Method and apparatus for software authentication Number:7,520,811 from the United States Patent and Trademark Office (PTO) owispatent A method and apparatus for authenticating gaming machine software is disclosed. In one embodiment the method and apparatus is used to authenticate the contents of a removable media. Use of a removable media provides means to store large amounts of software on a single media to install software, perform software updates, diagnose gaming machines, authenticate software, or configure gaming machines. An authentication file may contain a listing of each file on the removable media and an associated hash value calculated with a hash function. The hash values are calculated and stored in an authentication file and encryption of the one or more hash values may occur. A hash value re-calculation is performed on each file at a later time to determine the hash value at the time of use. The re-calculated hash values are compared to the decrypted hash values stored in the authentication file.<H authentication, apparatus, Method, and, appa, 7520811.html, Patent, pto, 7520811

Title: Method and apparatus for software authentication

Abstract: A method and apparatus for authenticating gaming machine software is disclosed. In one embodiment the method and apparatus is used to authenticate the contents of a removable media. Use of a removable media provides means to store large amounts of software on a single media to install software, perform software updates, diagnose gaming machines, authenticate software, or configure gaming machines. An authentication file may contain a listing of each file on the removable media and an associated hash value calculated with a hash function. The hash values are calculated and stored in an authentication file and encryption of the one or more hash values may occur. A hash value re-calculation is performed on each file at a later time to determine the hash value at the time of use. The re-calculated hash values are compared to the decrypted hash values stored in the authentication file.

Patent Number: 7,520,811 Issued on 04/21/2009 to LeMay, et al.

Inventors: LeMay; Steven G. (Reno, NV), Benbrahim; Jamal (Reno, NV), Chen; Xuedong (Lidcombe, AU)
Assignee: IGT (Reno, NV)

Appl. No.: 11/680,880

Filed: March 1, 2007

Related U.S. Patent Documents


Application Number	Filing Date	Patent Number	Issue Date
10458846	Jun., 2003	7201662
09643388	Aug., 2000

Current U.S. Class: 463/29

Current International Class: A63F 9/24 (20060101)

References Cited [Referenced By]

