A portion of the disclosure of this patent document contains material to which the claim of copyright protection is made. The copyright owner has no objection to the facsimile reproduction by any person of the patent document or the patent disclosure, as it appears in the U.S. Patent and Trademark Office file or records, but reserves all other rights whatsoever. Copyright 2005, 2006, WMS Gaming, Inc.
1. Field
This invention relates generally to the field of computerized wagering gaming machines and more particularly to the field of on-the-fly encryption of data storage on a computerized wagering gaming machine.
2. Description of Related Art
Casino gaming machines are subjected to rigorous regulation. These regulations are designed to eliminate or at the very least reduce fraud or cheating, both of the games and of the public. For example, these regulations require that the data content (including the gaming applications) stored on a gaming machine is carefully controlled.
Systems, apparatus and methods for on-the-fly encryption of data storage on a computerized wagering gaming machine are described herein. In some embodiments, a method includes accessing, using an on-the-fly encryption operation, data from a nonvolatile data storage in a computerized wagering gaming machine.
In some embodiments, a method includes conducting a wagering game on a computerized wagering gaming machine. The conducting of the wagering game includes accessing a file from a secondary storage of the computerized wagering gaming machine, wherein the accessing comprises decrypting the file. The conducting of the wagering game also includes presenting wagering gaming information for the computerized wagering gaming machine based at least in part on data in the file.
In some embodiments, an apparatus includes a secondary storage to store a number of encrypted files in an encrypted container file. The apparatus also includes a processor to execute instructions that includes a wagering game, wherein the instructions include a retrieval and decryption of at least one encrypted file of the number of encrypted files from the secondary storage.
The present invention is illustrated by way of example and not limitation in the Figures of the accompanying drawings in which:
Systems, apparatus and methods for on-the-fly encryption of data storage on a computerized wagering gaming machine are described herein. This description of the embodiments is divided into three sections. The first section describes an overview of some embodiments. The second section describes an example operating environment and system architecture. The third section describes example operations. The fourth section provides some general comments.
In some embodiments, a method comprises accessing, using an on-the-fly encryption operation, data from a nonvolatile data storage in a computerized wagering gaming machine. The accessing, using the on-the-fly encryption operation, of data may comprise retrieving and decrypting a gaming component from the nonvolatile data storage. In some embodiments, the method further comprises executing a gaming application on the computerized wagering gaming machine, wherein executing the gaming application is based at least in part on the gaming component. The gaming component may include a video component. The accessing, using the on-the-fly encryption operation, of data may comprise encrypting and storing the data in the nonvolatile data storage. The accessing, using the on-the-fly encryption operation, of data, may comprise retrieving an individually encrypted file from the nonvolatile data storage and decrypting the individually encrypted file. The accessing, using the on-the-fly encryption operation, of data may comprise verifying the data, wherein the computerized wagering gaming machine is moved to an inoperative state upon determination that the data is not verified. In some embodiments, the data is stored into a number of files on the nonvolatile data storage. The method may further comprise initializing the computerized wagering gaming machine prior to accessing, using on-the-fly encryption operation, the data. In such an embodiment, the initializing may comprise authenticating N percent of each of the number of files. In some embodiments, N is less than 100. N may be different for at least two different files of the number of files, wherein N is dependent on a size of the number of files.
In some embodiments, a method comprises conducting a wagering game on a computerized wagering gaming machine. The conducting includes accessing a file from a secondary storage of the computerized wagering gaming machine, wherein the accessing comprises decrypting the file. The method also includes presenting wagering gaming information for the computerized wagering gaming machine based at least in part on data in the file. The presenting of wagering gaming information may comprise displaying a video symbol for a reel of the computerized wagering gaming machine. The presenting of wagering gaming information may comprise outputting audio from an audio speaker of the computerized wagering gaming machine. The presenting of wagering gaming information may comprise computing a monetary amount for a win on the computerized wagering gaming machine. In some embodiments, the secondary storage is encrypted as a container file, wherein the conducting further includes opening the container file prior to accessing the file from the secondary storage.
In some embodiments, an apparatus includes a secondary storage to store a number of encrypted files in an encrypted container file. The apparatus also includes a processor to execute instructions that includes a wagering game, wherein the instructions include a retrieval and decryption of at least one encrypted file of the number of encrypted files from the secondary storage. The instructions may include an open operation for the encrypted container file to access the at least one encrypted file. The encrypted file may include video content, wherein the instructions are to display the video content as part of the wagering game. The processor may execute instructions to initialize the apparatus prior to the execution of the instructions that includes the wagering game, wherein the instructions to initialize comprises an authentication of N percent of each of the number of encrypted files. In some embodiments, N is different for at least two different files of the number of encrypted files, wherein N is dependent on a size of the number of encrypted files.
