The accompanying drawings, which are incorporated into and constitute a part of this specification, illustrate one or more embodiments and, together with the detailed description, serve to explain the principles and implementations of the invention.
In the drawings:
Embodiments are described herein in the context of a quantum gaming system. Those of ordinary skill in the art will realize that the following detailed description is illustrative only and is not intended to be in any way limiting. Other embodiments will readily suggest themselves to such skilled persons having the benefit of this disclosure. Reference will now be made in detail to implementations as illustrated in the accompanying drawings. The same reference indicators will be used throughout the drawings and the following detailed description to refer to the same or like parts.
In the interest of clarity, not all of the routine features of the implementations described herein are shown and described. It will, of course, be appreciated that in the development of any such actual implementation, numerous implementation-specific decisions must be made in order to achieve the developer's specific goals, such as compliance with application- and business-related constraints, and that these specific goals will vary from one implementation to another and from one developer to another. Moreover, it will be appreciated that such a development effort might be complex and time-consuming, but would nevertheless be a routine undertaking of engineering for those of ordinary skill in the art having the benefit of this disclosure.
The invention utilizes a true random number generator using quantum mechanics to generate random numbers for use in a gaming machine. The gaming machine may be any type of gaming machine, including mechanical slot games, video slot games, video poker, video black jack, keno, bingo, video pachinko and lottery. The gaming machine may be operable to provide a play of many different instances of games of chance. The instances may be differentiated according to themes, sounds, graphics, type of game (e.g., slot game vs. card game), denomination, number of pay lines, maximum jackpot, progressive or non-progressive, bonus games, etc. For example, in a progressive bonus system that has a centralized bonus system, the random numbers may be used to determine the winners of the rewards, size of the reward (may be monetary amount), the specific kind of reward (monetary, services, etc.), and the frequency the rewards are given based upon the bonus budget. Thus, the gaming machine may also be a system-wide bonus scheme. Those of skill in the art will understand that the present invention, as described below, can be deployed on most any gaming machine now available or hereafter developed. An example of a true random number generator is discussed in detail in U.S. Pat. No. 6,249,009, filed Jun. 16, 1997, entitled “Random Number Generator” and will not be discussed herein to prevent obfuscation of the present invention.
However, as a brief description of a true random number generator and not intended to be limiting, the generator may be a quantum mechanical device using the wave particle duality of the quantum particle and its uncertainty principle to generate the true random numbers. The true random number generator may generate the sequence of random numbers by detecting photons from the double slit experiment to resolve the question of whether the light is consisted of wave or particle. The photons, attenuated through a neutral density filter from a laser, are sent through the double slits and hit one of two detectors. The two detectors each cover 50% of the area where the photon is reached after the double slits. The stream of photons, of which each photon is separated by a certain distance, produces the plurality of true random numbers either as a “1” or “0”. The true random number generator registers a “1” when the photon hits one detector and a “0” when the photon hits the other detector. An individual photon is seen as passing through both slits at once, interfering with itself, and localizing either of the two detectors with a 50/50 probability.
The true random number generator described in U.S. Pat. No. 6,249,009 utilizes quantum mechanics having a laser, neutral density filter, and a single photomultiplier tube that detects photons. Other embodiments of a true random number generator may have a laser, neutral density filter, beam splitter, and two photomultiplier tubes that each detects a single photon from the beam splitter.
As described above, the true random number generator 108 may comprise a laser, neutral density filter, and one photomultiplier tube to detect the photons. The random number generator 108 may be coupled to the processor 110 through the core chipset 102 at the south bridge 106. The true random number generator 108 may generate 500 kilobits of true random numbers per second. A random-access memory (RAM) 112 may be coupled to the processor 110 through the core chipset 102 at the north bridge 104 to store and process the true random numbers generated by the true random number generator 108. The true random true numbers may be stored in the RAM 112 and processed by the processor 110. Processing the true random numbers may entail verifying the hardware integrity of the random number generator 108, remove biases, testing the randomness, approving, digitally signing, digitally verifying, encrypting, decrypting, and/or auditing the random numbers, as will be discussed in detail below. Once processed, the random numbers may be stored in the RAM 112.
The device 100 may also have a random number storage device 114 coupled to the processor 110 through the core chipset 102 at the south bridge 106. The random number storage device 114, instead of the RAM 112, may be used to store the true random numbers. The random number storage device 114 may be a mass storage device, such as a hard disk drive or flash drive, used in a general purpose computer that typically allows code and data to be read from and written to the mass storage device. However, in a gaming machine environment, modification of the gaming code stored on a mass storage device is strictly controlled and would only be allowed under specific maintenance type events with electronic and physical enablers required. Though this level of security could be provided by software, gaming computers that include mass storage devices preferably include hardware level mass storage data protection circuitry that operates at the circuit level to monitor attempts to modify data on the mass storage device and will generate both software and hardware error triggers should a data modification be attempted without the proper electronic and physical enablers being present.
A video controller or display adapter 116, such as a graphics or video card, may be coupled to a display 120 and the processor 110 through the core chipset 102 at the north bridge 104. The display adapter 116 may allow messages from the processor 110 to be displayed on the display 120. In one embodiment, the display adapter 116 may be integrated within the north bridge 104. The display 120 may be any type of display, for example, a liquid crystal display (LCD), fluorescent display, cathode ray tube (CRT) screen, and the like. This allows the device to display internal errors or successes originating from the device's own hardware and/or software. For example, if the true random number generator 108 fails, an error message informing the user of the failure will be displayed. Additionally, if an action was successful, such as the validation of a sequence of random numbers against a claimed jackpot, a “validation success” message may be displayed on the display 120. Other information such as the date and time the random numbers were generated and/or transmitted, the unique identification of the remote gaming device that the true random numbers were transmitted to, and any other information may also be displayed.
It will now be known that the true random number generating device 100 need not have a display 120 and/or display adaptor 116. Rather, in another embodiment, the true random number generating device 100 may display messages on a remote gaming server, such as the remote gaming server display (see,
As discussed above, to communicate with the remote gaming server, an I/O interface 122 may be used. The I/O interface 122 may also be coupled to the processor 110 through the core chipset 102 at the south bridge 106 to receive requests and transmit data to a remote gaming device. The I/O interface 122 may be any type of interface such as a wireless transceiver, universal serial bus (USB), peripheral component interconnect (PCI), network card, data bus, or any other type of interface that allows the true random number generating device 100 to communicate with the remote gaming server. The remote gaming server may be, but is not limited to, a personal computer, slot machine, remote gaming device, portable gaming device such as but not limited to a cell phone, a personal digital assistant, and a wireless game player, or any other gaming machine. The I/O interface 122 may also connect to other I/O devices such as a keyboard, set of buttons, or a mouse to allow a player to play a game of chance on a gaming machine.
