates the progress of the game on the display screen (4). The server process generates, upon request of the client process, one or more random events that determine an outcome or outcomes of a turn of the online game. The client process obtains the result of the random event from the gaming server (2) along the communication network (6) and utilises the result to display a corresponding outcome of the game to the player in an intelligible manner by means of the simulation on the display screen (4).

The authentication system (1) includes a database register (8) of players authorised to access the gaming server (2) to play the game. The administration server (7) can access the player database (8) to read information therefrom and to write information thereto.

In use, a player wishing access the gaming server (2) to play the game is required to log on to the gaming server (2) by means of the computer workstation (3). If the player is a first-time player, he is required to complete a registration procedure in order to access the gaming server (2). As part of the registration process, the player is assigned a user name by the administration server (7) and directed to select a private password known only to him. The administration server (7) also activates the biometric scanner (9) to obtain a digital image of a fingerprint of the player. The method of obtaining such as fingerprint image is well known in the art and will not be described here in detail. The player's username, private password and digital fingerprint image are stored by the administration server (7) on the player database (8) and are used to legislate subsequent access by the player to the gaming server (2).

If the player is not a first-time player, login is achieved by entering only that player's username and private password on the computer workstation (3). The administration server (7) interrogates the player database (8) to verify the validity of the player's username and private password. If either the username or the private password is determined as being invalid, the login procedure terminates and the player is prevented from accessing the gaming server (2). If both the player's username and private password are determined as being valid, the biometric scanner is activated to obtain a further digital image of the player's fingerprint. The administration server (7) compares the further digital image against the corresponding image of the player's fingerprint already stored on the player database (8), and permits the player to access the gaming server (2) only if the two digital images are identical within a predetermined degree of accuracy.

Should the comparison fail, the player is denied access to the gaming server (2).

It will be appreciated by those skilled in the art that the invention will increase the security and integrity of the authentication system (1 ) relative to prior art systems as it employs a two-stage authentication process, the first stage being a conventional username/private password authentication of the player, and the second stage being a biometric authentication of the player. Should the username/private password combination be compromised by becoming known to another party, unauthorised access to the gaming server (2) will still be prevented by failure of the second stage of the authentication process, namely the biometric authentication. The two-stage authentication process will eliminate the chance of access to the gaming server (2) by unauthorised persons such as minors and the like.

Numerous modifications to this embodiment are possible without departing from the scope of the invention. In particular, a different biometric parameter may be used for authentication, such as a retinal scan or a facial scan, necessitating the use of a retinal scanner or a facial scanner, respectively, instead of the fingerprint scanner (9) described above. Further, the functions of the administration server (7) and the gaming server (2) can be consolidated, requiring only a single processor to execute these functions. Still further, the reference biometric parameter that is stored in the player database may be obtained from official records, such as a government registry, instead of being obtained by means of the biometric scanner (9) as part of the player registration process.

The invention therefore provides an authentication system that exhibits greater protection against unauthorised access to a facility than prior art equivalents.

Claims

Claims
1. An authentication system, comprising: a gaming server operable under program control to regulate the progress of any one of a number of different selectable games; and a register of players authorised to access the gaming server to play any of the number of different games, the register including, for each authorised player, stored identification data corresponding uniquely to that authorised player, the gaming server legislating access by an authorised player to play any of the number of different games as a function of that player's unique identification data, characterised in that the stored identification data of each authorised player in the register includes a stored biometric parameter corresponding to that player.
2. An authentication system as claimed in claim 1 that includes at least one player access facility operable by an authorised player to access the gaming server, and a communication network providing communication between the player access facility and the gaming server.
3. An authentication system as claimed in claim 2 in which the player access facility includes a biometric scanning device capable of deriving a biometric parameter of a player operating the player access facility and of transmitting the derived biometric parameter to the gaming server by means of the communication network.
4. An authentication system as claimed in claim 3 in which the gaming server prevents the player from accessing the gaming server to play any of the number of different games when the player's derived biometric parameter is substantially different to the player's stored biometric parameter.
5. An authentication system as claimed in either one of claims 3 or 4 in which the gaming server causes a player accessing the gaming server for a first time to complete a registration procedure in order to become an authorised player, the registration procedure causing the player's identification data to be stored in the register of authorised players.
6. An authentication system as claimed in claim 5 in which the player's stored biometric parameter is derived by the biometric parameter scanning device during the registration procedure.
7. An authentication system as claimed in any one of claims 3 to 6 in which the biometric parameter is a fingerprint and the biometric scanning device is a fingerprint reader.
8. An authentication system as claimed in any one of claims 3 to 6 in which the biometric parameter is a retinal scan and the biometric scanning device is a retinal scanner.
9. An authentication system as claimed in any one of the preceding claims in which the games are casino games.
10. An authentication system as claimed in any one of the preceding claims in which the communication network is the Internet.
11. An authentication system as claimed in claim 10 in which the player access facility is a computer workstation connectable to the World Wide Web of the Internet.
12. A method for authenticating players, comprising the steps of: operating a gaming server under program control to regulate the progress of any one of a number of different selectable games; establishing a register of players authorised to access the gaming server and to play any of the number of different games; and storing in the register unique identification data corresponding to each authorised player, the gaming server legislating access by an authorised player to play any of the number of different games as a function of that player's unique identification data, characterised in that the method includes a further step of including, as part of an authorised player's unique identification data, a stored biometric parameter corresponding to that player.
13. A method as claimed in claim 12 that includes a step of accessing the gaming server along a communication network by means of at least one player access facility operable by an authorised player.
14. A method as claimed in either one of claims 12 or 13 that includes the steps of: deriving, by means of a biometric scanning device, a biometric parameter of a player operating the player access facility; transmitting the derived biometric parameter to the gaming server by means of the communication network; and preventing the player from accessing the gaming server if the player's derived biometric parameter is substantially different from the player's stored biometric parameter.
15. A method as claimed in any one of claims 12 to 14 that includes the steps of: causing a player accessing the gaming server for a first time to complete a registration procedure in order to become an authorised player; and storing the player's identification data in the register of authorised players on completion of the registration procedure.
6. A method as claimed in claim 14 in which the player's stored biometric parameter is derived by means of the biometric parameter scanning device.
PCT/IB2004/001627 2003-05-21 2004-05-19 Authentication system WO2004104907A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0311672.0 2003-05-21
GB0311672A GB0311672D0 (en) 2003-05-21 2003-05-21 Authentication system

