U.S. patent application number 11/509950 was filed with the patent office on 2008-03-27 for quantum gaming system.
This patent application is currently assigned to IGT. Invention is credited to John H. Kim.
Application Number | 20080076525 11/509950 |
Document ID | / |
Family ID | 39225671 |
Filed Date | 2008-03-27 |
United States Patent
Application |
20080076525 |
Kind Code |
A1 |
Kim; John H. |
March 27, 2008 |
Quantum gaming system
Abstract
A device, method and system to generate a plurality of true
random numbers in a gaming machine having a processor designed or
configured to process the plurality of random numbers, at least one
quantum mechanical random number generator coupled to the processor
to generate the plurality of random numbers, a memory coupled to
the processor to store the plurality of random numbers, and an
input/output (I/O) interface coupled to the processor to receive
and transmit data.
Inventors: |
Kim; John H.; (Reno,
NV) |
Correspondence
Address: |
BEYER WEAVER LLP
P.O. BOX 70250
OAKLAND
CA
94612-0250
US
|
Assignee: |
IGT
Reno
NV
|
Family ID: |
39225671 |
Appl. No.: |
11/509950 |
Filed: |
August 25, 2006 |
Current U.S.
Class: |
463/22 |
Current CPC
Class: |
G07C 15/006 20130101;
A63F 7/048 20130101 |
Class at
Publication: |
463/22 |
International
Class: |
A63F 9/24 20060101
A63F009/24 |
Claims
1. A gaming device to generate a plurality of random numbers in a
gaming machine, comprising: a processor designed or configured to
process the plurality of random numbers; at least one true random
number generator coupled to the processor to generate the plurality
of random numbers; a memory coupled to the processor to store the
plurality of random numbers; and an input/output (I/O) interface
coupled to the processor to receive and transmit data.
2. The device of claim 1, wherein the true random number generator
is a quantum random number generator.
3. The device of claim 1, wherein the data contains the plurality
of random numbers.
4. The device of claim 1, wherein the data is transmitted to a
remote gaming server.
5. The device of claim 1, wherein the plurality of random numbers
are used to generate a game of chance on the gaming machine.
6. The device of claim 5, further comprising a display to display
the game of chance.
7. The device of claim 1, wherein the I/O interface is a wireless
transceiver
8. The device of claim 1, wherein the I/O interface is a network
card.
9. The device of claim 1, wherein the I/O interface is a universal
serial bus (USB).
10. The device of claim 1, wherein the I/O interface is a
peripheral component interconnect (PCI) bus.
11. The device of claim 1, further comprising a basic input output
system (BIOS) coupled to the processor to perform a self test of
the device.
12. The device of claim 1, further comprising at least one door,
lock, sensor, evidence tape, and combinations thereof to secure the
device.
13. The device of claim 1, wherein the memory is a random access
memory (RAM).
14. The device of claim 1, further comprising a read only memory
(ROM) coupled to the processor to store at least one software
program.
15. The device of claim 14, wherein the read-only memory is a
programmable read-only memory (PROM).
16. The device of claim 14, wherein the read-only memory is an
electronically erasable programmable read-only memory (EEPROM).
17. The device of claim 1, wherein the memory is a non-volatile
memory to store an operating system and at least one software
program.
18. A method for generating a plurality of random numbers in a
gaming machine, comprising: generating the plurality of random
numbers from a true random number generator; sharing at least one
encryption key with a remote gaming server; receiving a request
from the remote gaming server for at least one set of random
numbers; retrieving the at least one set of random numbers from a
first memory; encrypting the at least one set of random numbers;
and transmitting the encrypted set of random numbers to the remote
gaming server.
19. The method of claim 18, further comprising saving a copy of the
transmitted set of random numbers to a second memory.
20. The method of claim 18, wherein the sharing further comprises
forming the at least one encryption key from the plurality of
random numbers.
21. The method of claim 18, wherein the at least one encryption key
is a symmetric key.
22. The method of claim 18, wherein the at least one encryption key
is a private and public key pair.
23. The method of claim 18, wherein said sharing further comprises
generating a certificate request to a certificate authority for
authorization to use the at least one encryption key.
24. The method of claim 23, further comprising receiving an
authorization certificate from the certificate authority.
25. The method of claim 18, wherein the transmitting further
comprises encrypting the at least one set of random numbers for
privacy.
26. The method of claim 18, wherein the encrypting further
comprises digitally signing the at least one set of random
numbers.
27. The method of claim 18, wherein the generating further
comprises monitoring a power supplied to the true random number
generator.
28. The method of claim 18, wherein the remote gaming server is the
gaming machine.
29. The method of claim 18, further comprising receiving a request
to validate and audit the transmitted set of random numbers.
30. The method of claim 29, further comprising matching the
transmitted set of random numbers with the saved copy in the second
memory.
31. The method of claim 18, wherein the generating further
comprises testing the plurality of random numbers to ensure
randomness.
32. The method of claim 18, further comprising generating a game of
chance on the gaming machine with the transmitted set of random
numbers.
33. A method for generating a plurality of random numbers in a
gaming machine, comprising: generating a plurality of random
numbers from a true random number generator; removing a bias from
the plurality of random numbers; testing the plurality of random
numbers for non-randomness; and storing the plurality of random
numbers in a memory.
34. The method of claim 33, wherein the removing further comprises:
a) pairing the plurality of random numbers; b) removing at least
one common numbered pair; c) assigning a value to the remaining
pairs; and d) separating the plurality of paired bits into at least
one set of random numbers.
35. The method of claim 33, further comprising checking a power
supply to the true random number generator.
36. The method of claim 33, wherein the testing further comprises
applying at least one statistical randomness test to the plurality
of random numbers.
37. The method of claim 33, further comprising encrypting the
plurality of random numbers.
38. The method of claim 33, further comprising digitally signing
the plurality of random numbers with a private key generated from
the plurality of random numbers generated by the true random number
generator.
39. The method of claim 33, wherein the storing further comprises
deleting older sets of random numbers if the memory is full.
40. The method of claim 33, further comprising generating a game of
chance to be played on the gaming machine with the plurality of
random numbers.
41. An apparatus to play a game of chance, comprising: a processor
designed or configured to process a plurality of random numbers
used to play the game of the chance; at least one true random
number generator coupled to the processor to generate the plurality
of random numbers; a volatile memory coupled to the processor to
store the plurality of random numbers; a non-volatile memory
coupled to the processor to store at least one software program to
play the game of chance; an I/O device coupled to the processor to
receive and send data; and a display to display the game of
chance.
42. The apparatus of claim 41, wherein the I/O device is a set of
buttons.
43. The apparatus of claim 41, wherein the I/O device is a touch
screen display.
44. The apparatus of claim 41, wherein the I/O device is a
mechanical wheel.
45. The apparatus of claim 41, wherein the true random number
generator is a quantum random number generator.
46. The apparatus of claim 41, wherein the non-volatile memory is
an EEPROM.
47. A program storage device readable by a computer system, the
program storage device tangibly embodying a program of instructions
executable by the computer system to perform a method for
generating a plurality of random numbers in a gaming machine, the
method comprising: generating the plurality of random numbers from
a true random number generator; sharing at least one encryption key
with a remote gaming server; receiving a request from the remote
gaming server for at least one set of random numbers; retrieving
the at least one set of random numbers from a first memory;
encrypting the at least one set of random numbers; transmitting the
encrypted set of random numbers to the remote gaming server; and
saving a copy of the transmitted set of random numbers to a second
memory.
48. A program storage device readable by a computer system, the
program storage device tangibly embodying a program of instructions
executable by the computer system to perform a method for
generating a plurality of random numbers in a gaming machine, the
method comprising: generating a plurality of random numbers from a
true random number generator; removing a bias from the plurality of
random numbers; testing the plurality of random numbers for
non-randomness; and storing the plurality of random numbers in a
memory.
Description
FIELD OF THE INVENTION
[0001] The present invention relates to the generation of random
numbers for gaming systems. Even more particularly, the present
invention relates to the generation of true random numbers using
quantum mechanics for gaming systems.
BACKGROUND OF THE INVENTION
[0002] Most machines and methods employed for producing random
numbers are either "deterministic"--they follow a fixed, totally
predictable recipe--or are not truly random. There are a few
devices that produce truly random numbers, but they are subject to
being skewed by external influences or are very delicate and
expensive to maintain. Thus, an approximation of randomness has
turned out to be acceptable in the gaming industry.
[0003] In the gaming industry, current gaming machines utilize
pseudo random number generators to determine wagering and bonus
outcomes. The pseudo random number generator utilizes a
deterministic mathematical algorithm that generates a sequence of
"seemingly" random numbers. However, as the term "pseudo" implies,
the sequence of numbers generated by the pseudo random number
generator is not random at all. Pseudo random numbers are generated
using an arithmetical algorithm having an output of numbers that
can pass most statistical tests of randomness. However, it is
entirely deterministic and eventually repeats itself. Given the
variable that determines the sequence, the numbers are predictable
which cause the wagering outcomes of a wager based game to be
predictable also. This may also cause a casino to lose money.
[0004] Gaming and lottery industry regulations require that random
numbers, used for playing games of chance, pass certain minimum
statistical randomness tests to ensure fairness and unauthorized
tampering of the random numbers. The regulations also require the
auditing of used random numbers; a casino must be able to verify
that the sequence of random numbers, which resulted in a large
jackpot, originated from an authorized random number generator
belonging to the casino or lottery operator.
[0005] In view of the above, it would be desirable to develop
improved methods and devices for providing random numbers for
wagering games.
SUMMARY
[0006] The invention utilizes a true random number generator to
generate random numbers for use in a gaming machine. The random
numbers are non-deterministic, unpredictable, unbiased, and do not
repeat. A device and system to generate a plurality of random
numbers in a gaming machine may have a processor designed or
configured to process the plurality of random numbers, at least one
true random number generator coupled to the processor to generate
the plurality of random numbers, a memory coupled to the processor
to store the plurality of random numbers, and an input/output (I/O)
interface coupled to the processor to receive and transmit
data.
