Authentication system for gaming machines

US 8,784,195 B1
Filed: 06/09/2006
Issued: 07/22/2014
Est. Priority Date: 03/05/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of verifying gaming components using an authentication system to authenticate contents of a manifest in a gaming system including one or more processors, the method comprising:

determining if the manifest is authentic using a digital signature check, the manifest having contents including a plurality of components each having a file name, a block indicator, an associated stored hash, a block size field indicating a size of each data block, and a block number field indicating a number of data blocks;

booting an operating system, once the contents of the manifest are authenticated;

performing a hash calculation over each component listed by file name in the authenticated manifest, as the component is needed, to produce a calculated hash;

verifying each gaming component for which a hash calculation was performed by comparing the calculated hash to the associated stored hash and associated file name located within the manifest using the one or more processors; and

loading the gaming component if the calculated hash and the stored hash are equal.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system and method that uses digital signature technology to authenticate the contents of one or more manifests located on a storage device. Each manifest contains a list of file records, where each record contains the name of a file stored on the storage device, and a SHA1 hash value derived from the contents of the file. At boot time, the gaming machine first authenticates the contents of the manifest and then verifies the contents of the files using the SHA1 value stored in the manifest. Files are verified using the SHA1, as they are needed, during the boot up of the operating system and throughout normal operation. This method reduces the boot time of the gaming machine and eliminates the need to check digital signatures for each individual file or over the entire contents of a non-secure media.

97 Citations

View as Search Results

35 Claims

1. A method of verifying gaming components using an authentication system to authenticate contents of a manifest in a gaming system including one or more processors, the method comprising:
- determining if the manifest is authentic using a digital signature check, the manifest having contents including a plurality of components each having a file name, a block indicator, an associated stored hash, a block size field indicating a size of each data block, and a block number field indicating a number of data blocks;
  
  booting an operating system, once the contents of the manifest are authenticated;
  
  performing a hash calculation over each component listed by file name in the authenticated manifest, as the component is needed, to produce a calculated hash;
  
  verifying each gaming component for which a hash calculation was performed by comparing the calculated hash to the associated stored hash and associated file name located within the manifest using the one or more processors; and
  
  loading the gaming component if the calculated hash and the stored hash are equal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein authenticating the manifest includes performing a digital signature algorithm on the manifest.
  - 3. The method of claim 1, wherein the component is verified when the component is retrieved for operation of a device.
  - 4. The method of claim 3, wherein the component comprises a data file.
  - 5. The method of claim 3, wherein the component comprises a data component stored in a partition of a digital storage medium, wherein the stored hash is a hash of the whole partition, and performing the hash calculation comprises performing the hash calculation on the whole partition if the partition has not yet been verified during operation of the device.
  - 6. The method of claim 3, wherein the component comprises a data component stored in a library in a digital storage medium, wherein the stored hash is a hash of the entire library, and the performing of the hash calculation comprises performing the hash calculation on the entire library if the library has not yet been verified during operation of the device.
  - 7. The method of claim 3, wherein the component comprises a data file stored in one or more data blocks in a digital storage medium, wherein the stored hash is a hash of the one or more data blocks, and the performing of the hash calculation comprises performing the hash calculation on each data block an as-needed basis as the file loads if the data block has not been verified.
  - 8. The method of claim 3, wherein the component comprises a data file stored in one or more data sectors in a digital storage medium, wherein the stored hash is a hash of the one or more data sectors, and the performing of the hash calculation comprises performing the hash calculation on each data sector as the file loads on an as-needed basis.
  - 9. The method of claim 1, wherein the component is verified on a continuing basis during operation of a device.
  - 10. The method of claim 1, wherein the component is verified each time a critical event occurs for a device.
  - 11. The method of claim 10, wherein the data component comprises a data file.

12. A method of verifying a component using an authentication system to authenticate contents of a manifest in a gaming system including one or more processors, the component having a plurality of sub-components, the method comprising:
- determining if the manifest is authentic using a digital signature check, the manifest having contents including a plurality of sub-components each having a file name, a block indicator, an associated stored hash, a block size field indicating a size of each data block, and a block number field indicating a number of data blocks;
  
  booting an operating system, once the contents of the manifest are authenticated;
  
  performing a hash calculation over each sub-component listed by file name in the authenticated manifest, as the component is needed, to produce a calculated hash;
  
  verifying the plurality of sub-components for which a hash calculation was performed by comparing the calculated hash to the associated stored hash and associated file name located within the manifest using the one or more processors; and
  
  loading the sub-component if the calculated hash and the stored hash for the sub-component are equal.