The device may also have a read only memory (ROM) such as an electrically erasable programmable read-only memory 118 (EEPROM) to store an operating system and at least one software program to run a game of chance and/or process the random numbers. The operating system and software are typically stored in a non-volatile read/write mass storage device; however, use of an EEPROM 118 ensures the integrity of the device 100. The EEPROM 118 ensures the integrity of the device by allowing a user to easily verify that the contents of the device are authentic if tampering of the device is suspected. For example, the software in the EEPROM 118 may ensure the integrity of the data in the random number storage 114 by allowing only authorized software processes with valid digital signatures to read, write, modify, and delete data in the random number storage 114. If tampering of software in the EEPROM 118 is suspected, the user may simply remove the EEPROM 118 from the device 100 and verify the contents. Thus, since the device 100 is secured in an enclosure, as further discussed below, tampering may be visible only if, for example, the tamperproof tape is compromised.
A read-only basic input output system 124 (BIOS) may be used to perform a self test on all the hardware/software in the device once it is powered on. Should a component fail the self test, a message may be displayed on the display 120 to inform the user of the failure.
It will now be known that the operating system and/or software program may be stored on any other component. For example, when the device 100 is powered on, before executing any software, the EEPROM 118 may contain software that verifies the digital signature of the software programs, including the operating system, which may then be stored in a mass storage device. In another embodiment, the BIOS 124 may be used to store the operating system and software programs.
A voltage current regulator 126 may be coupled to the true random number generator 108 and the processor 110 through the core chipset 102 to maintain and monitor the power supplied to the true random number generator 108. This ensures the integrity of the true random number generator 108. Too much power supplied to the laser in the true random number generator 108 may result in the over-saturation of the photon detector with too many photons. Too little power produces less photons, which may result in the continuous non-detection of the photon after the attenuation. Thus, the power to the laser should remain constant within an acceptable range to prevent an unexpected performance loss of the random number generator 108. For example, if a 1 mW He—Ne laser is used to produce the random numbers with the neutral density filter that results in the mean distance of 2 km between the photons, the photomultiplier tube should detect an average of 5 photons per every 1/30 second. This is 1 photon per 1/150 seconds, and the random number generator 108 may produce one bit of either ‘1’ or ‘0’ per 1/300 second. However, if the photomultiplier tube can detect 1 photon per 1/300, but can not detect the photon per 1/600, then the power to the laser should not exceed 2 mW. Performance of the true random number generator 108 may be measured by the rate of true random numbers generated that pass the statistical randomness testing.
Gaming machines are highly regulated to ensure fairness and, in many cases, gaming machines are operable to dispense monetary awards of multiple millions of dollars. Therefore, to satisfy security and regulatory requirements in a gaming environment, gaming machines need to be built securely. Since the random numbers generated from the device 100 are used to generate a game of chance played on a gaming machine, security is necessary to prevent a loss of funds from the gaming machine, such as stolen cash or loss of revenue when the gaming machine is not operating properly. As such, the device 100 and components must be enclosed within a secure enclosure and may be secured by one or more doors, locks, sensors, evidence tape, and combinations thereof to prevent tampering of the device. The locks, doors, etc. may be monitored by the processor 110 using sensor devices including electric switches. Further, additional security may be implemented such as using electronic keys or covers with mechanical locks to prevent access. Furthermore, the components in the device may be locked down to prevent the disconnection of a component and ensure additional security.
To enable third party validation of authenticity and/or security in the true random number generator device, the device may generate a certificate request to a certificate authority, such as the Nevada Gaming Commission. The certificate request may contain the device's unique identification information and its public key. Once an authorized certificate is received, the encryption keys (i.e. private key) formed from the same plurality of random numbers at 302 is used to digitally sign any sequence of random numbers distributed outside the device for authenticity.
The regulatory authority may also require periodic and/or constant testing of the generated random numbers to verify if the plurality of random numbers, or binary sequence of random bits, meets the minimum statistical randomness requirements. A battery of approved statistical testing procedures, such as Linear Complexity Test, discrete Fourier transform test, Lempel Ziv complexity test, and the like may be required to test for non-randomness. To ensure the integrity of the true random number generator device, the power to the laser in the true random number generator must be maintained and monitored. Too much power supplied to the laser in the true random number generator 108 may result in the over-saturation of the photon detector with too many photons. Too little power produces less photons, which may result in the continuous non-detection of the photon after the attenuation. Thus, the power to the laser should remain constant within an acceptable range to prevent an unexpected performance loss of the random number generator 108. For example, if a 1 mW He—Ne laser is used to produce the random numbers with the neutral density filter that results in the mean distance of 2 km between the photons, the photomultiplier tube should detect an average of 5 photons per every 1/30 second. This is 1 photon per 1/150 seconds, and the random number generator 108 may produce one bit of either ‘1’ or ‘0’ per 1/300 second. However, if the photomultiplier tube can detect 1 photon per 1/300, but can not detect the photon per 1/600, then the power to the laser should not exceed 2 mW. Performance may be measured by the rate of random numbers generated that pass the statistical randomness testing.
A request from a remote gaming server for a set of random numbers may be received at 304. The request may be received via an I/O interface such as a wireless transceiver, USB, PCI, network card, data bus, or any other type of interface that allows the true random number generating device to communicate with the remote gaming server. The remote gaming server may be, but is not limited to, a personal computer, slot machine, remote gaming device, portable gaming device such as but not limited to a cell phone, a personal digital assistant, and a wireless game player, or any other gaming machine.
The set of random numbers may be retrieved from a random number storage at 306. The random number storage may be stored in a mass storage device such as a hard disk drive or a flash drive or in a RAM. Mass storage devices used in a general purpose computer typically allow code and data to be read from and written to the mass storage device. However, in a gaming machine environment, modification of the gaming code stored on a mass storage device is strictly controlled and would only be allowed under specific maintenance type events with electronic and physical enablers required. Though this level of security could be provided by software, gaming computers that include mass storage devices preferably include hardware level mass storage data protection circuitry that operates at the circuit level to monitor attempts to modify data on the mass storage device and will generate both software and hardware error triggers should a data modification be attempted without the proper electronic and physical enablers being present.
The retrieved set of random numbers may then be transmitted, digitally signed and encrypted with its encryption key, at 308, to the remote gaming server. Simultaneously, a copy of the transmitted set of random numbers may be saved in a memory at 310 along with any other information such as the date and time the random numbers were generated and/or transmitted, the recipient's unique identification information, and the like. The memory may be the same as or a different memory from the random number storage.
Once the remote gaming server receives the set of random numbers, the data may be decrypted using its own private key, shared symmetric key, or both. The remote gaming server may validate the received digital signature using the public key within the valid certificate to the device. The set of random numbers may then be used to generate a game of chance to be played on the gaming machine.