[0007] In another embodiment, the apparatus may have a processor
designed or configured to process a plurality of random numbers
used to play the game of the chance, at least one true random
number generator coupled to the processor to generate the plurality
of random numbers, a volatile memory coupled to the processor to
store the plurality of random numbers, a non-volatile memory
coupled to the processor to store at least one software program to
play the game of chance, an I/O device coupled to the processor to
receive and send data, and a display to display the game of
chance.
[0008] The invention also provides for a method for generating a
plurality of random numbers in a gaming machine. In one embodiment,
the method may have the plurality of random numbers generated from
a true random number generator, sharing at least one encryption key
with a remote gaming server, receiving a request from the remote
gaming server for at least one set of random numbers, retrieving
the at least one set of random numbers from a first memory,
encrypting the at least one set of random numbers, transmitting the
encrypted set of random numbers to the remote gaming server, and
saving a copy of the transmitted set of random numbers to a second
memory.
[0009] In another embodiment, the method may generate the plurality
of random numbers from a true random number generator, remove a
bias from the plurality of random numbers, test the plurality of
random numbers for non-randomness, and store the plurality of
random numbers in a memory.
BRIEF DESCRIPTION OF THE DRAWINGS
[0010] The accompanying drawings, which are incorporated into and
constitute a part of this specification, illustrate one or more
embodiments and, together with the detailed description, serve to
explain the principles and implementations of the invention.
[0011] In the drawings:
[0012] FIG. 1 is a block diagram of the components in a true random
number generating device for use in a gaming machine in accordance
with an embodiment of the present invention.
[0013] FIG. 2 is a block diagram of the components in a true random
number generating device for use in a gaming machine in accordance
with another embodiment of the present invention.
[0014] FIG. 3 is a flow chart illustrating a method for generating
a plurality of random numbers in a gaming machine in accordance
with one embodiment of the invention.
[0015] FIG. 4 is a flow chart of a method for generating a
plurality of random numbers in a gaming machine in accordance with
another embodiment of the invention.
[0016] FIG. 5 is a block diagram illustrating a system for
distributing random numbers to a remote gaming server in accordance
with an embodiment of the invention.
[0017] FIGS. 6A and 6B is a flow chart of a method for generating a
plurality of random numbers in a gaming machine in accordance with
yet another embodiment of the invention.
[0018] FIG. 7 is a diagram illustrating an exemplary gaming machine
in accordance with FIG. 2.
[0019] FIG. 8 is a block diagram illustrating an exemplary network
topology in accordance with an embodiment of the invention.
[0020] FIG. 9 is a block diagram illustrating a simplified
communication topology in accordance with an embodiment of the
invention.
DETAILED DESCRIPTION
[0021] Embodiments are described herein in the context of a quantum
gaming system. Those of ordinary skill in the art will realize that
the following detailed description is illustrative only and is not
intended to be in any way limiting. Other embodiments will readily
suggest themselves to such skilled persons having the benefit of
this disclosure. Reference will now be made in detail to
implementations as illustrated in the accompanying drawings. The
same reference indicators will be used throughout the drawings and
the following detailed description to refer to the same or like
parts.
[0022] In the interest of clarity, not all of the routine features
of the implementations described herein are shown and described. It
will, of course, be appreciated that in the development of any such
actual implementation, numerous implementation-specific decisions
must be made in order to achieve the developer's specific goals,
such as compliance with application- and business-related
constraints, and that these specific goals will vary from one
implementation to another and from one developer to another.
Moreover, it will be appreciated that such a development effort
might be complex and time-consuming, but would nevertheless be a
routine undertaking of engineering for those of ordinary skill in
the art having the benefit of this disclosure.
[0023] The invention utilizes a true random number generator using
quantum mechanics to generate random numbers for use in a gaming
machine. The gaming machine may be any type of gaming machine,
including mechanical slot games, video slot games, video poker,
video black jack, keno, bingo, video pachinko and lottery. The
gaming machine may be operable to provide a play of many different
instances of games of chance. The instances may be differentiated
according to themes, sounds, graphics, type of game (e.g., slot
game vs. card game), denomination, number of pay lines, maximum
jackpot, progressive or non-progressive, bonus games, etc. For
example, in a progressive bonus system that has a centralized bonus
system, the random numbers may be used to determine the winners of
the rewards, size of the reward (may be monetary amount), the
specific kind of reward (monetary, services, etc.), and the
frequency the rewards are given based upon the bonus budget. Thus,
the gaming machine may also be a system-wide bonus scheme. Those of
skill in the art will understand that the present invention, as
described below, can be deployed on most any gaming machine now
available or hereafter developed. An example of a true random
number generator is discussed in detail in U.S. Pat. No. 6,249,009,
filed Jun. 16, 1997, entitled "Random Number Generator" and will
not be discussed herein to prevent obfuscation of the present
invention.
[0024] However, as a brief description of a true random number
generator and not intended to be limiting, the generator may be a
quantum mechanical device using the wave particle duality of the
quantum particle and its uncertainty principle to generate the true
random numbers. The true random number generator may generate the
sequence of random numbers by detecting photons from the double
slit experiment to resolve the question of whether the light is
consisted of wave or particle. The photons, attenuated through a
neutral density filter from a laser, are sent through the double
slits and hit one of two detectors. The two detectors each cover
50% of the area where the photon is reached after the double slits.
The stream of photons, of which each photon is separated by a
certain distance, produces the plurality of true random numbers
either as a "1" or "0". The true random number generator registers
a "1" when the photon hits one detector and a "0" when the photon
hits the other detector. An individual photon is seen as passing
through both slits at once, interfering with itself, and localizing
either of the two detectors with a 50/50 probability.
[0025] The true random number generator described in U.S. Pat. No.
6,249,009 utilizes quantum mechanics having a laser, neutral
density filter, and a single photomultiplier tube that detects
photons. Other embodiments of a true random number generator may
have a laser, neutral density filter, beam splitter, and two
photomultiplier tubes that each detects a single photon from the
beam splitter.
[0026] FIG. 1 is a block diagram of the components in a true random
number generating device for use in a gaming machine in accordance
with an embodiment of the present invention. The core chipset 102
may control communications between the components of the device.
The core chipset 102 may have a memory controller hub (MCH) or
north bridge 104 and an input/output (I/O) controller hub (ICH) or
south bridge 106. The core chip set 102 may combine all the
features of the ICH with an accelerator graphic port (AGP) port and
connect directly to the processor. The functions of a core chip set
102 and the north 104 and south bridges 106 are known in the art
and will not be discussed in detail herein. Although the figures
illustrate specific components coupled to the core chip set 102,
they are exemplary components for one embodiment of the invention
and not intended to be limiting as other components may be
utilized.
[0027] As described above, the true random number generator 108 may
comprise a laser, neutral density filter, and one photomultiplier
tube to detect the photons. The random number generator 108 may be
coupled to the processor 110 through the core chipset 102 at the
south bridge 106. The true random number generator 108 may generate
500 kilobits of true random numbers per second. A random-access
memory (RAM) 112 may be coupled to the processor 110 through the
core chipset 102 at the north bridge 104 to store and process the
true random numbers generated by the true random number generator
108. The true random true numbers may be stored in the RAM 112 and
processed by the processor 110. Processing the true random numbers
may entail verifying the hardware integrity of the random number
generator 108, remove biases, testing the randomness, approving,
digitally signing, digitally verifying, encrypting, decrypting,
and/or auditing the random numbers, as will be discussed in detail
below. Once processed, the random numbers may be stored in the RAM
112.
[0028] The device 100 may also have a random number storage device
114 coupled to the processor 110 through the core chipset 102 at
the south bridge 106. The random number storage device 114, instead
of the RAM 112, may be used to store the true random numbers. The
random number storage device 114 may be a mass storage device, such
as a hard disk drive or flash drive, used in a general purpose
computer that typically allows code and data to be read from and
written to the mass storage device. However, in a gaming machine
environment, modification of the gaming code stored on a mass
storage device is strictly controlled and would only be allowed
under specific maintenance type events with electronic and physical
enablers required. Though this level of security could be provided
by software, gaming computers that include mass storage devices
preferably include hardware level mass storage data protection
circuitry that operates at the circuit level to monitor attempts to
modify data on the mass storage device and will generate both
software and hardware error triggers should a data modification be
attempted without the proper electronic and physical enablers being
present.
[0029] A video controller or display adapter 116, such as a
graphics or video card, may be coupled to a display 120 and the
processor 110 through the core chipset 102 at the north bridge 104.
The display adapter 116 may allow messages from the processor 110
to be displayed on the display 120. In one embodiment, the display
adapter 116 may be integrated within the north bridge 104. The
display 120 may be any type of display, for example, a liquid
crystal display (LCD), fluorescent display, cathode ray tube (CRT)
screen, and the like. This allows the device to display internal
errors or successes originating from the device's own hardware
and/or software. For example, if the true random number generator
108 fails, an error message informing the user of the failure will
be displayed. Additionally, if an action was successful, such as
the validation of a sequence of random numbers against a claimed
jackpot, a "validation success" message may be displayed on the
display 120. Other information such as the date and time the random
numbers were generated and/or transmitted, the unique
identification of the remote gaming device that the true random
numbers were transmitted to, and any other information may also be
displayed.
[0030] It will now be known that the true random number generating
device 100 need not have a display 120 and/or display adaptor 116.
Rather, in another embodiment, the true random number generating
device 100 may display messages on a remote gaming server, such as
the remote gaming server display (see, FIG. 4). The messages may be
transmitted through the I/O interface 122. A console application in
the remote gaming server may communicate with the processor 110
through the I/O interface 122 and monitor messages sent to the
remote gaming server from the processor 110.
