U.S. patent application number 10/291926 was filed with the patent office on 2004-05-13 for identifying message senders.
This patent application is currently assigned to IGT. Invention is credited to Benbrahim, Jamal, Brosnan, William, LeMay, Steven G..
Application Number | 20040092310 10/291926 |
Document ID | / |
Family ID | 32229318 |
Filed Date | 2004-05-13 |
United States Patent
Application |
20040092310 |
Kind Code |
A1 |
Brosnan, William ; et
al. |
May 13, 2004 |
Identifying message senders
Abstract
A disclosed gaming network provides a method and system for
identifying message senders through use of a communication protocol
that includes a message field containing message contents and a
verification field containing a verification signature. The
verification signature is calculated by a message sender utilizing
a valuation of the message contents and an identifier value
provided by the message receiver.
Inventors: |
Brosnan, William; (Reno,
NV) ; Benbrahim, Jamal; (Reno, NV) ; LeMay,
Steven G.; (Reno, NV) |
Correspondence
Address: |
BEYER WEAVER & THOMAS LLP
P.O. BOX 778
BERKELEY
CA
94704-0778
US
|
Assignee: |
IGT
|
Family ID: |
32229318 |
Appl. No.: |
10/291926 |
Filed: |
November 7, 2002 |
Current U.S.
Class: |
463/42 |
Current CPC
Class: |
G06F 21/606 20130101;
G07F 17/3241 20130101; G06F 21/64 20130101; G07F 17/3239 20130101;
G06F 2221/2109 20130101; G07F 17/32 20130101; H04L 63/126
20130101 |
Class at
Publication: |
463/042 |
International
Class: |
A63F 009/24 |
Claims
What is claimed is:
1. A method of communicating between two gaming devices on a gaming
machine network, the method comprising: sending a request for a
first identifier value from a first gaming device to a second
gaming device, the first gaming device having message contents to
be sent to the second gaming device; receiving the first identifier
value from the second gaming device; generating a verification
signature at the first gaming device using a valuation of the
message contents and the first identifier value; and sending the
message contents and the verification signature from the first
gaming device to the second gaming device.
2. The method of claim 1, further comprising: storing the first
identifier value in a memory structure at the first gaming
device.
3. The method of claim 1, further comprising: receiving a request
from the second gaming device to resend the message contents and
the verification signature; resending the message contents and the
verification signature.
4. The method of claim 1, further comprising: sending a plurality
of messages to the second gaming device from the first gaming
device, the sending of each message comprising: generating a
message identifier value; generating a message verification
signature using a valuation of the message contents and the message
identifier value; and generating a message with the message
contents and the message verification signature. wherein the
message identifier value generated in each message is from a
sequence of identifier values that are known by the second gaming
device.
5. The method of claim 4, wherein the sequence of identifier values
is a random number sequence generated using a random number
generator seeded with the first identifier value.
6. The method of claim 4, wherein a message verification algorithm
used to generate the message verification signature changes from
message to message.
7. The method of claim 1, wherein the verification signature is
generated using a private signature key.
8. The method of claim 1, wherein the message contents and the
verification signature are sent from the host server to the target
gaming machine according to a protocol comprising at least: a
message field containing the message contents, and a verification
field containing the first verification signature.
9. The method of claim 1, further comprising: decrypting the first
identifier value using a private encryption key.
10. The method of claim 1, further comprising: generating a
symmetric encryption key; encrypting the symmetric encryption key
using a public encryption key from the second gaming device;
encrypting the message contents using the symmetric encryption key;
and sending the encrypted symmetric encryption key to the second
gaming device.
11. The method of claim 1, further comprising: identifying the
second gaming device.
12. The method of claim 11, wherein the second gaming device is
identified using a unique hardware serial number stored on the
first gaming device.
13. The method of claim 1, wherein the first gaming device is a
gaming machine and the second gaming device is a gaming
machine.
14. The method of claim 1, wherein the first gaming device is a
host server and the second gaming device is a gaming machine.
15. The method of claim 1, wherein first gaming device is selected
from the group consisting of a gaming machine, a cell phone, a
personal digital assistant, a host server, a remote computer and a
portable gaming device.
16. The method of claim 1, wherein second gaming device is selected
from the group consisting of a gaming machine, a cell phone, a
personal digital assistant, a host server, a remote computer and a
portable gaming device.
17. The method of claim 1, wherein the message contents are at
least one of player tracking information, accounting information,
bonus game information, a game event from a game of chance played
on a gaming machine, electronic fund transfer information, gaming
software and combinations thereof.
18. A method of communicating between two gaming devices on a
gaming machine network, the method comprising: receiving a request
at the first gaming device from a second gaming device for a first
identifier value wherein the first gaming device has message
contents to be sent to the second gaming device; generating a first
identifier value; sending the first identifier value to the second
gaming device; receiving a first message comprising the message
contents and a verification signature from the second gaming
device; generating a second verification signature using the
message contents and the stored first identifier value; and
determining whether the second verification signature is equal to
the verification signature, and if equal, accepting the first
message for further processing by the gaming machine.
19. The method of claim 18, further comprising: storing the first
identifier value in a memory structure at the second gaming
device.
20. The method of claim 18, further comprising: rejecting the
verification signature and terminating the processing of the first
message.
21. The method of claim 18, further comprising: encrypting the
first identifier value prior to sending it to the second gaming
device.
22. The method of claim 21, wherein the first identifier value is
encrypted using a public encryption key for the second gaming
device.
23. The method of claim 18, further comprising: authenticating an
identify of the second gaming device.
24. The method of claim 23, wherein the identity of the second
gaming device is authenticated using a serial number supplied by
the second gaming device.
25. The method of claim 23, wherein the identity of the second
gaming device is authenticated using a public signature key
provided by the second gaming device.
26. The method of claim 18, further comprising: generating the
second verification signature using a public signature key
corresponding to a private signature key used by the second gaming
device to generate the verification signature.
27. The method of claim 18, further comprising: decrypting at least
one of the a portion of the message contents, the verification
signature and combinations thereof.
28. The method of claim 27, wherein the at least one of the portion
of the message contents, the first verification and combinations
thereof have been encrypted with a public encryption key
corresponding to a private encryption key used by the first gaming
device.
29. The method of claim 18, further comprising: receiving a
plurality of messages from the second gaming device, the receiving
of each message comprising: receiving first message contents and a
first verification signature for each of the plurality of message;
determining a message identifier value in a sequence of message
identifier values used to generate the first verification
signature; generating a message verification signature using a
valuation of the message contents and the message identifier value;
and determining whether the first verification signature is equal
to the message verification signature.
30. The method of claim 18, wherein the first gaming device is a
gaming machine and the second gaming device is a gaming
machine.