U.S. Patent Documents


3825905	July 1974	Allen, Jr.
3838264	September 1974	Maker
4193131	March 1980	Lennon et al.
4200770	April 1980	Hellman et al.
4218582	August 1980	Hellman et al.
4354251	October 1982	Hellwig et al.
4355390	October 1982	Hellwig et al.
4405829	September 1983	Rivest et al.
4458315	July 1984	Uchenick
4462076	July 1984	Smith, III
4467424	August 1984	Hedges et al.
4494114	January 1985	Kaish et al.
4519077	May 1985	Amin
4525599	June 1985	Curran et al.
4582324	April 1986	Koza et al.
4607844	August 1986	Fullerton
4652998	March 1987	Koza et al.
4658093	April 1987	Hellman
4727544	February 1988	Brunner et al.
4752068	June 1988	Endo
4759064	July 1988	Chaum
4817140	March 1989	Chandra et al.
4837728	June 1989	Barrie et al.
4845715	July 1989	Francisco
4848744	July 1989	Steininger et al.
4856787	August 1989	Itkis
4865321	September 1989	Nakagawa et al.
4911449	March 1990	Dickinson et al.
4930073	May 1990	Cina, Jr.
4944008	July 1990	Piosenka et al.
4951149	August 1990	Faroudja
5004232	April 1991	Wong et al.
5021772	June 1991	King et al.
5050212	September 1991	Dyson
5103081	April 1992	Fisher et al.
5109152	April 1992	Takagi et al.
5146575	September 1992	Nolan
5155680	October 1992	Wiedener
5155768	October 1992	Matsuhara
5161193	November 1992	Lampson et al.
5179517	January 1993	Sarbin
5224160	June 1993	Paulini et al.
5235642	August 1993	Wobber et al.
5259613	November 1993	Marnell
5283734	February 1994	Von Kohorn
5288978	February 1994	Iijima
5291585	March 1994	Sato et al.
5297205	March 1994	Audebert et al.
5326104	July 1994	Pease et al.
5342047	August 1994	Heidel et al.
5343527	August 1994	Moore
5398932	March 1995	Eberhardt et al.
5421006	May 1995	Jablon et al.
5465364	November 1995	Lathrop et al.
5488702	January 1996	Byers et al.
5489095	February 1996	Goudard et al.
5507489	April 1996	Reibel et al.
5586766	December 1996	Forte et al.
5586937	December 1996	Menashe
5599231	February 1997	Hibino et al.
5604801	February 1997	Dolan et al.
5611730	March 1997	Weiss
5643086	July 1997	Alcorn et al.
5644704	July 1997	Pease et al.
5655965	August 1997	Takemoto et al.
5668945	September 1997	Ohba et al.
5704835	January 1998	Dietz, II
5707286	January 1998	Carlson
5725428	March 1998	Achmuller
5737418	April 1998	Saffari et al.
5742616	April 1998	Torreiter et al.
5759102	June 1998	Pease et al.
5768382	June 1998	Schneier et al.
5800264	September 1998	Pascal et al.
5934672	August 1999	Sines et al.
5991399	November 1999	Graunke et al.
6006328	December 1999	Drake
6071190	June 2000	Weiss et al.
6104815	August 2000	Alcorn et al.
6106396	August 2000	Alcorn et al.
6108420	August 2000	Larose et al.
6138236	October 2000	Mirov et al.
6149522	November 2000	Alcorn et al.
6178510	January 2001	O'Connor et al.
6195587	February 2001	Hruska et al.
6364769	April 2002	Weiss et al.
6523119	February 2003	Pavlin et al.
6565443	May 2003	Johnson et al.
6620047	September 2003	Alcorn et al.
6722986	April 2004	Lyons et al.
6805634	October 2004	Wells et al.
6851607	February 2005	Orus et al.
6988267	January 2006	Harris et al.
7024564	April 2006	Pavlin et al.
7116782	October 2006	Jackson et al.
2004/0002381	January 2004	Alcorn et al.

Foreign Patent Documents


0 685 246	Dec., 1995	EP
0993847	Apr., 2000	EP
1000642	May., 2000	EP
1 352 677	Oct., 2003	EP
1 441 464	Jul., 2004	EP
2 121 569	Dec., 1983	GB
2121569	Dec., 1983	GB
HEI 1-120654	May., 1989	JP
HEI 4-163627	Jun., 1992	JP
6-327831	Nov., 1994	JP
7-31737	Feb., 1995	JP
HEI 7-129207	May., 1995	JP
09-262359	Oct., 1997	JP
WO 99/65579	Dec., 1999	WO
WO 00/33196	Jun., 2000	WO
WO-01/67218	Sep., 2001	WO