[0031] As discussed above, to communicate with the remote gaming
server, an I/O interface 122 may be used. The I/O interface 122 may
also be coupled to the processor 110 through the core chipset 102
at the south bridge 106 to receive requests and transmit data to a
remote gaming device. The I/O interface 122 may be any type of
interface such as a wireless transceiver, universal serial bus
(USB), peripheral component interconnect (PCI), network card, data
bus, or any other type of interface that allows the true random
number generating device 100 to communicate with the remote gaming
server. The remote gaming server may be, but is not limited to, a
personal computer, slot machine, remote gaming device, portable
gaming device such as but not limited to a cell phone, a personal
digital assistant, and a wireless game player, or any other gaming
machine. The I/O interface 122 may also connect to other I/O
devices such as a keyboard, set of buttons, or a mouse to allow a
player to play a game of chance on a gaming machine.
[0032] The device may also have a read only memory (ROM) such as an
electrically erasable programmable read-only memory 118 (EEPROM) to
store an operating system and at least one software program to run
a game of chance and/or process the random numbers. The operating
system and software are typically stored in a non-volatile
read/write mass storage device; however, use of an EEPROM 118
ensures the integrity of the device 100. The EEPROM 118 ensures the
integrity of the device by allowing a user to easily verify that
the contents of the device are authentic if tampering of the device
is suspected. For example, the software in the EEPROM 118 may
ensure the integrity of the data in the random number storage 114
by allowing only authorized software processes with valid digital
signatures to read, write, modify, and delete data in the random
number storage 114. If tampering of software in the EEPROM 118 is
suspected, the user may simply remove the EEPROM 118 from the
device 100 and verify the contents. Thus, since the device 100 is
secured in an enclosure, as further discussed below, tampering may
be visible only if, for example, the tamperproof tape is
compromised.
[0033] A read-only basic input output system 124 (BIOS) may be used
to perform a self test on all the hardware/software in the device
once it is powered on. Should a component fail the self test, a
message may be displayed on the display 120 to inform the user of
the failure.
[0034] It will now be known that the operating system and/or
software program may be stored on any other component. For example,
when the device 100 is powered on, before executing any software,
the EEPROM 118 may contain software that verifies the digital
signature of the software programs, including the operating system,
which may then be stored in a mass storage device. In another
embodiment, the BIOS 124 may be used to store the operating system
and software programs.
[0035] A voltage current regulator 126 may be coupled to the true
random number generator 108 and the processor 110 through the core
chipset 102 to maintain and monitor the power supplied to the true
random number generator 108. This ensures the integrity of the true
random number generator 108. Too much power supplied to the laser
in the true random number generator 108 may result in the
over-saturation of the photon detector with too many photons. Too
little power produces less photons, which may result in the
continuous non-detection of the photon after the attenuation. Thus,
the power to the laser should remain constant within an acceptable
range to prevent an unexpected performance loss of the random
number generator 108. For example, if a 1 mW He--Ne laser is used
to produce the random numbers with the neutral density filter that
results in the mean distance of 2 km between the photons, the
photomultiplier tube should detect an average of 5 photons per
every 1/30 second. This is 1 photon per 1/150 seconds, and the
random number generator 108 may produce one bit of either `1` or
`0` per 1/300 second. However, if the photomultiplier tube can
detect 1 photon per 1/300, but can not detect the photon per 1/600,
then the power to the laser should not exceed 2 mW. Performance of
the true random number generator 108 may be measured by the rate of
true random numbers generated that pass the statistical randomness
testing.
[0036] Gaming machines are highly regulated to ensure fairness and,
in many cases, gaming machines are operable to dispense monetary
awards of multiple millions of dollars. Therefore, to satisfy
security and regulatory requirements in a gaming environment,
gaming machines need to be built securely. Since the random numbers
generated from the device 100 are used to generate a game of chance
played on a gaming machine, security is necessary to prevent a loss
of funds from the gaming machine, such as stolen cash or loss of
revenue when the gaming machine is not operating properly. As such,
the device 100 and components must be enclosed within a secure
enclosure and may be secured by one or more doors, locks, sensors,
evidence tape, and combinations thereof to prevent tampering of the
device. The locks, doors, etc. may be monitored by the processor
110 using sensor devices including electric switches. Further,
additional security may be implemented such as using electronic
keys or covers with mechanical locks to prevent access.
Furthermore, the components in the device may be locked down to
prevent the disconnection of a component and ensure additional
security.
[0037] FIG. 2 is a block diagram of the components in a true random
number generating device for use in a gaming machine in accordance
with another embodiment of the present invention. The true random
number generating device 100 may be installed within a gaming
machine itself rather than as a separate device as illustrated in
FIG. 1 or as part of a remote gaming server. The true random number
generating device 100 may store the software program in the EEPROM
118 or any other component as discussed above. The software program
allows a player to play a game of chance displayed on the display
120 of the gaming machine via input received from the player
entered through the I/O interface 122. Other peripheral devices may
be in communication with the processor 110 through the core chipset
102. For example, the ticket and bill validator 128 and a printer
130 may be coupled to the processor 110 through the core chipset
102 at the south bridge 106 for receiving bills and printing
tickets with monetary value. A coin hopper 140 may also be coupled
to the processor 110 through the core chipset 102 at the south
bridge 106 to dispense coins.
[0038] FIG. 3 is a flow chart illustrating a method for generating
a plurality of random numbers in a gaming machine in accordance
with one embodiment of the invention. A plurality of random numbers
may be generated from a true random number generator at 300. Since
the device is able to generate its own true random numbers, it is
possible to use the same random numbers to generate cryptographic
keys. This ensures that the cryptographic keys are truly random and
cryptographically strong. The device is able to generate its own
cryptographic keys, which may be shared with the remote gaming
server, to digitally sign and secure transmission of the data or
random numbers distributed outside the device. Only a brief
description of the use of public key cryptography is described as
an embodiment of the invention since cryptography is well known in
the art. Although discussed with the use of a private and public
key infrastructure, the authentication and encryption method,
syntax, and protocols are not intended to be limiting and any other
type of security measures may be used. For example, the use of
activation codes, passwords, challenge and response authentication
protocol, and Kerberos for securing and activating
hardware/software and the like. However, other cryptography methods
may be used as described in the Examples below.
[0039] To enable third party validation of authenticity and/or
security in the true random number generator device, the device may
generate a certificate request to a certificate authority, such as
the Nevada Gaming Commission. The certificate request may contain
the device's unique identification information and its public key.
Once an authorized certificate is received, the encryption keys
(i.e. private key) formed from the same plurality of random numbers
at 302 is used to digitally sign any sequence of random numbers
distributed outside the device for authenticity.
[0040] The regulatory authority may also require periodic and/or
constant testing of the generated random numbers to verify if the
plurality of random numbers, or binary sequence of random bits,
meets the minimum statistical randomness requirements. A battery of
approved statistical testing procedures, such as Linear Complexity
Test, discrete Fourier transform test, Lempel Ziv complexity test,
and the like may be required to test for non-randomness. To ensure
the integrity of the true random number generator device, the power
to the laser in the true random number generator must be maintained
and monitored. Too much power supplied to the laser in the true
random number generator 108 may result in the over-saturation of
the photon detector with too many photons. Too little power
produces less photons, which may result in the continuous
non-detection of the photon after the attenuation. Thus, the power
to the laser should remain constant within an acceptable range to
prevent an unexpected performance loss of the random number
generator 108. For example, if a 1 mW He--Ne laser is used to
produce the random numbers with the neutral density filter that
results in the mean distance of 2 km between the photons, the
photomultiplier tube should detect an average of 5 photons per
every 1/30 second. This is 1 photon per 1/150 seconds, and the
random number generator 108 may produce one bit of either `1` or
`0` per 1/300 second. However, if the photomultiplier tube can
detect 1 photon per 1/300, but can not detect the photon per 1/600,
then the power to the laser should not exceed 2 mW. Performance may
be measured by the rate of random numbers generated that pass the
statistical randomness testing.
[0041] A request from a remote gaming server for a set of random
numbers may be received at 304. The request may be received via an
I/O interface such as a wireless transceiver, USB, PCI, network
card, data bus, or any other type of interface that allows the true
random number generating device to communicate with the remote
gaming server. The remote gaming server may be, but is not limited
to, a personal computer, slot machine, remote gaming device,
portable gaming device such as but not limited to a cell phone, a
personal digital assistant, and a wireless game player, or any
other gaming machine.
[0042] The set of random numbers may be retrieved from a random
number storage at 306. The random number storage may be stored in a
mass storage device such as a hard disk drive or a flash drive or
in a RAM. Mass storage devices used in a general purpose computer
typically allow code and data to be read from and written to the
mass storage device. However, in a gaming machine environment,
modification of the gaming code stored on a mass storage device is
strictly controlled and would only be allowed under specific
maintenance type events with electronic and physical enablers
required. Though this level of security could be provided by
software, gaming computers that include mass storage devices
preferably include hardware level mass storage data protection
circuitry that operates at the circuit level to monitor attempts to
modify data on the mass storage device and will generate both
software and hardware error triggers should a data modification be
attempted without the proper electronic and physical enablers being
present.
[0043] The retrieved set of random numbers may then be transmitted,
digitally signed and encrypted with its encryption key, at 308, to
the remote gaming server. Simultaneously, a copy of the transmitted
set of random numbers may be saved in a memory at 310 along with
any other information such as the date and time the random numbers
were generated and/or transmitted, the recipient's unique
identification information, and the like. The memory may be the
same as or a different memory from the random number storage.
[0044] Once the remote gaming server receives the set of random
numbers, the data may be decrypted using its own private key,
shared symmetric key, or both. The remote gaming server may
validate the received digital signature using the public key within
the valid certificate to the device. The set of random numbers may
then be used to generate a game of chance to be played on the
gaming machine.