Should a large win occur on a gaming machine (or if the user merely wants to validate the set of random numbers), whether it be progressive or non-progressive games, bonus games, etc., for security reasons, the set of used random numbers may be audited and validated to ensure the win is legitimate and not tampered with. The set of random numbers containing the winning numbers in the gaming machine may be audited and validated as originating from an approved true random number generating device operated by the Casino. The device may receive a request to validate or audit the set of random numbers at 312. The request may include the set of random numbers to be audited and validated. The request may be authenticated by any known means. For example, the true random number generator device may verify the request by validating the digital signature of the request using the public key of the requesting machine's valid certificate.
After the request is validated at 314, the device may verify the authenticity of the random numbers as originating from the device at 316. The random numbers may be authenticated by either verifying the digital signature of the random number using its own public key and/or verifying if the matching saved copy of the random numbers exits in the memory. If the numbers match at 318, a successful validation reply may be sent to the remote gaming server at 320 and displayed on the display. Otherwise, an unsuccessful validation reply may be sent to the remote gaming server at 322 and displayed on the display.
To enhance the randomness within the plurality of random numbers produced by the true random number generating device, a procedure to remove bias within the plurality of random numbers may be applied. The plurality of random bits may be paired at 402. For exemplary purposes only and not intended to be limiting, a bit pair of (1,0) may be assigned a number 1 and a bit pair of (0,1) may be assigned a number 0. Any common numbered bit pairs are removed at 404. Thus, bit pairs of (1,1) or (0,0) are deleted. This ensures that the probability of the number 1 or 0 is unbiased with a 50% chance of occurrence for each number. Those of ordinary skill will now realize that other procedures for removing bias may also be used.
The remaining un-biased paired bits are separated into sets of random numbers of length N at 406, where N is an integer. The separation provides for ease in testing the random numbers for non-randomness at 408 because statistical testing can be performed meaningfully only with a finite sequence of random numbers. Doing a statistical test on an infinite sequence of random numbers will not produce any meaningful result and the test would take an infinite amount of time.
Gaming regulatory authorities may require periodic and/or constant testing of the random numbers to verify if the plurality of random numbers meets the minimum statistical randomness requirements. A battery of approved statistical testing procedures, such as Linear, Complexity Test, discrete Fourier transform test, Lempel Ziv complexity test, and the like may be required. If the set of random numbers do not pass the statistical test at 410, the set of random numbers are deleted and the steps are repeated from 400. In another embodiment, bits from different sets of random numbers may be added, subtracted, divided, or multiplied, and/or bits of the original set of random numbers may be re-arranged according to an algorithm to produce a set of random numbers that meet the statistical randomness testing without deleting the original set of random numbers.
If the set of random numbers pass the statistical testing at 410, the set of random numbers are stored in a random number storage at 412 to be transmitted to a remote gaming server at a later time. The random number storage may be a RAM or mass storage device as described above. If the random number storage is full (i.e. due to hardware limitation), older sets of random numbers may be deleted and the recent sets of random numbers may then be stored.
A set of digitally signed and encrypted random numbers may be transmitted when requested by a remote gaming server. The random number generating device may digitally sign and encrypt the transmitted set of random numbers in the processor before transmission through the I/O interface. The remote gaming server may then decrypt the set of random numbers with its own private key and/or shared symmetric key, and authenticate the random numbers by validating the digital signature signed by the random number generating device. Once decrypted and authenticated, the set of random numbers may be used to generate a game of chance played on the gaming machine.
Although illustrated in
The invention may be implemented by software, but can also be implemented in hardware or a combination of hardware and software. Each element or step may be implemented in hardware, software, or a combination thereof. The invention can also be embodied as computer readable code on a computer readable medium. The computer readable medium is any data storage device that can store data, which can thereafter be read by a computer system. Examples of the computer readable medium include read-only memory, random-access memory, CD-ROMs, DVDs, magnetic tape, optical data storage devices, and carrier waves. The computer readable medium can also be distributed over network-coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
The examples described herein are alternative methods for generating a plurality of true random numbers in a gaming machine. The examples are for exemplary purposes only and not intended to be limiting.
The example will be described with reference to
To ensure the integrity of the true random number generator, the voltage and current to the laser in the true random number generator may be verified at 600. Too much power supplied to the laser in the true random number generator may result in the over-saturation of the photon detector with too many photons. Too little power produces less photons, which may result in the continuous non-detection of the photon after the attenuation. Thus, the power to the laser should remain constant within an acceptable range to prevent an unexpected performance loss of the random number generator. For example, if a 1 mW He—Ne laser is used to produce the random numbers with the neutral density filter that results in the mean distance of 2 km between the photons, the photomultiplier tube should detect an average of 5 photons per every 1/30 second. This is 1 photon per 1/150 seconds, and the random number generator 108 may produce one bit of either ‘1’ or ‘0’ per 1/300 second. However, if the photomultiplier tube can detect 1 photon per 1/300, but can not detect the photon per 1/600, then the power to the laser should not exceed 2 mW. Performance may be measured by the rate of random numbers generated that pass the statistical randomness testing.
Once the power to the laser is verified, a plurality of random numbers may be generated from the true random number generator at 602. To enhance the randomness within the plurality of random numbers produced by the true random number generator device, a procedure to remove the constant bias within the plurality of random numbers should be applied. The plurality of random numbers may be paired at 606. Any common numbered pairs are removed at 608. Thus, pairs of (1,1) or (0,0) are deleted. For exemplary purposes only and not intended to be limiting, a random number pair of (1,0) may be assigned a number 1 and a pair of (0,1) may be assigned a number 0. This ensures that the probability of the number 1 or 0 is unbiased with a 50% chance of occurrence for each number. Those of ordinary skill will now realize that other procedures for removing bias may also be used.
The remaining un-biased plurality of paired random number pairs are separated into sets of random numbers of length N at 610. The separation may provide for ease in testing the random numbers because statistical testing can be performed meaningfully only with the finite sequence of random numbers. Doing a statistical testing on an infinite sequence of random numbers will not produce any meaningful result and the test would take an infinite amount of time.
Proper authorization to generate the plurality of random numbers may be verified at 612. In this example, the proper authorization is a X.509 certificate issued by the certificate authority such as the Nevada Gaming Commission or any other governing entity such as IGT of Reno, Nev. The authorization certificate may enable third party validation of authenticity and/or security of the true random number generating device. The random number generating device should verify if the X.509 certificate is issued by the authorized certificate authority using the embedded root certificate in the EEPROM read-only memory. It must also verify if the certificate is not expired, and not revoked by the issuing certificate authority. If the device does not have a valid authorized X.509 certificate at 612, the device must generate a private and public key. A set of random numbers may be tested for cryptographic randomness at 614. If the set of random numbers pass the statistical test at 616, a new set of private and public key pair may be generated from the tested set of random numbers at 618. A certificate request is sent to the authorized certificate authority at 620 which may include the device's unique identification information. Once an authorization certificate is received from the certificate authority at 622, the authorization certificate may be stored in a memory at 624.
