`Alcorn et al.
`
`USOO6149522A
`Patent Number:
`11
`(45) Date of Patent:
`
`6,149,522
`*Nov. 21, 2000
`
`54 METHOD OF AUTHENTICATING GAME
`DATASETS IN AN ELECTRONIC CASINO
`GAMING SYSTEM
`75 Inventors: Allan E. Alcorn, Portola Valley;
`Michael Barnett, Santa Clara; Louis D
`Giacalone, Jr., Palo Alto, Adam E.
`Levinthal, Redwood City, all of Calif.
`73 Assignee: Silicon Gaming - Nevada, Las Vegas
`Nev.
`
`*
`
`Notice:
`
`This patent is subject to a terminal dis-
`claimer.
`
`21 Appl. No.: 09/107,031
`22 Filed:
`Jun. 29, 1998
`
`Related U.S. Application Data
`
`63 Continuation-in-part of application No. 08/981,882, filed as
`application No. PCT/US96/10463, Jun. 17, 1996, which is a
`continuation-in-part of application No. 08/497,662, Jun. 29,
`1995, Pat. No. 5,643,086.
`(51) Int. Cl. .................................................. G06F 5/00
`52 U.S. Cl. ................................................. 463,29, 380.25
`58 Field of Search ............................... 380.2s, 4, 9, 23,
`380/30, 49, 50, 59: 463/29, 16, 40, 41,
`42, 44
`
`Primary Examiner Valencia Martin-Wallace
`ASSistant Examiner John Paradiso
`Attorney, Agent, or Firm-Claude A. S. Hamrick; Justin
`Boyce; Oppenheimer Wolff & Donnelly LLP
`57
`ABSTRACT
`
`Authentication of a casino game data Set is carried out within
`the casino game console using an authentication program
`stored in an unalterable ROM physically located within the
`casino game console. The casino game data Set and a unique
`Signature are Stored in a mass Storage device, which may
`comprise a read only unit or a read/write unit and which may
`be physically located either within the casino game console
`or remotely located and linked to the casino game console
`over a Suitable network. The authentication program Stored
`in the unalterable ROM performs an authentication check on
`the casino game data Set at appropriate times, Such as prior
`to commencement of game play, at periodic intervals or
`upon demand. At appropriate occasions, the contents of the
`unalterable ROM can be verified by computing the message
`digest of the unalterable ROM contents and comparing this
`computed message digest with a Securely Stored copy of the
`message digest computed from the ROM contents prior to
`installation in the casino game console.
`49 Claims, 4 Drawing Sheets
`
`36
`
`LOADABLE
`DATASET
`
`
`
`
`
`
`
`
`
`HASH
`FUNCTION
`
`MESSAGE
`DIGEST
`
`
`
`
`
`PRIVATE
`KEY
`
`ENCRYPTION
`PROGRAM
`
`
`
`SIGNATURE
`
`
`
`
`
`
`
`
`
`
`
`STORE
`IN MASS
`STORAGE
`UNIT
`
`
`
`IPR2020-01218
`Sony EX1007 Page 1
`
`
`
`U.S. Patent
`
`Nov. 21, 2000
`
`Sheet 1 of 4
`
`6,149,522
`
`8
`
`9
`
`STORAGE
`
`DISK
`SUBSYSTEM
`
`117
`
`25
`
`23
`
`wo
`
`SOUND
`
`SUBSYSTEM
`
`24
`
`22
`
`28
`
`suSEM
`
`PO-ISA
`
`21
`
`20
`
`13
`
`NETWORKING
`SUBSYSTEM
`
`MAN
`MEMORY
`
`27
`
`14
`SYSTEM
`E.