31. The method of claim 18, wherein the first gaming device is a
host server and the second gaming device is a gaming machine.
32. The method of claim 18, wherein first gaming device is selected
from the group consisting of a gaming machine, a cell phone, a
personal digital assistant, a host server, a remote computer and a
portable gaming device.
33. The method of claim 18, wherein second gaming device is
selected from the group consisting of a gaming machine, a cell
phone, a personal digital assistant, a host server, a remote
computer and a portable gaming device.
34. The method of claim 18, wherein the message contents are at
least one of player tracking information, accounting information,
bonus game information, a game event from a game of chance played
on a gaming machine, electronic fund transfer information, gaming
software and combinations thereof.
35. A gaming machine network comprising: at least one host server,
the host server including verification software that enables the
host server to obtain an identifier value from a gaming machine,
and in response to obtaining the identifier value, enables the host
server to generate a message according to a protocol that permits
the gaming machine to identify a sender of the message; a plurality
of gaming machines, each gaming machine comprising: a master gaming
controller configured to control one or more games of chance played
on the gaming machine, a memory configured to store a plurality of
verification software elements that allow the gaming machine to
identify the sender of a message on the gaming machine network; and
a network allowing communication between the host server and the
plurality of gaming machines.
36. The gaming machine network of claim 35, wherein the protocol
further comprises: a message field; and a verification field.
37. The gaming machine network of claim 36, wherein the message
field contains message contents and the verification field contains
a verification signature.
38. The gaming machine network of claim 37, wherein the
verification signature is generated using a valuation of the
message contents and the identifier value.
39. The gaming machine network of claim 35, wherein the host server
further comprises: host server encryption software for decrypting
the identifier value encrypted by the gaming machine and for
encrypting, as needed, at least a portion of the message sent to
the gaming machine.
40. The gaming machine network of claim 39, wherein the host server
encryption software utilizes a private encryption key.
41. The gaming machine network of claim 35, wherein the gaming
machine further comprises: gaming machine encryption software for
encrypting the identifier value prior to sending to the host server
and for decrypting, as needed, at least a portion of the message
encrypted by the host server.
42. The gaming machine network of claim 41, wherein the gaming
machine encryption software utilizes a public key.
43. The gaming machine network of claim 35, wherein the
verification software further comprises: verification signature
generation software for generating a verification signature.
44. The gaming machine network of claim 43, wherein the
verification signature generation software utilizes at least one of
a private signature key, the identifier value, message contents and
combinations thereof to generate the verification signature.
45. The gaming machine network of claim 35, wherein the
verification software elements further comprise: verification
signature authentication software elements for determining the
authenticity of a verification signature.
46. The gaming machine network of claim 45, wherein the
verification signature authentication software utilizes at least
one of a public signature key, the identifier value, message
contents and combinations thereof to authenticate the verification
signature.
47. The gaming machine network of claim 35, wherein the host server
and the plurality of gaming machines further comprise: identifier
generation software for generating a sequence of message identifier
values that are used to generate verification signatures for a
sequence of messages.
Description
FIELD OF THE INVENTION
[0001] The present invention relates to gaming machines, such as
slot machines and video poker machines. More particularly, the
present invention relates to methods and systems for identifying
the sender of a message to a gaming machine or the host server of a
gaming machine.
BACKGROUND OF THE INVENTION
[0002] There are a wide variety of associated devices that can be
connected to a gaming machine such as a slot machine or video poker
machine. Some examples of these devices are lights, ticket
printers, card readers, speakers, bill validators, ticket readers,
coin acceptors, display panels, key pads, coin hoppers and button
pads. Many of these devices are built into the gaming machine or
components associated with the gaming machine such as a top box
which usually sits on top of the gaming machine.
[0003] Typically, utilizing a master gaming controller, the gaming
machine controls various combinations of devices that allow a
player to play a game on the gaming machine and also encourage game
play on the gaming machine. For example, a game played on a gaming
machine usually requires a player to input money or indicia of
credit into the gaming machine, indicate a wager amount, and
initiate a game play. These steps require the gaming machine to
control input devices, such as bill validators and coin acceptors,
to accept money into the gaming machine and recognize user inputs
from devices, including key pads and button pads, to determine the
wager amount and initiate game play. After game play has been
initiated, the gaming machine determines a game outcome, presents
the game outcome to the player and may dispense an award of some
type depending on the outcome of the game.
[0004] The operations described above may be carried out on the
gaming machine when the gaming machine is operating as a "stand
alone" unit or linked in a network of some type to a group of
gaming machines. As technology in the gaming industry progresses,
more and more gaming services are being provided to gaming machines
via communication networks that link groups of gaming machines to a
remote computer that provides one or more gaming services. As an
example, gaming services that may be provided by a remote computer
to a gaming machine via a communication network of some type
include player tracking, accounting, cashless award ticketing,
lottery, progressive games and bonus games.
[0005] Typically, network gaming services enhance the game playing
capabilities of the gaming machine or provide some operational
advantage in regards to maintaining the gaming machine, such as
better accounting management or player tracking. Thus, network
gaming services provided to groups of gaming machines linked over a
dedicated communication network of some type have become very
popular in the gaming industry.
[0006] In general, the dedicated communication network is not
accessible to the public. To justify the costs associated with the
infrastructure needed to provide network gaming services on a
dedicated communication network, a certain critical number of
gaming machines linked in a network of some type must utilize the
service. Thus, many of the network gaming services are only
provided at larger gaming establishments where a large number of
gaming machines are deployed.
[0007] A progressive game network offering progressive game
services is one example where a group of gaming machines are linked
together using a dedicated network to provide a network gaming
service. The progressive game services enabled by the progressive
game network increase the game playing capabilities of a particular
gaming machine by enabling a larger jackpot than would be possible
if the gaming machine was operating in a "stand alone" mode. The
potential size of the jackpot increases as the number of gaming
machines connected in the progressive network is increased. The
size of the jackpot tends to increase game play on gaming machines
offering a progressive jackpot which justifies the costs associated
with installing and maintaining the dedicated progressive game
network. Another example would be a bonus network that enables
players to choose a particular prize they play for, and in some
instances to access information related to the prize over the
network.
[0008] Within the gaming industry, a particular gaming entity may
also desire to provide network gaming services and track the
performance of gaming machines under the control of the entity.
Thus, other dedicated networks may also connect the gaming machines
to host servers which enable accounting management, electronic fund
transfers (EFTs), cashless ticketing, such as EZPay.TM., marketing
management, and data tracking, such as player tracking.
[0009] FIG. 1 is a block diagram depicting gaming machines within a
dedicated communication network for a typical gaming entity
currently operating in the gaming industry. On a casino floor,
there are typically several different types of gaming machines
produced by different manufacturers. Each of the gaming machines
may include a variety of different systems that allow a casino to
manage different aspects of the gaming machine.