[0045] Should a large win occur on a gaming machine (or if the user
merely wants to validate the set of random numbers), whether it be
progressive or non-progressive games, bonus games, etc., for
security reasons, the set of used random numbers may be audited and
validated to ensure the win is legitimate and not tampered with.
The set of random numbers containing the winning numbers in the
gaming machine may be audited and validated as originating from an
approved true random number generating device operated by the
Casino. The device may receive a request to validate or audit the
set of random numbers at 312. The request may include the set of
random numbers to be audited and validated. The request may be
authenticated by any known means. For example, the true random
number generator device may verify the request by validating the
digital signature of the request using the public key of the
requesting machine's valid certificate.
[0046] After the request is validated at 314, the device may verify
the authenticity of the random numbers as originating from the
device at 316. The random numbers may be authenticated by either
verifying the digital signature of the random number using its own
public key and/or verifying if the matching saved copy of the
random numbers exits in the memory. If the numbers match at 318, a
successful validation reply may be sent to the remote gaming server
at 320 and displayed on the display. Otherwise, an unsuccessful
validation reply may be sent to the remote gaming server at 322 and
displayed on the display.
[0047] FIG. 4 is a flow chart of a method for generating a
plurality of random numbers in a gaming machine in accordance with
another embodiment of the invention. A plurality of
non-deterministic random bits may be generated from a true random
number generator at 400. To ensure the integrity of the random bits
generated, the power to the laser in the true random number
generator must be maintained and monitored. Too much power supplied
to the laser in the true random number generator may result in the
over-saturation of the photon detector with too many photons. Too
little power produces less photons, which may result in the
continuous non-detection of the photon after the attenuation. Thus,
the power to the laser should remain constant within an acceptable
range to prevent an unexpected performance loss of the random
number generator. For example, if a 1 mW He--Ne laser is used to
produce the random numbers with the neutral density filter that
results in the mean distance of 2 km between the photons, the
photomultiplier tube should detect an average of 5 photons per
every 1/30 second. This is 1 photon per 1/150 seconds, and the
random number generator 108 may produce one bit of either `1` or
`0` per 1/300 second. However, if the photomultiplier tube can
detect 1 photon per 1/300, but can not detect the photon per 1/600,
then the power to the laser should not exceed 2 mW. Performance may
be measured by the rate of random numbers generated that pass the
statistical randomness testing.
[0048] To enhance the randomness within the plurality of random
numbers produced by the true random number generating device, a
procedure to remove bias within the plurality of random numbers may
be applied. The plurality of random bits may be paired at 402. For
exemplary purposes only and not intended to be limiting, a bit pair
of (1,0) may be assigned a number 1 and a bit pair of (0,1) may be
assigned a number 0. Any common numbered bit pairs are removed at
404. Thus, bit pairs of (1,1) or (0,0) are deleted. This ensures
that the probability of the number 1 or 0 is unbiased with a 50%
chance of occurrence for each number. Those of ordinary skill will
now realize that other procedures for removing bias may also be
used.
[0049] The remaining un-biased paired bits are separated into sets
of random numbers of length N at 406, where N is an integer. The
separation provides for ease in testing the random numbers for
non-randomness at 408 because statistical testing can be performed
meaningfully only with a finite sequence of random numbers. Doing a
statistical test on an infinite sequence of random numbers will not
produce any meaningful result and the test would take an infinite
amount of time.
[0050] Gaming regulatory authorities may require periodic and/or
constant testing of the random numbers to verify if the plurality
of random numbers meets the minimum statistical randomness
requirements. A battery of approved statistical testing procedures,
such as Linear, Complexity Test, discrete Fourier transform test,
Lempel Ziv complexity test, and the like may be required. If the
set of random numbers do not pass the statistical test at 410, the
set of random numbers are deleted and the steps are repeated from
400. In another embodiment, bits from different sets of random
numbers may be added, subtracted, divided, or multiplied, and/or
bits of the original set of random numbers may be re-arranged
according to an algorithm to produce a set of random numbers that
meet the statistical randomness testing without deleting the
original set of random numbers.
[0051] If the set of random numbers pass the statistical testing at
410, the set of random numbers are stored in a random number
storage at 412 to be transmitted to a remote gaming server at a
later time. The random number storage may be a RAM or mass storage
device as described above. If the random number storage is full
(i.e. due to hardware limitation), older sets of random numbers may
be deleted and the recent sets of random numbers may then be
stored.
[0052] A set of digitally signed and encrypted random numbers may
be transmitted when requested by a remote gaming server. The random
number generating device may digitally sign and encrypt the
transmitted set of random numbers in the processor before
transmission through the I/O interface. The remote gaming server
may then decrypt the set of random numbers with its own private key
and/or shared symmetric key, and authenticate the random numbers by
validating the digital signature signed by the random number
generating device. Once decrypted and authenticated, the set of
random numbers may be used to generate a game of chance played on
the gaming machine.
[0053] FIG. 5 is a block diagram illustrating a system for
distributing random numbers to a remote gaming server in accordance
with an embodiment of the invention. As stated above, the true
random number generating device 500 may communicate with a remote
gaming server 502 through an I/O interface. The I/O interface may
be any type of interface such as a wireless transceiver, USB 506,
PCI, network card, data bus, or any other type of interface that
allows the true random number generating device 500 to communicate
with the remote gaming server 502. The remote gaming server 502 may
be, but is not limited to, a personal computer, slot machine,
remote gaming device, portable gaming device such as but not
limited to a cell phone, a personal digital assistant, and a
wireless game player, or any other gaming machine. As illustrated,
the remote gaming server 502 is a computer and is physically
connected to the true random number generating device 500 via a USB
506. The remote gaming server 502 may then distribute the set of
random numbers to the gaming machines 504 using any means such as
via an Ethernet line 508. The set of random numbers may be
distributed to the gaming machines 504 via any secure means such as
through a secure socket layer (SSL) protocol with two-way
authentication using client and server certificates or any other
encryption means. This allows each gaming machine 504 connected to
the remote gaming server 502 to play the game of chance without
having the random number generating device 500 physically installed
in the gaming machine. The system further allows for the central
management of the random numbers in the remote gaming server 502
that monitors, audits, and validates the wins and loses of any
wagering in the gaming machines 504.
[0054] Although illustrated in FIG. 5 as utilizing a computer as a
remote gaming server, the true random number generating device 500
may communicate directly with the gaming machines 504 without the
remote gaming server 502 for the distribution of the random
numbers. Furthermore, although illustrated as a stand alone device,
the true random number generating device 500 may be installed
within the gaming machines 504 itself as also illustrated in FIG.
2. The need to distribute the set of random numbers via an
intermediary remote gaming server in either the above embodiments
is not required for one gaming machine to play a game of chance.
Thus, the gaming machine 504 may be the random number generating
device. Additionally, several true random number generating devices
500 may be coupled to the remote gaming server 502 to ensure that
if one true random number generating device fails, a set of random
numbers may be obtained from another true random number generating
device. Alternatively, one true random number generating device 500
may be connected to several remote gaming servers 502. This may
ensure that if one server fails, the set of random numbers may
still be distributed to the gaming machines 504 via another server.
In another embodiment, a pseudo random number generator may be used
in addition to or as a substitute for the random number generating
device. Thus, the pseudo random number generator may be used should
the network and/or random number generating device fail. As such,
those of ordinary skill will now realize that there are various
alternatives for a system to distribute random numbers to a gaming
machine.
[0055] The invention may be implemented by software, but can also
be implemented in hardware or a combination of hardware and
software. Each element or step may be implemented in hardware,
software, or a combination thereof. The invention can also be
embodied as computer readable code on a computer readable medium.
The computer readable medium is any data storage device that can
store data, which can thereafter be read by a computer system.
Examples of the computer readable medium include read-only memory,
random-access memory, CD-ROMs, DVDs, magnetic tape, optical data
storage devices, and carrier waves. The computer readable medium
can also be distributed over network-coupled computer systems so
that the computer readable code is stored and executed in a
distributed fashion.
EXAMPLES
[0056] The examples described herein are alternative methods for
generating a plurality of true random numbers in a gaming machine.
The examples are for exemplary purposes only and not intended to be
limiting.
Example 1
[0057] The example will be described with reference to FIGS. 6A and
6B, a flow chart of a method for generating a plurality of random
numbers in a gaming machine in accordance with yet another
embodiment of the invention.
[0058] To ensure the integrity of the true random number generator,
the voltage and current to the laser in the true random number
generator may be verified at 600. Too much power supplied to the
laser in the true random number generator may result in the
over-saturation of the photon detector with too many photons. Too
little power produces less photons, which may result in the
continuous non-detection of the photon after the attenuation. Thus,
the power to the laser should remain constant within an acceptable
range to prevent an unexpected performance loss of the random
number generator. For example, if a 1 mW He--Ne laser is used to
produce the random numbers with the neutral density filter that
results in the mean distance of 2 km between the photons, the
photomultiplier tube should detect an average of 5 photons per
every 1/30 second. This is 1 photon per 1/150 seconds, and the
random number generator 108 may produce one bit of either `1` or
`0` per 1/300 second. However, if the photomultiplier tube can
detect 1 photon per 1/300, but can not detect the photon per 1/600,
then the power to the laser should not exceed 2 mW. Performance may
be measured by the rate of random numbers generated that pass the
statistical randomness testing.
[0059] Once the power to the laser is verified, a plurality of
random numbers may be generated from the true random number
generator at 602. To enhance the randomness within the plurality of
random numbers produced by the true random number generator device,
a procedure to remove the constant bias within the plurality of
random numbers should be applied. The plurality of random numbers
may be paired at 606. Any common numbered pairs are removed at 608.