`
`12
`
`MICROPROCESSOR
`
`TO A FROM
`NETWORK
`
`Fi
`
`
`
`ROM 29
`CONTENS
`SYSTEM
`N
`CODE
`AUTHENTICATION
`PROGRAM
`RANDOM
`NUMBER
`GENERATOR
`PROGRAM
`LOADER
`PROGRAM
`(PART 1)
`
`
`
`MASS
`ROM 30
`STORAGE
`CONTENTS 36 CONTENTS
`OPERATING
`LOADABLE
`SYSTEM
`DATASET
`PROGRAM
`(APPLICATION
`PROGRAMS)
`SYSTEM
`DRIVERS
`EXECUTIVE
`LOADER
`PROGRAMS
`(PART2)
`
`
`
`37
`
`SIGNATURES
`
`32
`
`ROM 29
`AUTHENTICATION
`PROGRAM
`MESSAGE
`DIGEST
`PROGRAM
`DECRYPTION
`PROGRAM
`4
`3 DECRYPTION
`KEY
`
`33
`
`F C 3
`
`Fig. 2
`
`IPR2020-01218
`Sony EX1007 Page 2
`
`
`
`U.S. Patent
`
`Nov. 21, 2000
`
`Sheet 2 of 4
`
`6,149,522
`
`36
`
`LOADABLE
`DATASET
`
`HASH
`FUNCTION
`
`MESSAGE
`DIGEST
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`STORE
`IN MASS
`STORAGE
`UNIT
`
`
`
`
`
`
`
`PRIVATE
`KEY
`
`ENCRYPTION
`PROGRAM
`
`Fig. 4
`
`
`
`37
`
`SIGNATURE
`
`
`
`36
`LOADABLE
`DATASET
`SIGNATURE
`
`37
`
`4.
`HASH
`FUNCTION
`
`DECRYPTION
`PROGRAM
`
`OECRYPTION
`KEY
`
`
`
`46
`RESS
`DIGEST
`
`DECRYPTED
`MESSAGE
`DIGEST
`
`
`
`
`
`
`
`
`
`MATCH
`COMPARE (PERMIT GAME PLAY)
`NO MATCH
`(PROHIBIT GAME PLAY
`
`3.
`
`Fig. 5
`
`IPR2020-01218
`Sony EX1007 Page 3
`
`
`
`U.S. Patent
`
`Nov. 21, 2000
`
`Sheet 3 of 4
`
`6,149,522
`
`ROM
`
`BIOS
`
`52
`
`BOOT STRAP
`56
`
`58
`
`OSDRIVERS
`60
`
`SECURE
`LOADER
`62
`SIGNATURES
`63
`
`
`
`
`
`ANCHOR
`APPLICATION
`
`64
`
`GRAPHICS
`AND SOUND
`DRIVERS
`66
`
`SYSTEM
`DRIVERS
`68
`
`MONEY
`HANDLNG
`70
`
`SECURE
`LOADER
`72
`SIGNATURES
`73
`
`MASS
`STORAGE
`
`18
`
`FIG. 6
`
`GAME DATA
`SET
`
`75
`
`EXTERNAL
`SOURCE
`
`76
`
`IPR2020-01218
`Sony EX1007 Page 4
`
`
`
`U.S. Patent
`
`Nov. 21, 2000
`
`Sheet 4 of 4
`
`6,149,522
`
`100
`\
`
`START
`
`LOAD BOS FROM 1ST ROM TO MAN MEMORY
`
`102
`
`04
`1
`
`LOAD BOOTSTRAP, OS, OS DRIVERS, FIRST SECURE LOADER, AND FIRST
`AUTHENTICATION PROGRAM FROM SECOND ROM INTO MAIN MEMORY.
`
`ACCESS ANCHOR APPLICATION (INCLUDING GRAPHICS AND SOUND
`DRIVERS, SYSTEM DRIVERS, MONEY HANDLING DATASETS, SECOND
`SECURE LOADER, AND SECONDAUTHENTICATION PROGRAM) IN MASS
`STORAGE MEANS
`
`DETERMNE VALIDITY OF ANCHOR APPLICATION USING FIRST
`AUTHENTICATION PROGRAM.
