The invention relates to instant lottery ticket systems and in particular to lottery systems using validation files to validate winning lottery tickets.
In many instant lottery systems, especially those in the United States that are administered by state governments, winning tickets are presented by players to lottery agents for redemption. In many cases, in particular where the ticket has a high value, the lottery agent will enter ticket identification or validation data from the ticket into a lottery terminal using a bar code reader or manually inputting this data. This information is then transmitted to a host computer at the state lottery administration where this information is used to access a validation file. Typically, there is one record in the validation file for each such winning ticket that contains the redemption value of the ticket. The host computer validates that the ticket is indeed a winning ticket and relays this information to the lottery terminal. The lottery agent either pays the winning amount or refers the player to a regional lottery office.
However, it has been discovered that in some situations it is possible to make unauthorized alterations to or add validation records to the validation file in the host computer. Then for example, someone with access to the validation file can add a record containing a redemption value or a prize code to the validation file for what should be a losing lottery ticket, alter the face of the ticket to reflect this winning value and then present the lottery ticket to the lottery agent for redemption. In this manner, what would otherwise be a losing lottery ticket can be fraudulently redeemed for value. Also, the prize codes in one or more existing validation records could be altered to increase the redemption value of a ticket or turn a losing ticket in to a winning ticket.
It is therefore an object of the invention to improve the integrity of lottery validation and redemption systems.
It is another object of the invention to provide a method to insure that validation files in a lottery administration host computer are not altered.
A further object of the invention to provide a method for periodically auditing the integrity of a validation file by using audit data that includes at least a portion of the data that should be in the validation file for comparison with the information actually stored in the validation file.
Still another object of the invention is to provide a read-only media such as a compact disk (CD) having data corresponding to the data on a lottery administration host computer validation file that can periodically be read by the host computer to audit the validation file. The read-only media can be provided by the same entity or vendor that provided the validation file to the lottery administration. A small activation or initialization program on the read-only media can be used to initiate a read and compare or other audit programs on the host computer to compare the data on the read-only media to the validation data in the validation file and to generate reports reflecting any discrepancies.
Another object of the invention to provide a method for periodically auditing the integrity of a lottery validation file by converting at least a portion of the data that should be in the validation file into a first data string and comparing that string to a second data string computed from corresponding data stored on in a validation file on a lottery administration host computer. Security of the data string can be increased by using a variable parameter such as time in the computation of the data strings.
To illustrate a representative environment for the invention,
Also shown in
Typically, the first step in the process of manufacturing an instant lottery game, after the game has been designed, is for a lottery ticket vendor, as indicated at a block 28 in
In many state lotteries the practice is to require that high tier lottery tickets that are presented by a player to a lottery agent for redemption be validated by having the lottery agent transmit ticket identification information or validation information printed on the ticket from the lottery terminal such as 12A to the host computer 16. This information is then used to access the record in the validation file 18 which contains the redemption value as represented by the prize code for the ticket and this value is then transmitted back to the lottery terminal 12A. The usual practice is to have the lottery agent compare this value from the host computer 16 with the prize or winning value printed on the lottery ticket and if they are the same, the agent will pay the player this amount or provide the player with a form that he can use to redeem the ticket from the lottery administration.