Other References

Canadian Office Action dated Jun. 26, 2008 from corresponding CA Application No. 2,420,290, 2 pgs. cited by other .
Translation of communication from the Japanese Patent Office with respect to JP 504453/97 dated Dec. 7, 2004 (2 pages). cited by other .
Answer and Counterclaims to Second Amended Complaint filed in connection with Civil Action No. CV-S-01-1498, pp. 1-26 and certificate of service page. cited by other .
Defendants' Supplemental Response to Plaintiffs' First Set of Interrogatories filed in connection with Civil Action No. CV-S-01-1498, pp. 1-3, 50-68 and 85-86. cited by other .
Davida, G. et al., "Defending Systems Against Viruses through Cryptographic Authentication," Proceedings of the Symposium on Security and Privacy, IEEE Comp. Soc. Press, pp. 312-318 (May 1-3, 1989) XP000041247. cited by other .
Document entitled "Fact Sheet on Digital Signature Standard" dated May 1994, 6 pages. cited by other .
Federal Information Processing Standards (FIPS) Publication 180-1 entitled "Secure Hash Standard" dated Apr. 17, 1995, 2 title pages, abstract page and pp. 1-21. cited by other .
Federal Information Processing Standards (FIPS) Publication 180 entitled "Secure Hash Standard" dated May 11, 1993, title page, abstract page and pp. 1-20. cited by other .
Federal Information Processing Standards (FIPS) Publication 186 entitled "Digital Signature Standard (DSS)" dated May 19, 1994, 17 pages. cited by other .
Hellman, Martin E., "The Mathematics of Public-Key Cryptography," Scientific American, vol. 241, No. 8, Aug. 1979, pp. 146-152 and 154-157. cited by other .
Rivest, et al., "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM, vol. 21, No. 2, Feb. 1978, pp. 120-126. cited by other .
Bakhtiari et al., Cryptographic Hash Functions: A Survey, 1995, Centre for Computer Security Research, pp. 1-26. cited by other .
Bauspiess, et al., "Requirements For Cryptographic Hash Functions," Computers and Security, 5:427-437 (Sep. 11, 1992). cited by other .
Complaint for patent infringement filed by Aristocrat Technologies, et al. dated Jan. 22, 2002, Civil Action No. CV-S-02-0091. cited by other .
Japanese Office Action dated Sep. 26, 2006, Japanese Patent Application No. 2005-338252. cited by other .
Timothy C. Meece (Banner & Witcoff, LTD) letter to David D. Johnson, Esq. (IGT) dated Mar. 16, 2007 regarding IGT U.S. Reissue Patent Nos. RE39368, RE393369, RE39400, and RE39401 (2 pages). cited by other .
Casino Journal of Nevada, Oct. 1996, pp. 64-66, 68-76, 78, 82, 84, 86, 88, 90, 92, 94, 96, 98, 145 and 146. cited by other .
Court docket for Civil Action No. CV-S-02-0091 listing papers filed. cited by other .
Levinthal, et al., "The Silicon Gaming Odyssey Slot Machine," IEEE published Feb. 23, 1997, pp. 296-301. cited by other .
Assignment of U.S. Patent No. 5,643,086 to IGT. cited by other .
Assignment of U.S. Patent No. 6,149,522 to IGT. cited by other .
Assignment to U.S. Appl. No. 09/677,129 to IGT. cited by other.

Primary Examiner: Laneau; Ronald
Assistant Examiner: Harper; Tramar
Attorney, Agent or Firm: Weaver Austin Villeneuve & Sampson LLP

Parent Case Text

This application is a continuation of U.S. patent application Ser. No. 10/458,846, filed Jun. 10, 2003, which is a continuation of U.S. patent application Ser. No. 09/643,388, filed Aug. 21, 2000, abandoned, both of which are hereby incorporated by reference in their entirety herein.

Claims

I claim:

1. A method of installing application data including a software application program for generating a game on a gaming machine, the method comprising: providing the gaming machine, said gaming machine comprising a) a processor, b) a main memory coupled to the processor configured to store the application data wherein during operation of the gaming machine the application data is loaded from a fixed media to the main memory to generated the game, c) the fixed media configured to store the application data wherein the fixed media is installed on the gaming machine, d) a secure memory including authentication software and e) a removable media reader configured to read data from a removable media when the removable media is communicatively coupled to the removable media reader; detecting the removable media is coupled to the removable media reader; reading first authentication data from said removable media, the first authentication data comprising a file verification table (FVT) comprising an entry for each application file of the application data and a first hash value for each application file, the FVT also comprising an encrypted file signature, the encrypted file signature obtained by performing a hash function on the FVT, the reading of the first authentication data comprising decrypting the encrypted file signature to provide a decrypted file signature; executing the authentication software on to perform calculations on said application data to obtain second authentication data based on said application data on said removable media, the second authentication data comprising application files stored on the removable media and a re-calculated file signature obtained by performing another hash function on the FVT; comparing said first authentication data to said second authentication data, the comparing of the first and second authentication data comprising comparing the decrypted and re-calculated file signatures and, if they match, performing a hash function on each application file of the removable media to obtain a second hash value for each application file on the removable media, and one file at a time, comparing the first and second hash values; installing said application data including the software application program from said removable media to said fixed media if said first authentication data is identical to said second authentication data; and configuring the software application program installed on said fixed media for generating the game on said gaming machine.