`
`ANCHOR
`VALID 2
`
`YES
`
`11 O
`No
`
`PROHIBT
`LOADING OF
`ANCHOR
`APPLICATION
`
`LOAD ANCHOR APPLICATION INTO MAIN MEMORY.
`
`106
`
`108
`
`112
`
`114
`
`116
`
`ACCESS GAME DATA SET OR GAME MODIFYING DATA SET.
`
`118
`DETERMINE VALIDITY OF GAME DATA SET OR GAME MODIFYING DATASET
`USING SECONDAUTHENTICATION PROGRAM
`
`
`
`
`
`
`
`120
`
`
`
`NEW GAME OR
`GAME MODIFYING
`DATA SET VALID 2
`
`PROHIBIT LOADING
`OF GAME DATASET
`OR GAME
`MODIFYING DATA
`SET
`
`YES
`
`122
`
`124
`
`LOAD GAME DATASET OR GAME MODIFYING DATASET.
`
`
`
`
`
`FIG. 7
`
`IPR2020-01218
`Sony EX1007 Page 5
`
`
`
`1
`METHOD OF AUTHENTICATING GAME
`DATASETS IN AN ELECTRONIC CASINO
`GAMING SYSTEM
`
`6,149,522
`
`1O
`
`15
`
`35
`
`40
`
`25
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`This application is a continuation-in-part of U.S. patent
`application, Ser. No. 08/981,882, filed Dec. 29, 1997 and
`entitled “Electronic Casino Gaming System With Improved
`Play Capacity, Authentication and Security” (U.S. National
`phase application of PCT application Ser. No. PCT/US96/
`10463, filed June 17, 1996), which is a continuation-in-part
`of U.S. patent application, Ser. No. 08/497,662, filed Jun. 29,
`1995, and entitled “Electronic Casino Gaming Apparatus
`With Improved Play Capacity, Authentication and Security”,
`now U.S. Pat. No. 5,643,086.
`BACKGROUND OF THE INVENTION
`1. Field of the Invention
`This invention relates generally to microprocessor based
`gaming Systems used in gambling casinos, and more par
`ticularly to a method of authenticating game data Sets in an
`electronic gaming System.
`2. Brief Description of the Prior Art
`Microprocessor based gaming Systems are known which
`are used in gambling casinos to augment the traditional Slot
`machine games (e.g. three reel single or multi-line games)
`and card games, Such as poker and blackjack. In a typical
`gaming System of this type, a microprocessor based System
`includes both hardware and Software components to provide
`the game playing capabilities. The hardware components
`include a video display for displaying the game play,
`mechanical Switches for enabling player Selection of addi
`tional cards or game play choices, coin acceptors and
`detectors and the electronic components usually found in a
`microprocessor based System, Such as random access
`memory (RAM), read only memory (ROM), a processor and
`one or more busses. The Software components include the
`initialization Software, credit and payout routines, the game
`image and rules data Set, and a random number generator
`algorithm. In order to be acceptable for casino use, an
`electronic gaming System must provide both Security and
`authentication for the Software components. For this reason,
`gaming commissions have heretofore required that all Soft
`ware components of an electronic gaming System be stored
`in unalterable memory, which is typically an unalterable
`ROM. In addition, a copy of the contents of the ROM or a
`message digest of the contents (or both) are normally kept on
`file in a Secure location designated by the gaming commis
`Sion so that the contents of an individual ROM removed
`from a gaming machine can be verified against the custodial
`version.
`In a typical arrangement, a message digest of the ROM
`contents is initially generated prior to the installation of the
`55
`ROM in the machine by using a known algorithm usually
`referred to as a hash function. A hash function is a compu
`tation procedure that produces a fixed-size String of bits
`from a variable-size digital input. The fixed-sized String of
`bits is termed the hash value. If the hash function is difficult
`to invert-termed a one-way hash function-the hash func
`tion is also termed a message digest function, and the result
`is termed the message digest. The message digest is unique
`to any given variable size input data Set, i.e., the game data
`set stored in the ROM. When it becomes necessary to later
`authenticate the ROM from any given machine, the ROM is
`physically removed from the game console and the message
`
`45
`
`50
`
`60
`
`65
`
`2
`digest of the ROM contents is computed directly from the
`ROM using the original hash function. The computed mes
`Sage digest is compared with the message digest on file at the
`designated custodial location (typically in the casino itself).