[0010] In FIG. 1, the gaming machines, 102, 126, 128, 130, and 132
are connected to a host server 124 that receives data for a
particular dedicated network 122. Within a casino, the gaming
machines 102 and 126-132 are typically located on the floor for
player access while the host server 124 is usually located in the
backroom of the casino for security purposes. In some designs, a
device for concentrating the data and/or converting the physical
transmission medium of the network to a format accepted by the host
server 124 may be present between the gaming machines 102 and
126-132 and the host server 124.
[0011] Gaming machine 102 and the other gaming machines on the
network typically include a main cabinet 106 and a top box 104. The
main cabinet 106 usually houses the main gaming elements, although
the top box 104 may include some peripheral systems, such as a
player tracking system.
[0012] As earlier described, the master gaming controller 108
typically controls the game play on the gaming machine 102 and
receives or send data to various input/output devices on the gaming
machine 102. The master gaming controller 108 may also communicate
with a display 110, electronic funds transfer system 112, bonus
system 114, EZ pay system 116, e.g., cashless ticketing system and
player tracking system 120. The systems of the gaming machine 102
typically communicate with the host server 124 via a communication
board 118. In some instances, the gaming machine 102 may also
include an encryption system for decrypting or encrypting data
communicated from or to the host server 124.
[0013] Due to the sensitive nature of much of the information, such
as electronic fund transfer information, usually the manufacturer
of a system or group of systems employs a particular networking
language having proprietary protocols. These proprietary protocols
are usually considered highly confidential and are not released
publicly. As a receiving entity on the network cannot identify the
sender of data on the network, the proprietary protocol is used to
prevent unauthorized communications, such as tampered data. In
theory, a communication from a sender using the proprietary
protocol must be legitimate as only an approved sender would have
access to the proprietary protocol.
[0014] Further, when a new system is introduced for use with a
gaming machine, rather than trying to interpret all the different
protocols utilized by different manufacturers, which are typically
proprietary and thus not accessible, the new system is typically
designed as a separate network. Consequently, as more systems are
introduced, the independent network structures continue to build up
in the casino. Thus, it will be appreciated that although one
dedicated network 122 is shown in the present illustration linking
the gaming machines 102 and 126-132 to the host server 124, the
gaming machines may have other dedicated networks connecting them
to one or more host servers 124.
[0015] The use of many different proprietary protocols and their
attendant dedicated networks, becomes costly for the gaming entity
and introduces logistic costs whenever the network needs to be
moved during a casino layout change or when gaming devices
utilizing a new proprietary protocol are added to the network. With
increasing sophistication of data tampering devices, it is becoming
more difficult to ensure that the data received from a sender is
indeed sent by an authorized sender even when an authorized
proprietary protocol has been used. Therefore, the security
benefits of using proprietary protocols may be outweighed by the
logistics and maintenance costs associated with ensuring
communication compatibility in a gaming network gaming devices that
utilize many different non-compatible proprietary communication
protocols.
[0016] In view of the above, it would be desirable to have a method
and/or device that identifies the sender of a message on a network
as an authorized sender.
SUMMARY OF THE INVENTION
[0017] The present invention addresses the needs indicated above
through a method and system which identify the sender of message
using a message transport protocol that includes a verification
field in addition to a message field.
[0018] One aspect of the present invention includes a method for
identifying the sender of a message on a gaming machine network.
The method may be generally characterized as including: sending a
request for a first identifier value from a host server to a target
gaming machine, the host server having message contents to be sent
to the target gaming machine; receiving the request at the target
gaming machine; generating a first identifier value at the target
gaming machine; storing the first identifier value in a memory
structure at the target gaming machine; sending the first
identifier value from the target gaming machine to the host server;
receiving the first identifier value at the host server; storing
the first identifier value in a memory structure at the host
server; generating a verification signature at the host server
using a valuation of the message contents and the first identifier
value; sending the message contents and the verification signature
from the host server to the target gaming machine; receiving the
message contents and the verification signature at the target
gaming machine; calculating a check value at the target gaming
machine; determining at the gaming machine whether the check value
is equal to the verification signature, and if equal, accepting the
message for further processing by the gaming machine.
[0019] Another aspect of the present invention provides a gaming
machine network. The gaming machine network may be generally
characterized as including: at least one host sever, the host
server including verification software that enables the host server
to obtain an identifier value from a gaming machine, and in
response to obtaining the identifier value, enables the host server
to generate a message according to a protocol that permits the
gaming machine to identify the sender of the message; a plurality
of gaming machines, each gaming machine including: a master gaming
controller configured to control one or more games played on the
gaming machine, a memory configured to store a plurality of
verification software elements that allow the gaming machine to
identify the sender of a message on the gaming machine network; and
a network allowing communication between the host server and the
plurality of gaming machines.
[0020] Another aspect of the invention pertains to computer program
products including a machine-readable medium on which is stored
program instructions for implementing any of the methods described
above. Any of the methods of this invention may be represented as
program instructions and/or data structures, databases, etc. that
can be provided on such computer readable media. Yet another
embodiment of the present invention is a system for delivering
computer readable instructions, such as transmission, over a signal
transmission medium, of signals representative of instructions for
remotely administering any of the methods as described above.
[0021] These and other features of the present invention will be
presented in more detail in the following detailed description of
the invention and the associated figures.
BRIEF DESCRIPTION OF THE DRAWINGS
[0022] FIG. 1 is an illustration of a gaming machine found in the
prior art.
[0023] FIG. 2 is a block diagram representation of a prior art
message format including a message field.
[0024] FIG. 3 is a block diagram representation of a communication
protocol having a verification field in addition to a message field
according to one embodiment of the present invention.
[0025] FIGS. 4 and 5 are flow diagrams illustrating a method of
identifying a message sender according to one embodiment of the
present invention.
[0026] FIG. 6 is a flow diagram illustrating the key loading of the
host server according to one embodiment of the present
invention.
[0027] FIG. 7 is a flow diagram illustrating the key loading of the
gaming machine according to one embodiment of the present
invention.
[0028] FIG. 8 is an illustration of a gaming network including a
verification system according to one embodiment of the present
invention.
[0029] FIG. 9 is a block diagram representation of a host server
verification module according to one embodiment of the present
invention.
[0030] FIG. 10 is a block diagram representation of a gaming
machine verification module according to one embodiment of the
present invention.
[0031] FIG. 11 is a perspective drawing of a gaming machine for one
embodiment of the present invention.
[0032] FIG. 12 is a block diagram of a gaming network for one
embodiment of the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0033] The present invention provides for identifying message
senders in a gaming machine network to enable gaming machines to
verify they are communicating to a legitimate host system, as well
as the reverse.
