U.S. patent application number 11/232630 was filed with the patent office on 2007-03-22 for cashless gaming system and method.
Invention is credited to Earl Rowan.
Application Number | 20070066398 11/232630 |
Document ID | / |
Family ID | 37884934 |
Filed Date | 2007-03-22 |
United States Patent
Application |
20070066398 |
Kind Code |
A1 |
Rowan; Earl |
March 22, 2007 |
Cashless gaming system and method
Abstract
A gaming machine (100) and a method of operating a gaming
machine are provided. Encrypted information, including player
credit information and identification information, is received at
the gaming machine from a cash device (190) using a non-contact
reader (160). The received information is decrypted using one of a
preset number of stored time-stamped keys, the stored time-stamped
keys being stored in a first in first out buffer (SAM2) and having
been updated sequentially from a remote central server (110). The
gaming machine is enabled for play by the player if the information
has been successfully decrypted and the received player credit
information meets predetermined criteria to allow play on the
gaming machine. Updated information, including updated player
credit information, is encrypted with one of the stored
time-stamped keys on enablement of the gaming machine for play. The
encrypted updated information is written to the cash device. A
system including a plurality of such gaming machines and a central
server is also provided.
Inventors: |
Rowan; Earl; (Greenwich,
AU) |
Correspondence
Address: |
SEYFARTH SHAW LLP
131 S. DEARBORN ST., SUITE2400
CHICAGO
IL
60603-5803
US
|
Family ID: |
37884934 |
Appl. No.: |
11/232630 |
Filed: |
September 22, 2005 |
Current U.S.
Class: |
463/42 |
Current CPC
Class: |
G07F 17/3223 20130101;
G07F 17/32 20130101 |
Class at
Publication: |
463/042 |
International
Class: |
A63F 9/24 20060101
A63F009/24 |
Claims
1. A gaming machine including: a reader to read data representing
encrypted information, including credit value information and
unique identification information, from a player held device; a
connection component to connect to a remote central server, the
connection component being operable to receive updated time-stamped
keys from the remote central server; a storage component to store a
preset number of received time-stamped encryption keys in a first
in first out format; a decryption component to decrypt the
encrypted credit value information using one of the time-stamped
encryption keys stored in the storage component; an encryption
component to re-encrypt information including updated credit value
information; and a writer to write data representing the
re-encrypted information to the player held device identified by
the identification information.
2. A gaming machine according to claim 1, wherein the reader and
writer are non-contact devices.
3. A gaming machine according to claim 1, wherein the reader and
the writer are the same device.
4. A gaming machine according to claim 1, wherein the connection
component is intermittently operable to connect the gaming machine
to the remote server.
5. A gaming machine according to claim 1, wherein the
identification information includes a time-stamp identifier.
6. A method according to claim 5, wherein the decryption component
uses the time-stamp identifier to determine which of the preset
number of stored time-stamped keys is used to decrypt the credit
value information.
7. A gaming machine system including a plurality of gaming machines
according to any one of the preceding claims, and a central server,
connected, at least intermittently, to each gaming machine via the
respective connection component of each gaming machine.
8. A gaming machine system according to claim 7, the central server
further including a database to store all previously issued
time-stamped keys.
9. A gaming machine system according to claim 8, wherein the
central server is able to decrypt encrypted information, including
credit value information, from a player held device, using
time-stamped encryption keys no longer held in the respective
storage components of the gaming machines.
10. A method of operating a gaming machine, the method including:
receiving data representing information, including encrypted credit
value information and identification information, from a cash
device using a reader; decrypting the credit value information
using one of a preset number of stored time-stamped keys, the
stored time-stamped keys being stored in a first in first out
format and having been updated sequentially from a remote central
server; enabling the gaming machine for play by the player if the
credit value information has been successfully decrypted and the
received information meets predetermined criteria to allow play on
the gaming machine; encrypting updated information, including
updated credit value information, with one of the stored
time-stamped keys, on enablement of the gaming machine for play;
and and writing data representing the encrypted updated information
to the cash device.
11. A method according to claim 10, wherein the gaming machine is
connected to the remote central server to sequentially receive
time-stamped keys to be stored in first in first out format.
12. A method according to claim 10, wherein the gaming machine is
intermittently connected to the remote central server.
13. A method according to claim 10, wherein the predetermined
criteria include a minimum credit value held on the cash
device.
14. A method according to claim 10, further including the gaming
machine receiving money from a player and incorporating value of
the received money into the updated credit value information.
15. A method according to claim 10, further including encrypting
further updated information using one of the time-stamped keys
stored in the gaming machine at the time of encryption of the
further updated information at the end of a player session on the
gaming machine.