2. The method of claim 1, wherein the installing the application data on the fixed media comprises formatting the fixed media.

3. The method of claim 1, after the removable media is authenticated, locating a service program for configuring the software application program and executing the service program to configure the software application program.

4. The method of claim 1, further comprising executing a service program locator configured to locate one or more service programs.

5. The method of claim 4, wherein the service program locator is stored on the secure memory.

6. The method of claim 4, wherein one or more the service programs are selected from the group consisting of an installation program, a configuration program, a set-up program, a tutorial program, an up-date program, a diagnostic program, a demonstration program, and an authentication algorithm.

7. The method of claim 4, wherein a first service program is stored on the removable media.

8. The method of claim 4, wherein a first service program is downloaded from a remote host.

9. The method of claim 1 wherein the first and second hash values are compared one file at a time and if any set of first and second hash values do not match, the comparing is stopped.

10. The method of claim 1 wherein the first authentication data further comprises a directory tree for the FVT and the second authentication data comprises a directory tree for the application files on the removable media and the comparing further comprising the directory trees.

11. The method of claim 1, wherein the removable media reader is designed or configured to read the data from the removable media via wireless communication connection.

12. The method of claim 1, wherein the removable media comprises one or more of optical memory, flash memory or magnetic memory.

13. The method of claim 1, wherein the removable media reader is designed or configured to read the data from the removable media via a USB connection.

14. The method of claim 1, wherein the fixed media comprises one or more of flash memory, optical memory or magnetic memory.

Description

TECHNICAL FIELD

The present disclosure relates to processor based gaming systems and in particular to an improved method and apparatus for authenticating software or data.

BACKGROUND

Electronic gaming devices utilizing electronics and software to control game operation are a popular alternative to traditional table based gaming. As is known in the art, electronic gaming devices generally include a processor, a software storage device, a video display and software configured to interact with the processor, software storage device and display to present a game for play by a player. Traditionally, the software storage device comprised a read only memory (ROM) device, such as an EPROM, to satisfy strict gaming regulations promulgated by gaming control authorities to insure fraud free game play and prevent unwanted alteration of the gaming software. Such alteration could affect gaming odds and provide either the electronic gaming device owner or the player with an unfair advantage.

To insure that the game play is fair, the software that controls game play is inspected and authorized by the gaming control authorities prior to installation of the software on the machine. At any time thereafter, the gaming software can be analyzed by the casino or the gaming control authorities to verify that the gaming software has not been altered. Thus, the gaming regulations require that means exist to verify that the software controlling the gaming device is the same software approved by the regulatory body.

In the past, the traditional method to configure gaming machines to comply with gaming regulations was to submit the software to gaming regulators for approval. After the software was approved, a mathematical operation was conducted on the software code. This mathematical operation generates a value that is generally unique to the particular software code. This value was recorded by the manufacture or the gaming regulators for later use. In one embodiment this value is generated by a hash operation and is referred to as a hash value.

After the software is approved the hash value is stored for future reference. The approved software may be stored by a regulator entity and also stored on a ROM. A copy of the approved ROM is eventually installed in a gaming machine. The ROM is a desirable apparatus for storage due to its general read only operation.

Thereafter, if it is required to determine if the software had been altered, the ROM was removed from gaming machine for analysis by an authentication device operated under the control of the appropriate authority. This authentication device subjects the code on the ROM to the same mathematical operation as performed by the gaming regulators to generate the hash or other identifying value. This new hash value is manually compared (visually) to the previously recorded hash value. If the values match, the software code has not been altered and hence can be trusted. This operation is commonly referred to as "authentication."

While the ROM authentication process satisfied gaming regulators, it hampered advancement of game development and subjected regulators, casino operators, and gaming machine manufactures to increased costs and limitations.

For example, one drawback is the limited storage capabilities of a traditional ROM, i.e. EPROMs. This prevents the game developers from integrating more features into the game and gaming device due to limitations in software storage space.