[0034] FIG. 2 is a block diagram representation of a prior art
message format including a message field. Typically, the message
field 202 includes message contents to be sent to a gaming machine
or host system according to a particular gaming network protocol.
As earlier discussed gaming protocols are generally proprietary to
prevent tampering of the message contents. As such, the devices on
the gaming network do not identify the message sender, but rather
recognize the proprietary protocol.
[0035] FIGS. 3 through 10 illustrate several embodiments of the
present invention which provide for identification of a message
sender in a gaming machine. It will be appreciated that various
hardware and software architectures may be used to implement the
present invention and that the embodiments shown in FIGS. 3-10 are
intended to illustrate the present invention rather than limit it.
Any of the embodiments may also provide for the further encryption
and/or physical protection of the information being stored and
transmitted. Additionally, although the present invention will be
described primarily in regard to identification of a message from a
host server by a gaming machine, the reverse may also be
implemented, as well as both.
[0036] As discussed with reference to FIG. 2, current communication
protocols used between a gaming machine and host server typically
include a message field 202. When the message contents includes
sensitive data, such as electronic fund transfer data, bonus
transfer data, or electronic credit data, the data is typically
sent in the clear, or encrypted prior to sending. The former method
relies on the security of the gaming network communication protocol
used and/or the physical security of the transmission lines to
prevent data tampering. The latter method increases the processing
time and data load on the transmission lines, and can be costly to
install a secure network.
[0037] In mitigation of the above-mentioned considerations, the
present invention provides for a communication protocol in which a
verification field is used in addition to the message field.
[0038] FIG. 3 is a block diagram representation of a communication
protocol having a verification field in addition to a message field
according to one embodiment of the present invention. The message
field 202 contains the message contents to be transmitted to a
first gaming device, such as a gaming machine, from a second gaming
device, such as another gaming machine or a remote server. The
verification field 304 contains a verification signature. The
verification signature may be primarily used for two purposes: 1)
to identify the sender of the message and 2) to determine whether
the contents of the message in the message filed 202 have been
modified or altered.
[0039] In one embodiment, a verification signature using
public-private signature key pairs may be used. In public-private
signature key pair verification method, a first gaming device may
give its public signature key to a number of other gaming devices
(see FIGS. 6 and 7). When the first gaming device desires to send a
message to a second gaming device that possesses its public
signature key with a verification signature, the first gaming
device applies a hash algorithm to the message contents in the
message field 202 to generate a message digest. A verification
signature may be generated from the message digest using a digital
signature algorithm. The digital signature algorithm may use the
private signature key and the message digest to generate the
verification signature. A message with the message contents in the
message field 202 and the verification signature may be sent to the
second gaming device. The second gaming device applies the hash
algorithm to generate a message digest. Then, with the message
digest, the first gaming device's public signature key and the
verification signature, the second gaming device may apply a
verification algorithm.
[0040] The verification algorithm is designed such that only a
verification signature generated from the message digest and the
private signature key will match the output from the verification
algorithm generated using the public signature key and the message
digest. The output from the verification algorithm is compared to
the verification signature received in the message. When the output
matches the verification signature, it may be assumed that the
message contents have not been altered and the identity of the
message sender is the first gaming device. One example of a method
that may be used with the present invention is the digital
signature standard (DSS) approved by the U.S. government.
[0041] In the present invention, to provide further security
against lost or inserted messages, a secret value may be appended
to the message contents sent in each message exchanged between two
gaming devices. The secret value changes the hash value of the
message contents and may change with each message. The secret value
may be exchanged beforehand by the two gaming devices (i.e., prior
to initiating communications) or may be exchanged at the time
communication between the two gaming devices is initiated. For
instance, a public-private encryption scheme may be used to
exchange a secret value between the two devices. The secret value
may be used to prevent an attacker from sneaking in during a
message exchange between the two gaming devices and pretending to
be one or both parties.
[0042] The verification signature in the verification field 304 may
be used with or without encryption in the following manners. The
message field 202 may be encrypted but a verification signature may
not be generated. In this case, only a recipient with an encryption
key can read the message. However, the recipient may not determine
an identity of the sender of the message. In another embodiment,
the message may include the verification signature but the message
contents may not be encrypted. In this case, any recipient of the
message may determine from the signature the identity of the
sender. In yet another embodiment, the message contents in the
message field 202 may be encrypted and then a verification
signature may be generated. In this case, only a recipient with an
appropriate encryption key may read the message but any recipient
of the message may be able to tell who sent the message. In another
embodiment, the verification signature may be generated and then
the verification signature and the message contents may be
encrypted. In this case, only a recipient of the message with an
appropriate encryption key may be able to read the message and
determine the identity of the sender of the message.
[0043] In one embodiment, public-private asymmetric encryption keys
may be used with the present invention. In a public-private
encryption method, information encrypted with the public encryption
key may be decrypted only using the corresponding private
encryption key of the public-private encryption key pair and
information encrypted with the public encryption key may be
decrypted only using the private encryption key. Thus, an entity
with a private encryption key of public-private encryption key pair
may give its public encryption key to many other entities. The
public encryption key may be made available (via an Internet
server, e-mail, or some other means) to whoever needs or wants it.
The private encryption key, on the other hand, is kept secret. Only
the owner of the key pair is allowed to possess the private
encryption key. The other entities may use the public encryption
key to encrypt data. However, as long as the private encryption key
remains private, only the entity with the private encryption key
can decrypt information encrypted with the public encryption
key.
[0044] In one embodiment, the identity of a message sender may be
determined using public-private encryption key pairs. Two gaming
devices, each storing public-private encryption key pairs, may
exchange public encryption keys (see FIGS. 6 and 7). Then, the
gaming devices may exchange a series of messages that are encrypted
with each other's public keys. For instance, a first gaming device
may send a message with information that is encrypted with a second
gaming device's public encryption key. As an example, the
information may be a randomly generated number. The information
sent by the first gaming device is also stored by the first gaming
device.
[0045] The second gaming device may receive the message from the
first gaming device and decrypt the information with its private
key. Then, the second gaming device may encrypt the information
with the first gaming device's public encryption key and send a
reply message with encrypted information to the first gaming
device. The first gaming device decrypts the information in the
message using its private encryption key. Then, the first gaming
device compares the information sent in the original message with
the information received in the reply message. When the information
received in the reply message from the second gaming device matches
the information sent to the second gaming device, the identity of
the second gaming device is authenticated since only the possessor
of the private key may decrypt a message encrypted with its public
key. Details of exchanging encryption keys in a secure manner,
which may be applied to the present invention, are described in
co-pending U.S. application Ser. No. 09/993,163, by Rowe et al.,
filed Nov. 16, 2001 and entitled "A Cashless Transaction
Clearinghouse," which are incorporated herein by reference in its
entirety and for all purposes.