16. A method according to claim 15, wherein the further updated
information includes updated credit value information.
17. A method according to claim 15, wherein the encrypted further
updated information is written back to the cash device.
18. A method according to claim 17, wherein the encrypted further
updated information is written back to the cash device only after
the gaming machine has confirmed the identification information
from the cash device and that the same cash device has been
presented to the gaming machine on writing both the updated
information and further updated information.
19. A method according to claim 10, wherein the identification
information is encrypted and is decrypted using a fixed key held in
the storage component.
20. A method according to claim 19, wherein the identification
information includes a time-stamp identifier encrypted with a fixed
key.
21. A method according to claim 20, wherein the time-stamp
identifier is used to determine which of the preset number of
stored time-stamped keys is used to decrypt the credit value
information.
22. A method according to claim 20, further including writing a
revised time-stamp identifier to the cash device whenever updated
or further information is written to the cash device, the
time-stamp identifier being encrypted with a fixed key.
23. A carrier medium carrying processor readable code to control a
processor to carry out the method of claim 7.
Description
FIELD OF THE INVENTION
[0001] The present invention relates to systems for use in gaming
establishments such as casinos. In particular, the present
invention relates to systems for controlling cash handling
procedures within the gaming establishments.
BACKGROUND OF THE INVENTION
[0002] In order to minimise costs, reduce staff and increase
security there have been attempts to introduce systems that remove
or reduce cash handling procedures on the gaming room floor of a
gaming establishment. These systems range in functionality from
electronic tokens to Ticket in Ticket out systems (TITO), in which
printed bar-codes are issued at the end of play from a gaming
machine, each bar code uniquely identifying an entry in a central
database, and holding a record of the value associated with it,
which can be read at a further gaming machine. Although most
systems offer improvement on cash, none of the proposed systems
totally eliminates the major costs associated with the cash
handling processes. TITO systems are expensive to operate,
requiring staff to load blank tickets or change paper rolls, in
addition to servicing of printing parts. Printers are usually high
maintenance devices and the real costs and problems with this
system will not be apparent for some time. Contact Smartcards may
also suffer similar problems; although there may not be similar
issues with the operation, readers are expensive and prone to wear
and damage, as are the Smartcards.
SUMMARY OF THE INVENTION
[0003] Therefore, according to a first aspect of the invention,
there is provided a gaming machine including a reader to read data
representing information, including encrypted credit value
information and identification information, from a player held
device, a connection component to connect to a remote central
server, the connection component being operable to receive updated
time-stamped encryption keys from the remote central server, a
storage component to store a preset number of received time stamped
encryption keys in a first in first out buffer, a decryption
component to decrypt the encrypted credit value information using
one of the time-stamped encryption keys stored in the buffer, an
encryption component to re-encrypt information including updated
credit value information, and a writer to write data representing
the re-encrypted information to the player held device identified
by the identification information.
[0004] According to a second aspect, there is provided a gaming
machine system including a plurality of gaming machines according
to the first aspect of the invention, and a central server,
connected, at least intermittently, to each gaming machine via the
respective connection component of each gaming machine.
[0005] According to a third aspect, there is provided a method of
operating a gaming machine, the method including receiving data
representing information, including encrypted credit value
information and identification information, from a cash device
using a reader, decrypting the credit value information using one
of a preset number of stored time-stamped keys, the stored
time-stamped keys being stored in a first in first out format and
having been updated sequentially from a remote central server,
enabling the gaming machine for play by the player if the credit
value information has been successfully decrypted and the received
information meets predetermined criteria to allow play on the
gaming machine, encrypting updated information, including updated
credit value information, with one of the stored time-stamped keys
on enablement of the gaming machine for play, and writing data
representing the encrypted updated information to the cash
device.
[0006] A further aspect of the invention is a loyalty based reward
system, where products or services are given as prizes. A prize
pool may be provided, which may be incremented and decremented as a
result of predictive analysis of the turnover of an establishment
holding gaming machines, or a linked group of such establishments.
In a preferred form, the allocation of the prize is written to the
cash device of previous aspects of the invention from a gaming
machine. In this way, the credit value information can also include
credits relating to products and/or services, as well as cash
value. The allocated prizes held in the credit value information in
the cash device can then be redeemed from a product/service
provider, by presenting the cash device to a reader at the
provider.
[0007] Non-contact technology can be used in cashless gaming
machine floors. Non-contact card readers can be fully enclosed
within a gaming machine, and there are no moving parts or
components to damage or wear out. Additionally, non-contact readers
are small in size and easily retrofitted to existing machines. The
major reason that this technology has not been adapted to this
application has been a security issue. It has always been thought
that cards must be in the gaming machine at all times to execute
secure transactions.