Publications (1)

Publication Number Publication Date
WO2004104907A1 true WO2004104907A1 (en) 2004-12-02

Family

ID=9958494

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2004/001627 WO2004104907A1 (en) 2003-05-21 2004-05-19 Authentication system

Country Status (2)

Country Link
GB (1) GB0311672D0 (en)
WO (1) WO2004104907A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6099408A (en) * 1996-12-31 2000-08-08 Walker Digital, Llc Method and apparatus for securing electronic games
US6234900B1 (en) * 1997-08-22 2001-05-22 Blake Cumbers Player tracking and identification system
US20030032485A1 (en) * 2001-08-08 2003-02-13 International Game Technology Process verification
WO2003029938A1 (en) * 2001-09-28 2003-04-10 Saflink Corporation Biometric authentication
US6709333B1 (en) * 2001-06-20 2004-03-23 Sierra Design Group Player identification using biometric data in a gaming environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6099408A (en) * 1996-12-31 2000-08-08 Walker Digital, Llc Method and apparatus for securing electronic games
US6234900B1 (en) * 1997-08-22 2001-05-22 Blake Cumbers Player tracking and identification system
US6709333B1 (en) * 2001-06-20 2004-03-23 Sierra Design Group Player identification using biometric data in a gaming environment
US20030032485A1 (en) * 2001-08-08 2003-02-13 International Game Technology Process verification
WO2003029938A1 (en) * 2001-09-28 2003-04-10 Saflink Corporation Biometric authentication

Also Published As

Publication number Publication date
GB0311672D0 (en) 2003-06-25

Similar Documents

Publication Publication Date Title
US7392534B2 (en) System and method for preventing identity theft using a secure computing device
US6799275B1 (en) Method and apparatus for securing a secure processor
Brainard et al. Fourth-factor authentication: somebody you know
CN1918606B (en) Player verification method and system for remote gaming terminals
US6751733B1 (en) Remote authentication system
EP1461673B1 (en) Validating the identity of a user using a pointing device
ES2420158T3 (en) System and method for a login block unauthorized network using a stolen password
US5774551A (en) Pluggable account management interface with unified login and logout and multiple user authentication services
CN101087194B (en) Organism authenticating method and system
CA2498603C (en) Methods and apparatus for dynamic user authentication using customizable context-dependent interaction across multiple verification objects
US6263446B1 (en) Method and apparatus for secure distribution of authentication credentials to roaming users
US8484698B2 (en) Multichannel device utilizing a centralized out-of-band authentication system (COBAS)
JP4091744B2 (en) Computer apparatus and method of operation
Reid Biometrics for network security
US7383572B2 (en) Use of public switched telephone network for authentication and authorization in on-line transactions
RU2434340C2 (en) Infrastructure for verifying biometric account data
US20120198532A1 (en) User Authentication for Social Networks
US20060063575A1 (en) Dynamic theming of a gaming system
EP1829281B1 (en) Authentication device and/or method
US20020068629A1 (en) Off-line gaming
US7451323B2 (en) Password inputting apparatus, method of inputting password, and computer product
Garfinkel et al. Web security, privacy & commerce
US7549170B2 (en) System and method of inkblot authentication
Garman Kerberos: The Definitive Guide: The Definitive Guide
US20040248555A1 (en) User authentication system and method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct app. not ent. europ. phase