[0046] In general, public-key algorithms are very slow and it is
impractical to use them to encrypt large amounts of data. In a
symmetric encryption algorithm, the same encryption key is used to
encrypt and decrypt information. In practice, symmetric algorithms
are used for encryption/decryption of large amounts of data, while
the public-private encryption key algorithms are used merely to
encrypt the symmetric keys. Methods of asymmetric and symmetric
keys that may be used to transfer encrypted data in the present
invention are described co-pending U.S. application Ser. No.
10/116,424, filed Apr. 3, 2002, by Nguyen et al. and entitled,
"Secured Virtual Network in a Gaming Environment," which is
incorporated herein in its entirety and for all purposes.
[0047] FIGS. 4 and 5 are flow diagrams illustrating a method for
identifying message senders according to one embodiment of the
present invention. The method in FIGS. 4 and 5 may be implemented
between any two gaming devices in a gaming network (see FIG. 12).
However, for illustrative purposes only, a message exchange between
a gaming machine and a host server is described. Prior to beginning
the method, the host server and gaming machine are started up and
may be loaded with 1) encryption keys, 2) signature keys and 3)
combinations thereof. Start up procedures for a gaming machine and
host server are well-known to those of skill in the art and will
only be briefly described herein.
[0048] In one embodiment, the host server is loaded with a private
encryption key and the gaming machine is loaded with a public
encryption key corresponding to the host server's private
encryption. The host server private key is kept secret and is used
to decrypt data encrypted with its public encryption key by other
gaming devices, such as the gaming machine. Messages encrypted with
the public key can be decrypted using the private key. The public
key is not secret and is used to encrypt data sent to the host
server although the public key may initially be given only to
gaming devices authorized to communicate with the host server. The
gaming machine may be loaded with a private-public encryption key
pair and the gaming machine's public encryption key may be loaded
onto the host server. Encryption key loading of both the gaming
machine and host server are briefly discussed herein with reference
to FIGS. 6 and 7.
[0049] In another embodiment, the host server and/or the gaming
machine may be loaded with public-private signature key pairs. In a
public-private signature key method, a message may be signed with a
verification signature using a private signature key. The private
signature key is kept secret. The verification signature may only
be reproduced when the corresponding public signature key is
applied to the message contents. When the verification signature is
reproduced using the public signature key and the message contents
of the message, the recipient of the message can assume that 1) the
message contents have not been altered and 2) the message was sent
by the owner of the private signature key that generated the
verification signature. As described with respect to FIG. 3,
public-private encryption keys and public-private signature keys
may be used in combination.
[0050] At step 402, the host server initiates a secure
communication sequence with the gaming machine. The secure
communication sequence may comprise a plurality of messages
exchanged between the host server and the gaming machine. The
secure communication sequence may be initiated after a request for
the secure communication sequence is received from the gaming
machine. In some instances, as will be later described herein with
reference to step 438 of FIG. 5, this initial step may also be the
result of a request from the gaming machine to the host server to
reinitiate a connection with the gaming machine.
[0051] At step 404, the host server sends a request to the gaming
machine for an identifier value. Preferably, this request is sent
unencrypted as the request contains no sensitive data.
[0052] At step 406, the gaming machine receives the request, and,
in response to the request, the gaming machine generates an
identifier value. In a preferred embodiment, the identifier value
is a numerical value produced using an algorithm, such as a random
number generator algorithm.
[0053] At step 408, the gaming machine then stores the generated
identifier value in memory, and preferably, in a secure memory
structure. For instance, in one embodiment, the secure memory
structure may be a non-volatile RAM used on the gaming machine.
Details of a secure memory structure that may be used with present
invention are described in co-pending U.S. application Ser. No.
09/689,498, filed Oct. 17, 2000, by Stockdale, et al., and
entitled, "High Performance Battery Backed Ram Interface," which is
incorporated by reference in its entirety and for all purposes.
[0054] At step 410, the gaming machine generates a response
including the identifier value.
[0055] At step 412, the gaming machine encrypts the response using
the public encryption key for the host server.
[0056] At step 414, the gaming machine sends the encrypted response
to the host server.
[0057] At step 416, the host server receives and decrypts the
response using its private encryption key.
[0058] At step 418, the host server stores the identifier value in
memory, and preferably, in a secure memory structure.
[0059] At step 420, the host server calculates a sent verification
signature using the identifier value and the message contents. In
one embodiment, the sent verification signature is a value
calculated by applying a one-way computational algorithm to the
message contents and to the identifier value and combining the
values. For example, a check-sum algorithm may be applied to both
the message contents and to the identifier value. The resulting
check-sum values may then be added together to produce a
verification signature.
[0060] In general, an output from the one-way computational
algorithm that operates on an information string, such as the
message contents, is referred to as the message digest. For
instance, the check sum values from the check sum algorithm are the
message digest for the check sum algorithm. A characteristic of the
one-way computational algorithms applied to the information strings
are that the algorithms provide one-way computations. In a one-way
computation, there is no known way, without infeasible amounts of
computation, to determine the information string used to generate
the message digest using the one-way computational algorithm. These
algorithms are similar to the scrambling operations used in
symmetric key encryption, with the exception that there is no
decryption key. Thus, the operation is irreversible.
[0061] In other embodiments, the verification signature may be a
value calculated by applying an algorithm to only the message
contents, and then combining the obtained message digest value with
the identifier value. For example, the check-sum algorithm may be
applied to the message contents only, and then the identifier value
added to the message contents value. In another embodiment, the
identifier value may be appended to the message contents and then
verification signature may be generated from the combined message
contents and identifier signature.
[0062] In still other embodiments, other algorithms may be used in
place of a check-sum algorithm. For example, hashing algorithms,
such as MD5, MD2, MD4, and SHA (secure hash algorithm), may be also
used. SHA is used with the digital signature standard approved by
the U.S. government. Further, the combination of the method
contents value and the identifier value, may also be made using
other mathematical operations, such as, multiplying, dividing,
subtracting, etc.
[0063] Regardless of the algorithm used to calculate the
verification signature, it is calculated using both the identifier
value and a valuation of the message contents.
[0064] At step 422, the host server builds a message having the
message contents in the message field and the verification
signature in the verification field.
[0065] At step 424, the host server sends the message including the
verification signature to the gaming machine. In one embodiment,
neither the message contents nor the verification signature are
encrypted, however, in other embodiments, part of or all of the
message may be encrypted, such as when personal information or
other sensitive information is part of the message contents. For
example, the identifier value may be used to generate a symmetric
encryption key which is used to encrypt the message. In another
example, the gaming machine may have provided the host server with
its public encryption key. An advantage of not using encryption is
that the network traffic loads in the gaming network may be reduced
and computation loads for the gaming devices may be reduced.