BRIEF DESCRIPTION OF THE DRAWINGS
[0008] Specific embodiments of the invention will now be described,
purely by way of example, with reference to the accompanying
drawings, in which:
[0009] FIG. 1a shows a system according to an embodiment of the
invention;
[0010] FIG. 1b shows parts of a gaming machine terminal according
to an embodiment of the invention;
[0011] FIG. 1c shows a schematic of storage and transmission of
rolling keys used in an embodiment of the invention; and
[0012] FIG. 2 shows a method of use of a cash device and gaming
machine according to an embodiment of the invention.
DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION
[0013] FIG. 1a shows a system according to an embodiment of the
invention. The system includes a number of parts. Gaming machines
100 are provided on the game floor. The gaming machines 100 are
connected a central server 110, which is a remote server to the
gaming machines, via an Ethernet link. A central secure access
module SAM 1 is connected to the central server 110 via an
encrypted channel. The central server 110 is also connected by an
encrypted channel, via a first firewall 115 and an Ethernet link,
to cashier terminals 120, and automated cash dispensers 130. A
group of report servers 140 is also connected, via a second
firewall 150, to the central server 110. Additionally, integrated
payment terminals 155 are also provided, which are also connected
to the central server 110.
[0014] Communication between each gaming machine 100 and the
central server 110 is via a Lonworks Network and Ethernet Link.
This modular approach to communications allows considerable
extensibility within the system. The gaming machines 100 interface
via a six wire link (CAT5 cable) to a Lonworks to Ethernet router
(two wires for communications, four wires for power). Each device
can interface up to 62 gaming machines 100 and translates data to a
10/100 mbit Ethernet link. The Ethernet link interfaces via a port
switch at 100 mbit to the central server 110. All communications
cables are standard CAT5 Cable with plug terminated ends. The
communications between the gaming machines 100 and the central
server 110 are encrypted using 3DES algorithm. All free ports are
identified and secured against listening or other interference
devices. Any unidentified device is automatically locked-out and a
security alarm set.
[0015] The gaming machines 100 communicate with non-contact RF
smart card cash devices 190. The cash devices 190 are held by and
need not leave the possession of a player while they are on the
gaming room floor. In particular, the cash devices 190 can be
retained by the player at all times and need not be placed inside a
gaming machine 100, which would result in a temporary loss of
possession of the cash device 190. The cash devices 190 each hold
identification information, in the form of a unique identifier, and
a credit value (an amount of credit that the player currently
holds), marked with a timestamp. The information held on the cash
device 190 is encrypted. Each cash device 190 holds an encryption
key for reading/writing the timestamp held on the cash device.
[0016] The software run on the central server 110 forms the system
backbone providing a communications interface between all other
systems. The central server 110 also provides the communications
between the central security access module SAM1 of the central
server 110 and gaming machine security access modules SAM2 in the
gaming machines 100. It also provides an interface for a dynamic
key management system, discussed below.
[0017] The central server 110 provides all of the communications
management and analysis protocols. The central server provides: a
secure database; transaction tracing; gaming machine installation
tools; program download tools; communications analysis; gaming
machine reset tools; raw data tracing tools; Ethernet monitoring
tools; and security monitoring tools.
[0018] In the present embodiment, the central server 110 is a PC
operating Windows XP. The PC is of sufficient power to manage the
Ethernet communications and the database management. The data
through-put is dependent on the number of gaming machines 100 on
the network and the number of transactions that can occur. The
empirical formula to calculate maximum through-put is the product
of: the number of gaming machines; size of package; number of games
per minute played; and 20, divided by 60. Per link (fully
populated) is the product of: 62; size of package; number of games
per minute played; and 20, divided by 60.
[0019] Provision is also made for automated cash dispenser 130 and
cashier terminal 120 transactions. The database contains an
encrypted version of all raw communications data. An automatic
backup facility for all data via a RAID drive system or secured RAM
is effected.
[0020] The group of report servers 140 includes a membership server
144, a financial server 142 and a gaming analysis server 146. The
financial server 142 provides reporting functionality on all
financial transactions.
[0021] Each cashier terminal 120 is provided with a link to the
financial server 142 and a cash device reader. The cashier terminal
120 allows a cashier to see the transaction log of any cash device
190 presented to the reader. In operation a player presents their
cash device 190 to the reader and it automatically brings up the
transaction to date and the final balance on the cash device 190.