`This procedure is typically carried out whenever a machine
`produces a payoff beyond a given threshold value. If the two
`message digests match, then the contents of the ROM are
`considered to be authenticated (verified) and the payout is
`made to the player.
`While Such electronic casino gaming Systems have been
`found to be useful in promoting casino game play, the
`restriction requiring that the casino game program be Stored
`in unalterable ROM memory, leads to a number of disad
`Vantageous limitations. First, due to the limited capacity of
`the ROM storage media traditionally used to hold the
`program, the Scope of game play available with Such SyS
`tems is Severely limited. For Sophisticated games using
`motion Video and audio multi-media elements, much more
`memory capacity, on the order of hundreds of megabytes, is
`necessary. However, physical verification of Such a large
`quantity of physical devices is not practical, and has thus far
`been an impediment to creating Sophisticated games with
`more player appeal. Second, the authentication check is only
`conducted on a limited basis (usually after a jackpot) or
`other Significant winning game outcome, and the authenti
`cation procedure requires that game play be halted until the
`ROM contents have been found to be authentic. These
`limitations make it very difficult to modify game parameters,
`Such as the game rules or the payout Scheme of the game
`being played on the gaming System. It would be advanta
`geous to be able to modify the game parameters of a game
`currently being played on a game System without requiring
`physical Verification of new games or game modifying data
`SetS.
`
`SUMMARY OF THE INVENTION
`The invention comprises an electronic casino gaming
`System which greatly expands casino game play capability
`and enhances Security and authentication capabilities. More
`particularly, the invention comprises an electronic casino
`gaming System and method having greatly expanded mass
`Storage capability for Storing a multiplicity of high
`resolution, high Sound quality casino type games, and pro
`vides enhanced authentication of the Stored game program
`information with a high Security factor.
`According to a first aspect of the invention, authentication
`of a casino game data Set is carried out within the casino
`game console using an authentication program Stored in an
`unalterable ROM physically located within the casino game
`console. The casino game data Set and a unique Signature are
`Stored in a mass Storage device, which may comprise a read
`only unit or a read/write unit and which may be physically
`located either within the casino game console or remotely
`located and linked to the casino game console over a Suitable
`network. The authentication program Stored in the unalter
`able ROM performs an authentication check on the casino
`game data Set at appropriate times, Such as prior to com
`mencement of game play, at periodic intervals or upon
`demand. At appropriate occasions, the contents of the unal
`terable ROM can be verified by computing the message
`digest of the unalterable ROM contents and comparing this
`computed message digest with a Securely Stored copy of the
`message digest computed from the ROM contents prior to
`installation in the casino game console.
`From a process Standpoint, this aspect of the invention
`comprises a method of authenticating a data set of a casino
`
`IPR2020-01218
`Sony EX1007 Page 6
`
`
`
`6,149,522
`
`15
`
`25
`
`35
`
`40
`
`3
`Style game which consists of two phases: a game data Set
`preparation phase and a game data Set checking phase. In the
`game data Set preparation phase, the method proceeds by
`providing a data Set for a casino game, computing a first
`abbreviated bit String unique to the casino game data Set,
`encrypting the first abbreviated bit String to provide an
`encrypted Signature of the casino game data Set, and Storing
`the casino game data Set and the Signature in a mass Storage
`device. The first abbreviated bit string is preferably com
`puted using a hash function to produce a message digest of
`the casino game data Set. The Signature is then generated by
`encrypting the message digest. After Storage of the game
`data Set and unique signature, this information is installed in
`a casino game console. The casino game data Set checking
`phase proceeds by computing a Second abbreviated bit String
`from the Stored casino game data set using the same hash
`function, decrypting the Stored encrypted Signature to
`recover the first abbreviated bit String, and comparing the
`first and second abbreviated bit strings to determine whether
`the two Strings match. If a match does occur, the casino
`game data Set is deemed authentic, if there is no match,
`authentication is denied and game play is prohibited.