[0066] At step 426, the host server increments the identifier value
stored in memory according to some algorithm to produce a new
identifier value. For example, the host server may increment the
identifier value by one. As will be seen further herein, the gaming
machine will also increment its stored identifier value according
to the same algorithm. In this way, both the gaming machine and the
host server will independently increment their identifier values
after each message completion until a connection disruption or
re-initiate circumstance occurs, such as when the verification
signature sent does not equal the check value calculated by the
gaming machine.
[0067] In one embodiment, the identifier value, which may have been
randomly generated, may be used to generate a sequence of message
numbers. For instance, the identifier value may be used as a seed
in a random number generator. When both the gaming machine and the
host server use the same seed in the same random number generator,
the sequence of random numbers generated from the random number
generators will be the same. In general, any numerical formula may
be used to generate a sequence of message numbers as long as both
the gaming machine and the host server can reproduce the sequence
of message numbers.
[0068] The numbers in the sequence of message numbers specified by
the identifier value may be appended to the message contents and a
message digest used in the verification signature may be generated
from message contents. In another example, a first message digest
may be generated from the message contents and a second message
digest may be generated from the message number. The first message
digest and the second message digest may be combined via a formula.
For instance, the numbers may be simply added together or
multiplied together to provide the verification signature for the
message. The message number is not sent with the message contents.
Therefore, an attacker that has intercepted the message with
message contents and is attempting to generate a fake message with
the message contents and a verification signature is not able to
generate the correct verification signature unless it knows the
message number used in the verification sequence.
[0069] In another embodiment, the sequence of message numbers may
specify the algorithm used to generate the message digest used in
the verification sequence. For example in a first message sequence,
the first message may use a first hash algorithm to generate the
verification signature, the second message may use a second hash
algorithm to generate the verification signature and the third
message may use a check-sum algorithm to generate the verification
signature. In a second message sequence, the first message may use
the second hash algorithm to generate the verification signature,
the second message may use the check-sum algorithm to generate the
verification signature and the third message may use the first hash
algorithm to generate the verification signature. The order of
which algorithms to use for each message the sequence of messages
may be determined by the identifier value.
[0070] At step 428, the gaming machine receives the message.
[0071] At step 430, the gaming machine calculates a message digest
from the message contents and a corresponding verification
signature.
[0072] At step 432, the gamine machine determines when verification
signature it has generated equals the verification signature sent
in the message.
[0073] At step 434, if the verification signatures match, then the
gaming machine accepts the message and forwards it on for further
processing by the gaming machine, e.g., the message sender is
identified.
[0074] At step 436, the gaming machine increments the stored
identifier value according to the same algorithm used by the host
server and stores the incremented identifier value in its
place.
[0075] Alternatively, if the gaming machine determines that the
verification signature that it has generated does not equal the
verification signature sent in the message, at step 438, the
message is not accepted, and an alert message or a request to
reinitiate a connection with the gaming machine may be sent to the
host server. It will be appreciated that the unaccepted message may
also be simply discarded, however, this is not a preferred method
of handling the unaccepted message as a legitimately sent message
may have been corrupted during sending. Thus, it would be
preferable to contact the sending host server of the disruption to
allow a resend of the message.
[0076] In one embodiment of the present invention, hardware serial
numbers may be used to identify message senders. For instance, a
MAC address from a devices network card may be used in the message
identifying process. In other example, gaming machines usually
store one or more unique serial numbers. The unique serial numbers,
which may be encrypted, may be used in the identifying process. For
instance, a host server may store a table or list of unique serial
numbers for each gaming machine and/or gaming device that may
communicate with the host server. The unique serial number may be
used with an algorithm to generate a message digest that is used in
a verification signature. Thus, when the gaming machine identifies
itself in a message, the verification signature is compared to the
verification signature expected from the gaming machine with the
serial number identified in the message. For the gaming machine
identified in the message, the host server may obtain the serial
number using a table look-up. The verification signatures will only
match when the correct serial numbers have been used.
[0077] As earlier described, prior to implementing the present
invention, as described in FIGS. 4 and 5, encryption keys are
loaded in both the host server and the gaming machines of the
gaming network. Descriptions of these processes are briefly
described below.
[0078] FIG. 6 is a flow diagram illustrating the key loading of the
host server according to one embodiment of the present invention.
As earlier described, the host server, at step 602, is loaded with
a private encryption key which, at step 604, is stored in memory
structure either in or associated with the host server. Loading of
the private encryption key may be made in any of a variety of ways,
such as through a network connection, via a hand held device, such
as a key loader, individual key insertion, or wireless
transmission. The host server may be loaded with other information
depending on how the messages are identified. For instance, the
host server may be loaded with a list of gaming device serial
numbers used to identify the gaming devices, a list of public
encryption keys used by different gaming devices and a list of
public signature keys used by other gaming devices.
[0079] FIG. 7 is a flow diagram illustrating the key loading of the
gaming machine according to one embodiment of the present
invention. As earlier described, the gaming machines, at step 702,
are loaded with a public encryption key which, at step 704, is
stored in a memory structure in each gaming machine. Loading of the
encryption key may be made in any of a variety of ways, such as
through a network connection, via a hand held device, such as a key
loader, individual key insertion, or wireless transmission. The
gaming machine may be loaded with other information depending on
how the messages are identified. For instance, the gaming machine
may be loaded with a list of gaming device serial numbers used to
identify the gaming devices, a list of public encryption keys used
by different gaming devices, a list of public signature keys used
by other gaming device, a private signature key and a private
encryption key.
[0080] FIG. 8 is an illustration of a gaming network including a
verification system according to one embodiment of the present
invention. As illustrated, the gaming machines 802, as well as
gaming machines 826-832, includes a gaming machine verification
module 834 and the host server 824 includes a host verification
module 836 that enable the implementation of the present invention,
for example, as described with reference to FIGS. 3-7. Although the
gaming machine verification module 834 is shown connected to the
network 822 via the communication board 818, it will be appreciated
that the module 834 may be differently connected so long as
verification of the message sender can be implemented.
[0081] The present invention can be embodied in a wide variety of
software and/or hardware implementations. FIGS. 9 and 10 described
below, provide only one example of a host server verification
module and of a gaming machine verification module that may be used
in implementing the present invention.
[0082] FIG. 9 is a block diagram representation of a host server
verification module according to one embodiment of the present
invention. In the present embodiment, assume the host server
requires a message to be sent to a gaming machine on the gaming
network. The host server sends the message contents to the host
server verification module 836. If there is no identifier value
stored in memory, such as in secure memory 910, the request
generator 904 may generate a request to be sent to the gaming
machine for an identifier value.