This is automatically checked against the value stored on the cash
device 190. Any variation is displayed. If the balance on the cash
device 190 is not the same as the reconciliation report provided by
the financial server 142, the cashier terminal 120 requests, via
the central server 110, the last transaction for the particular
gaming machine 100 (identified by unique number) stored on the cash
device. The central server maintains the reconciliation report
which should always balance with that stored on the cash device
190. Any discrepancies are referred to management and payment is
not made unless both the value stored on the cash device and
financial server 142 balance.
[0022] The automated cash dispensers 130 operate in a similar
fashion to normal banking ATMs. When a cash device 190 is presented
to a reader on the automated cash dispenser 130, the data is read
from the cash device 190 and it is cleared. This data is then
tested against a reconciliation report from the financial server
142. If both values agree, the automated cash dispenser 130
dispenses that amount of cash in note (or coins). If there is a
discrepancy, the player is asked to replace the cash device 190 on
the reader and the transaction is rolled back to the cash device
190. The player is then referred to a cashier for manual
reconciliation. This also occurs if the last transaction has
exceeded a pre-set time out, for example 24 hours, on the
transactions, as discussed below. This device interfaces to the
financial server 142 through the Ethernet link.
[0023] The membership server 144 provides a database of all users
and provides any required loyalty/marketing functionality. A player
must be a member to take part in the marketing promotions. A player
becomes a member by filing our personal details on an application
form. This data is entered into the membership server 144 and
stored in the membership database. A record is maintained of each
member's overall spend, playing time, preferential machines, days
in play, spend ratio and play since last award ratio. This rates a
member for special award functions. This provides information to
the gaming machines 100 via the central server 100 on specific
promotional awards. The membership server 144 can also run award
schemes as desired. In small systems the central server 110 may
also be required to run the membership/marketing software rather
than providing a separate membership server 142 for this
purpose.
[0024] The majority of Loyalty/Reward programs in operation are
points based systems where a user receives a discount by way of
collecting points for playing Gaming Machines. This results in the
Venue having an increasing debt directly related to points, which
are not redeemed. This `float` is increased by points that are not
redeemed. Unfortunately there is no way to effectively remove this
debt or know which part is real and which will never be redeemed.
The points are directly coupled to the user play rate and are
usually not sufficient to be attractive to the transient and small
volume player. It is also apparent that this method requires the
system to `track` an individual's spend on gaming. The points
awarded is equal to a player's spend machine Turnover multiplied by
a preset percentage. There is a direct relationship between a
player's spending and points collected.
[0025] Further to this, points are usually `cashed out` the money
being directly returned to the gaming machine. If this money is
lost the player feels that the points saving effort gave them
little reward. There are no dynamics in the system operation as
no-one other than the player receiving the award knows that it is
happening. This provides a `flat` marketing response, which is
constant through-out the play period.
[0026] To provide dynamics the venue must support the points based
system with further promotional activities expanding the real cost
of promotions. Such promotions usually involve a staff member
running a promotional event. This works only when the staff member
is proficient and the promotion is in operation when the Gaming
Room is at its maximum turnover.
[0027] A better model is to remove points from the system and
automate the Rewards to the player. The Rewards should be tangible
items which have an immediate and recognisable value. In the
present rewards system, a list of awards is entered into the
central server and a value assigned to each item. The award items
can be anything from a free drink to an overseas trip.
Additionally, awards can be in-house items or from third party
suppliers. The system `tracks` the total gaming room turnover from
data supplied from the gaming machines and using a predictive
analysis formula determines the future turnover.
[0028] Giving a simple representation, assuming ten minutes was
taken as the award period the system `tracks` the past 10 minute's
turnover to determine the next ten minute's turnover. A percentage
of the predicted turnover plus any residual turnover from previous
rewards is given as the available prize pool. At a random time and
to a random player an award is made from the prize pool to one of
the gaming machine players. This award will decrement the quantity
of this particular prize by one if set to decrement and also
increment the number of such prizes awarded.
[0029] When a prize is awarded audio and visual messaging supports
the win, so that all in the gaming room are aware of the promotion.
A message on the gaming machine LCD display will indicate to the
player that they have won a prize. To accept the prize the player
must place the cash device on the gaming machine which will `write`
the prize code to the cash device, in the same way as for a cash
credit value.
[0030] The prize can then be redeemed at a terminal in the specific
area relative to that award.
[0031] For example, a drink can be redeemed at a bar terminal
etc.
[0032] Although prizes are awarded consistently throughout the play
period the value of the prize is directly associated to the gaming
room turnover. In this way high value prizes are always awarded
when the gaming room is at its busiest. This is the most efficient
method of promotion; give the highest value prizes when the most
players can be notified. Audio and Visual messaging is pre-recorded
by professional actors and is presented automatically by the
system. This effectively removes the requirement to have staff
performing duties, which may lie outside their expertise.