If the device has a valid authorized certificate at 612, the set of random numbers may be tested for randomness at 626. Gaming regulatory authorities may require periodic and/or constant testing of the random numbers to verify if the plurality of random numbers meets the minimum statistical randomness requirements. A battery of approved statistical testing procedures, such as Linear Complexity test, discrete Fourier transform test, Lempel Ziv complexity test, and the like may be required to test for non-randomness. If the set of random numbers do not pass the statistical test at 628, the set of random numbers are deleted at 630 and repeat at 600. In another embodiment, bits from different sets of random numbers may be added, subtracted, divided, or multiplied, and/or bits of the original set of random numbers may be re-arranged according to an algorithm to produce a set of random numbers that meet the statistical randomness testing without deleting the original set of random numbers.
If the set of random numbers pass the statistical test at 628, the set of random numbers are encrypted and stored in a random number storage at 632. The encrypted set of random numbers, in addition to any other information such as the time and date of its creation, may be digitally signed using its own private key or symmetric key (such as the advanced encryption standard (AES)) before being stored in a random number storage. The symmetric key can be generated from the set of random numbers from step 618 produced by its own random number generator. The random number storage may be a mass storage device as described above. If the mass storage device is full, older sets of random numbers may be deleted and the recent sets of random numbers may then be stored.
A request from a remote gaming server for a set of random numbers may be received at 640. The request may be received via an I/O interface such as a wireless transceiver, USB, PCI, network card, data bus, or any other type of interface that allows the true random number generating device to communicate with the remote gaming server. The remote gaming server may be, but is not limited to, a personal computer, slot machine, remote gaming device, portable gaming device such as but not limited to a cell phone, a personal digital assistant, and a wireless game player, or any other gaming machine.
The true random number generating device may authenticate the request at 642 by validating the X.509 certificate belonging to the remote gaming server joined to the request. However, any other authentication means may be used to authenticate the request such as a challenge-response authentication system, Kerberos, and password authentication. If the request is authenticated at 644, a set of random numbers may be retrieved from a random number storage at 646. The random number storage may be a mass storage device such as a hard disk drive, a flash drive, or any other volatile or non-volatile memory described above.
The retrieved set of random numbers may then be transmitted with a digital signature, encrypted with the shared encryption key, and joined with the certificates at 648 to the remote gaming server. Simultaneously, a copy of the transmitted set of random numbers may be saved in a memory at 650. Once the remote gaming server receives the set of random numbers, the data may be decrypted using its own private key or the shared encryption key, and authenticated by the remote gaming server at 652 by validating the digital signature using the public key in the valid certificate belonging to the random number generating device.
The remote gaming server may digitally sign the set of random numbers with its own private key at 654. The remote gaming server then re-encrypts the set of random numbers with its own shared encryption key with the gaming machine at 656. The encryption key may be its own AES key generated by the random numbers received from the random number generating device. The re-encrypted and digitally signed set of random numbers is transmitted to a gaming machine at 658. It will now be understood that the set of random numbers may be distributed to the gaming machines via any secure means such as through a SSL/transport layer security (TLS) protocol with two-way authentication using client and server certificates or any other encryption means. The random numbers are decrypted and authenticated at 660. The decrypted set of random numbers may then be used to generate a game of chance to be played on the gaming machine at 662.
The cryptographic keys used in various embodiments of the invention may be the Public Key Cryptography, more specifically, the RSA cryptography system. Other public key cryptography algorithms that may be used is the Elliptical Curve Cryptography (ECC), Diffie-Hellman key exchange, digital signature algorithm (DSA) cryptography, and any other type of public key cryptography system.
The private and public key from RSA cryptography system allows the random number generating device to obtain its own identity; it allows the random number generating device to digitally sign the plurality of random numbers with its own private key. The private key also allows the random number generating device to decrypt the public key-encrypted message by a remote device received through the I/O interface.
One method to digitally sign the set of random numbers or data is RSA encrypting the hashed value of the plurality of random numbers with the private key. The signed random numbers can then be verified for authenticity by comparing the hashed value of the plurality of random numbers with the RSA public key-decrypted hashed value of the plurality of the random numbers. Using the public key, any remote machine may also verify if the random numbers are signed by the gaming device.
The RSA private and public key pair may allow the random number generating device to establish secure encrypted communication with other devices for distribution of the signed random numbers through the I/O interface. The security and the trust of the random number generating device can be further enhanced with the use of an X.509 certificate that is part of the public key infrastructure. The method for generating the RSA private and pubic key or any other encryption key (such as triple data encryption standard (3DES) and AES) from the true random numbers, establishing the secure encrypted communication with private and public key pairs and the X.509 digital certificate using the SSL or TLS protocol, and managing the X.509 certificate for requesting, issuing, validating, and revoking are known in the art and will not be discussed in detail herein.
In another embodiment of the invention, the encryption key may be the symmetric key from the symmetric key cryptography. An example of the symmetric key is the 3DES, blowfish, or AES. In order to establish secure communication of the data, the symmetric key is shared securely with any authorized device at least once through the I/O interface. All sensitive information, including the sequence of random numbers and its hashed value, are encrypted using the shared symmetric key and distributed to the gaming device through the I/O interface for security.
An example of the certificate request syntax may be the public key cryptography Standard #10: Certification Request Syntax Standard published by RSA Laboratories. The random number generating device then transmits the certificate request to an authorized certificate authority through the I/O interface. In the preferred embodiments of the invention, the certificate is the X.509 certificate. The certificate authority may be the Nevada Gaming Commission, IGT of Reno, Nev., or any other authorized organization. Once the certificate is issued, the authorized encryption key (i.e. private key) may be used by the random number generating device to digitally sign any set of random numbers to be distributed outside the random number generating device for authenticity. The remote gaming server or any other device or machine outside of the random number generating device may use the public key within the issued and valid X.509 certificate to verify the digital signature from the random number generating device. Different symmetric keys such as AES keys may be generated as needed from the set of random numbers produced by the random number generating device for bulk encryption of the data and/or communication between the random number generating device and gaming device.
Exemplary Gaming Machine
Turning next to
Many different types of games, including mechanical slot games, video slot games, video poker, video black jack, video pachinko and lottery, may be provided with gaming machines of this invention. In particular, the gaming machine 2 may be operable to provide a play of many different instances of games of chance. The instances may be differentiated according to themes, sounds, graphics, type of game (e.g., slot game vs. card game), denomination, number of paylines, maximum jackpot, progressive or non-progressive, bonus games, etc. The gaming machine 2 may be operable to allow a player to select a game of chance to play from a plurality of instances available on the gaming machine. For example, the gaming machine may provide a menu with a list of the instances of games that are available for play on the gaming machine and a player may be able to select from the list a first instance of a game of chance that they wish to play.