[0083] As earlier discussed, the response including the identifier
value returned from the gaming machine may be encrypted either
entirely or partially. Thus, when the identifier value is received,
the module 836 will decrypt the identifier value using a private
key stored in memory 914. When decrypted, the identifier value may
be stored in secure memory 910.
[0084] Verification signature generator 908 will generate a
verification signature using a valuation of the message contents
and the identifier value. The message generator 904 then generates
a message including the message contents and the verification
signature to be sent from the host server to the gaming machine.
Depending upon the message contents, for example, personal
information, the message contents may be encrypted prior to
sending.
[0085] FIG. 10 is a block diagram representation of a gaming
machine verification module according to one embodiment of the
present invention. When the gaming machine receives the request,
the gaming machine verification module 834 generates an identifier
value at identifier value generator/incrementor 1006. The
identifier value is stored in a memory structure, such as secure
memory 1010.
[0086] The response generator 1004 then generates a response
including the identifier value and encrypts the response and/or the
identifier value using the public key stored in memory 1014 of
encryption module 1012. The response is then sent from the gaming
machine verification module 834 to the gaming machine for sending
to the host server.
[0087] When the gaming machine verification module 834 receives the
message, including the message contents and verification signature,
from the host server, it will first decrypt any encrypted portions
using the public key stored in memory 1014 of encryption module
1012.
[0088] The check verification signature generator 1008 then
generates a verification signature using the identifier value
stored in memory 1010, the message contents and an appropriate
algorithm. If the generated verification signature equals the
verification signature received in the message, the message sender
is verified, e.g., identified, and the message is accepted. The
message is then communicated as needed to the gaming machine
components and the identifier value held in memory 1010 is
incremented, for example, by one or according to some other
algorithm, by the identifier value generator/incrementor 1006. The
incremented value is then stored in memory, such as memory
1010.
[0089] If the generated verification signature does not equal the
verification signature received in the message then the message is
not accepted and the gaming machine verification module 834, may
send an alert and or may request a reinitiate message to the host
server, for example, utilizing the response generator 1004.
[0090] For general communications between two gaming devices, each
of the gaming devices may have two modules corresponding to a host
server module 836 and the gaming machine verification module as
described in FIGS. 8-10. Thus, either of the gaming devices may
assume the role of the host or the gaming machine as previously
described. An advantage of gaming devices with both modules, the
gaming network may be configured more flexibly. For instance,
gaming devices with both modules may act as hosts, clients or both
host and clients.
[0091] Turning to FIG. 11, a video gaming machine 2 of the present
invention is shown. Machine 2 includes a main cabinet 4, which
generally surrounds the machine interior (not shown) and is
viewable by users. The main cabinet includes a main door 8 on the
front of the machine, which opens to provide access to the interior
of the machine. Typically, the main door 8 and/or any other portals
which provide access to the interior of the machine utilize a
locking mechanism of some sort as a security feature to limit
access to the interior of the gaming machine. Attached to the main
door are player-input switches or buttons 32, a coin acceptor 28,
and a bill validator 30, a coin tray 38, and a belly glass 40.
Viewable through the main door is a video display monitor 34 and an
information panel 36. The display monitor 34 will typically be a
cathode ray tube, high resolution flat-panel LCD, or other
conventional electronically controlled video monitor. Further, the
video display monitor 34 may be a touch screen. The touch screen
may respond to inputs made by a player touching certain portions of
the screen. The information panel 36 is a back-lit, silk screened
glass panel with lettering to indicate general game information
including, for example, the number of coins played. The bill
validator 30, player-input switches 32, video display monitor 34,
and information panel are devices used to play a game on the game
machine 2. The devices are controlled by a master gaming controller
(not shown) housed inside the main cabinet 4 of the machine 2. Many
possible games, including traditional slot games, video slot games,
video poker, and keno, may be provided with gaming machines of this
invention.
[0092] The gaming machine 2 includes a top box 6, which sits on top
of the main cabinet 4. The top box 6 houses a number of devices,
which may be used to add features to a game being played on the
gaming machine 2, including speakers 10, 12, 14, a ticket printer
18 which prints bar-coded tickets 20, a key pad 22 for entering
player tracking information, a florescent display 16 for displaying
player tracking information, a card reader 24 for entering a
magnetic striped card containing player tracking information, and a
video display screen 42. Further, the top box 6 may house different
or additional devices than shown in the FIG. 11. For example, the
top box may contain a bonus wheel or a back-lit silk screened panel
which may be used to add bonus features to the game being played on
the gaming machine. During a game, these devices are controlled, in
part, by the master gaming controller (not shown) housed within the
main cabinet 4 of the machine 2.
[0093] Understand that gaming machine 2 is but one example from a
wide range of gaming machine designs on which the present invention
may be implemented. For example, not all suitable gaming machines
have top boxes or player tracking features. Further, some gaming
machines have only a single game display mechanical or video, while
others are designed for bar tables and have displays that face
upwards. As another example, a game may be generated in on a host
computer and may be displayed on a remote gaming terminal or a
remote gaming device. The remote gaming device may be connected to
the host computer via a network of some type such as a local area
network, a wide area network, an intranet or the Internet. The
remote gaming device may be a portable gaming device such as but
not limited to a cell phone, a personal digital assistant, and a
wireless game player. Thus, those of skill in the art will
understand that the present invention, as described below, can be
deployed on most any gaming machine now available or hereafter
developed.
[0094] Returning to the example of FIG. 11, when a user wishes to
play the gaming machine 2, he or she inserts cash through the coin
acceptor 28 or bill validator 30. At the start of the game, the
player may enter playing tracking information using the card reader
24, the keypad 22, and the florescent display 16. Further, other
game preferences of the player playing the game may be read from a
card inserted into the card reader. During the game, the player
views game information using the video display 34. Other game and
prize information may also be displayed in the video display screen
42 located in the top box.
[0095] During the course of a game, a player may be required to
make a number of decisions, which affect the outcome of the game.
For example, a player may vary his or her wager on a particular
game, select a prize for a particular game, or make game decisions
which affect the outcome of a particular game. The player may make
these choices using the player-input switches 32, the video display
screen 34 or using some other device which enables a player to
input information into the gaming machine. During certain game
events, the gaming machine 2 may display visual and auditory
effects that can be perceived by the player. These effects add to
the excitement of a game, which makes a player more likely to
continue playing. Auditory effects include various sounds that are
projected by the speakers 10, 12, 14. Visual effects include
flashing lights, strobing lights or other patterns displayed from
lights on the gaming machine 2 or from lights behind the belly
glass 40. After the player has completed a game, the player may
receive game tokens from the coin tray 38 or the ticket 20 from the
printer 18, which may be used for further games or to redeem a
prize. Further, the player may receive a ticket 20 for food,
merchandise, or games from the printer 18.