`The encryption/decryption process is preferably per
`formed using a private key/public key technique in which
`the first abbreviated bit String is encrypted by the game
`manufacturer using a private encryption key maintained in
`the custody of the game manufacturer. The decryption of the
`Signature is performed using a public key which is contained
`in an unalterable read only memory element located in the
`game console, along with the casino game data Set. The
`casino game data Set is preferably Stored in a mass Storage
`device, such as a magnetic or CD-ROM disk drive unit or a
`network file unit, the Selected unit having a relatively large
`capacity. The actual size of the mass Storage device will
`depend upon the casino game Storage requirements and can
`be tailored to any specific application.
`Each time a casino game data Set is transferred from the
`mass Storage device to the main memory of the System, the
`authentication routine is run. The authentication routine can
`also be activated by means of an operator Switch mounted in
`the game console or remotely via a network. Consequently,
`the authenticity of the data Set can be automatically checked
`whenever the transfer occurs and at other appropriate times.
`In order to detect attempts to tamper with the contents of
`the unalterable read only memory element located in the
`game console, a message digest computed for the authenti
`cation program Stored therein is Stored in a Secure manner in
`a different location from the game console, Such as the
`casino operator's Security facilities or the facilities of a
`gaming commission (or both). The authenticity of the unal
`terable read only memory element is checked in the same
`way as that now performed in prior art devices: viz. com
`puting the message digest directly from the unalterable read
`only memory device, and comparing the message digest thus
`computed with the custodial version.
`From an apparatus Standpoint, the first aspect of the
`invention comprises an electronic casino gaming System
`having means for providing authentication of a game data
`Set of a casino type game prior to permitting game play, the
`System including first means for Storing a casino game data
`Set and a signature of the casino game data Set, the Signature
`comprising an encrypted version of a unique first abbrevi
`ated bit String computed from the casino game data Set,
`Second means for Storing an authentication program capable
`of computing a Second abbreviated bit String from the casino
`game data Set Stored in the first Storing means and capable
`of decrypting the encrypted Signature Stored in the first
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`Storing means to recover the first abbreviated bit String;
`processing means for enabling the authentication program to
`compute an abbreviated bit String from the casino game data
`Set Stored in the first Storing means and for enabling the
`authentication program to decrypt the encrypted Signature;
`and means for comparing the computed Second abbreviated
`bit string with the decrypted abbreviated bit string to deter
`mine whether a match is present. The first Storing means
`preferably comprises a mass Storage device, Such as a disk
`drive unit, a CD-ROM unit or a network storage unit. The
`Second storing means preferably comprises an unalterable
`read only memory in which the authentication program is
`Stored.
`According to a Second aspect of the invention, the authen
`tication program stored in the unalterable ROM located
`within the casino game console is used to test the authen
`ticity of all other programs and fixed data Stored in memory
`devices in the electronic casino gaming System, Such as a
`System boot ROM, memory devices containing the operat
`ing System program, System drivers and executive/loader
`programs, and other memory devices incorporated into the
`electronic casino game System architecture. The contents of
`each Such memory device, whether program information or
`fixed data, include Signatures encrypted from message
`digests computed using a hash function from the original
`program information or fixed data Set. Upon System
`initialization, the authentication program in the unalterable
`ROM is used to authenticate the individual memory device
`contents in essentially the same fashion as that used to
`authenticate the casino game data Sets. More specifically, the
`message digest for the given program or fixed data Set is
`computed using the same hash function originally used to
`produce the message digest for that program or fixed data
`Set. The encrypted Signature is decrypted using the proper
`decryption program and decryption key to recover the
`message digest. The two versions of the message digest are
`then compared and, if found to be matching, the concerned
`program or fixed data Set is deemed authentic and is per
`mitted to be used by the system. Once all of the concerned
`programs and fixed data Sets have been So authenticated, the
`casino game data Set authentication procedure is run, after
`which game play is permitted (provided a match occurs).