The various instances of games available for play on the gaming machine 2 may be stored as game software on a mass storage device in the gaming machine or may be generated on a remote gaming device but then displayed on the gaming machine. The gaming machine 2 may execute game software, such as but not limited to video streaming software that allows the game to be displayed on the gaming machine. When an instance is stored on the gaming machine 2, it may be loaded from the mass storage device into a RAM for execution. In some cases, after a selection of an instance, the game software that allows the selected instance to be generated may be downloaded from a remote gaming device, such as another gaming machine.
The gaming machine 2 includes a top box 6, which sits on top of the main cabinet 4. The top box 6 houses a number of devices, which may be used to add features to a game being played on the gaming machine 2, including speakers 10, 12, 14, a ticket printer 18 which prints bar-coded tickets 20, a key pad 22 for entering player tracking information, a florescent display 16 for displaying player tracking information, a card reader 24 for entering a magnetic striped card containing player tracking information, and a video display screen 42. The ticket printer 18 may be used to print tickets for a cashless ticketing system. Further, the top box 6 may house different or additional devices than shown in
Understand that gaming machine 2 is but one example from a wide range of gaming machine designs on which the present invention may be implemented. For example, not all suitable gaming machines have top boxes or player tracking features. Further, some gaming machines have only a single game display—mechanical or video, while others are designed for bar tables and have displays that face upwards. As another example, a game may be generated in on a host computer and may be displayed on a remote terminal or a remote gaming device. The remote gaming device may be connected to the host computer via a network of some type such as a local area network, a wide area network, an intranet or the Internet. The remote gaming device may be a portable gaming device such as but not limited to a cell phone, a personal digital assistant, and a wireless game player. Images rendered from 3-D gaming environments may be displayed on portable gaming devices that are used to play a game of chance. Further a gaming machine or server may include gaming logic for commanding a remote gaming device to render an image from a virtual camera in a 3-D gaming environments stored on the remote gaming device and to display the rendered image on a display located on the remote gaming device. Thus, those of skill in the art will understand that the present invention, as described below, can be deployed on most any gaming machine now available or hereafter developed.
Some preferred gaming machines of the present assignee are implemented with special features and/or additional circuitry that differentiates them from general-purpose computers (e.g., desktop PC's and laptops). Gaming machines are highly regulated to ensure fairness and, in many cases, gaming machines are operable to dispense monetary awards of multiple millions of dollars. Therefore, to satisfy security and regulatory requirements in a gaming environment, hardware and software architectures may be implemented in gaming machines that differ significantly from those of general-purpose computers. A description of gaming machines relative to general-purpose computing machines and some examples of the additional (or different) components and features found in gaming machines are described below.
As briefly mention above, one might think that adapting PC technologies to the gaming industry would be a simple proposition because both PCs and gaming machines employ microprocessors that control a variety of devices. However, because of such reasons as 1) the regulatory requirements that are placed upon gaming machines, 2) the harsh environment in which gaming machines operate, 3) security requirements and 4) fault tolerance requirements, adapting PC technologies to a gaming machine can be quite difficult. Further, techniques and methods for solving a problem in the PC industry, such as device compatibility and connectivity issues, might not be adequate in the gaming environment. For instance, a fault or a weakness tolerated in a PC, such as security holes in software or frequent crashes, may not be tolerated in a gaming machine because in a gaming machine these faults can lead to a direct loss of funds from the gaming machine, such as stolen cash or loss of revenue when the gaming machine is not operating properly.
For the purposes of illustration, a few differences between PC systems and gaming systems will be described. A first difference between gaming machines and common PC based computers systems is that gaming machines are designed to be state-based systems. In a state-based system, the system stores and maintains its current state in a non-volatile memory, such that, in the event of a power failure or other malfunction the gaming machine will return to its current state when the power is restored. For instance, if a player was shown an award for a game of chance and, before the award could be provided to the player the power failed, the gaming machine, upon the restoration of power, would return to the state where the award is indicated. As anyone who has used a PC, knows, PCs are not state machines and a majority of data is usually lost when a malfunction occurs. This requirement affects the software and hardware design on a gaming machine.
A second important difference between gaming machines and common PC based computer systems is that for regulation purposes, the software on the gaming machine used to generate the game of chance and operate the gaming machine has been designed to be static and monolithic to prevent cheating by the operator of gaming machine. For instance, one solution that has been employed in the gaming industry to prevent cheating and satisfy regulatory requirements has been to manufacture a gaming machine that can use a proprietary processor running instructions to generate the game of chance from an EPROM or other form of non-volatile memory. The coding instructions on the EPROM are static (non-changeable) and must be approved by a gaming regulators in a particular jurisdiction and installed in the presence of a person representing the gaming jurisdiction. Any changes to any part of the software required to generate the game of chance, such as adding a new device driver used by the master gaming controller to operate a device during generation of the game of chance can require a new EPROM to be burnt, approved by the gaming jurisdiction and reinstalled on the gaming machine in the presence of a gaming regulator. Regardless of whether the EPROM solution is used, to gain approval in most gaming jurisdictions, a gaming machine must demonstrate sufficient safeguards that prevent an operator or player of a gaming machine from manipulating hardware and software in a manner that gives them an unfair and some cases an illegal advantage. The gaming machine should have a means to determine if the code it will execute is valid. If the code is not valid, the gaming machine must have a means to prevent the code from being executed. The code validation requirements in the gaming industry affect both hardware and software designs on gaming machines.
A third important difference between gaming machines and common PC based computer systems is the number and kinds of peripheral devices used on a gaming machine are not as great as on PC based computer systems. Traditionally, in the gaming industry, gaming machines have been relatively simple in the sense that the number of peripheral devices and the number of functions the gaming machine has been limited. Further, in operation, the functionality of gaming machines were relatively constant once the gaming machine was deployed, i.e., new peripherals devices and new gaming software were infrequently added to the gaming machine. This differs from a PC where users will go out and buy different combinations of devices and software from different manufacturers and connect them to a PC to suit their needs depending on a desired application. Therefore, the types of devices connected to a PC may vary greatly from user to user depending in their individual requirements and may vary significantly over time.
Although the variety of devices available for a PC may be greater than on a gaming machine, gaming machines still have unique device requirements that differ from a PC, such as device security requirements not usually addressed by PCs. For instance, monetary devices, such as coin dispensers, bill validators and ticket printers and computing devices that are used to govern the input and output of cash to a gaming machine have security requirements that are not typically addressed in PCs. Therefore, many PC techniques and methods developed to facilitate device connectivity and device compatibility do not address the emphasis placed on security in the gaming industry.
To address some of the issues described above, a number of hardware/software components and architectures are utilized in gaming machines that are not typically found in general purpose computing devices, such as PCs. These hardware/software components and architectures, as described below in more detail, include but are not limited to watchdog timers, voltage monitoring systems, state-based software architecture and supporting hardware, specialized communication interfaces, security monitoring and trusted memory.