This section provides an example system architecture in which embodiments of the invention can be practiced. This section also describes an example computer system and gaming machine. Operations of the system components will be described in the next section.
In some embodiments, the gaming machines 110 may include a data storage, including any type of nonvolatile memory (such as a hard drive), that is accessed using on-the-fly encryption operations. Accordingly, the data stored on the data storage is encrypted and is decrypted as part of the retrieval of data there from. Therefore, data (such as gaming and licensing content) downloaded from the master game server 102 into the gaming machines 110 may be encrypted prior to storage therein.
The gaming and licensing content store 104 includes gaming content and licensing content. The gaming content can include instructions and/or data used for conducting casino style wagering games (e.g., video slots, video poker, video black jack, and the like). In some embodiments, the gaming content may include program code, audio content, video content, and/or other data used for conducting all or part of a casino style slots game and/or bonus events.
The licensing content may include data and/or instructions for enforcing a license for using gaming content. In some embodiments, the licensing content may be used to enforce any suitable licensing model.
In some embodiments, the master game server 102 distributes gaming and licensing content to the download managers 108. The download managers 108 may manage delivery of the gaming and licensing content to the gaming machines 110. In some embodiments, the master game server 202 distributes gaming and licensing content using one or more data packages, as described in greater detail below (see System Operations section).
In some embodiments, each gaming machine 110 serves as a thin client to a download manager 108 or other computer system. As a thin client, each gaming machine 110 includes logic for presenting and receiving gaming information, while logic for conducting games is disposed within the download manager 108 or other computer system (not shown). In another embodiment, the gaming machine 110 includes all logic for presenting and receiving gaming information and for conducting a game. The gaming machines 110 may be embodied in any suitable computing device, such as a desktop computer, laptop computer, or personal digital assistant.
The components of the system 100 may be connected using any suitable connection technology. For example, the components can be connected via RS-232, Ethernet, 802.11, public switched telephone networks, DSL, or any other connection technology. The network 120 may be a local area network or wide-area network and can transmit licensing and gaming content using any suitable communication protocols. The administrator terminals 112 may be used for configuring and accessing licensing and gaming content stored in the download managers 108.
In some embodiments, the data downloaded into the gaming machines 110 may be encrypted using on-the-fly encryption operation. In some embodiments, on-the-fly encryption is defined such that data is encrypted or decrypted right before such data is loaded (saved) or retrieved, respectively, from the data storage device, without user intervention. No data stored on an encrypted volume may be read without the correct password or encryption key. In some embodiments, the data that is decrypted is loaded into volatile memory for access thereto. In some embodiments, the data from the data storage is not written to a nonvolatile memory (such as a different hard disk).
While
The computer system 500 also includes a volatile memory 230, processor bus 222, and an Input/Output (I/O) controller hub (ICH) 224. The processor(s) 202, the volatile memory 230, and the ICH 224 are coupled to the processor bus 222. The processor(s) 202 may comprise any suitable processor architecture. The computer system 200 may comprise one, two, three, or more processors, any of which may execute a set of instructions in accordance with embodiments of the invention.
The volatile memory 230 may store data and/or instructions, and may comprise any suitable memory, such as a dynamic random access memory (DRAM). For example, as shown, the volatile memory 230 may store an installation module 237, an authentication module 238 and an on-the-fly encryption module 240. As shown, the installation module 237, the authentication module 238 and the on-the-fly encryption module 240 may be instructions that may be executed by the processor(s) 202. However, in some embodiments, the installation module 237, the authentication module 238 and the on-the-fly encryption module 240 may be representative of hardware, firmware or a combination thereof. The operations of the installation module 237, the authentication module 238 and the on-the-fly encryption module 240 are described in more detail below (see System Operations section).
A graphics controller 204 controls the display of information on a display device 206, according to some embodiments of the invention. The computer system also includes a nonvolatile memory 232 and a read-only memory (ROM) 234 that are coupled to the ICH 224. The nonvolatile memory 232 may be Static Random Access Memory (SRAM), flash memory, etc. The ROM 234 may be Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), etc. Some embodiments of the nonvolatile memory 232 are illustrated in
The ICH 224 provides an interface to I/O devices or peripheral components for the computer system 200. The ICH 224 may comprise any suitable interface controller to provide for any suitable communication link to the processor(s) 202, the volatile memory 230 and/or to any suitable device or component in communication with the ICH 224. In some embodiments, the ICH 224 provides suitable arbitration and buffering for each interface.