Thus, pairs of (1,1) or (0,0) are deleted. For exemplary purposes
only and not intended to be limiting, a random number pair of (1,0)
may be assigned a number 1 and a pair of (0,1) may be assigned a
number 0. This ensures that the probability of the number 1 or 0 is
unbiased with a 50% chance of occurrence for each number. Those of
ordinary skill will now realize that other procedures for removing
bias may also be used.
[0060] The remaining un-biased plurality of paired random number
pairs are separated into sets of random numbers of length N at 610.
The separation may provide for ease in testing the random numbers
because statistical testing can be performed meaningfully only with
the finite sequence of random numbers. Doing a statistical testing
on an infinite sequence of random numbers will not produce any
meaningful result and the test would take an infinite amount of
time.
[0061] Proper authorization to generate the plurality of random
numbers may be verified at 612. In this example, the proper
authorization is a X.509 certificate issued by the certificate
authority such as the Nevada Gaming Commission or any other
governing entity such as IGT of Reno, Nev. The authorization
certificate may enable third party validation of authenticity
and/or security of the true random number generating device. The
random number generating device should verify if the X.509
certificate is issued by the authorized certificate authority using
the embedded root certificate in the EEPROM read-only memory. It
must also verify if the certificate is not expired, and not revoked
by the issuing certificate authority. If the device does not have a
valid authorized X.509 certificate at 612, the device must generate
a private and public key. A set of random numbers may be tested for
cryptographic randomness at 614. If the set of random numbers pass
the statistical test at 616, a new set of private and public key
pair may be generated from the tested set of random numbers at 618.
A certificate request is sent to the authorized certificate
authority at 620 which may include the device's unique
identification information. Once an authorization certificate is
received from the certificate authority at 622, the authorization
certificate may be stored in a memory at 624.
[0062] If the device has a valid authorized certificate at 612, the
set of random numbers may be tested for randomness at 626. Gaming
regulatory authorities may require periodic and/or constant testing
of the random numbers to verify if the plurality of random numbers
meets the minimum statistical randomness requirements. A battery of
approved statistical testing procedures, such as Linear Complexity
test, discrete Fourier transform test, Lempel Ziv complexity test,
and the like may be required to test for non-randomness. If the set
of random numbers do not pass the statistical test at 628, the set
of random numbers are deleted at 630 and repeat at 600. In another
embodiment, bits from different sets of random numbers may be
added, subtracted, divided, or multiplied, and/or bits of the
original set of random numbers may be re-arranged according to an
algorithm to produce a set of random numbers that meet the
statistical randomness testing without deleting the original set of
random numbers.
[0063] If the set of random numbers pass the statistical test at
628, the set of random numbers are encrypted and stored in a random
number storage at 632. The encrypted set of random numbers, in
addition to any other information such as the time and date of its
creation, may be digitally signed using its own private key or
symmetric key (such as the advanced encryption standard (AES))
before being stored in a random number storage. The symmetric key
can be generated from the set of random numbers from step 618
produced by its own random number generator. The random number
storage may be a mass storage device as described above. If the
mass storage device is full, older sets of random numbers may be
deleted and the recent sets of random numbers may then be
stored.
[0064] A request from a remote gaming server for a set of random
numbers may be received at 640. The request may be received via an
I/O interface such as a wireless transceiver, USB, PCI, network
card, data bus, or any other type of interface that allows the true
random number generating device to communicate with the remote
gaming server. The remote gaming server may be, but is not limited
to, a personal computer, slot machine, remote gaming device,
portable gaming device such as but not limited to a cell phone, a
personal digital assistant, and a wireless game player, or any
other gaming machine.
[0065] The true random number generating device may authenticate
the request at 642 by validating the X.509 certificate belonging to
the remote gaming server joined to the request. However, any other
authentication means may be used to authenticate the request such
as a challenge-response authentication system, Kerberos, and
password authentication. If the request is authenticated at 644, a
set of random numbers may be retrieved from a random number storage
at 646. The random number storage may be a mass storage device such
as a hard disk drive, a flash drive, or any other volatile or
non-volatile memory described above.
[0066] The retrieved set of random numbers may then be transmitted
with a digital signature, encrypted with the shared encryption key,
and joined with the certificates at 648 to the remote gaming
server. Simultaneously, a copy of the transmitted set of random
numbers may be saved in a memory at 650. Once the remote gaming
server receives the set of random numbers, the data may be
decrypted using its own private key or the shared encryption key,
and authenticated by the remote gaming server at 652 by validating
the digital signature using the public key in the valid certificate
belonging to the random number generating device.
[0067] The remote gaming server may digitally sign the set of
random numbers with its own private key at 654. The remote gaming
server then re-encrypts the set of random numbers with its own
shared encryption key with the gaming machine at 656. The
encryption key may be its own AES key generated by the random
numbers received from the random number generating device. The
re-encrypted and digitally signed set of random numbers is
transmitted to a gaming machine at 658. It will now be understood
that the set of random numbers may be distributed to the gaming
machines via any secure means such as through a SSL/transport layer
security (TLS) protocol with two-way authentication using client
and server certificates or any other encryption means. The random
numbers are decrypted and authenticated at 660. The decrypted set
of random numbers may then be used to generate a game of chance to
be played on the gaming machine at 662.
Example 2
[0068] The cryptographic keys used in various embodiments of the
invention may be the Public Key Cryptography, more specifically,
the RSA cryptography system. Other public key cryptography
algorithms that may be used is the Elliptical Curve Cryptography
(ECC), Diffie-Hellman key exchange, digital signature algorithm
(DSA) cryptography, and any other type of public key cryptography
system.
[0069] The private and public key from RSA cryptography system
allows the random number generating device to obtain its own
identity; it allows the random number generating device to
digitally sign the plurality of random numbers with its own private
key. The private key also allows the random number generating
device to decrypt the public key-encrypted message by a remote
device received through the I/O interface.
[0070] One method to digitally sign the set of random numbers or
data is RSA encrypting the hashed value of the plurality of random
numbers with the private key. The signed random numbers can then be
verified for authenticity by comparing the hashed value of the
plurality of random numbers with the RSA public key-decrypted
hashed value of the plurality of the random numbers. Using the
public key, any remote machine may also verify if the random
numbers are signed by the gaming device.
[0071] The RSA private and public key pair may allow the random
number generating device to establish secure encrypted
communication with other devices for distribution of the signed
random numbers through the I/O interface. The security and the
trust of the random number generating device can be further
enhanced with the use of an X.509 certificate that is part of the
public key infrastructure. The method for generating the RSA
private and pubic key or any other encryption key (such as triple
data encryption standard (3DES) and AES) from the true random
numbers, establishing the secure encrypted communication with
private and public key pairs and the X.509 digital certificate
using the SSL or TLS protocol, and managing the X.509 certificate
for requesting, issuing, validating, and revoking are known in the
art and will not be discussed in detail herein.
[0072] In another embodiment of the invention, the encryption key
may be the symmetric key from the symmetric key cryptography. An
example of the symmetric key is the 3DES, blowfish, or AES. In
order to establish secure communication of the data, the symmetric
key is shared securely with any authorized device at least once
through the I/O interface. All sensitive information, including the
sequence of random numbers and its hashed value, are encrypted
using the shared symmetric key and distributed to the gaming device
through the I/O interface for security.
[0073] An example of the certificate request syntax may be the
public key cryptography Standard #10: Certification Request Syntax
Standard published by RSA Laboratories. The random number
generating device then transmits the certificate request to an
authorized certificate authority through the I/O interface. In the
preferred embodiments of the invention, the certificate is the
X.509 certificate. The certificate authority may be the Nevada
Gaming Commission, IGT of Reno, Nev., or any other authorized
organization. Once the certificate is issued, the authorized
encryption key (i.e. private key) may be used by the random number
generating device to digitally sign any set of random numbers to be
distributed outside the random number generating device for
authenticity. The remote gaming server or any other device or
machine outside of the random number generating device may use the
public key within the issued and valid X.509 certificate to verify
the digital signature from the random number generating device.
Different symmetric keys such as AES keys may be generated as
needed from the set of random numbers produced by the random number
generating device for bulk encryption of the data and/or
communication between the random number generating device and
gaming device.
[0074] Exemplary Gaming Machine
[0075] Turning next to FIG. 7, a video gaming machine 2 of the
present invention is shown. Machine 2 includes a main cabinet 4,
which generally surrounds the machine interior (not shown) and is
viewable by users. The main cabinet includes a main door 8 on the
front of the machine, which opens to provide access to the interior
of the machine. Attached to the main door are player-input switches
or buttons 32, a coin acceptor 28, and a bill validator 30, a coin
tray 38, and a belly glass 40. Viewable through the main door is a
video display monitor 34 and an information panel 36. The display
monitor 34 will typically be a cathode ray tube, high resolution
flat-panel LCD, or other conventional electronically controlled
video monitor. The information panel 36 may be a back-lit, silk
screened glass panel with lettering to indicate general game
information including, for example, a game denomination (e.g. $0.25
or $1). The bill validator 30, player-input switches 32, video
display monitor 34, and information panel are devices used to play
a game on the game machine 2. The devices are controlled by
circuitry (e.g. the master gaming controller) housed inside the
main cabinet 4 of the machine 2. A true random number generating
device, as illustrated in FIGS. 1 and 2, may also be housed inside
the main cabinet 4 of the machine 2.
[0076] Many different types of games, including mechanical slot
games, video slot games, video poker, video black jack, video
pachinko and lottery, may be provided with gaming machines of this
invention. In particular, the gaming machine 2 may be operable to
provide a play of many different instances of games of chance. The
instances may be differentiated according to themes, sounds,
graphics, type of game (e.g., slot game vs. card game),
denomination, number of paylines, maximum jackpot, progressive or
non-progressive, bonus games, etc. The gaming machine 2 may be
operable to allow a player to select a game of chance to play from
a plurality of instances available on the gaming machine. For
example, the gaming machine may provide a menu with a list of the
instances of games that are available for play on the gaming
machine and a player may be able to select from the list a first
instance of a game of chance that they wish to play.