13. A system for verifying a component using an authentication system to authenticate contents of a manifest in a gaming system, the system comprising:
- a processor;
  
  a set of instructions that are executable on the processor for determining if the manifest is authentic using a digital signature check, the manifest having contents including a plurality of components each having a file name, a block indicator, an associated stored hash, a block size field indicating a size of each data block, and a block number field indicating a number of data blocks, wherein an operating system is booted, once the contents of the manifest are authenticated;
  
  a set of instructions that are executable on the processor for performing a hash calculation over each component listed by file name in the authenticated manifest, as the component is needed, to produce a calculated hash;
  
  a set of instructions that are executable on the processor for verifying the component for which a hash calculation was performed by comparing the calculated hash to the associated stored hash and associated file name located within the manifest; and
  
  a set of instructions that are executable on the processor for loading the component if the calculated hash and the stored hash are equal.
- View Dependent Claims (14)
- - 14. The method of claim 13, wherein the component is part of a device that is of a type selected from the group consisting of:
    - kiosk, cashier device, plasma signage controller, DNS server, DHCP server, database server, web server, cryptographic device, firewall, load balancer, network monitoring unit, network router, download server, certificate authority server, cashless server, progressive controller, tournament controller, display controller, networking device, Ethernet switch, network hub, cash transaction server, third party payment server, prize redemption machine, in room gaming device, bingo game controller, lottery game controllers, class II gaming device, class III gaming device, lottery gaming device, amusement gaming device, arcade gaming machine, regulator monitoring device, VPN device;
      
      player tracking device;
      
      player marketing device, slot management system, home game console, ATM banking machine, debit card reader, point of sale system, cash register, retail scanner, RFID reader, location security monitoring/security input device, military device, vending machine, stock transaction server, banking server, cell phone, personal digital assistant, laptop computing device, electronic wallet device, smart card, set-top box, monetary input/output device, biometric device, user authentication device, personal media player, software network updatable device, handheld scanner, currency handler/counter, lottery ticket purchase/redemption device, player bingo device, monitor, television, fax device, electronic money transfer device, USB device, Bluetooth device, fire wire capable device, wi-fi enabled device, robotic device, and handheld gaming device.

15. A system for verifying a component using an authentication system to authenticate contents of a manifest in a gaming system including one or more processors, the system comprising a non-transitory computer usable medium having computer readable program code embodied therein configured for verifying a component using the one or more processors, comprising:
- computer readable code configured to authenticate a manifest using a digital signature check, the manifest having contents including a plurality of components each having a file name, a block indicator, an associated stored hash, a block size field indicating a size of each data block, and a block number field indicating a number of data blocks;
  
  computer readable code configured for determining if the contents of the manifest are is authenticated, and booting an operating system, once the contents of the manifest are authenticated;
  
  computer readable code configured to perform a hash calculation over each component listed by file name in the authenticated manifest, as the component is needed, to produce a calculated hash;
  
  computer readable code configured to verify each component for which a hash calculation was performed by comparing the calculated hash to the associated stored hash and associated file name located within the manifest using the processor;
  
  computer readable code configured to load the component, if the calculated hash and the stored hash are equal.

16. A method of authenticating the contents of manifests on a writable media device in a gaming system including one or more processors, the method comprising:
- authenticating a manifest using a digital signature check, the manifest having contents including a plurality of components each having a file name, a block indicator, an associated stored hash, a block size field indicating a size of each data block, and a block number field indicating a number of data blocks;
  
  determining if the contents of the manifest are authenticated;
  
  booting an operating system if the contents of the manifest are authenticated;
  
  performing a hash calculation over each component listed by file name in the authenticated manifest, as the component is needed, to produce a calculated hash;
  
  verifying each component for which a hash calculation was performed by comparing the calculated hash to the associated stored hash and associated file name located within the manifest using the one or more processors; and
  
  loading the component if the calculated hash and the stored hash are equal.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The method of claim 16, wherein a digital signature is used to authenticate the manifest.
  - 18. The method of claim 16, wherein the one or more components are verified on an as-needed basis.
  - 19. The method of claim 16, wherein the one or more components are verified on a continuing basis during operation of a device.
  - 20. The method of claim 16, wherein the one or more components are verified each time a critical event occurs for a device.
  - 21. The method of claim 16, wherein the one or more components comprise data files stored in a partition of a digital storage medium, wherein the stored hash is a hash of the whole partition, and the performing of the hash calculation comprises performing the hash calculation on the whole partition if the partition has not yet been verified during operation of the media device.
  - 22. The method of claim 16, wherein the one or more components comprise data components stored in a library in a digital storage medium, wherein the stored hash is a hash of the entire library, and the step of performing the hash calculation comprises performing the hash calculation on the entire library if the library has not yet been authenticated during operation of the media device.
  - 23. The method of claim 16, wherein the one or more components comprise data files stored in one or more data blocks in a digital storage medium, wherein the stored hash is a hash of the one or more data blocks, and the step of performing the hash calculation comprises performing the hash calculation on each data block as one of the files loads on an as-needed basis.
  - 24. The method of claim 16, wherein the one or more components comprise data files stored in one or more data sectors in a digital storage medium, wherein the stored hash is a hash of the one or more data sectors, and the step of performing the hash calculation comprises performing the hash calculation on each data sector as one of the files loads on an as-needed basis.