For some embodiments of the invention, the ICH 224 provides an interface to a secondary storage 208 (which may be any type of nonvolatile data storage), such as a hard disk drive (HDD) or compact disc read only memory (CD ROM) drive, or to suitable universal serial bus (USB) devices through one or more USB ports. The secondary storage 208 may be read only, read/write, etc. In some embodiments, the data stored in the secondary storage 208 is encrypted. In some embodiments, access of such data may be performed using on-the-fly encryption. Accordingly, as part of the retrieval of data from the secondary storage 208, the data is decrypted. As part of the storage of data into the secondary storage 208, the data is encrypted. Therefore, individual files may be encrypted. Such encryption may be based on the same or separate encryption keys. For example, in some embodiments, each file may have an associated encryption key. Examples of the types of encryption may include different types of asymmetric key and symmetric key encryption. The data may be encrypted in accordance with different Data Encryption Standards (DES), the Rivest, Shaman and Adelman (RSA) algorithm, etc.
Moreover, in some embodiments, the entire secondary storage 208 and/or a partition therein may be encrypted. The encryption may be based on on-the-fly encryption operations. The encryption may be based on a number of different hashing operations (e.g., Secure Hashing Algorithm (SHA), RACE Integrity Primitives Message Digest (RIPEMD), etc.). Thus, individual files may be encrypted and the individual files as a group may be encrypted. Accordingly, the entire secondary storage 208 may be a single encrypted file until the secondary storage 208 is decrypted. Subsequently, the individual files may then be decrypted for access thereto.
For some embodiments, the ICH 224 also provides an interface different user input devices 212 (button panels, keyboard, etc.). For some embodiments, the ICH 224 also provides a network interface 220 though which the computer system 200 may communicate with other computers and/or devices.
In some embodiments, the computer system 200 may be employed as the gaming machine 110. In some embodiments, the computer system 200 includes a machine-readable medium that stores a set of instructions (e.g., software) embodying any one, or all, of the methodologies for on-the-fly encryption of data stored in a gaming machine described herein. Furthermore, software may reside, completely or at least partially, within memory unit 230 and/or within the processor(s) 202.
While
The gaming machine 300 can be operated while players are standing or seated. Additionally, the gaming machine 300 is preferably mounted on a stand (not shown). However, it should be appreciated that the gaming machine 300 can be constructed as a pub-style tabletop game (not shown), which a player can operate while sitting. The gaming machine 300 may also be in the form of a handheld device. For example, the gaming machine 300 may be part of a Personal Digital Assistant (PDA), cellular telephone, etc. Furthermore, the gaming machine 300 can be constructed with varying cabinet and display designs. The gaming machine 300 can incorporate any primary game such as slots, poker, or keno, and additional bonus round games. The symbols and indicia used on and in the gaming machine 300 can take mechanical, electrical, or video form.
As illustrated in
As shown in
A player may “cash out” by pressing a cash out button 318. When a player cashes out, the gaming machine 300 dispenses a voucher or currency corresponding to the number of remaining credits. The gaming machine 300 may employ other payout mechanisms such as credit slips (which are redeemable by a cashier) or electronically recordable cards (which track player credits), or electronic funds transfer.
The gaming machine also includes a primary display unit 304 and a secondary display unit 310 (also known as a “top box”). The gaming machine may also include an auxiliary video display 340. In one embodiment, the primary display unit 304 displays a plurality of video reels 320. According to embodiments of the invention, the display units 304 and 310 can include any visual representation or exhibition, including moving physical objects (e.g., mechanical reels and wheels), dynamic lighting, and video images. In one embodiment, each reel 320 includes a plurality of symbols such as bells, hearts, fruits, numbers, letters, bars or other images, which correspond to a theme associated with the gaming machine 300. Furthermore, as shown in
In some embodiments, the gaming machine 300 may include a data storage, including any type of nonvolatile memory (such as a hard drive), that is accessed using on-the-fly encryption operations. Accordingly, the data stored on the data storage is encrypted and is decrypted as part of the retrieval of data there from.
In some embodiments, a plurality of gaming machines can be connected to a plurality of download managers in a gaming network. Additionally, the gaming machines can conduct casino style wagering games based on the gaming content.
As described above, some embodiments include a nonvolatile memory 232 that may be used. Two different embodiments of the nonvolatile memory 232 are now described. A first embodiment and a second embodiment may be used in a gaming machine 110 wherein the data is preloaded and is not preloaded, respectively, on the secondary storage 208.
The game executable(s) 502 are the different games that may be executed on the gaming machine 110. The sound operating system 504 includes the instructions for control of common sounds used for the gaming machine 110 across a number of different game applications. The common sound banks 506 are the common audio data used for the gaming machine 110 and controlled by the sound operating system 504.