`From a proceSS Standpoint, this Second aspect of the
`invention comprises a method of authenticating a program
`or data set of a casino Style game which consists of two
`phases: a program or fixed data Set preparation phase, and a
`program or fixed data Set checking phase. In the program or
`fixed data Set preparation phase, the method proceeds by
`providing a program or fixed data Set for a casino game,
`computing a first abbreviated bit String unique to the pro
`gram or fixed data Set, encrypting the first abbreviated bit
`String to provide an encrypted Signature of the program or
`fixed data Set, and Storing the program or fixed data Set and
`the signature in a memory device. The first abbreviated bit
`String is preferably computed using a hash function to
`produce a message digest of the program or fixed data Set.
`The Signature is then encrypted from the message digest.
`After Storage of the program or fixed data Set and unique
`Signature in the memory device, the memory device is
`installed in a casino game console. The casino game pro
`gram or fixed data Set checking phase proceeds by comput
`ing a Second abbreviated bit String from the Stored casino
`game program or fixed data Set Stored in the memory device
`using the same hash function, decrypting the encrypted
`Signature Stored in the memory device to recover the first
`abbreviated bit String, and comparing the first and Second
`abbreviated bit strings to determine whether the two strings
`
`IPR2020-01218
`Sony EX1007 Page 7
`
`
`
`S
`match. If a match does occur, the casino game program or
`fixed data Set is deemed authentic; if there is no match,
`authentication is denied and use of that casino game pro
`gram or fixed data Set is prohibited.
`The authentication routine is run each time a given casino
`game program or fixed data Set needs to be called or used.
`The authentication routine can also be run automatically on
`a periodic basis, or on demand-either locally by means of
`an operator Switch mounted in the casino game console or
`remotely via a network. Consequently, the authenticity of
`the casino game program or fixed data Set can be automati
`cally checked whenever use of that program or fixed data Set
`is required and at other appropriate times, Such as in the
`course of a gaming commission audit.
`The present invention also provides a two-stage method
`of authenticating game data Sets for implementing casino
`type games in an electronic gaming System including a main
`memory, a first Storage means having a first authentication
`program Stored therein, a Second Storage means having
`Stored therein an anchor application including a Second
`authentication program, and an anchor Signature including
`an encrypted version of a unique primary abbreviated anchor
`bit String computed from the anchor application, and a third
`Storage means having Stored therein a game data Set and a
`game signature including an encrypted version of a unique
`primary abbreviated game bit String computed from the
`game data Set.
`The first authentication program Stored in the first Storage
`means is loaded to the main memory. The anchor application
`Stored in the Second Storage means is accessed. The validity
`of the anchor application is determined using the first
`authentication program. If the anchor application is invalid,
`then loading of the anchor application into the main memory
`is prohibited. If the anchor application is valid, then the
`anchor application is loaded into the main memory, the game
`data Set Stored in the third Storage means is accessed, and the
`validity of the game data Set is determined using the Second
`authentication program. If the game data Set is invalid, then
`loading of the game data Set into the main memory is
`prohibited. If the game data Set is valid, then the game data
`Set is loaded into the main memory and instructions of the
`game data Set are processed.
`In a preferred embodiment, the Step of determining the
`validity of the anchor application using the first authentica
`tion program includes the Steps of computing a comple
`mentary abbreviated anchor bit String from the anchor
`application, decrypting the anchor Signature to recover the
`primary abbreviated anchor bit String, and comparing the
`primary and complementary abbreviated anchor bit Strings
`to determine whether the primary and complementary abbre
`Viated anchor bit Strings match. Also in the preferred
`embodiment, the step of determining the validity of the
`game data Set using the Second authentication program
`includes the Steps of computing a complementary abbrevi
`ated game bit String from the game data Set, decrypting the
`game signature to recover the primary abbreviated game bit
`String, and comparing the primary and complementary
`abbreviated game bit Strings to determine whether the pri
`mary and complementary abbreviated game bit Strings
`match.