A watchdog timer is normally used in IGT gaming machines to provide a software failure detection mechanism. In a normally operating system, the operating software periodically accesses control registers in the watchdog timer subsystem to “re-trigger” the watchdog. Should the operating software fail to access the control registers within a preset timeframe, the watchdog timer will timeout and generate a system reset. Typical watchdog timer circuits contain a loadable timeout counter register to allow the operating software to set the timeout interval within a certain range of time. A differentiating feature of the some preferred circuits is that the operating software cannot completely disable the function of the watchdog timer. In other words, the watchdog timer always functions from the time power is applied to the board.
IGT gaming computer platforms preferably use several power supply voltages to operate portions of the computer circuitry. These can be generated in a central power supply or locally on the computer board. If any of these voltages falls out of the tolerance limits of the circuitry they power, unpredictable operation of the computer may result. Though most modern general-purpose computers include voltage monitoring circuitry, these types of circuits only report voltage status to the operating software. Out of tolerance voltages can cause software malfunction, creating a potential uncontrolled condition in the gaming computer. Gaming machines of the present assignee typically have power supplies with tighter voltage margins than that required by the operating circuitry. In addition, the voltage monitoring circuitry implemented in IGT gaming computers typically has two thresholds of control. The first threshold generates a software event that can be detected by the operating software and an error condition generated. This threshold is triggered when a power supply voltage falls out of the tolerance range of the power supply, but is still within the operating range of the circuitry. The second threshold is set when a power supply voltage falls out of the operating tolerance of the circuitry. In this case, the circuitry generates a reset, halting operation of the computer.
The standard method of operation for IGT slot machine game software is to use a state machine. Different functions of the game (bet, play, result, points in the graphical presentation, etc.) may be defined as a state. When a game moves from one state to another, critical data regarding the game software is stored in a custom non-volatile memory subsystem. This is critical to ensure the player's wager and credits are preserved and to minimize potential disputes in the event of a malfunction on the gaming machine.
In general, the gaming machine does not advance from a first state to a second state until critical information that allows the first state to be reconstructed is stored. This feature allows the game to recover operation to the current state of play in the event of a malfunction, loss of power, etc that occurred just prior to the malfunction. After the state of the gaming machine is restored during the play of a game of chance, game play may resume and the game may be completed in a manner that is no different than if the malfunction had not occurred. Typically, battery backed RAM devices are used to preserve this critical data although other types of non-volatile memory devices may be employed. These memory devices are not used in typical general-purpose computers.
As described in the preceding paragraph, when a malfunction occurs during a game of chance, the gaming machine may be restored to a state in the game of chance just prior to when the malfunction occurred. The restored state may include metering information and graphical information that was displayed on the gaming machine in the state prior to the malfunction. For example, when the malfunction occurs during the play of a card game after the cards have been dealt, the gaming machine may be restored with the cards that were previously displayed as part of the card game. As another example, a bonus game may be triggered during the play of a game of chance where a player is required to make a number of selections on a video display screen. When a malfunction has occurred after the player has made one or more selections, the gaming machine may be restored to a state that shows the graphical presentation at the just prior to the malfunction including an indication of selections that have already been made by the player. In general, the gaming machine may be restored to any state in a plurality of states that occur in the game of chance that occurs while the game of chance is played or to states that occur between the play of a game of chance.
Game history information regarding previous games played such as an amount wagered, the outcome of the game and so forth may also be stored in a non-volatile memory device. The information stored in the non-volatile memory may be detailed enough to reconstruct a portion of the graphical presentation that was previously presented on the gaming machine and the state of the gaming machine (e.g., credits) at the time the game of chance was played. The game history information may be utilized in the event of a dispute. For example, a player may decide that in a previous game of chance that they did not receive credit for an award that they believed they won. The game history information may be used to reconstruct the state of the gaming machine prior, during and/or after the disputed game to demonstrate whether the player was correct or not in their assertion.
Another feature of gaming machines, such as IGT gaming computers, is that they often contain unique interfaces, including serial interfaces, to connect to specific subsystems internal and external to the slot machine. The serial devices may have electrical interface requirements that differ from the “standard” EIA 232 serial interfaces provided by general-purpose computers. These interfaces may include EIA 485, EIA 422, Fiber Optic Serial, optically coupled serial interfaces, current loop style serial interfaces, etc. In addition, to conserve serial interfaces internally in the slot machine, serial devices may be connected in a shared, daisy-chain fashion where multiple peripheral devices are connected to a single serial channel.
The serial interfaces may be used to transmit information using communication protocols that are unique to the gaming industry. For example, IGT's Netplex is a proprietary communication protocol used for serial communication between gaming devices. As another example, SAS is a communication protocol used to transmit information, such as metering information, from a gaming machine to a remote device. Often SAS is used in conjunction with a player tracking system.
IGT gaming machines may alternatively be treated as peripheral devices to a casino communication controller and connected in a shared daisy chain fashion to a single serial interface. In both cases, the peripheral devices are preferably assigned device addresses. If so, the serial controller circuitry must implement a method to generate or detect unique device addresses. General-purpose computer serial ports are not able to do this.
Security monitoring circuits detect intrusion into an IGT gaming machine by monitoring security switches attached to access doors in the slot machine cabinet. Preferably, access violations result in suspension of game play and can trigger additional security operations to preserve the current state of game play. These circuits also function when power is off by use of a battery backup. In power-off operation, these circuits continue to monitor the access doors of the slot machine. When power is restored, the gaming machine can determine whether any security violations occurred while power was off, e.g., via software for reading status registers. This can trigger event log entries and further data authentication operations by the slot machine software.
Trusted memory devices are preferably included in an IGT gaming machine computer to ensure the authenticity of the software that may be stored on less secure memory subsystems, such as mass storage devices. Trusted memory devices and controlling circuitry are typically designed to not allow modification of the code and data stored in the memory device while the memory device is installed in the slot machine. The code and data stored in these devices may include authentication algorithms, random number generators, authentication keys, operating system kernels, etc. The purpose of these trusted memory devices is to provide gaming regulatory authorities a root trusted authority within the computing environment of the slot machine that can be tracked and verified as original. This may be accomplished via removal of the trusted memory device from the slot machine computer and verification of the secure memory device contents is a separate third party verification device. Once the trusted memory device is verified as authentic, and based on the approval of the verification algorithms contained in the trusted device, the gaming machine is allowed to verify the authenticity of additional code and data that may be located in the gaming computer assembly, such as code and data stored on hard disk drives. A few details related to trusted memory devices that may be used in the present invention are described in U.S. Pat. No. 6,685,567 from U.S. patent application Ser. No. 09/925,098, filed Aug. 8, 2001 and titled “Process Verification,” which is incorporated herein in its entirety and for all purposes.