Another drawback arose as a result of the use of a specialized devices for authentication. Commonly EPROMs are authenticated with an EPROM reader, such as one available from Kobetron. This authentication method required a skilled technician to remove the ROM from the socket on the electronics board and place it in a specialized reader. Not only are skilled technicians costly to employ, the pins of the ROM were often damaged during the process of removal, testing, and re-insertion. Moreover, this process resulted in the gaming device being out of service for a undesirably long period of time. Hence, casino revenues were lost. In many jurisdictions government representatives must be present when a processor board is accessed.

A similar drawback arose when the game was updated or a new game installed at the machine. To update a game on a gaming machine using the ROM for game storage, the entire ROM would have to be removed and a new ROM inserted or installed. For the above reasons, this is undesirable.

One proposed alternative has been to install a larger storage device than a ROM, such as a hard drive, in the gaming machine to provide additional storage for software or data. This proposed alternative is described in U.S. Pat. No. 5,643,086 entitled, "Electronic Casino Gaming Apparatus with Improved Play Capacity, Authentication and Security" owned by Silicon Gaming. In this arrangement if the game requires updating or replacement, it may even be necessary to replace the entire hard drive. This is an expensive and labor intensive undertaking. Further, with this type of installation, it may not be possible to diagnose the gaming machine, or service the gaming machine.

There exists therefore, a need for an improved method and apparatus for storage, authentication, and modification of gaming software in a manner capable of complying with gaming regulations.

SUMMARY

The various embodiments of the invention provide various methods and apparatus to authenticate the content of a media, such as for example the contents of a hard drive or a removable media. The authentication guarantees the user of the data stored on the media that the data has not been tampered with, altered, or otherwise changed. This guarantee is particularly desirable when the data, such as a software install or software update is to control the operation of the machine or device on which the install or update will occur. Examples of such devices include a gaming machine, an automated teller machine, or a sales kiosk.

One desirable feature of the present invention over the prior art comprises use of a removable media reader in conjunction with the device or system to thereby provide means to upload or interact with the system or device.

One example method and apparatus to achieve authentication comprises creating authentication files on the media. The authentication file is preferably created based on the contents of the media when the contents of the media are known to be accurate and trusted.

The contents of the authentication file may vary depending on the particular needs of the user or the system. In one embodiment the contents of the authentication file are stored in a file verification table (FVT). The FVT comprises a table containing an entry for each file on the media and an associated entry or hash value. The hash value represents a value that is unique to a particular filets contents at the time the value is generated, i.e. when the contents of the file are known to be trusted. In one embodiment the value is generated from a hash routine, such as MD5, and stored in the FVT. Thus, in one embodiment the contents of the FVT contain a list of each file on the media and a hash value entry generated from each file on the media.

In one variation, an additional hash operation occurs on the FVT to create a data value referred to herein as a file signature. The signature is also stored in the FVT on the media. The FVT may be stored in the authentication file. The authentication file may be stored on the media or at another desired location.

It is further contemplated that at a later time, the software or data stored on the media will be used. One example use of the software or data on the media is to install the software or data on a more permanent or fixed media such as a hard drive or flash media that is fixedly attached to the system or device. To guarantee that software or data on the media has not been tampered with or has not been swapped, an authentication process occurs on the media. The authentication process uses the hash algorithms or a copy thereof that were used to create the initial hash values. It is contemplated that the algorithms or hash function equations are stored on a secure memory in the device from which the software is to be authenticated. In one embodiment one or more encryption/decryption algorithms are stored on the secure memory. Any algorithms on the secure memory is available at a later date or at a remote location and, because they are on a secure memory, they can not be altered without leaving physical evidence of the alteration. It is contemplated that the contents of the secure memory could be encrypted.

In general, the authentication process comprises re-executing the hash function on the files of the media at the time of authentication (usually at a later time) and comparing the originally calculated hash value, that is stored in the FVT, to the re-calculated hash value. It should be understood that the originally calculated hash value need not be stored in the FVT and that functions other than a hash function may be utilized without departing in scope from the invention.