[0033] Various advantages can be seen of this method of loyalty
based system. These include: no residual points liability; low
staff involvement; ability to run third party promotions (zero
cost); awards all players; awards transient players; promotions run
only at the most appropriate time; audio-visuals professionally
presented; low cost operation; promotions controlled by senior
management; total control of promotional budget; no individual
player tracking; and it is possible to remove turn-over tracking if
required (trade promotion).
[0034] Gaming machine analysis provides a method of testing the
effectiveness of each gaming machine 100 and its specific game. It
is possible to see instantaneously what is a profitable game and
what is not, and work game changes to fit what players want to
play. The gaming machine analysis server 146 maintains a record of
all plays on all gaming machines 100. This information is derived
from the central server 110 and includes all meters present on each
gaming machine 100. The meter configuration may vary in different
jurisdictions but as a minimum the following meters are required
for full analysis. Data may be entered manually from hard meters
(physical read outs on the gaming machines 100 themselves) where no
soft metering (automated, data up-linking meter) is available.
[0035] The actual net revenue can be said to equal clearances minus
the sum of: refills; cancelled credits; and short pays. The
operating percentage is net revenue divided by turnover multiplied
by 100. The expected net revenue is turnover multiplied by carded
percentage. The expected variation is the actual net revenue minus
the expected revenue. The break-even point is the ownership costs
divided by the return, in turn divided by: 1 minus any tax payable
(as a fraction). The ownership costs are monthly loan repayments,
fees and charges. The return is the gross turnover minus the return
to the player.
[0036] With regard to cash flow analysis, this can be determined by
adding: the opening hopper balance; turnover; hopper refills;
cancelled credits; jackpots; and short pay and subtracting:
jackpots; dollars won; and hopper closing balance to find the
expected cash clearance, which is equal to cash box meter minus the
actual cash clearance.
[0037] Various meters can be provided within the system. These may
include: A turnover meter, which records all credits
played/invested/bet on the gaming machines 100--this is all cash
and credits which go through the gaming machines 100; a total wins
meter, which records all credits won by the player on each gaming
machine 100, regardless of whether the credits are collected or
played; a cashbox meter, which records all coins to the cashbox and
notes to the note acceptor; a cancelled credit meter, which records
all credits cancelled manually by the attendant; a stroke meter,
which records the number of games played irrespective of credits
played; and a refill meter, which records all coins entered into
the hopper (manually incremented).
[0038] Management reports may also be provided by the system. These
may include Cash Flow Analysis reports. Cash flow analysis is a
method to measure, monitor and analyse the flow of money through a
gaming machine 100 from the point of insertion of money to its
point of clearance. Net Revenue Analysis reports may also be
provided. A net revenue analysis is undertaken to determine whether
a gaming machine is performing to its carded percentage.
[0039] Cash Flow Analysis reports may be provided. This report
provides a differential between the theoretical return to hotel for
each gaming machine and the actual return. This is a direct
measurement of gaming machine performance and is used to adjust
gaming machine carding to ensure maximum profitability from each
gaming machine.
[0040] Gaming Room Performance reports may also be provided. This
identifies the most successful and the least successful gaming
machines in the installation. By identifying the gaming machines,
recommendations can be made about their placement in the room, the
need to convert, or whether or not they should be traded out.
[0041] A Daily Performance report may be provided. This summarises
the daily performance of the gaming machine, cash in, cash out,
return to venue. It also presents an overview of gaming machine
performance and outlines lowest and highest performers. A Weekly
Performance report may also be provided. Like the daily performance
tracking report this report tracks the weekly performance of the
gaming room showing cash in, cash out and return to venue. This
provides a snapshot of current trends. It can be used to determine
current strategies for improved profitability.
[0042] Various ranking reports may also be provided. Break even
reports show when a gaming machine begins to make a return on
investment. Volatility reports show volatile games, which should be
identified as they can cause erratic variations on the venue's
returns making it difficult to maintain a predictable return.
Monitoring each game's performance allows such machines to be
isolated and corrective action taken to resolve these issues.
[0043] A gaming machine by denomination report determines what the
demand for a specific denomination of gaming machines is by the
players. It determines whether a specific denomination of gaming
machine is under or oversupplied on the gaming room floor.
[0044] A gaming machine by manufacturer report shows the popularity
of specific games change and this is dependant on which
manufacturer produces the most successful product. A venue must
assess this information to manage game changes and new machine
purchases. Ranking machines by manufacturer allow an operator to
maintain a critical watch on which manufactures are getting it
right.