The on-the-fly encryption data 508 may include file encryption keys for the files stored on the secondary storage 208. In some embodiments, each file may have its own file encryption key. The manifest data 510 may include a file identification, a size of the file for each file stored on the secondary storage 208. Accordingly, each file on the secondary storage 208 is separately encrypted. The on-the-fly encryption operations may use such keys to encrypt and decrypt the files stored on the secondary storage 208. The digital signature 512 is a signature representative of the other data in the nonvolatile memory 500 so that such data may be verified.
The compressed files 601 may be compressed data that is decompressed and loaded onto the secondary storage 208. Accordingly, the data shown in
While
This section describes operations performed by embodiments of the invention. In certain embodiments, the operations are performed by instructions residing on machine-readable media (e.g., software), while in other embodiments, the methods are performed by hardware or other logic (e.g., digital logic).
In this section,
At block 702, the nonvolatile memory is initialized. In some embodiments, the authentication module 238 performs this initialization. This initialization may include verification that the nonvolatile memory 232 is accessible. The flow continues at block 704.
At block 704, a determination is made of whether the nonvolatile memory is verified. In some embodiments, the authentication module 238 may perform the verification. This verification may include may include authentication of the contents of the nonvolatile memory 232 based on the digital signature 512 that is appended thereto (as shown in
At block 706, a determination is made of whether the on-the-fly encryption data is verified. In some embodiments, the authentication module 238 may perform the verification. The authentication module 238 may verify that a particular on-the-fly encryption file exists and that such file includes a correct number of encryption keys. For example, in some embodiments, an on-the-fly encryption file may include a file encryption key for the files on the secondary storage 208. If the on-the-fly encryption data is not verified, the flow continues at block 720. Otherwise, the flow continues at block 708.
At block 708, a determination is made of whether the secondary storage is accessible. In some embodiments, the authentication module 238 may make the determination of whether the secondary storage 208 is accessible. For example, the authentication module 238 may perform a test read and/or test write to the secondary storage 208. If the secondary storage is not accessible, the flow continues at block 720. Otherwise, the flow continues at block 710.
At block 710, a file ‘X’ on the secondary storage is opened. In some embodiments, the authentication module 238 may open the file ‘X’ on the secondary storage 208. As further described below, the operations at blocks 710, 712, 714 and 716 may be performed for each file ‘X’ on the secondary storage 208. Accordingly, the authentication module 238 may traverse the files on the secondary storage 208 to perform such operations. In some embodiments, the data on the secondary storage 208 may be stored as a single file (known as an encrypted container file or a container). The authentication module 238 may open this single file using encryption key stored in the ROM 234 to allow access to the individual files ‘X’ on the secondary storage 208. As described above, the individual files ‘X’ may also be separately encrypted. In some embodiments, each file ‘X’ has its own encryption key that is stored in the on-the-fly encryption data 608 along with an identification of the associated file. Accordingly, the authentication module 238 may decrypt the file ‘X’ using the associated encryption key to open the file ‘X’. The flow continues at block 712.
At block 712, a determination is made of whether file ‘X’ exist. In some embodiments, the authentication module 238 may make this determination. After decryption of the file ‘X’, the authentication module 238 may determine whether a non-zero byte file ‘X’ exist as a result of the decryption. If the file ‘X’ does not exist, the flow continues at block 720. Otherwise, the flow continues at block 714.
At block 714, N % of the file ‘X’ is verified. In some embodiments, the authentication module 238 may perform this verification. N may be 100 or some lesser value. For example, the authentication module 238 may verify 5%, 10%, 25%, 75%, 90%, 100%, etc. of file ‘X’. This may be a configurable value. In some embodiments the N may be different for each file ‘X’ in the secondary storage 208. For example, for large files, a smaller percentage may be verified. The value of N may be stored in the manifest data 610 along with the associated identification of the file. The authentication module 238 may verify based on a digital signature of the file ‘X’. The digital signature of the file ‘X’ may also be stored in the manifest data 610 along with the associated identification of the file. Accordingly, the authentication module 238 may compute a digital signature of N % of the file ‘X’. The authentication module 238 may verify the file ‘X’ based on a comparison this computed digital signature to the stored digital signature. If the two digital signatures are equal, the file ‘X’ may be considered verified. Therefore, as described, less than all of a given file ‘X’ may be verified prior to the gaming machine 110 becoming operational. This may enable the gaming machine 110 to become operational faster in comparison to operations wherein 100% of each file ‘X’ is verified. As further described below, in some embodiments, prior to actual usage of a given file ‘X’, 100% of the file may be verified. If the file ‘X’ is not verified, the flow continues at block 720. Otherwise, the flow continues at block 718.