In yet another variation, the signature value is encrypted when the software or data is known to be trusted and then the encrypted signature value is also stored in the FVT.

To achieve the authentication, the authentication process first obtains a signature by hashing the FVT up to the encrypted file signature, and then decrypts the encrypted signature in the FVT. Thereafter, the decrypted signature is compared to the newly obtained signature. If the decrypted signature matches the newly obtained signature then the authentication process continues, since there is not yet an indication of tampering or alteration. If the signatures were not identical, then tampering may have occurred.

Next, in the embodiment described herein, the operation reads the first file from the FVT and its associated hash value, also stored in the FVT. The operation then locates this first file on the media and performs the hash function on this file name to obtain a re-calculated hash value for the first file. The re-calculated hash value is then compared to the same file's hash value as stored in the FVT. If these two values match or are identical, then the authentication process continues since there is not yet an indication of tampering or alteration.

The process continues in this manner until all the files on the media or in the FVT have been compared in the above described process or a similar process. Additional comparisons can be executed in the authentication process such as file structure, file content, directory structure or directory content. One advantage that the invention provides is the use and re-use of an inexpensive removable media for the install and update of software on a device requiring use of only secure or trusted software. This desirably provides for re-use of the fixed media in the device overcoming the need to dispose of the fixed media if an update or re-install was required. Further, removable media are capable of storing large volume of data, software, or code thereby allowing large amounts of software to be installed or updated. Many removable media are also easy to load and remove from the device and hence overcome the disadvantages associated with fixed devices, such as hard disk drives, and ROM devices.

Moreover, removable media may be utilized in a simple cost effective manner without having to disassemble the machine or install or remove the ROM or other secure memory devices. Use of the invention may be achieved by service technicians without assistance of highly skilled technicians.

Further objects, features, and advantages of the present invention over the prior art will become apparent from the detailed description of the drawings which follows, when considered with the attached figures.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a block diagram of one embodiment of the invention described herein.

FIG. 2 illustrates a block diagram of exemplary contents of secure memory as contemplated for use with the invention described herein.

FIG. 3 illustrates a block diagram of exemplary contents of removable media or other media as contemplated for use with the invention described herein.

FIG. 4 illustrates a high level operational flow diagram of one exemplary method of operation of the invention described herein.

FIG. 5 illustrates a high level block diagram of communication between exemplary hardware and software of one embodiment of the invention described herein.

FIG. 6 illustrates an operational flow diagram of an exemplary method of installation and set-up of one exemplary embodiment of the invention described herein.

FIG. 7 illustrates an operational flow diagram of an exemplary method of creation of a verification file for use with the invention described herein.

FIG. 8 illustrates an exemplary format and content of a verification file.

FIG. 9 illustrates an operational flow diagram of various example implementations of the authentication process as described herein.

FIGS. 10A and 10B illustrate an operational flow diagram of an exemplary method of authentication as described herein.

DETAILED DESCRIPTION OF VARIOUS EMBODIMENTS

The invention is a method and apparatus for authentication of software on a system to verify the integrity of the system. In the following description, numerous specific details are set forth in order to provide a more thorough description of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without these specific details. In other instances, well-known features have not been described in detail so as not to obscure the invention. Moreover, any of the details or features described herein may be utilized alone or in any combination.

EXAMPLE ENVIRONMENT

Provided now for purposes of understanding and not limitation is a brief discussion of an example environment particularly well suited for use of the invention described herein. One example environment of the invention described herein is in a gaming device at least partially controlled by software as might be found in a casino or other gambling establishment. The invention provides means to store software such as application data or special programs on a mass storage devices, such as a hard disk drive, via removable media in conjunction with an authentication process. The authentication system and method described herein allows for use of a removable media device in conjunction with removable media to perform various operations on the gaming device. These operations include but not limited to loading or installing software on the gaming device, updating software on the gaming devices, performing diagnostics or troubleshooting the gaming device using software on the removable media, and performing authentication on one or more mass storage device(s). Using the authentication system and method described herein on the contents of both the mass storage devices and the removable media can be achieved thereby guaranteeing the validity and accuracy of the software on the mass storage devices and the removable media. This desirably insures accuracy of game play, prevents alteration of the intended payout schedules and game operation and may achieve compliance with various gaming regulatory bodies.