[0077] The various instances of games available for play on the
gaming machine 2 may be stored as game software on a mass storage
device in the gaming machine or may be generated on a remote gaming
device but then displayed on the gaming machine. The gaming machine
2 may execute game software, such as but not limited to video
streaming software that allows the game to be displayed on the
gaming machine. When an instance is stored on the gaming machine 2,
it may be loaded from the mass storage device into a RAM for
execution. In some cases, after a selection of an instance, the
game software that allows the selected instance to be generated may
be downloaded from a remote gaming device, such as another gaming
machine.
[0078] The gaming machine 2 includes a top box 6, which sits on top
of the main cabinet 4. The top box 6 houses a number of devices,
which may be used to add features to a game being played on the
gaming machine 2, including speakers 10, 12, 14, a ticket printer
18 which prints bar-coded tickets 20, a key pad 22 for entering
player tracking information, a florescent display 16 for displaying
player tracking information, a card reader 24 for entering a
magnetic striped card containing player tracking information, and a
video display screen 42. The ticket printer 18 may be used to print
tickets for a cashless ticketing system. Further, the top box 6 may
house different or additional devices than shown in FIG. 7. For
example, the top box may contain a bonus wheel or a back-lit silk
screened panel which may be used to add bonus features to the game
being played on the gaming machine. As another example, the top box
may contain a display for a progressive jackpot offered on the
gaming machine. During a game, these devices are controlled and
powered, in part, by circuitry (e.g. a master gaming controller)
housed within the main cabinet 4 of the machine 2.
[0079] Understand that gaming machine 2 is but one example from a
wide range of gaming machine designs on which the present invention
may be implemented. For example, not all suitable gaming machines
have top boxes or player tracking features. Further, some gaming
machines have only a single game display--mechanical or video,
while others are designed for bar tables and have displays that
face upwards. As another example, a game may be generated in on a
host computer and may be displayed on a remote terminal or a remote
gaming device. The remote gaming device may be connected to the
host computer via a network of some type such as a local area
network, a wide area network, an intranet or the Internet. The
remote gaming device may be a portable gaming device such as but
not limited to a cell phone, a personal digital assistant, and a
wireless game player. Images rendered from 3-D gaming environments
may be displayed on portable gaming devices that are used to play a
game of chance. Further a gaming machine or server may include
gaming logic for commanding a remote gaming device to render an
image from a virtual camera in a 3-D gaming environments stored on
the remote gaming device and to display the rendered image on a
display located on the remote gaming device. Thus, those of skill
in the art will understand that the present invention, as described
below, can be deployed on most any gaming machine now available or
hereafter developed.
[0080] Some preferred gaming machines of the present assignee are
implemented with special features and/or additional circuitry that
differentiates them from general-purpose computers (e.g., desktop
PC's and laptops). Gaming machines are highly regulated to ensure
fairness and, in many cases, gaming machines are operable to
dispense monetary awards of multiple millions of dollars.
Therefore, to satisfy security and regulatory requirements in a
gaming environment, hardware and software architectures may be
implemented in gaming machines that differ significantly from those
of general-purpose computers. A description of gaming machines
relative to general-purpose computing machines and some examples of
the additional (or different) components and features found in
gaming machines are described below.
[0081] As briefly mention above, one might think that adapting PC
technologies to the gaming industry would be a simple proposition
because both PCs and gaming machines employ microprocessors that
control a variety of devices. However, because of such reasons as
1) the regulatory requirements that are placed upon gaming
machines, 2) the harsh environment in which gaming machines
operate, 3) security requirements and 4) fault tolerance
requirements, adapting PC technologies to a gaming machine can be
quite difficult. Further, techniques and methods for solving a
problem in the PC industry, such as device compatibility and
connectivity issues, might not be adequate in the gaming
environment. For instance, a fault or a weakness tolerated in a PC,
such as security holes in software or frequent crashes, may not be
tolerated in a gaming machine because in a gaming machine these
faults can lead to a direct loss of funds from the gaming machine,
such as stolen cash or loss of revenue when the gaming machine is
not operating properly.
[0082] For the purposes of illustration, a few differences between
PC systems and gaming systems will be described. A first difference
between gaming machines and common PC based computers systems is
that gaming machines are designed to be state-based systems. In a
state-based system, the system stores and maintains its current
state in a non-volatile memory, such that, in the event of a power
failure or other malfunction the gaming machine will return to its
current state when the power is restored. For instance, if a player
was shown an award for a game of chance and, before the award could
be provided to the player the power failed, the gaming machine,
upon the restoration of power, would return to the state where the
award is indicated. As anyone who has used a PC, knows, PCs are not
state machines and a majority of data is usually lost when a
malfunction occurs. This requirement affects the software and
hardware design on a gaming machine.
[0083] A second important difference between gaming machines and
common PC based computer systems is that for regulation purposes,
the software on the gaming machine used to generate the game of
chance and operate the gaming machine has been designed to be
static and monolithic to prevent cheating by the operator of gaming
machine. For instance, one solution that has been employed in the
gaming industry to prevent cheating and satisfy regulatory
requirements has been to manufacture a gaming machine that can use
a proprietary processor running instructions to generate the game
of chance from an EPROM or other form of non-volatile memory. The
coding instructions on the EPROM are static (non-changeable) and
must be approved by a gaming regulators in a particular
jurisdiction and installed in the presence of a person representing
the gaming jurisdiction. Any changes to any part of the software
required to generate the game of chance, such as adding a new
device driver used by the master gaming controller to operate a
device during generation of the game of chance can require a new
EPROM to be burnt, approved by the gaming jurisdiction and
reinstalled on the gaming machine in the presence of a gaming
regulator. Regardless of whether the EPROM solution is used, to
gain approval in most gaming jurisdictions, a gaming machine must
demonstrate sufficient safeguards that prevent an operator or
player of a gaming machine from manipulating hardware and software
in a manner that gives them an unfair and some cases an illegal
advantage. The gaming machine should have a means to determine if
the code it will execute is valid. If the code is not valid, the
gaming machine must have a means to prevent the code from being
executed. The code validation requirements in the gaming industry
affect both hardware and software designs on gaming machines.
[0084] A third important difference between gaming machines and
common PC based computer systems is the number and kinds of
peripheral devices used on a gaming machine are not as great as on
PC based computer systems. Traditionally, in the gaming industry,
gaming machines have been relatively simple in the sense that the
number of peripheral devices and the number of functions the gaming
machine has been limited. Further, in operation, the functionality
of gaming machines were relatively constant once the gaming machine
was deployed, i.e., new peripherals devices and new gaming software
were infrequently added to the gaming machine. This differs from a
PC where users will go out and buy different combinations of
devices and software from different manufacturers and connect them
to a PC to suit their needs depending on a desired application.
Therefore, the types of devices connected to a PC may vary greatly
from user to user depending in their individual requirements and
may vary significantly over time.
[0085] Although the variety of devices available for a PC may be
greater than on a gaming machine, gaming machines still have unique
device requirements that differ from a PC, such as device security
requirements not usually addressed by PCs. For instance, monetary
devices, such as coin dispensers, bill validators and ticket
printers and computing devices that are used to govern the input
and output of cash to a gaming machine have security requirements
that are not typically addressed in PCs. Therefore, many PC
techniques and methods developed to facilitate device connectivity
and device compatibility do not address the emphasis placed on
security in the gaming industry.
[0086] To address some of the issues described above, a number of
hardware/software components and architectures are utilized in
gaming machines that are not typically found in general purpose
computing devices, such as PCs. These hardware/software components
and architectures, as described below in more detail, include but
are not limited to watchdog timers, voltage monitoring systems,
state-based software architecture and supporting hardware,
specialized communication interfaces, security monitoring and
trusted memory.
[0087] A watchdog timer is normally used in IGT gaming machines to
provide a software failure detection mechanism. In a normally
operating system, the operating software periodically accesses
control registers in the watchdog timer subsystem to "re-trigger"
the watchdog. Should the operating software fail to access the
control registers within a preset timeframe, the watchdog timer
will timeout and generate a system reset. Typical watchdog timer
circuits contain a loadable timeout counter register to allow the
operating software to set the timeout interval within a certain
range of time. A differentiating feature of the some preferred
circuits is that the operating software cannot completely disable
the function of the watchdog timer. In other words, the watchdog
timer always functions from the time power is applied to the
board.
[0088] IGT gaming computer platforms preferably use several power
supply voltages to operate portions of the computer circuitry.
These can be generated in a central power supply or locally on the
computer board. If any of these voltages falls out of the tolerance
limits of the circuitry they power, unpredictable operation of the
computer may result. Though most modern general-purpose computers
include voltage monitoring circuitry, these types of circuits only
report voltage status to the operating software. Out of tolerance
voltages can cause software malfunction, creating a potential
uncontrolled condition in the gaming computer. Gaming machines of
the present assignee typically have power supplies with tighter
voltage margins than that required by the operating circuitry. In
addition, the voltage monitoring circuitry implemented in IGT
gaming computers typically has two thresholds of control. The first
threshold generates a software event that can be detected by the
operating software and an error condition generated. This threshold
is triggered when a power supply voltage falls out of the tolerance
range of the power supply, but is still within the operating range
of the circuitry. The second threshold is set when a power supply
voltage falls out of the operating tolerance of the circuitry. In
this case, the circuitry generates a reset, halting operation of
the computer.
[0089] The standard method of operation for IGT slot machine game
software is to use a state machine. Different functions of the game
(bet, play, result, points in the graphical presentation, etc.) may
be defined as a state. When a game moves from one state to another,
critical data regarding the game software is stored in a custom
non-volatile memory subsystem. This is critical to ensure the
player's wager and credits are preserved and to minimize potential
disputes in the event of a malfunction on the gaming machine.