At block 718, a determination is made of whether the last file ‘X’ has been authenticated. In some embodiments, the authentication module 238 may make this determination. In particular, the authentication module 238 may determine if the operations at blocks 710-714 have been performed for all of the files ‘X’ on the secondary storage 208. If the last file ‘X’ on the secondary storage 208 has not been authenticated, the flow continues at block 710 (where another file ‘X’ is opened for authentication). Otherwise, the flow continues at the ‘continue’ block. The ‘continue’ block may represent the next operations to be executed to have the gaming machine operational, may represent that the gaming machine is now operational, etc. Accordingly, the flow diagram 700 is complete.
At block 720, the gaming machine is moved to an inoperative state. In some embodiments, the authentication module 238 may move the gaming machine to an inoperative state. In other words, the gaming machine is moved to an out-of-service state. Accordingly, the gaming machine cannot be played. In some embodiments, a gaming machine operator is required to move the gaming machine 110 back in service. For example, the gaming machine operator may be required to physically visit the gaming machine to ensure that there is no tampering, etc. The flow diagram 700 is complete.
In some embodiments, data may be first installed on the secondary storage prior to authentication. Installation of the data on the secondary storage is now described. In particular,
At block 802, the nonvolatile memory is initialized. In some embodiments, the installation module 237 performs this initialization. This initialization may include verification that the nonvolatile memory 232 is accessible. The flow continues at block 804.
At block 804, a determination is made of whether the nonvolatile memory is verified. In some embodiments, the installation module 237 may perform the verification. This verification may include may include authentication of the contents of the nonvolatile memory 232 based on the digital signature 512 that is appended thereto (as shown in
At block 806, the secondary storage is mounted. In some embodiments, the installation module 237 may mount the secondary storage 208. The installation module 237 may mount the secondary storage 208 so that the secondary storage 208 is both readable and writable. The flow continues at block 808.
At block 808, the mount of the secondary storage is verified. In some embodiments, the installation module 237 may verify whether the secondary storage 208 was successfully mounted. If the mount operation was not verified, the flow continues at block 824. Otherwise, the flow continues at block 810.
At block 810, the secondary storage is formatted and partitioned. In some embodiments, the installation module 237 may format and partition the secondary storage 208. Examples of the partitions of the secondary storage 208 are illustrated in
At block 812, the compressed files are verified. In some embodiments, the installation module 237 may verify the compressed files 601. In some embodiments, the compressed files 601 may include a digital signature appended thereto. Accordingly, the installation module 237 may verify the compressed files 601 based on the digital signature. Alternatively or in addition, the installation module 237 may verify that the compressed files are of a certain number, size, etc. The installation module 237 may also verify the dates of creation of the compressed files 601. If the compressed files are not verified, the flow continues at block 824. Otherwise, the flow continues at block 814.
At block 814, a determination is made of whether the on-the-fly encryption data is verified. In some embodiments, the installation module 237 may perform the verification. The installation module 237 may verify that a particular on-the-fly encryption file exists and that such file includes a correct number of encryption keys. For example, in some embodiments, an on-the-fly encryption file may include file encryption keys for the files stored on the secondary storage 208. In some embodiments, the on-the-fly encryption data 608 may include a digital signature appended thereto. Accordingly, the installation module 237 may verify the on-the-fly encryption data 608 based on the digital signature. While block 812 and block 814 described the verification of the compressed file and the on-the-fly encryption data as two separate operations, in some embodiments, the compressed file and the on-the-fly encryption data may be verified together based on the digital signature 612. In particular, the installation module 237 may generate a digital signature for the data stored in the nonvolatile memory 600 and compare the digital signature to the digital signature 612. If the on-the-fly encryption data is not verified, the flow continues at block 824. Otherwise, the flow continues at block 816.
At block 816, file ‘X’ is decompressed to the secondary storage. In some embodiments, the installation module 237 may decompress file ‘X’ of the compressed files 601 for installation into the secondary storage 208. The manifest data 610 (shown in
An encryption key may be appended to file ‘X’. Accordingly, the installation module 237 may encrypt and store file ‘X’ onto the secondary storage 208 using this encryption key. An identification of each file ‘X’ of the compressed files 601 may be stored in the on-the-fly encryption data 608 along with an associated encryption key. The installation module 237 may encrypt the file ‘X’ using its associated encryption key and store the encrypted file ‘X’ on the secondary storage 208. The flow continues at block 818.