25. A method of installing one or more data components using an authentication system to authenticate contents of a manifest in a gaming system including one or more processors, the method comprising:
- creating a manifest having contents including a plurality of components each having a file name, a block indicator, an associated stored hash, a block size field indicating a size of each data block, and a block number field indicating a number of data blocks;
  
  creating a digital signature of the manifest;
  
  installing the one or more data components, the manifest, and the digital signature on a media device;
  
  determining if the contents of the manifest are authenticated, and booting an operating system if the contents of the manifest are authenticated;
  
  performing a hash calculation over each component listed by file name in the authenticated manifest, as the component is needed, to produce a calculated hash; and
  
  verifying each component for which a hash calculation was performed by comparing the calculated hash to the associated stored hash and associated file name located within the manifest using the one or more processors;
  
  wherein the digital signature is for authenticating the manifest, and the hash values are for verifying the one or more data components before loading on an as-needed basis.
- View Dependent Claims (26, 27)
- - 26. The method of claim 25, wherein the step of installing includes performing the step of creating the digital signature on a host server computer, and downloading the one or more data components, the manifest, and the digital signature from the host server as a package.
  - 27. The method of claim 25, wherein the step of creating the digital signature of the manifest is preformed after installation of the manifest on the digital media device, after downloading the one or more data components and the manifest from the host server as a package.

28. In a gaming machine, a method of verifying one or more files stored on a network associated storage device using an authentication system to authenticate contents of a manifest in a gaming system including one or more processors, the method comprising:
- determining if a manifest is authentic using a digital signature check, the manifest having contents including a plurality of files each having a file name, a block indicator, an associated stored hash, a block size field indicating a size of each data block, and a block number field indicating a number of data blocks;
  
  reading the file from the network associated storage device over a network connection if the manifest is authentic;
  
  booting an operating system if the contents of the manifest are authenticated;
  
  performing a hash calculation over each file listed by file name in the authenticated manifest, as the component is needed, to produce a calculated hash;
  
  verifying each file for which a hash calculation was performed by comparing the calculated hash to the associated stored hash and associated file name located within the manifest using the one or more processors; and
  
  loading the file if the calculated hash and the stored hash are equal.
- View Dependent Claims (29, 30, 31)
- - 29. The method of claim 28, further comprising booting the gaming machine using a plurality of files stored on the network associated storage device, wherein reading the file, performing the hash calculation, verifying the file, and loading the file are performed for each file, as needed.
  - 30. The method of claim 29, wherein verifying the file includes performing a SHA-1 verification.
  - 31. The method of claim 29, wherein network associated storage device comprises a network attached storage device.

32. In a gaming machine, a method of verifying one or more files stored on a diskless storage device using an authentication system to authenticate contents of a manifest in a gaming system including one or more processors, the method comprising:
- determining if a manifest is authentic using a digital signature check, the manifest having contents including a plurality of files each having a file name, a block indicator, an associated stored hash, a block size field indicating a size of each data block, and a block number field indicating a number of data blocks;
  
  reading the file from the diskless storage device if the manifest is authentic;
  
  booting an operating system if the contents of the manifest are authenticated;
  
  performing a hash calculation over each file listed by file name in the authenticated manifest, as the component is needed, to produce a calculated hash;
  
  verifying each file for which a hash calculation was performed by comparing the calculated hash to the associated stored hash and associated file name located within the manifest using the one or more processors; and
  
  loading the file if the calculated hash and the stored hash are equal.
- View Dependent Claims (33, 34, 35)
- - 33. The method of claim 32, wherein the diskless storage device comprises a solid-state storage device.
  - 34. The method of claim 33, wherein the solid-state storage device comprises an erasable programmable read-only memory.
  - 35. The method of claim 33, wherein the solid-state storage device comprises a safe random access memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sg Gaming, Inc. (Scientific Games Corporation)
Original Assignee
Bally Gaming Incorporated (Scientific Games Corporation)
Inventors
Crowder, Robert W. Jr.
Primary Examiner(s)
Laneau, Ronald
Assistant Examiner(s)
WILLIAMS, ROSS A

Application Number

US11/423,370
Time in Patent Office

2,965 Days
Field of Search

463/29, 463 40- 42, 713/176, 713/187
US Class Current

463/29
CPC Class Codes

G06F 21/575   Secure boot

G07F 17/3241   Security aspects of a gamin...

H04L 9/3247   involving digital signatures

Authentication system for gaming machines

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication system for gaming machines

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links