EGM AUTHENTICATION MECHANISM USING MULTIPLE KEY PAIRS AT THE BIOS WITH PKI

US 20100178977A1
Filed: 01/15/2009
Published: 07/15/2010
Est. Priority Date: 01/15/2009
Status: Active Grant

First Claim

Patent Images

1. A wager based gaming machine comprising:

a bill validator or cashless credit acceptor;

a mass storage volume;

a microprocessor;

a hardware security module;

a read only basic input output system (“

BIOS”

) chip;

a first public key embedded within the BIOS chip, wherein the first public key is configured to authenticate software in the gaming machine; and

a second public key embedded within the BIOS chip, wherein the second public key is configured to replace the first public key when the first public key expires or when the private key of the first public key is no longer available.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Executable applications on a gaming machine are verified before they can be executed, for security purposes and to comply with jurisdictional requirements. Unlike in prior systems for authenticating the executable applications, embodiments allow for new executable applications to be provided and verified over time with different private and public key pairs, even after the operating code of the gaming machine is certified by the jurisdiction and deployed in the field.

117 Citations

View as Search Results

29 Claims

1. A wager based gaming machine comprising:
- a bill validator or cashless credit acceptor;
  
  a mass storage volume;
  
  a microprocessor;
  
  a hardware security module;
  
  a read only basic input output system (“
  
  BIOS”
  
  ) chip;
  
  a first public key embedded within the BIOS chip, wherein the first public key is configured to authenticate software in the gaming machine; and
  
  a second public key embedded within the BIOS chip, wherein the second public key is configured to replace the first public key when the first public key expires or when the private key of the first public key is no longer available.
- View Dependent Claims (2, 3)
- - 2. The wager based gaming machine of claim 1, wherein the first public key embedded within the BIOS chip is that of an author of a first gaming application of the gaming machine.
  - 3. The wager based gaming machine of claim 2, wherein the second public key is that of a code signing certificate authority.

4. A wager based gaming machine comprising:
- a bill validator or cashless credit acceptor;
  
  a mass storage volume;
  
  a non volatile random access memory;
  
  a microprocessor;
  
  a read only basic input output system (“
  
  BIOS”
  
  ) chip;
  
  a public key embedded within the BIOS chip, the public key being that of a code signing certificate authority,the gaming machine configured to verify a signature of the code signing authority and to verify that the code signing authority is authorized by a code signing certificate authority to sign the software.

5. A wager based gaming machine comprising:
- a bill validator or cashless credit acceptor;
  
  a mass storage volume;
  
  a microprocessor;
  
  an operating system stored in the mass storage volumea gaming application;
  
  a read only basic input output system (“
  
  BIOS”
  
  ) chip;
  
  BIOS operating instructions stored within the read only BIOS chip;
  
  the gaming machine configured by the operating system and the BIOS operating instructions to;
  
  receive a certificate revocation list;
  
  authenticate the certificate revocation list;
  
  store the authenticated certificate revocation list in the mass storage volume;
  
  validate that a public key is certified by a code signing certificate authority;
  
  utilize the certificate revocation list in the mass storage volume to ascertain whether the code signing certificate authority has revoked a code signing certificate issued to the code signing authority; and
  
  authenticate the gaming application using the validated public key.
- View Dependent Claims (6)
- - 6. The gaming machine of claim 5, wherein the gaming machine is configured to validate the public key by referencing a certificate of a code signing certificate authority stored within the read only BIOS chip.

7. A wager based gaming machine comprising:
- a bill validator or cashless credit acceptor;
  
  a mass storage volume;
  
  a microprocessor;
  
  an operating system stored in the mass storage volumea gaming application;
  
  a read only basic input output system (“
  
  BIOS”
  
  ) chip;
  
  BIOS operating instructions stored within the read only BIOS chip;
  
  the gaming machine configured by the operating system and the BIOS operating instructions to;
  
  validate that a public key is certified by a code signing certificate authority;
  
  validate that a certificate containing the public key and issued by the code signing certificate authority has not been revoked utilizing an online certificate status protocol; and
  
  authenticate the gaming application using the validated public key.

8. A method for providing and verifying gaming software for use in a gaming machine and operating the gaming machine in a casino gaming environment, the method comprising:
- providing a discrete read only basic input output system (“
  
  BIOS”
  
  ) chip within the gaming machine;
  
  providing a first executable game within the discrete read only BIOS chip of the gaming machine;
  
  providing a microprocessor within the gaming machine;
  
  embedding, within the discrete read only BIOS chip, a first key operable to enable execution of the first executable game, said first key being the public key of the provider of the first executable game;
  
  embedding, within the discrete read only BIOS chip, a second key, said second key being the public key of certificate authority and not directly associated with a particular executable or provider of a particular executable; and
  
  providing a second executable game, within a drive of the gaming machine;
  
  said second executable game signed with the private key of the third public key, the third public key of a code signing authority designated by the certificate authority, the code signing authority not directly associated with a particular executable or provider of a particular executable,wherein the BIOS of the discrete read only BIOS chip is configured to;
  
  (1) validate that the third public key, that of the code signing authority, is valid and/or not revoked,(2) utilize the third public key, of the code signing authority, to verify the signature of the second executable game.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising the microprocessor executing the second executable game once the second executable is verified.
  - 10. The method of claim 8, wherein the BIOS is further configured to verify the first executable game with the first public key of the provider of the first executable game.
  - 11. The method of claim 10, further comprising the microprocessor executing the first executable game once the first executable is verified.
  - 12. The method of claim 8, further comprising receiving a revocation list at the gaming machine and maintaining the list within a drive of the gaming machine.
  - 13. The method of claim 12, wherein execution of the BIOS further comprises checking the revocation list and determining whether a permission for the code signing authority to sign has been revoked.
  - 14. The method of claim 8, further comprising providing an operating system within a drive of the gaming machine.
  - 15. The method of claim 8, wherein execution of the BIOS further comprises the BIOS verifying a signature of the operating system with the gaming machine manufacturer public key.