As stated above, mass storage devices used in a general purpose computer typically allow code and data to be read from and written to the mass storage device. In a gaming machine environment, modification of the gaming code stored on a mass storage device is strictly controlled and would only be allowed under specific maintenance type events with electronic and physical enablers required. Though this level of security could be provided by software, IGT gaming computers that include mass storage devices preferably include hardware level mass storage data protection circuitry that operates at the circuit level to monitor attempts to modify data on the mass storage device and will generate both software and hardware error triggers should a data modification be attempted without the proper electronic and physical enablers being present.
Returning to the example of
During the course of a game, a player may be required to make a number of decisions, which affect the outcome of the game. For example, a player may vary his or her wager on a particular game, select a prize for a particular game selected from a prize server, or make game decisions that affect the outcome of a particular game. The player may make these choices using the player-input switches 32, the video display screen 34 or using some other device which enables a player to input information into the gaming machine. In some embodiments, the player may be able to access various game services such as concierge services and entertainment content services using the video display screen 34 and one more input devices.
During certain game events, the gaming machine 2 may display visual and auditory effects that can be perceived by the player. These effects add to the excitement of a game, which makes a player more likely to continue playing. Auditory effects include various sounds that are projected by the speakers 10, 12, 14. Visual effects include flashing lights, strobing lights or other patterns displayed from lights on the gaming machine 2 or from lights behind the belly glass 40. After the player has completed a game, the player may receive game tokens from the coin tray 38 or the ticket 20 from the printer 18, which may be used for further games or to redeem a prize. Further, the player may receive a ticket 20 for food, merchandise, or games from the printer 18.
Exemplary System Architecture
One example of a network topology for implementing some aspects of the present invention is shown in
Gaming establishment 1205 includes 16 gaming machines 2, each of which is part of a bank 1210 of gaming machines 2. In this example, gaming establishment 1205 also includes a bank of networked gaming tables 1100. It will be appreciated that many gaming establishments include hundreds or even thousands of gaming machines 2 and/or gaming tables 1100, not all of which are included in a bank. However, the present invention may be implemented in gaming establishments having any number of gaming machines, gaming tables, etc.
Various alternative network topologies can be used to implement different aspects of the invention and/or to accommodate varying numbers of networked devices. For example, gaming establishments with very large numbers of gaming machines 2 may require multiple instances of some network devices (e.g., of main network device 1225, which combines switching and routing functionality in this example) and/or the inclusion of other network devices not shown in
Each bank 1210 has a corresponding bank switch 1215, which may be a conventional bank switch. Each bank switch is connected to server-based gaming (“SBG”) server 1230 via main network device 1225, which combines switching and routing functionality in this example. Although various floor communication protocols may be used, some preferred implementations use IGT's open, Ethernet-based SuperSAS® protocol, which IGT makes available for downloading without charge. However, other protocols such as Best of Breed (“BOB”) may be used to implement various aspects of SBG. IGT has also developed a gaming-industry-specific transport layer called CASH that rides on top of TCP/IP and offers additional functionality and security.
SBG server 1230, License Manager 1231, Arbiter 133, servers 1232, 1234, 1236 and 1238, true random number generating device 108, and main network device 1225 are disposed within computer room 1220 of gaming establishment 1205. Any one of the servers 1232, 1234, 1236, and 1238 may distribute the random numbers generated by the true random number generating device 108 to the gaming machines 2 through main network device 1225. In practice, more or fewer servers may be used. Some of these servers may be configured to perform tasks relating to player tracking, bonusing/progressives, etc. Some servers may be configured to perform tasks specific to the present invention. License Manager 1231 may also be implemented, at least in part, via a server or a similar device. Some exemplary operations of License Manager 1231 are described in detail in U.S. patent application Ser. No. 11/225,408, entitled “METHODS AND DEVICES FOR AUTHENTICATION AND LICENSING IN A GAMING NETWORK” by Kinsley et al., which is hereby incorporated by reference.
SBG server 1230 can also be configured to implement, at least in part, various aspects of the present invention. Some preferred embodiments of SBG server 1230 and the other servers shown in
In some implementations of the invention, many of these devices (including but not limited to License Manager 1231, servers 1232, 1234, 1236 and 1238, and main network device 1225) are mounted in a single rack with SBG server 1230. Accordingly, many or all such devices will sometimes be referenced in the aggregate as an “SBG server.” However, in alternative implementations, one or more of these devices is in communication with SBG server 1230 and/or other devices of the network but located elsewhere. For example, some of the devices could be mounted in separate racks within computer room 1220 or located elsewhere on the network. For example, it can be advantageous to store large volumes of data elsewhere via a storage area network (“SAN”).
In some embodiments, these components are SBG server 1230 preferably has an uninterruptible power supply (“UPS”). The UPS may be, for example, a rack-mounted UPS module.
Computer room 1220 may include one or more operator consoles or other host devices that are configured for communication with SBG server 1230. Such host devices may be provided with software, hardware and/or firmware for implementing various aspects of the invention; many of these aspects involve controlling SBG server 1230. However, such host devices need not be located within computer room 1220. Wired host device 1260 (which is a laptop computer in this example) and wireless host device (which is a PDA in this example) may be located elsewhere in gaming establishment 1205 or at a remote location.
Arbiter 133 may be implemented, for example, via software that is running on a server or another networked device. Arbiter 133 serves as an intermediary between different devices on the network. Some implementations of Arbiter 133 are described in U.S. patent application Ser. No. 10/948,387, entitled “METHODS AND APPARATUS FOR NEGOTIATING COMMUNICATIONS WITHIN A GAMING NETWORK” and filed Sep. 23, 2004 (the “Arbiter Application”), which is incorporated herein by reference and for all purposes. In some preferred implementations, Arbiter 133 is a repository for the configuration information required for communication between devices on the gaming network (and, in some implementations, devices outside the gaming network). Although Arbiter 133 can be implemented in various ways, one exemplary implementation is discussed in the following paragraphs.
Referring to
Although the program memories 122, 132 are shown in
As shown in
As disclosed in further detail in the Arbiter Application, the Arbiter 133 may verify the authenticity of each network gaming device. The Arbiter 133 may receive a request for a communication session from a network device. For ease of explanation, the requesting network device may be referred to as the client, and the requested network device may be referred to as the host. The client may be any device on the network 12 and the request may be for a communication session with any other network device. The client may specify the host, or the gaming security arbiter may select the host based on the request and based on information about the client and potential hosts. The Arbiter 133 may provide encryption keys (session keys) for the communication session to the client via the secure communication channel. Either the host and/or the session key may be provided in response to the request, or may have been previously provided. The client may contact the host to initiate the communication session. The host may then contact the Arbiter 133 to determine the authenticity of the client. The Arbiter 133 may provide affirmation (or lack thereof) of the authenticity of the client to the host and provide a corresponding session key, in response to which the network devices may initiate the communication session directly with each other using the session keys to encrypt and decrypt messages.