`The electronic gaming System further includes a fourth
`Storage means having Stored therein a basic input/output
`operating System (BIOS). The first storage means includes
`bootstrap code, an operating System, and operating System
`drivers stored therein. Initially, the BIOS is loaded from the
`fourth Storage means to the main memory; and then the
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6,149,522
`
`6
`bootstrap code, operating System, and operating System
`drivers are loaded from the first Storage means to the main
`memory.
`Electronic casino game Systems incorporating the inven
`tion provide a vastly expanded capacity for more Sophisti
`cated and attractive casino-style games, while at the same
`time improving the authentication of the games without
`compromising Security. In addition, casino game Systems
`incorporating the invention provide great flexibility in
`changing casino game play, Since the casino game data Sets
`representing the various games can be Stored in alterable
`media rather than read only memory units as with present
`casino game Systems.
`By Separating the authentication process from the casino
`game data Set Storage, the invention affords Secure distribu
`tion and execution of program code and data, regardless of
`the particular distribution or Storage technique employed.
`More Specifically, the invention allows the casino game data
`Set to reside in any form of Secondary Storage media, Such
`as the traditional ROM Storage, hard magnetic disk drives
`and CD-ROM drives, or networked file systems. So long as
`the authentication procedure conducted on the game data Set
`is performed using the authentication program Stored in an
`unalterable ROM, and so long as that ROM can be verified
`reliably, any casino game data Set can be loaded from any
`Source and can be verified by the System at any time: either
`prior to use, during run-time, periodically during run-time or
`upon demand. The large quantities of Storage that can be
`made available in a Secure fashion using the invention,
`facilitates the creation of casino gaming Systems offering
`both an increased diversity of games, and individual games
`of Superior quality. In addition, the authentication of all
`casino game program and fixed data Software ensures the
`integrity of all System Software both prior to game play and
`thereafter at periodic or random intervals.
`For a fuller understanding of the nature and advantages of
`the invention, reference should be had to the ensuing
`detailed description taken in conjunction with the accom
`panying drawings.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a block diagram of a System incorporating the
`invention;
`FIG. 2 is a Schematic diagram illustrating the contents of
`the read only memory and the mass Storage device;
`FIG. 3 is a more detailed Schematic view of the authen
`tication program Stored in the ROM and the game data
`Stored in the mass Storage unit;
`FIG. 4 is a diagram illustrating the preparation of the
`game data Set;
`FIG. 5 is a diagram illustrating the authentication proce
`dure for the game data Set,
`FIG. 6 is a diagram illustrating an alternative approach to
`the Secure loading of Software into the System; and
`FIG. 7 is a flow diagram illustrating a two stage authen
`tication proceSS according to the present invention.
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`Turning now to the drawings, FIG. 1 is a block diagram
`of an electronic casino gaming System incorporating the
`invention. AS Seen in this figure, the System consists of
`Several System components under Software control. These
`System components include a microprocessor 12, which may
`comprise any general purpose microprocessor, Such as a
`
`IPR2020-01218
`Sony EX1007 Page 8
`
`
`
`6,149,522
`
`15
`
`25
`
`35
`
`40
`
`7
`Pentium-based microprocessor from Intel Corporation. A
`main memory unit 13 is provided, which is typically a
`random access memory having a capacity of between 32 and
`64 megabytes for Storing the majority of programs and
`graphics elements during game play. A System boot ROM 14
`provides the initialization Software required when power is
`first applied to the system. ROM 14 contains additional
`programs in read only form, including the operating System,
`related drivers and the authentication Software described in
`detail below. A non-volatile RAM 17 is a battery backed
`Static RAM capable of maintaining its contents through
`power cycling. NVRAM 17 stores significant information
`relating to game play, Such as the number of player credits,
`the last game outcome and certain diagnostic and error
`information not critical to an understanding of the invention.