16. A method for providing and verifying gaming software for use in a gaming machine and operating the gaming machine in a casino gaming environment, the method comprising:
- providing a read only BIOS chip within an electronic gaming machine;
  
  providing a microprocessor within the electronic gaming machine, the microprocessor configured to execute BIOS instructions of the read only BIOS chip, wherein the BIOS instructions are configured to;
  
  check the validity of a public key of a code signing certificate authority;
  
  terminate operation of the gaming machine if the public key of the code signing authority is not determined to be valid;
  
  check the game code with the public key of the code signing authority if the public key is determined to be valid;
  
  check the authenticity of an operating system of the gaming machine; and
  
  cause the gaming machine to execute the operating system if the authenticity of the operating system is determined authentic.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising providing a public key of a gaming machine manufacturer supplied legacy application within the read only BIOS chip.
  - 18. The method of claim 16, wherein a dedicated hardware security module is used to create the private key of the public key in generating the certificate request.
  - 19. The method of claim 16, further comprising updating a public key by removing and replacing the dedicated hardware security module.
  - 20. The method of claim 16, further comprising authorizing the code signing authority to sign games to be executed by the gaming machine.

21. A system for providing and verifying gaming software for use in a wager based gaming machine, the system comprising:
- a certificate authority configured to receive authorization of a gaming machine manufacturer to sign executable code of the gaming application on behalf of the gaming machine manufacturer,the certificate authority configured to delegate authority to sign the executable code to a code signing authority, on behalf of the gaming machine manufacturer,the code signing authority configured to receive authorization from the certificate authority and sign the executable code of the gaming application on behalf of the gaming machine manufacturer;
  
  an electronic gaming machine comprising a read only BIOS chip and a public key of a code signing certificate authority embedded within the BIOS chip,wherein the gaming machine is configured to execute BIOS instructions of the read only BIOS chip, the BIOS instructions configured to;
  
  check the validity of the public key of the code signing certificate authority;
  
  terminate operation of the gaming machine if the public key of the code signing authority is not determined to be valid and trusted;
  
  check game code with the public key of the code signing authority if the public key is determined to be valid and trusted;
  
  check the authenticity of an operating system of the gaming machine;
  
  terminate operation of the gaming machine if the authenticity of the operating system is not determined to be authentic; and
  
  cause the gaming machine to execute the operating system if the authenticity of the operating system is determined authentic.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The system of claim 21, wherein the gaming machine further comprises a key of a gaming machine manufacturer supplied legacy application within the read only BIOS chip.
  - 23. The system of claim 21, wherein in order to replace or update a key, a dedicated hardware security module is removed and replaced.
  - 24. The system of claim 21, wherein the certificate authority is further configured to maintain a certificate revocation list.
  - 25. The system of claim 24, wherein the gaming machine is configured to receive the certificate revocation list at the gaming machine over a network connection and maintain the list within a drive of the gaming machine.
  - 26. The system of claim 24, wherein the gaming machine is configured to check the revocation list and determining whether a permission to sign using said second key has been revoked.
  - 27. The system of claim 21, wherein the gaming machine comprises an operating system with drive of the gaming machine, and wherein the gaming machine comprises a key of the gaming machine manufacturer within the read only BIOS chip.
  - 28. The system of claim 27, wherein the BIOS instructions are configured to verify a signature of the operating system with the gaming machine manufacturer key stored within the read only BIOS chip.
  - 29. The system of claim 21, wherein the electronic gaming machine is configured to validate that the permission of the certificate authority is not revoked by:
    - sending a online certificate status request to the certificate authority over the network;
      
      receiving an online certificate status response; and
      
      verifying the online certificate status response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IGT (International Game Technology)
Original Assignee
IGT (International Game Technology)
Inventors
KIM, John Hongjip, OZMEN, Melih, GULBAG, Ali R., COCKERILLE, Warner R. IV

Granted Patent

US 8,768,843 B2
Time in Patent Office

Days
Field of Search
US Class Current

463/25
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/51   at application loading time...

G06F 2211/008   Public Key, Asymmetric Key,...

G06Q 20/382   insuring higher security of...

H04L 2209/127   Trusted platform modules [TPM]

H04L 2209/56   Financial cryptography, e.g...

H04L 63/068   using time-dependent keys, ...

H04L 63/0823   using certificates cryptogr...

H04L 9/006   involving public key infras...

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

EGM AUTHENTICATION MECHANISM USING MULTIPLE KEY PAIRS AT THE BIOS WITH PKI

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

117 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

EGM AUTHENTICATION MECHANISM USING MULTIPLE KEY PAIRS AT THE BIOS WITH PKI

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links