[0090] In general, the gaming machine does not advance from a first
state to a second state until critical information that allows the
first state to be reconstructed is stored. This feature allows the
game to recover operation to the current state of play in the event
of a malfunction, loss of power, etc that occurred just prior to
the malfunction. After the state of the gaming machine is restored
during the play of a game of chance, game play may resume and the
game may be completed in a manner that is no different than if the
malfunction had not occurred. Typically, battery backed RAM devices
are used to preserve this critical data although other types of
non-volatile memory devices may be employed. These memory devices
are not used in typical general-purpose computers.
[0091] As described in the preceding paragraph, when a malfunction
occurs during a game of chance, the gaming machine may be restored
to a state in the game of chance just prior to when the malfunction
occurred. The restored state may include metering information and
graphical information that was displayed on the gaming machine in
the state prior to the malfunction. For example, when the
malfunction occurs during the play of a card game after the cards
have been dealt, the gaming machine may be restored with the cards
that were previously displayed as part of the card game. As another
example, a bonus game may be triggered during the play of a game of
chance where a player is required to make a number of selections on
a video display screen. When a malfunction has occurred after the
player has made one or more selections, the gaming machine may be
restored to a state that shows the graphical presentation at the
just prior to the malfunction including an indication of selections
that have already been made by the player. In general, the gaming
machine may be restored to any state in a plurality of states that
occur in the game of chance that occurs while the game of chance is
played or to states that occur between the play of a game of
chance.
[0092] Game history information regarding previous games played
such as an amount wagered, the outcome of the game and so forth may
also be stored in a non-volatile memory device. The information
stored in the non-volatile memory may be detailed enough to
reconstruct a portion of the graphical presentation that was
previously presented on the gaming machine and the state of the
gaming machine (e.g., credits) at the time the game of chance was
played. The game history information may be utilized in the event
of a dispute. For example, a player may decide that in a previous
game of chance that they did not receive credit for an award that
they believed they won. The game history information may be used to
reconstruct the state of the gaming machine prior, during and/or
after the disputed game to demonstrate whether the player was
correct or not in their assertion.
[0093] Another feature of gaming machines, such as IGT gaming
computers, is that they often contain unique interfaces, including
serial interfaces, to connect to specific subsystems internal and
external to the slot machine. The serial devices may have
electrical interface requirements that differ from the "standard"
EIA 232 serial interfaces provided by general-purpose computers.
These interfaces may include EIA 485, EIA 422, Fiber Optic Serial,
optically coupled serial interfaces, current loop style serial
interfaces, etc. In addition, to conserve serial interfaces
internally in the slot machine, serial devices may be connected in
a shared, daisy-chain fashion where multiple peripheral devices are
connected to a single serial channel.
[0094] The serial interfaces may be used to transmit information
using communication protocols that are unique to the gaming
industry. For example, IGT's Netplex is a proprietary communication
protocol used for serial communication between gaming devices. As
another example, SAS is a communication protocol used to transmit
information, such as metering information, from a gaming machine to
a remote device. Often SAS is used in conjunction with a player
tracking system.
[0095] IGT gaming machines may alternatively be treated as
peripheral devices to a casino communication controller and
connected in a shared daisy chain fashion to a single serial
interface. In both cases, the peripheral devices are preferably
assigned device addresses. If so, the serial controller circuitry
must implement a method to generate or detect unique device
addresses. General-purpose computer serial ports are not able to do
this.
[0096] Security monitoring circuits detect intrusion into an IGT
gaming machine by monitoring security switches attached to access
doors in the slot machine cabinet. Preferably, access violations
result in suspension of game play and can trigger additional
security operations to preserve the current state of game play.
These circuits also function when power is off by use of a battery
backup. In power-off operation, these circuits continue to monitor
the access doors of the slot machine. When power is restored, the
gaming machine can determine whether any security violations
occurred while power was off, e.g., via software for reading status
registers. This can trigger event log entries and further data
authentication operations by the slot machine software.
[0097] Trusted memory devices are preferably included in an IGT
gaming machine computer to ensure the authenticity of the software
that may be stored on less secure memory subsystems, such as mass
storage devices. Trusted memory devices and controlling circuitry
are typically designed to not allow modification of the code and
data stored in the memory device while the memory device is
installed in the slot machine. The code and data stored in these
devices may include authentication algorithms, random number
generators, authentication keys, operating system kernels, etc. The
purpose of these trusted memory devices is to provide gaming
regulatory authorities a root trusted authority within the
computing environment of the slot machine that can be tracked and
verified as original. This may be accomplished via removal of the
trusted memory device from the slot machine computer and
verification of the secure memory device contents is a separate
third party verification device. Once the trusted memory device is
verified as authentic, and based on the approval of the
verification algorithms contained in the trusted device, the gaming
machine is allowed to verify the authenticity of additional code
and data that may be located in the gaming computer assembly, such
as code and data stored on hard disk drives. A few details related
to trusted memory devices that may be used in the present invention
are described in U.S. Pat. No. 6,685,567 from U.S. patent
application Ser. No. 09/925,098, filed Aug. 8, 2001 and titled
"Process Verification," which is incorporated herein in its
entirety and for all purposes.
[0098] As stated above, mass storage devices used in a general
purpose computer typically allow code and data to be read from and
written to the mass storage device. In a gaming machine
environment, modification of the gaming code stored on a mass
storage device is strictly controlled and would only be allowed
under specific maintenance type events with electronic and physical
enablers required. Though this level of security could be provided
by software, IGT gaming computers that include mass storage devices
preferably include hardware level mass storage data protection
circuitry that operates at the circuit level to monitor attempts to
modify data on the mass storage device and will generate both
software and hardware error triggers should a data modification be
attempted without the proper electronic and physical enablers being
present.
[0099] Returning to the example of FIG. 7, when a user wishes to
play the gaming machine 2, he or she inserts cash through the coin
acceptor 28 or bill validator 30. Additionally, the bill validator
may accept a printed ticket voucher which may be accepted by the
bill validator 30 as an indicia of credit when a cashless ticketing
system is used. At the start of the game, the player may enter
playing tracking information using the card reader 24, the keypad
22, and the florescent display 16. Further, other game preferences
of the player playing the game may be read from a card inserted
into the card reader. During the game, the player views game
information using the video display 34. Other game and prize
information may also be displayed in the video display screen 42
located in the top box.
[0100] During the course of a game, a player may be required to
make a number of decisions, which affect the outcome of the game.
For example, a player may vary his or her wager on a particular
game, select a prize for a particular game selected from a prize
server, or make game decisions that affect the outcome of a
particular game. The player may make these choices using the
player-input switches 32, the video display screen 34 or using some
other device which enables a player to input information into the
gaming machine. In some embodiments, the player may be able to
access various game services such as concierge services and
entertainment content services using the video display screen 34
and one more input devices.
[0101] During certain game events, the gaming machine 2 may display
visual and auditory effects that can be perceived by the player.
These effects add to the excitement of a game, which makes a player
more likely to continue playing. Auditory effects include various
sounds that are projected by the speakers 10, 12, 14. Visual
effects include flashing lights, strobing lights or other patterns
displayed from lights on the gaming machine 2 or from lights behind
the belly glass 40. After the player has completed a game, the
player may receive game tokens from the coin tray 38 or the ticket
20 from the printer 18, which may be used for further games or to
redeem a prize. Further, the player may receive a ticket 20 for
food, merchandise, or games from the printer 18.
[0102] Exemplary System Architecture
[0103] One example of a network topology for implementing some
aspects of the present invention is shown in FIG. 8. Those of skill
in the art will realize that this exemplary architecture and the
related functionality are merely examples and that the present
invention encompasses many other such embodiments and methods.
Here, for example, a single gaming establishment 1205 is
illustrated, which is a casino in this example. However, it should
be understood that some implementations of the present invention
involve multiple gaming establishments.
[0104] Gaming establishment 1205 includes 16 gaming machines 2,
each of which is part of a bank 1210 of gaming machines 2. In this
example, gaming establishment 1205 also includes a bank of
networked gaming tables 1100. It will be appreciated that many
gaming establishments include hundreds or even thousands of gaming
machines 2 and/or gaming tables 1100, not all of which are included
in a bank. However, the present invention may be implemented in
gaming establishments having any number of gaming machines, gaming
tables, etc.
[0105] Various alternative network topologies can be used to
implement different aspects of the invention and/or to accommodate
varying numbers of networked devices. For example, gaming
establishments with very large numbers of gaming machines 2 may
require multiple instances of some network devices (e.g., of main
network device 1225, which combines switching and routing
functionality in this example) and/or the inclusion of other
network devices not shown in FIG. 8. For example, some
implementations of the invention include one or more middleware
servers disposed between gaming machines 2 and server 1230. Such
middleware servers can provide various useful functions, including
but not limited to the filtering and/or aggregation of data
received from bank switches 1215, from individual gaming machines
and from other player terminals. Some implementations of the
invention include load balancing methods and devices for managing
network traffic.
[0106] Each bank 1210 has a corresponding bank switch 1215, which
may be a conventional bank switch. Each bank switch is connected to
server-based gaming ("SBG") server 1230 via main network device
1225, which combines switching and routing functionality in this
example. Although various floor communication protocols may be
used, some preferred implementations use IGT's open, Ethernet-based
SuperSAS.RTM. protocol, which IGT makes available for downloading
without charge. However, other protocols such as Best of Breed
("BOB") may be used to implement various aspects of SBG. IGT has
also developed a gaming-industry-specific transport layer called
CASH that rides on top of TCP/IP and offers additional
functionality and security.
[0107] SBG server 1230, License Manager 1231, Arbiter 133, servers
1232, 1234, 1236 and 1238, true random number generating device
108, and main network device 1225 are disposed within computer room
1220 of gaming establishment 1205. Any one of the servers 1232,
1234, 1236, and 1238 may distribute the random numbers generated by
the true random number generating device 108 to the gaming machines
2 through main network device 1225. In practice, more or fewer
servers may be used. Some of these servers may be configured to
perform tasks relating to player tracking, bonusing/progressives,
etc. Some servers may be configured to perform tasks specific to
the present invention. License Manager 1231 may also be
implemented, at least in part, via a server or a similar device.