[0045] In the present embodiment, as described above, the gaming
machines 100 offer differing types of games. FIG. 1b shows some
components of the gaming machines 100. Each gaming machine 100 has
a non-contact reader 160, a communications module 170 (in the
present embodiment, a FT-10), an LCD display 175 and a keyboard
180, all connected to the reader 160.
[0046] The gaming machine reader 160 includes an antenna 162, an
interface processor 164, connected to the antenna 162 via a RF
interface unit 166, a communications processor 168 and a gaming
machine secure access module SAM2, the last two both being
connected to the interface processor 166. The communications module
170, LCD display 175 and keyboard 180 are all connected to the
interface processor 164. In the present embodiment, the reader 160
also acts as a non-contact writer to write back to cash devices.
The communications module 170 acts as a connection for the gaming
machine to the central server. The gaming machine secure access
module SAM2 acts as a storage module for storing a predetermined
number of rolling keys, as described below. The interface processor
164 passes data to the module SAM2 which acts as both an encryption
and a decryption component. The interface processor 164 sends raw
data to the module SAM2, which encrypts it and returns it to the
interface processor 164 to pass to the central server and cash
device. The module SAM2 also receives encrypted data from the
interface processor 164, which it decrypts and passes back to the
interface processor 164.
[0047] Additionally, the gaming machines 100 each have software to
carry out the following functions: roll-back incomplete
transactions; read, write, read checking of all transactions;
de-bounce all keyboard functions; provide prioritised interrupt
drivers; have no redundant code; provide secure shutdown
procedures; provide secure back-up of cash values during power
down; manage LCD messaging; accept and process information from the
central server via the neuron chip; provide any loyalty system
interfacing to the computer using information from the central
server; and have complete and up-to-date documentation on all
functionality.
[0048] Embodiments of the invention employ dynamic key management.
Dynamic key management is a process that generates time domain
(rolling) encryption keys used in the present invention. The
rolling keys are 16 byte random keys, generated within the central
security access module SAM1, time stamped and 3DES encrypted with a
fixed internal security key. Each such rolling key is identifiable
by its exclusive time stamp. The process of using the rolling keys
is shown schematically in FIG. 1c. In operation the central server
110 issues a command on a pre-determined time scale to the central
module SAM1 to generate a key, the central module SAM1 responds by
generating random 3DES session keys and a time stamp. The module
SAM1 encrypts this rolling key data using the fixed internal
security key and passes the data to the central server 110. The
central server 110 in turn broadcasts the data to all gaming
machines 100. The central server 110 also broadcasts the data to
the automated cash dispensers 130. The timing of the broadcast in
the present embodiment is hourly. However, the timing may be
random, or contain a certain random element, in order to reduce
predictability.
[0049] When a gaming machine 100 receives the data, it passes it to
the gaming machine security access module SAM2 held by that gaming
machine 100. That gaming machine module SAM2 decrypts the rolling
key data using the fixed key shared between SAM1 and SAM2 and adds
it to its key table. Module SAM2 acts as a storage component for a
preset number of the received keys. Each such received key is added
to the key table in sequence. As described above, the key table is
set to hold a pre-defined number of keys and act as a first in
first out (FIFO) buffer of limited length. When the key table is
full the first-in key the oldest key in the buffer is deleted. On
each further addition of a new received key, the oldest stored key
is deleted from the FIFO buffer.
[0050] The automated cash dispensers each have a dispenser security
access module (not shown), which functions in the same way as the
gaming machine modules SAM2.
[0051] Data being sent to a cash device is 3DES encrypted using the
third most recently entered key in the buffer; this ensures that
all gaming machines recognise all keys. In the present embodiment,
a key is generated every hour and the maximum number of keys held
in the module SAM2 is set at 24. In this case, each key is valid
for a 24 hour period on any gaming machine 100. This gives a player
24 hours to use the stored credits on a gaming machine 100. Each
time the player transfers credits to the cash device a new key is
used to enable that transaction and the 24 hour period begins
again. Once the key is no longer available on a gaming machine 100
the player must cash out all credits at a cashier terminal. The
concept of rolling keys ensures that a player cannot remove a cash
device from the venue, attempt to modify data and return with a new
credit value.
[0052] As each cash device has its own identifying number,
transactions at the cashier terminal are linked to the central
server 110, which provides a reconciliation report on each specific
cash device. Hence, a complete trace of all transactions on each
individual cash device is available.
[0053] In order to successfully modify a cash device a player would
be required to know the time stamp, associated key, fixed keys,
3DES method, internal cash device read/write keys and internal cash
device ID Number and the gaming machine floor number. This is too
much information to uncover in the time frame available and even if
it could be managed this would only apply to that specific cash
device and that specific session key.