EXAMPLE EMBODIMENTS

FIG. 1 illustrates a block diagram of one example embodiment of the invention. It is contemplated that some of the apparatus shown may be eliminated without departing from the invention. Likewise, additional apparatus may be added to the elements shown without departing from the invention. Turning now to the elements of a device 98, one or more processors 100 serve as a central processing unit to oversee operation of the device and execute software code. Processors capable of executing software code and interfacing with other electronic apparatus and memory are known in the art and accordingly are not described in great detail herein. The processor may comprise any processing unit capable of executing authentication algorithms. In one embodiment the processor comprises an AMD brand K6-2 processor. In another embodiment the processor comprises an Intel brand Pentium III processor. Memory 102 is associated with the processor 100. A monitor or display device 104 and a user interface 106 are also in communication with the processor 100. As is commonly understood, the display 104 provides a means to exhibit the results of the processor operation or any output resulting from the execution of software code. Likewise, the user interface 106 provides means to obtain input from a user or player to control or aid the operation of the processor 100 and software code running on the device 98. The monitor or display 104 may comprise a CRT display, plasma screen, LCD display or any other electronic device. The user interface 106 may comprise one or more buttons, keys, a mouse, touch pad, touch screen, lever or any device capable of receiving human input. If the device 98 is configured as a gaming device, the monitor 104 exhibits game play during operation and the user interface 106 provides means for a gambler to control or initiate game play.

Also included in the device 98 having authentication capability described herein is a mass storage media or fixed media 112, a removable media reader 110, and a secure memory 108. These apparatus operate in conjunction with the processor 100 to authenticate software that at least in part controls the device 98. In one embodiment the secure memory 108 comprises one or more memory devices configured to store software code that initiates or boots operation of the device 98 and to store authentication algorithms for use by the processor to authenticate software code.

One type of secure memory comprises a read only memory, other apparatus other than read only memory (ROM) may be utilized as secure memory 108. It is desired that the secure memory 108 be generally unalterable once written with trusted software code and algorithms. The term trusted software code as used herein to mean code that is known to be accurate and operates in a manner intended by a game manufacture, software provider, or regulatory entity. The term data, software, applications, programs and the like are used herein to mean any computer readable data or executable programs. The secure memory 108, being non-rewritable, prevents tampering by individuals intending to alter operation of the device 98.

FIG. 2 illustrates a block diagram of exemplary contents of the secure memory 108. As shown in the embodiment of a ROM, the contents include an ID tag 120, hardware initialization routines 122, authentication routines 124 including in one embodiment decryption software 126 and hash algorithms or hash software 128, and service program locators 130. Each of these is briefly described. The ID tag 120 comprises an optional identification code inserted on the ROM to provide further identification of origin. In one embodiment, the presence and content of the ID tag 120 is verified at start-up.

The hardware initialization routines 122 are of the type commonly found on electronic apparatus. The initialization routines 122 initiate or boot operation of the processor 100 and load drivers for each of the hardware apparatus utilized on the device 98, such as the display 104, user interface 106, fixed media 112, and removable media reader 110. The initialization routines 122 are common to the initial start-up process of computers. These functions may require that some portion of an operating system is also contained within the hardware initialization routines.

The authentication routines 124 comprise the mathematical algorithms that the processor 100 executes on the software contained on the fixed media 112, removable media that interfaces with the removable media reader 110, or other software to be authenticated. In one embodiment the authentication routines 124 comprise mathematical algorithms encoded into software that are read by the processor 100 and executed on software to verify that it has not been altered. In the embodiment described herein the authentication routines 122 include decryption software 126 and hash algorithms 128, such as MD5. In other embodiments, the authentication routines 124 comprise any hash algorithm including SHA-1, MD5, MD4, MD2, or any other method of hashing or authenticating data. The decryption software 126 comprises software capable of encrypting or decrypting various data files or data. In one embodiment, the decryption algorithms comprise digital signature type decryption algorithms. In other embodiments the encryption comprises DSA type encryption/decryption, RSA type encryption/decryption, Elgamal type encryption/decryption, or any other type of encryption decryption method of encrypting and decrypting data. Operation of the decryption software is described below in greater detail.