`A mass Storage unit implemented in the FIG. 1 System as
`a magnetic hard disk drive unit 18 is coupled to and
`controlled by a disk subsystem 19 of conventional design
`and operation. Disk drive unit 18 provides storage for the
`game Specific data Set, which includes both program data
`and image data Specifying the rules of the various different
`casino games or Single casino game variations, and the types
`of images and image Sequences to be displayed to the game
`players. The size of the disk drive unit 18 is a function of the
`number of games and game variations provided for a given
`System, as well as the amount of data required for each
`Specific game. In general, the more motion video designed
`into a particular casino game, the more Storage required for
`that casino game software. A disk drive unit 18 with a
`4-gigabyte capacity will usually provide Sufficient Storage
`capacity. Disk Subsystem 19 comprises a disk controller
`connected to a PCI bus 20 for controlling the disk drive unit
`18. Controller 19 preferably supports SCSI-2, with options
`of fast and wide. It should be noted that a number of different
`types of locally-based disk drive units may be used in the
`FIG. 1 system, including a CD-ROM storage unit. Also, the
`mass Storage unit need not be physically located within the
`game console along with the other elements depicted in FIG.
`1: the mass Storage unit may be located remotely from the
`game console and coupled thereto by means of an appro
`priate network, Such as an Ethernet, an RS232 link, or Some
`other hard-wired or wireless network link. This latter alter
`nate arrangement is indicated by the inclusion of a network
`Subsystem 21 of appropriate configuration and functional
`characteristics, which may have Ethernet, RS232 serial, or
`other network compatibility.
`A video subsystem 22 is coupled to the PCI bus and
`provides the capability of displaying fill color Still images
`and MPEG movies with a relatively high frame rate (e.g. 30
`frames per Second) on an appropriate monitor (not shown).
`Optional 3D texture mapping may be added to this System,
`if desired.
`A Sound Subsystem 23 having a Stereo Sound playback
`capability with up to 16 bit CD quality sound is coupled to
`an ISA buS 24. A general purpose input/output unit 25
`provides interfaces to the game mechanical devices (not
`illustrated) Such as manually actuated Switches and display
`lights. A first bridge circuit 27 provides an interface between
`microprocessor 12, ROM 14, main memory 13 and PCI bus
`20. Bridge circuit 27 is preferably a TRITON chip set
`available from INTEL Corporation. A second bridge circuit
`28 provides an interface between the PCI bus 20 and the ISA
`bus 24. Bridge circuit 28 is preferably a type 82378 chip
`available from Intel Corporation.
`FIG. 2 illustrates the types of information stored in the
`system ROM 14 and the mass storage unit. As seen in FIG.
`2, the ROM unit 14 used in the FIG. 1 system comprises two
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`separate ROM elements: ROM 29 and ROM 30. ROM 29
`must be an unalterable device, Such as a Toshiba type
`C53400 512Kx8 bit mask programmed ROM. ROM 30 is
`preferably an unalterable device like ROM 29, but may
`comprise a different type of ROM, such as a type 29OF40
`field programmable flash ROM available from Intel Corp.
`ROM 29 contains the system initialization or boot code, an
`authentication program, and an initial portion of the
`executive/loader programs. ROM 30 contains the operating
`System program, the System drivers and the remainder of the
`executive/loader programs as noted below. The mass Storage
`unit contains the applications, which include the game
`image and Sound data, rules of game play and the like, and
`the Signature associated with each particular casino game.
`FIG. 3 illustrates the authentication and application pro
`gram information in more detail. AS Seen in this figure, the
`authentication program stored in unalterable ROM 29 com
`prises a message digest algorithm component 32, a decryp
`tion algorithm component 33, and a decryption key compo
`nent 34. The message digest algorithm component 32 Stored
`in ROM 29 comp