[0054] Additionally, in this case, the reconciled value held at the
central server regarding the cash device would not correspond to
that held on the cash device. In this case, once a discrepancy
between a transaction and the available recorded credit was
discovered on reconciliation, the cash device is blocked from
acting at any further gaming machines until the discrepancy has
been resolved. In this case, the player must visit a cashier
terminal before the cash device can be used on another gaming
machine.
[0055] Each transaction stored on a cash device includes the
following data:
[0056] 1. Last transaction encrypted by session keys:
[0057] a. Lonworks terminal ID--Unique ID number Neuron chip
(terminal ID)
[0058] b. Time/date stamp--Transaction real time and date
[0059] c. Stored credit value--cash value of this transaction
[0060] d. Transaction number--an incremental count of all
transactions (load count+pay count+1)
[0061] 2. Encrypted by fixed keys
[0062] a. Key time stamp--the issue number of the session key
[0063] b. Last load--the last value to be loaded to a gaming
machine
[0064] c. Last pay--the last value paid out on this cash device
[0065] d. Load count--number of loads to this cash device
[0066] e. Pay count--number of payouts from this cash device.
[0067] FIG. 2 shows a process for use of the reader at a gaming
machine. The reader reads the encrypted information from the cash
device. The cash device ID and timestamp identifier are read at
S202, S204. This information is decrypted at S206 using a fixed
key, shared between the cash devices and the readers. At S208, the
time-stamp identifier is used to identify the correct rolling key
to decrypt the encrypted stored value is read at S210. The
identified rolling key is then used to decrypt the value stored on
the cash device at S212. Once the stored credit value is decrypted,
the credit value is loaded to the gaming machine. The encrypted
information is, after decryption, compared to predetermined
criteria to determine whether the gaming machine is to be enabled
for play. The criteria may be just the identification of a valid
card, if cash has already been placed into the gaming machine, or
if a player is to be given an opportunity to insert cash into the
machine, as discussed below. Alternatively, the criteria may
include a minimum credit value held on the cash device before play
is enabled, as discussed below.
[0068] In general, a player is issued with cash device on entry to
the club or casino; this may be an anonymous device or registered
at the membership kiosk by filling out a membership application
form. A player uses one of the provided automated cash dispensers
discussed in relation to FIG. 1a to transfer cash to the cash
device. The player pre-loads the cash device with sum of money at
the automated cash dispenser by inserting coins or notes into an
appropriate Validator. This credit value is stored in the cash
device and a copy is also stored at the central server. The cash
dispenser makes use of the appropriate time-stamped encryption key,
received from the central server to encrypt the credit value added
to the cash device, which is then sent to the cash device using a
non-contact reader/writer. If the automated cash dispenser does not
have the appropriate key to encrypt the credit value to be placed
on the card, the dispenser queries the central module SAM1 to find
the appropriate key to encrypt the credit value with before
updating the cash device with the appropriate encrypted data.
[0069] On approaching a gaming machine a player places the cash
device near the gaming machine target (antenna) and this
automatically logs the player onto that gaming machine. The player
selects a cash amount to load to the gaming machine on a keyboard
in the gaming machine before placing the cash device on the gaming
machine. Once cash is inserted into the gaming machine, play begins
as normal, this continues until a player wishes to leave the gaming
machine.
[0070] If no play occurs within a pre-determined time and the
machine credits are below a pre-determined limit the player is
logged off the gaming machine. If the player presses the collect
button on the gaming machine the credits left on the gaming machine
are prepared to be transferred to the cash device and a prompt is
issued to the player to place their cash device near the gaming
machine target (antenna 162) at which time all credits are
transferred back to the cash device. If the cash device is not
presented within a pre-determined time limit then the transaction
is rolled back and all credits returned to gaming machine. All
transactions are logged by the gaming machine and transferred to
the central server.
[0071] A player may also cash-out the cash device credits at an
automated cash dispenser or at a cashier terminal. The automated
cash dispensers can decrypt the cash device credit value data in
the same way as the gaming machines. However, if the time-stamped
key with which the credit value was encrypted is no longer held in
the dispenser security access module, the dispenser can reconcile
the credit value directly with the central server.
[0072] The cashier terminals do not have time-stamp encryption key
holding security access modules, and so will always query the
central server when presented with a cash device.
[0073] By using such an operational method, embodiments of the
invention provides a secure method of cash handling removing the
requirement for staff to be involved in coin note collections.