[0096] FIG. 12 is a block diagram of networked gaming machines and
gaming devices that may exchange messages that are identified using
the apparatus and methods of the present invention. Messages may be
exchanged between one or more of the gaming devices and the methods
and apparatus of the present invention may be used to identify the
message sender. A master gaming controller 224 is used to present
one or more games of chance on the gaming machines 61, 62 and 63.
The master gaming controller 224 in a gaming machine may also
communicate with other gaming devices in the gaming network, such
as the game server 90, other gaming machines, a cashless system
server 99, a player tracking accounting server 96, a bonus server
94, remote file storage devices 81 and 82, devices linked to the
gaming machine via the internet 97 or devices linked to the gaming
machine via a wide area progressive network 98.
[0097] For linked game play involving a plurality of linked gaming
machines, a game server 90 with a game controller 92 and/or the
bonus server 94 may be used to generate the outcomes of games of
chance and/or bonus games which may be displayed on the plurality
of gaming machines such as 61, 62 and 63. The game server 90 may
also be used to download gaming software and gaming information to
each of the gaming machines. The outcomes of bonus games and other
linked games may be based upon game play generated on the plurality
of gaming machines in communication with the game server 90. The
communication between gaming machines 61, 62, 63 and the bonus
server 94 and/or game server 90 may require that the senders of the
messages are identified and for a sequence of messages an
appropriate signature is assigned to each message.
[0098] The master gaming controllers 224 may communication with
devices located outside of the gaming machines by using the main
communication board 215 and network connections 71. The network
connections 71 may allow communications with remote gaming devices
via a local area network, an intranet, the Internet or combinations
thereof. The game server 90 and bonus game server 94 may also
communicate with a number of game devices via the network
connections 71 such as but not limited to the gaming machines 61,
62 and 63, the player tracking accounting server 96, the cashless
system server 99 and the remote file storage devices 81 and 82. In
general, the methods and apparatus of the present invention may be
used to identify message senders between any two gaming devices
that communicate with one another.
[0099] The gaming machines 61, 62 and 63 may use gaming software
modules to generate a game of chance that are distributed between
local file storage devices and remote file storage devices. For
example, to play a game of chance on gaming machine 61, the master
gaming controller may load gaming software modules into RAM 56 that
may be located in 1) a file storage device 226 on gaming machine
61, 2) a game server 90, 3) a file storage device 226 on gaming
machine 62, 4) a file storage device 226 on gaming machine 63, 5)
the remote file storage devices 81 and 82 or 6) combinations
thereof. In one embodiment of the present invention, the gaming
operating system may allow files stored on the local file storage
devices and remote file storage devices to be used as part of a
shared file system where the files on the remote file storage
devices are remotely mounted to the local file system. The file
storage devices may be a hard-drive, CD-ROM, CD-DVD, static RAM,
flash memory, EPROM's, compact flash, smart media, disk-on-chip,
removable media (e.g. ZIP drives with ZIP disks, floppies or
combinations thereof. For both security and regulatory purposes,
gaming software executed on the gaming machines 61, 62 and 63 by
the master gaming controllers 224 may be regularly verified by
comparing software stored in RAM 56 for execution on the gaming
machines with certified copies of the software stored on the gaming
machine (e.g. files may be stored on file storage device 226),
accessible to the gaming machine via a remote communication
connection. The transfer of software between devices may be enabled
by the methods of the present invention, which allow an identity of
a sender of data to be identified.
[0100] The game server 90 may also be a repository for game
software modules and software for other game services provided on
the gaming machines 61, 62 and 63. In one embodiment of the present
invention, the gaming machines 61, 62 and 63 may download game
software modules from the game server 90 to a local file storage
device to play a game of chance. The downloading of game software
may be initiated by the game server 90, the gaming machines 61, 62
and 63, a remote gaming device or combinations thereof. One example
of a game server that may be used with the present invention is
described in co-pending U.S. patent application Ser. No.
09/042,192, filed on Jun. 16, 1900, entitled "Using a Gaming
Machine as a Server" which is incorporated herein in its entirety
and for all purposes. In another example, the game server might
also be a dedicated computer or a service running on a server with
other application programs.
[0101] In one embodiment of the present invention, the processors
used to generate a game of chance may be distributed among
different machines. For instance, the game flow logic to play a
game of chance may be executed on the game server 90 by the
processors 92 while the game presentation logic for the game may be
executed on gaming machines 61, 62 and 63 by the master gaming
controllers 224. The gaming operating systems on gaming machines
61, 62 and 63 and the game server 90 may allow gaming events to be
communicated between different gaming software modules executing on
different gaming machines via defined APIs. The communication of
gaming events between gaming machines and gaming devices may
require that the senders of the message are identified. Details a
gaming software architecture that describes the game flow logic and
the presentation logic used in the present invention are described
in co-pending U.S. application Ser. No. 10/040,239, filed on Sep.
28, 2001, by LeMay, et al., and entitled, "Game Development
Architecture That Decouples The Game Logic From The Graphics
Logic," which is incorporated herein in its entirety and for all
purposes.
[0102] After the identities of communicating gaming devices has
been established, a game flow software module executed on the
trajectory-based game server 90 may send gaming events to a game
presentation software module executed on gaming machine 61, 62 or
63 to control the play of a game of chance, to control the play of
a bonus game of chance presented on gaming machines 61, 62 and 63.
As another example, the gaming machines 61, 62 and 63 may send
gaming events to one another via network connection 71 to control
the play of the shared bonus game played simultaneously on the
different gaming machines.
[0103] As illustrated in the foregoing description and drawings,
the present invention provides identification of message sender on
a gaming network utilizing a verification signature generated using
both the message contents and an identifier value.
[0104] Although the foregoing invention has been described in some
detail for purposes of clarity of understanding, it will be
apparent that certain changes and modifications may be practiced
within the scope of the appended claims. For instance, while the
gaming machines of this invention have been depicted as having a
top box mounted on top of the main gaming machine cabinet, the use
of gaming devices in accordance with this invention is not so
limited. For example, a gaming machine may be provided without a
top box, or may have additional boxes or devices attached, or may
be configured in bar tops, table tops, or other structures.
Further, the location of the signature input devices on the gaming
machine may vary widely in different embodiments, thus, the
examples described herein are not intended to be limiting of the
present invention. Additionally, the gaming machine may be designed
as a stand alone gaming device or networked with other gaming
devices including other servers or gaming devices over the Internet
or through other wired and wireless systems.
* * * * *