At block 818, N % of the file ‘X’ is verified. In some embodiments, the installation module 237 may perform this verification. N may be 100 or some lesser value. For example, the installation module 237 may verify 5%, 10%, 25%, 75%, 90%, 100%, etc. of file ‘X’. This may be a configurable value. In some embodiments the N may be different for each file ‘X’ in the secondary storage 208. For example, for large files, a smaller percentage may be verified. The installation module 237 may verify based on a digital signature of the file ‘X’. Accordingly, the installation module 237 may compute a digital signature of N % of the file ‘X’. The installation module 237 may verify the file ‘X’ based on a comparison this computed digital signature to the stored digital signature. If the two digital signatures are equal, the file ‘X’ may be considered verified. If the file ‘X’ is not verified, the flow continues at block 824. Otherwise, the flow continues at block 820.
At block 820, a determination is made of whether the last file ‘X’ has been authenticated. In some embodiments, the installation module 237 may make this determination. If the last file ‘X’ of the compressed files 601 has not been authenticated, the flow continues at block 816 (where another file ‘X’ is decompressed). Otherwise, the flow continues at the ‘continue’ block. The ‘continue’ block may represent the next operations to be executed to have the gaming machine operational, may represent that the gaming machine is now operational, etc. Accordingly, the flow diagram 800 is complete.
At block 824, the gaming machine is moved to an inoperative state. In some embodiments, the installation module 237 may move the gaming machine to an inoperative state. In other words, the gaming machine is moved to an out-of-service state. Accordingly, the gaming machine cannot be played. In some embodiments, a gaming machine operator is required to move the gaming machine 110 back in service. For example, the gaming machine operator may be required to physically visit the gaming machine to ensure that there is no tampering, etc. The flow diagram 800 is complete.
Subsequent to the possibly installation and authentication of the data on the secondary storage of the gaming machine 110, the gaming machine 110 may become operational. As described above, in some embodiments, the data stored in the secondary storage of the gaming machine 110 may be encrypted. The operations of accessing such data (including reading and writing) from the secondary storage are now described. In particular,
At block 902, a determination is made of whether the secondary storage is accessible. In some embodiments, the authentication module 238 may make the determination of whether the secondary storage 208 is accessible. For example, the authentication module 238 may perform a test read and/or test write to the secondary storage 208. If the secondary storage is not accessible, the flow continues at block 912 (wherein the gaming machine is moved to an inoperative state, as described below). Otherwise, the flow continues at block 904.
At block 904, partition ‘M’ is opened. In some embodiments, the on-the-fly encryption module 240 may open partition ‘M’. As described above, the secondary storage 208 may be separated into one or more partitions for storage of data. Therefore, the on-the-fly encryption module 240 may determine which partition ‘M’ that the data is stored. For example, with reference to
At block 906, a determination is made of whether partition ‘M’ is verified. In some embodiments, the on-the-fly encryption module 240 may make this determination. The on-the-fly encryption module 240 may verify based on whether the partition ‘M’ is accessible from the secondary storage 208. In particular, the on-the-fly encryption module 240 may determine whether a read or write operation may be performed in the partition ‘M’. If the partition ‘M’ is not verified, the flow continues at block 912. Otherwise, the flow continues at block 908.
At block 908, a file ‘Z’ is opened. In some embodiments, the on-the-fly encryption module 240 may open the file ‘Z’. This may be for a request to read from or write to the file ‘Z’. As part of the opening of the file ‘Z’, the on-the-fly encryption module 240 may decrypt the file using the associated encryption key that is stored in the on-the-fly encryption data 508/608. The flow continues at block 910.
At block 910, a determination is made of whether file ‘Z’ is verified. In some embodiments, the on-the-fly encryption module 240 may make this determination. The verification may include whether the file may be located on the secondary storage 208. Moreover, as described above, the manifest data 510/610 may store a size of each file stored on the secondary storage 208. Accordingly, the on-the-fly encryption module 240 may verify that the size of the file ‘Z’ on the secondary storage 208 is the same as the size stored that the manifest data 510/610. If the file ‘Z’ is not verified, the flow continues at block 912. Otherwise, the flow continues at the ‘continue’ block. The ‘continue’ block may represent the next operations to be executed after opening the file ‘Z’. Such operations may include a write or read operation by an application executing on the processors 202. Accordingly, the flow diagram 900 is complete.
At block 912, the gaming machine is moved to an inoperative state. In some embodiments, the on-the-fly encryption module 240 may move the gaming machine to an inoperative state. Accordingly, the gaming machine cannot be played. In some embodiments, a gaming machine operator is required to move the gaming machine 110 back in service. For example, the gaming machine operator may be required to physically visit the gaming machine to ensure that there is no tampering, etc. The flow diagram 900 is complete.