Also, all cash float is removed from the gaming room floor. The
system provides enhanced security because all cash is held in a
security safe device. Additionally, the cash-out procedures can be
automated, and no cash counting required, so reducing staffing
requirements. Reconciliation and report generation can be carried
out automatically and when required. The reduced security risk of
the extra security should lower insurance premiums.
[0074] As well as that described above, it is also possible that no
cash is initially added to the cash device when it is given to the
player.
[0075] If no cash is initially loaded onto the cash device, on
approaching a gaming machine a player places the cash device near
the gaming machine target (antenna 162) and this automatically logs
the player onto that gaming machine. A player is able to insert
coin, tokens or bank notes into a gaming machine using a note/coin
Validator provided on the gaming machine. If no cash is inserted
into the gaming machine within a pre-defined time limit the player
is automatically logged off that machine. Once cash is inserted
into the machine play can begin as normal, this can continue until
a player wishes to leave the machine. If no play occurs within a
pre-determined time and the gaming machine credits are below a
pre-determined limit the player is logged off. If the player
presses the collect button on the gaming machine the credits left
on the machine are prepared to be transferred to the gaming machine
and a prompt is issued to the player to place their cash device
near the gaming machine target and all credits are transferred to
the cash device. The reader transfers the value to the module SAM2,
which encrypts it using the third most recently received rolling
key. This encrypted value is then sent to the cash device and
stored. If the cash device is not presented within a pre-determined
time limit then the transaction is rolled back and all credits
returned to the gaming machine.
[0076] A player can transfer credits from the cash device to a
further gaming machine by pressing the LOAD button on the gaming
machine and placing the cash device near the gaming machine reader.
The credits on the cash device are transferred to the gaming
machine and then to the gaming machine module SAM2. All or some of
the credit value held on the cash device can be transferred to the
gaming machine as desired by a player. The gaming machine module
SAM2 references the rolling key used to encrypt the data at the
last gaming machine, or automated cash dispenser, by querying the
time-stamp, which is encrypted using the cash device fixed key. If
the time-stamp corresponds to one of the stored rolling keys in the
module SAM2, then the value is decrypted using that key. A reader
can decrypt a credit value stored on a cash device between the most
recent rolling key and the depth of the FIFO buffer. The credit
value is then transferred from the cash device to the gaming
machine by updating the cash device value to reflect the chosen
reduction of value transferred to the gaming machine. If this
transaction fails, the player is prompted to place the cash device
near the gaming machine target and the transaction is rolled back
to the cash device. All transactions are logged by the gaming
machine and transferred to the central server. If no rolling key is
available for the timestamp given to the value held on the cash
device, then the value will not be available for transfer to the
gaming machine, and the credit value can only be redeemed at a
cashier terminal, which is connected to the central server. The
credit value can be redeemed as the central server central module
SAM1 holds all keys, not just the most recent. Transactions for
keys removed from the gaming machine modules SAM2 will have been
reconciled, and so the credit value held on the cash device, and
that the credit value remains outstanding will be known before the
cash device is presented at the cashier terminal. Any discrepancy
will therefore be noticed and can be investigated.
[0077] Even before the end of the period in which the rolling key
used to encrypt a credit value is valid, a player may cash-out the
cash device credits at an automated cash dispenser or at a cashier
terminal. Reconciliation can then be carried out during pay out, or
can be deferred, with the credit value held on the cash device
being taken as an accurate reflection of the credit value
transferred from the gaming machines at the end of play.
[0078] Because the actual credit value of funds available to a
player is held by the cash device, rather than the cash device
holding an identifier that is referred back to a central server to
give the credit value, the bandwidth of transmission across the
network is substantially reduced. Additionally, reconciliation does
not have to be carried out in real time for the system to operate.
It is possible for the network to be completely removed for periods
of time, i.e. the connection is intermittently functional to
connect the gaming machines to the central server. The gaming
machines will still function when acting in offline mode because
actual credit value can still be transferred between gaming
machines and cash devices without any central input from the
central server. The gaming machines can store transaction data
ready to be uploaded to the central server once the network
connection is regained, so that reconciliation can then be carried
out.
[0079] The present invention has been described above purely by way
of example and alterations, omissions and modifications can be
made, such modifications, omissions and alterations also falling
within the spirit and scope of the invention. The present invention
has been described above with the aid of functional building blocks
illustrating the performance of specified functions and
relationships thereof. The functional building blocks have been
arbitrarily defined herein while describing embodiments of the
invention. Alternate definitions can be defined so long as the
specified functions and relationships thereof are maintained. The
invention extends to any such alternate definitions. It will be
seen that the functional building blocks can be implemented by
application specific integrated circuits, discrete components,
processors executing appropriate software and the like or any
combination thereof.
* * * * *