Alternatively, upon receiving a request for a communication session, the Arbiter 133 may contact the host regarding the request and provide corresponding session keys to both the client and the host. The Arbiter 133 may then initiate either the client or the host to begin their communication session. In turn, the client and host may begin the communication session directly with each other using the session keys to encrypt and decrypt messages. Alternatively, the Arbiter 133 may issue, manage, and revoke the X.509 certificate as the Certificate Authority to the Network Computer 23 or the new Gaming Unit 21. For example, when a new Network Computer 23 or a new Gaming Unit 21 is introduced within the casino floor 1210, it may generate the certificate request to the Arbiter 133. With the proper physical authentication and validation of the unit by the Casino employees, Arbiter 133 may issue the corresponding X.509 certificate to the certificate request, which can be used by the requesting machine for its secure communication with existing Network computer or gaming units. An additional explanation of the communication request, communication response and key distribution is provided in the Arbiter Application.
Wireless devices are particularly useful for managing a gaming network. Such wireless devices could include, but are not limited to, laptops, PDAs or even cellular telephones. Referring once again to
If a host device is located in a remote location, security methods and devices (such as firewalls, authentication and/or encryption) should be deployed in order to prevent the unauthorized access of the gaming network. Similarly, any other connection between gaming network 1205 and the outside world should only be made with trusted devices via a secure link, e.g., via a virtual private network (“VPN”) tunnel. For example, the illustrated connection between SBG 1230, gateway 1250 and central system 1263 (here, IGT.com) that may be used for game downloads, etc., is advantageously made via a VPN tunnel.
An Internet-based VPN uses the open, distributed infrastructure of the Internet to transmit data between sites. A VPN may emulate a private IP network over public or shared infrastructures. A VPN that supports only IP traffic is called an IP-VPN. VPNs provide advantages to both the service provider and its customers. For its customers, a VPN can extend the IP capabilities of a corporate site to remote offices and/or users with intranet, extranet, and dial-up services. This connectivity may be achieved at a lower cost to the gaming entity with savings in capital equipment, operations, and services. Details of VPN methods that may be used with the present invention are described in the reference, “Virtual Private Networks-Technologies and Solutions,” by R. Yueh and T. Strayer, Addison-Wesley, 2001, ISBN#0-201-70209-6, which is incorporated herein by reference and for all purposes.
There are many ways in which IP VPN services may be implemented, such as, for example, Virtual Leased Lines, Virtual Private Routed Networks, Virtual Private Dial Networks, Virtual Private LAN Segments, etc. Additionally VPNs may be implemented using a variety of protocols, such as, for example, IP Security (IPSec) Protocol, Layer 2 Tunneling Protocol, Multiprotocol Label Switching (MPLS) Protocol, etc. Details of these protocols, including RFC reports, may be obtained from the VPN Consortium, an industry trade group (http://www.vpnc.com, VPNC, Santa Cruz, Calif.).
For security purposes, any information transmitted to or from a gaming establishment over a public network may be encrypted. In one implementation, the information may be symmetrically encrypted using a symmetric encryption key, where the symmetric encryption key is asymmetrically encrypted using a private key. The public key may be obtained from a remote public key server. The encryption algorithm may reside in processor logic stored on the gaming machine. When a remote server receives a message containing the encrypted data, the symmetric encryption key is decrypted with a private key residing on the remote server and the symmetrically encrypted information sent from the gaming machine is decrypted using the symmetric encryption key. A different symmetric encryption key is used for each transaction where the key is randomly generated. Symmetric encryption and decryption is preferably applied to most information because symmetric encryption algorithms tend to be 100-10,000 faster than asymmetric encryption algorithms.
As mentioned elsewhere herein, U.S. patent application Ser. No. 11/225,408, entitled “METHODS AND DEVICES FOR AUTHENTICATION AND LICENSING IN A GAMING NETWORK” by Kinsley et al., describes novel methods and devices for authentication, game downloading and game license management. This application has been incorporated herein by reference.
Providing a secure connection between the local devices of the SBG system and IGT's central system allows for the deployment of many advantageous features. For example, a customer (e.g., an employee of a gaming establishment) can log onto an account of central system 1263 (in this example, IGT.com) to obtain the account information such as the customer's current and prior account status.
Moreover, such a secure connection may be used by the central system 1263 to collect information regarding a customer's system. Such information includes, but is not limited to, error logs for use in diagnostics and troubleshooting. Some implementations of the invention allow a central system to collect other types of information, e.g., information about the usage of certain types of gaming software, revenue information regarding certain types of games and/or gaming machines, etc. Such information includes, but is not limited to, information regarding the revenue attributable to particular games at specific times of day, days of the week, etc. Such information may be obtained, at least in part, by reference to an accounting system of the gaming network(s), as described in U.S. patent application Ser. No. 11/225,407, by Wolf et al., entitled “METHODS AND DEVICES FOR MANAGING GAMING NETWORKS,” which has been incorporated herein by reference.
Automatic updates of a customer's SBG server may also be enabled. For example, central system 1263 may notify a local SBG server regarding new products and/or product updates. For example, central system 1263 may notify a local SBG server regarding updates of new gaming software, gaming software updates, peripheral updates, the status of current gaming software licenses, etc. In some implementations of the invention, central system 1263 may notify a local SBG server (or another device associated with a gaming establishment) that an additional theme-specific data set and/or updates for a previously-downloaded global payout set are available. Alternatively, such updates could be automatically provided to the local SBG server and downloaded to networked gaming machines.
After the local SBG server receives this information, it can identify relevant products of interest. For example, the local SBG server may identify gaming software that is currently in use (or at least licensed) by the relevant gaming entity and send a notification to one or more host devices, e.g., via email. If an update or a new software product is desired, it can be downloaded from the central system. Some relevant downloading methods are described elsewhere herein and in applications that have been incorporated herein by reference, e.g., in U.S. patent application Ser. No. 11/078,966. Similarly, a customer may choose to renew a gaming software license via a secure connection with central system 1263 in response to such a notification.
Secure communication links allow notifications to be sent securely from a local SBG server to host devices outside of a gaming establishment. For example, a local SBG server can be configured to transmit automatically generated email reports, text messages, etc., based on predetermined events that will sometimes be referred to herein as “triggers.” Such triggers can include, but are not limited to, the condition of a gaming machine door being open, cash box full, machine not responding, verification failure, etc.
In addition, providing secure connections between different gaming establishments can enable alternative implementations of the invention. For example, a number of gaming establishments, each with a relatively small number of gaming machines, may be owned and/or controlled by the same entity. In such situations, having secure communications between gaming establishments makes it possible for a gaming entity to use a single SBG server as an interface between central system 1263 and the gaming establishments.
While embodiments and applications of this invention have been shown and described, it would be apparent to those skilled in the art having the benefit of this disclosure that many more modifications than mentioned above are possible without departing from the inventive concepts herein. The invention, therefore, is not to be restricted except in the spirit of the appended claims.