The hash algorithm 128 comprises one or more algorithms to execute public key crypto-system operations. Two popular and exemplary types of algorithms comprise Rivest, Shamir and Adleman (RSA) type algorithms and Digital Signature Algorithms (DSA) type algorithms. Both are generally known by those of ordinary skill in the art of hash functions and/or data encrypting. The hash algorithm software 128 comprises software and data to be verified in fixed media or removable media. In a preferred embodiment RSA type hash functions or encryption is utilized and in particular Message Digest 5 (MD5). As is understood, execution of hash operation on a file, which may comprise a software application, generates a code or value unique to the particular file. In one embodiment the value is a unique 128 bit value. In another embodiment the value comprises a unique 160 bit value. Alteration of the file will cause the hash operation, if executed on the altered file, to generate a generally different code or value due to the alteration of the file. While there is some very, very, small number that represents the possibility for two files to generate the same hash value, it is almost impossible for the hash operation to not detect a change.

The ROM 108 stores the MD5 algorithms. These algorithms are read and executed by the processor 100 on the various routines stored on the ROM 108 or the removable media 110. The results of the hash operation are compared to the values of previous executed hash operations. Differences between the hash values reveal differences in the software. Changes as minor as a change in a single bit in the software are detected. Thus, in the environment of a gaming machine, the change in a single digit in a pay-out percentage would be revealed.

The ROM, in this embodiment the secure memory 108, also contains service program locator routines 130 configured to search for and locate particular programs located on the fixed media 112, a removable media in the removable media reader 110, or other storage device (not shown). Service programs are programs that initiate a desired operation on the media. Service programs may comprise, but are not limited to, installation programs, configuration programs, set-up programs, tutorial programs, up-date programs, diagnostic programs, demonstration programs, authentication algorithms, or other software that initiates operation after authentication of the software on fixed media 112 or removable media.

In yet another embodiment or configuration, the authentication system utilizes software on a server or remote host. In such a configuration, the service programs may be located on media at the server or remote host. Likewise, the authentication process could occur on the software located on any remotely located media. As can be contemplated, the authentication process could access and/or authenticate software or data located at any location accessible via communication medium. Thus, advantages of networked systems can be realized using the authentication process described and claimed herein. For example, gaming devices linked via a computer network and located on a gaming area could automatically undertake the authentication process to update or load software or data to the gaming machines.

Returning again to FIG. 1, the device 98 also includes a fixed media 112 in communication with the processor 100 or the memory 102. The fixed media 112 comprises any media or memory capable of storing software code, applications, or data, such as that controlling operation of the device 98. In one embodiment the fixed media 112 comprises a hard disk drive. It is desired that the fixed media 112 be of a capacity sufficient to store large volumes of data and software to facilitate operation of modern devices that require such software.

A removable media reader 110 is also in communication with the processor 100 or memory 102. The removable media reader 110 comprises any device capable of reading a removable media. In one embodiment, the removable media reader 110 comprises a CD-ROM drive, although in other embodiments the removable media reader comprises a tape drive, other optical devices, such as DVD ROM, CD-ROM, flash memory reader, disk drive, `zip` drive, memory sticks, smart cards, wireless or infrared connections to a PDA or any other media interface, and devices that communicate over a USB communication link. The removable media reader 110 is configured to accept and read data from a removable media. It is contemplated that the removable media store software to be loaded onto the fixed media 112 or executed to facilitate operation of the device.

FIG. 3 illustrates a block diagram of exemplary contents of a removable media 158, the removable media being interfaced with the removable media reader or interface 110. In this example embodiment, the removable media 1