In this description, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known circuits, structures and techniques have not been shown in detail in order not to obscure the understanding of this description. Note that in this description, references to “one embodiment” or “an embodiment” mean that the feature being referred to is included in at least one embodiment of the invention. Further, separate references to “one embodiment” in this description do not necessarily refer to the same embodiment; however, neither are such embodiments mutually exclusive, unless so stated and except as will be readily apparent to those of ordinary skill in the art. Thus, the present invention can include any variety of combinations and/or integrations of the embodiments described herein. Each claim, as may be amended, constitutes an embodiment of the invention, incorporated by reference into the detailed description. Moreover, in this description, the phrase “exemplary embodiment” means that the embodiment being referred to serves as an example or illustration.
Herein, block diagrams illustrate exemplary embodiments of the invention. Also herein, flow diagrams illustrate operations of the exemplary embodiments of the invention. The operations of the flow diagrams are described with reference to the exemplary embodiments shown in the block diagrams. However, it should be understood that the operations of the flow diagrams could be performed by embodiments of the invention other than those discussed with reference to the block diagrams, and embodiments discussed with references to the block diagrams could perform operations different than those discussed with reference to the flow diagrams. Additionally, some embodiments may not perform all the operations shown in a flow diagram. Moreover, it should be understood that although the flow diagrams depict serial operations, certain embodiments could perform certain of those operations in parallel.
This application is a U.S. National Stage Filing under 35 U.S.C. 371 from International Patent Application Serial No. PCT/US2006/031756, filed Aug. 15, 2006, and published on Mar. 8, 2007 as WO 2007/027427 A2, and republished as WO 2007/027427 A3, which claims the priority benefit of U.S. Provisional Application Ser. No. 60/712,321, filed Aug. 29, 2005, the contents of which are incorporated herein by reference.
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/US2006/031756 | 8/15/2006 | WO | 00 | 8/26/2008 |
Publishing Document | Publishing Date | Country | Kind |
---|---|---|---|
WO2007/027427 | 3/8/2007 | WO | A |
Number | Name | Date | Kind |
---|---|---|---|
4072930 | Lucero | Feb 1978 | A |
4405829 | Rivest et al. | Sep 1983 | A |
4607844 | Fullerton | Aug 1986 | A |
4727544 | Brunner et al. | Feb 1988 | A |
5155768 | Matsuhara | Oct 1992 | A |
5231668 | Kravitz | Jul 1993 | A |
5326104 | Pease | Jul 1994 | A |
5643086 | Alcorn et al. | Jul 1997 | A |
5644704 | Pease et al. | Jul 1997 | A |
5668945 | Ohba | Sep 1997 | A |
5707286 | Carlson | Jan 1998 | A |
5737418 | Saffari | Apr 1998 | A |
5768382 | Schneier et al. | Jun 1998 | A |
5871398 | Schneier | Feb 1999 | A |
5970143 | Schneier et al. | Oct 1999 | A |
5971851 | Pascal | Oct 1999 | A |
6071190 | Weiss et al. | Jun 2000 | A |
6099408 | Schneier et al. | Aug 2000 | A |
6106396 | Alcorn et al. | Aug 2000 | A |
6108583 | Schneck et al. | Aug 2000 | A |
6149522 | Alcorn et al. | Nov 2000 | A |
6203427 | Walker et al. | Mar 2001 | B1 |
6264557 | Schneier et al. | Jul 2001 | B1 |
6364769 | Weiss et al. | Apr 2002 | B1 |
6402614 | Schneier | Jun 2002 | B1 |
6409602 | Wiltshire et al. | Jun 2002 | B1 |
6450885 | Schneier et al. | Sep 2002 | B2 |
6488581 | Stockdale | Dec 2002 | B1 |
6527638 | Walker et al. | Mar 2003 | B1 |