In one embodiment of the invention, a read only memory such as a CD 34 is provided by the vendor 28 to the lottery administration for each game. Preferably, the security workstation 20 performs a validation file audit using a program or set of programs including an audit program 36 that can be provided by the ticket vendor 28 via the CD 34 as indicated by a line 38. In this embodiment of the invention, the CD 34 also contains a set of audit data 40 derived from the ticket data file or the validation file 18′, as indicated by a line 42, that can be used to audit the validation file 18. For example, the audit data 40 can include a complete version of the validation file 18 for the game, a subset of the information in the validation file 18, or information in encrypted form that can be used to reconstruct at least part of the information in the validation file 18. Preferably, the security workstation 20 will initialize the audit program 36 so that it reads the validation file 18 in the host computer 16 and compares it with the audit data 40 and generates a report on the printer 24 or the display 26 indicating whether or not there is a discrepancy. Also, the validation reading program and/or the audit program 36 can be contained on the CD 34 as indicated by a line 42. In a variation of this embodiment of the invention, the validation file 18 is read and the audit program 36 creates an encrypted intermediate file containing the ticket validation number, the redemption value and other ticket control information. The information on the intermediate file is then compared to the audit data 40 which is in a similar format on the CD 34. As an example, the audit program 36 can perform a hash operation on the intermediate file and compare it to a similar operation on the information on the CD 34 to determine if the validation file 18 has been changed. Other audit approaches can be used by the audit program 36 such as computing the total value of the winning tickets in the validation file 18 and comparing it to the predetermined value for that game stored as the audit data 40 on the CD 34 to provide an indication that winning tickets have been added to the validation file 18. The CD 34 in this embodiment of the invention also contains an initialization program that will cause the audit program 36 in the security workstation 20 to execute. In order to enhance the security of this audit process, encryption and decryption algorithms can be used. For example, the audit data 40 and the initialization program on the CD 34 and the intermediate file can be encrypted and decrypted by using the public key method.
One method of using this audit process would be to have lottery administration security personnel periodically load the CD 34 into the CD reader 22 and cause the security workstation 20 to execute the initialization program, the validation file read program and the audit program 36. This can be accomplished by having the lottery administration employee operating the security workstation 20 click on an icon on the display 26 to read the CD 34. At the termination of the audit program 36, the security workstation can display on the display 26 or print out on the printer 24 a report indicating whether or not the integrity of the validation file has been compromised. Because the validation information on the CD 34 is in read-only format and thus can not be altered and also through the use of encryption, it would be substantially more difficult for someone having direct access to or hacking into the lottery host computer 16 to manipulate or make changes in the validation file 18.
In the preferred embodiment of the invention, the records in the validation file 18 are converted into a single data form that can be compared to data in the same data form computed from the original validation data such as the validation file 18′ created by the vendor 28. This process of creating a hash or a checksum that mathematically identifies data in the host validation file can be performed on a continuous basis or can be performed in a pre-determined periodic basis. In the particular arrangement shown in
Resultn=ABS(CRC(Resultn−1,VIRNn,pcoden))
where: n represents the number of records in the validation file 18 that are to be used for the auditdata data string computation; VIRN represents the validation data in the record that is used in the computation; and pcode represents the prize code. The auditdata data string is then constructed as depicted at a block 92 using a concatenated 32 digit output string:
concat(Game Number,Time,Resultn)
An example of such a string might be: 217021520010845000000945677234 where the computation was performed on game number 217 at 08:45 AM on Feb. 15, 2001 resulting in a auditdata data string of 000000945677234 which breaks down as:
It should be noted that this example of the calculated auditdata data string will be different if calculated at any other time or date thus substantially enhancing the security of the auditing system. As a result, the Date and Time portions of the auditdata1 data strings stored in the comparison file 52 are used by the audit program 36 so that the auditdata2 data strings are computed for corresponding records in the validation file 48 such that if there have been no changes to any of the records in the validation file 18, the auditdata2 data strings will be the same as the auditdata1 strings.
It should be noted that the above embodiment of the invention was described in terms of a single game contained in one validation file 18. However, very often the host computer 16 will contain a number of games each in its own validation file. One of the advantages of the preferred embodiment of the audit system described in connection with
There are a variety of ways that the audit system described above can be implemented. Although the system of
Number | Name | Date | Kind |
---|---|---|---|
5949042 | Dietz et al. | Sep 1999 | A |
6595856 | Ginsburg et al. | Jul 2003 | B1 |
20020002076 | Schneier et al. | Jan 2002 | A1 |
Number | Date | Country | |
---|---|---|---|
20030114213 A1 | Jun 2003 | US |