6565443 | Johnson et al. | May 2003 | B1 |
6595856 | Ginsburg et al. | Jul 2003 | B1 |
6607439 | Schneier | Aug 2003 | B2 |
6620047 | Alcorn et al. | Sep 2003 | B1 |
6629184 | Berg | Sep 2003 | B1 |
6645077 | Rowe | Nov 2003 | B2 |
6675152 | Prasad | Jan 2004 | B1 |
6685567 | Cockerille et al. | Feb 2004 | B2 |
6702672 | Angell et al. | Mar 2004 | B1 |
6722986 | Lyons et al. | Apr 2004 | B1 |
6823419 | Berg | Nov 2004 | B2 |
6875109 | Stockdale | Apr 2005 | B2 |
6918831 | Nguyen | Jul 2005 | B2 |
6926605 | Nguyen | Aug 2005 | B2 |
6935952 | Walker | Aug 2005 | B2 |
6942570 | Schneier | Sep 2005 | B2 |
6962530 | Jackson | Nov 2005 | B2 |
6964611 | Packes, Jr. | Nov 2005 | B2 |
6968787 | Heidel et al. | Nov 2005 | B2 |
7008318 | Schneier | Mar 2006 | B2 |
7043641 | Martinek | May 2006 | B1 |
7062470 | Prasad | Jun 2006 | B2 |
7063615 | Alcorn | Jun 2006 | B2 |
RE39368 | Alcorn | Oct 2006 | E |
RE39369 | Alcorn | Oct 2006 | E |
RE39370 | Alcorn | Oct 2006 | E |
7116782 | Jackson et al. | Oct 2006 | B2 |
7125017 | LaPorte | Oct 2006 | B2 |
RE39400 | Alcorn | Nov 2006 | E |
RE39401 | Alcorn | Nov 2006 | E |
7137893 | Canterbury | Nov 2006 | B2 |
7162036 | Rowe | Jan 2007 | B2 |
7177428 | Gordon | Feb 2007 | B2 |
7179170 | Martinek et al. | Feb 2007 | B2 |
7490352 | Kramer et al. | Feb 2009 | B2 |
7491122 | Ryan | Feb 2009 | B2 |
7496200 | Multerer et al. | Feb 2009 | B2 |
7549922 | Falvey et al. | Jun 2009 | B2 |
7570781 | Rhoads et al. | Aug 2009 | B2 |
7600108 | Gentles | Oct 2009 | B2 |
20020049909 | Jackson et al. | Apr 2002 | A1 |
20020133707 | Newcombe | Sep 2002 | A1 |
20020194209 | Bolosky et al. | Dec 2002 | A1 |
20030008704 | Gauselmann | Jan 2003 | A1 |
20030014639 | Jackson et al. | Jan 2003 | A1 |
20030028779 | Rowe | Feb 2003 | A1 |
20030195033 | Gazdic et al. | Oct 2003 | A1 |
20030203755 | Jackson | Oct 2003 | A1 |
20030203756 | Jackson | Oct 2003 | A1 |
20040002381 | Alcorn | Jan 2004 | A1 |
20040038740 | Muir | Feb 2004 | A1 |
20040043820 | Schlottmann | Mar 2004 | A1 |
20040127277 | Walker et al. | Jul 2004 | A1 |
20040177257 | Fujinawa et al. | Sep 2004 | A1 |
20040198494 | Nguyen et al. | Oct 2004 | A1 |
20040243848 | Blackburn et al. | Dec 2004 | A1 |
20040248646 | Canterbury | Dec 2004 | A1 |
20040259633 | Gentles et al. | Dec 2004 | A1 |
20040259643 | Gentles | Dec 2004 | A1 |
20050009599 | Ryan | Jan 2005 | A1 |
20050020356 | Cannon | Jan 2005 | A1 |
20050138378 | Pourzandi et al. | Jun 2005 | A1 |
20050143171 | Loose | Jun 2005 | A1 |
20050227769 | Morrow et al. | Oct 2005 | A1 |
20060035703 | Nguyen | Feb 2006 | A1 |
20060035708 | Nguyen | Feb 2006 | A1 |
20060161761 | Schwartz et al. | Jul 2006 | A1 |
20060211490 | Falvey | Sep 2006 | A1 |
20060211491 | Falvey | Sep 2006 | A1 |
20060240888 | Tanimura | Oct 2006 | A1 |
20060247004 | Tanimura | Nov 2006 | A1 |
20060247005 | Tanimura | Nov 2006 | A1 |
20060247020 | Fujimori | Nov 2006 | A1 |
20070021194 | Aida | Jan 2007 | A1 |
20070021195 | Campbell et al. | Jan 2007 | A1 |
20070026942 | Kinsley et al. | Feb 2007 | A1 |
20070220500 | Saunier | Sep 2007 | A1 |
Number | Date | Country |
---|---|---|
1427494 | Jun 2004 | EP |
1703478 | Sep 2006 | EP |
2121569 | Dec 1983 | GB |
WO-9965579 | Dec 1999 | WO |
WO-0033196 | Jun 2000 | WO |
WO-2005029272 | Mar 2005 | WO |
WO-2005098767 | Oct 2005 | WO |
WO-2006099234 | Sep 2006 | WO |
Entry |
---|
“International Search Report for Application No. PCT/US2006/31756, date mailed May 10, 2007”, 4 pgs. |
..“Written Opinion of the International Searching Authority for Application No. PCT/US2006/31756, date mailed May 10, 2007”, 7 pgs. |
Number | Date | Country | |
---|---|---|---|
20090220078 A1 | Sep 2009 | US |
Number | Date | Country | |
---|---|---|---|
60712321 | Aug 2005 | US |