Some exemplary operations of License Manager 1231 are described in
detail in U.S. patent application Ser. No. 11/225,408, entitled
"METHODS AND DEVICES FOR AUTHENTICATION AND LICENSING IN A GAMING
NETWORK" by Kinsley et al., which is hereby incorporated by
reference.
[0108] SBG server 1230 can also be configured to implement, at
least in part, various aspects of the present invention. Some
preferred embodiments of SBG server 1230 and the other servers
shown in FIG. 8 include (or are at least in communication with)
clustered CPUs, redundant storage devices, including backup storage
devices, switches, etc. Such storage devices may include a
redundant array of inexpensive disks ("RAID"), back-up hard drives
and/or tape drives, etc. Preferably, a Radius and a DHCP server are
also configured for communication with the gaming network. Some
implementations of the invention provide one or more of these
servers in the form of blade servers.
[0109] In some implementations of the invention, many of these
devices (including but not limited to License Manager 1231, servers
1232, 1234, 1236 and 1238, and main network device 1225) are
mounted in a single rack with SBG server 1230. Accordingly, many or
all such devices will sometimes be referenced in the aggregate as
an "SBG server." However, in alternative implementations, one or
more of these devices is in communication with SBG server 1230
and/or other devices of the network but located elsewhere. For
example, some of the devices could be mounted in separate racks
within computer room 1220 or located elsewhere on the network. For
example, it can be advantageous to store large volumes of data
elsewhere via a storage area network ("SAN").
[0110] In some embodiments, these components are SBG server 1230
preferably has an uninterruptible power supply ("UPS"). The UPS may
be, for example, a rack-mounted UPS module.
[0111] Computer room 1220 may include one or more operator consoles
or other host devices that are configured for communication with
SBG server 1230. Such host devices may be provided with software,
hardware and/or firmware for implementing various aspects of the
invention; many of these aspects involve controlling SBG server
1230. However, such host devices need not be located within
computer room 1220. Wired host device 1260 (which is a laptop
computer in this example) and wireless host device (which is a PDA
in this example) may be located elsewhere in gaming establishment
1205 or at a remote location.
[0112] Arbiter 133 may be implemented, for example, via software
that is running on a server or another networked device. Arbiter
133 serves as an intermediary between different devices on the
network. Some implementations of Arbiter 133 are described in U.S.
patent application Ser. No. 10/948,387, entitled "METHODS AND
APPARATUS FOR NEGOTIATING COMMUNICATIONS WITHIN A GAMING NETWORK"
and filed Sep. 23, 2004 (the "Arbiter Application"), which is
incorporated herein by reference and for all purposes. In some
preferred implementations, Arbiter 133 is a repository for the
configuration information required for communication between
devices on the gaming network (and, in some implementations,
devices outside the gaming network). Although Arbiter 133 can be
implemented in various ways, one exemplary implementation is
discussed in the following paragraphs.
[0113] FIG. 9 is a block diagram of a simplified communication
topology between a gaming unit 21, the network computer 23 and the
Arbiter 133. Although only one gaming unit 21, one network computer
23 and one Arbiter 133 are shown in FIG. 9, it should be understood
that the following examples may be applicable to different types of
network gaming devices within the gaming network 12 beyond the
gaming unit 21 and the network computer 23, and may include
different numbers of network computers, gaming security arbiters
and gaming units. For example, a single Arbiter 133 may be used for
secure communications among a plurality of network computers 23 and
tens, hundreds or thousands of gaming units 21. Likewise, multiple
gaming security arbiters 46 may be utilized for improved
performance and other scalability factors.
[0114] Referring to FIG. 9, the Arbiter 133 may include an arbiter
controller 121 that may comprise a program memory 122, a
microcontroller or microprocessor (MP) 124, a random-access memory
(RAM) 126 and an input/output (I/O) circuit 128, all of which may
be interconnected via an address/data bus 129. The network computer
23 may also include a controller 131 that may comprise a program
memory 132, a microcontroller or microprocessor (MP) 134, a
random-access memory (RAM) 136 and an input/output (I/O) circuit
138, all of which may be interconnected via an address/data bus
139. It should be appreciated that although the Arbiter 133 and the
network computer 23 are each shown with only one microprocessor
124, 134, the controllers 121, 131 may each include multiple
microprocessors 124, 134. Similarly, the memory of the controllers
121, 131 may include multiple RAMs 126, 136 and multiple program
memories 122, 132. Although the I/O circuits 128, 138 are each
shown as a single block, it should be appreciated that the I/O
circuits 128, 138 may include a number of different types of I/O
circuits. The RAMs 124, 134 and program memories 122, 132 may be
implemented as semiconductor memories, magnetically readable
memories, and/or optically readable memories, for example.
[0115] Although the program memories 122, 132 are shown in FIG. 9
as read-only memories (ROM) 122, 132, the program memories of the
controllers 121, 131 may be a read/write or alterable memory, such
as a hard disk. In the event a hard disk is used as a program
memory, the address/data buses 129, 139 shown schematically in FIG.
9 may each comprise multiple address/data buses, which may be of
different types, and there may be an I/O circuit disposed between
the address/data buses.
[0116] As shown in FIG. 9, the gaming unit 21 may be operatively
coupled to the network computer 23 via the data link 25. The gaming
unit 21 may also be operatively coupled to the Arbiter 133 via the
data link 47, and the network computer 23 may likewise be
operatively coupled to the Arbiter 133 via the data link 47.
Communications between the gaming unit 21 and the network computer
23 may involve different information types of varying levels of
sensitivity resulting in varying levels of encryption techniques
depending on the sensitivity of the information. For example,
communications such as drink orders and statistical information may
be considered less sensitive. A drink order or statistical
information may remain encrypted, although with moderately secure
encryption techniques, such as RC4 and DES, resulting in less
processing power and less time for encryption. On the other hand,
financial information (e.g., account information, winnings, etc.),
game download information (e.g., game software and game licensing
information) and personal information (e.g., social security
number, personal preferences, etc.) may be encrypted with stronger
encryption techniques such as AES or 3DES to provide increased
security.
[0117] As disclosed in further detail in the Arbiter Application,
the Arbiter 133 may verify the authenticity of each network gaming
device. The Arbiter 133 may receive a request for a communication
session from a network device. For ease of explanation, the
requesting network device may be referred to as the client, and the
requested network device may be referred to as the host. The client
may be any device on the network 12 and the request may be for a
communication session with any other network device. The client may
specify the host, or the gaming security arbiter may select the
host based on the request and based on information about the client
and potential hosts. The Arbiter 133 may provide encryption keys
(session keys) for the communication session to the client via the
secure communication channel. Either the host and/or the session
key may be provided in response to the request, or may have been
previously provided. The client may contact the host to initiate
the communication session. The host may then contact the Arbiter
133 to determine the authenticity of the client. The Arbiter 133
may provide affirmation (or lack thereof) of the authenticity of
the client to the host and provide a corresponding session key, in
response to which the network devices may initiate the
communication session directly with each other using the session
keys to encrypt and decrypt messages.
[0118] Alternatively, upon receiving a request for a communication
session, the Arbiter 133 may contact the host regarding the request
and provide corresponding session keys to both the client and the
host. The Arbiter 133 may then initiate either the client or the
host to begin their communication session. In turn, the client and
host may begin the communication session directly with each other
using the session keys to encrypt and decrypt messages.
Alternatively, the Arbiter 133 may issue, manage, and revoke the
X.509 certificate as the Certificate Authority to the Network
Computer 23 or the new Gaming Unit 21. For example, when a new
Network Computer 23 or a new Gaming Unit 21 is introduced within
the casino floor 1210, it may generate the certificate request to
the Arbiter 133. With the proper physical authentication and
validation of the unit by the Casino employees, Arbiter 133 may
issue the corresponding X.509 certificate to the certificate
request, which can be used by the requesting machine for its secure
communication with existing Network computer or gaming units. An
additional explanation of the communication request, communication
response and key distribution is provided in the Arbiter
Application.
[0119] Wireless devices are particularly useful for managing a
gaming network. Such wireless devices could include, but are not
limited to, laptops, PDAs or even cellular telephones. Referring
once again to FIG. 8, one or more network devices in gaming
establishment 1205 can be configured as wireless access points. For
example, a casino manager may use a wireless handheld device to
revise and/or schedule gaming machine configurations while roaming
the casino floor. Similarly, a representative of a regulatory body
could use a PDA to verify gaming machine configurations, generate
reports, view activity logs, etc., while on the casino floor.
[0120] If a host device is located in a remote location, security
methods and devices (such as firewalls, authentication and/or
encryption) should be deployed in order to prevent the unauthorized
access of the gaming network. Similarly, any other connection
between gaming network 1205 and the outside world should only be
made with trusted devices via a secure link, e.g., via a virtual
private network ("VPN") tunnel. For example, the illustrated
connection between SBG 1230, gateway 1250 and central system 1263
(here, IGT.com) that may be used for game downloads, etc., is
advantageously made via a VPN tunnel.
[0121] An Internet-based VPN uses the open, distributed
infrastructure of the Internet to transmit data between sites. A
VPN may emulate a private IP network over public or shared
infrastructures. A VPN that supports only IP traffic is called an
IP-VPN. VPNs provide advantages to both the service provider and
its customers. For its customers, a VPN can extend the IP
capabilities of a corporate site to remote offices and/or users
with intranet, extranet, and dial-up services. This connectivity
may be achieved at a lower cost to the gaming entity with savings
in capital equipment, operations, and services. Details of VPN
methods that may be used with the present invention are described
in the reference, "Virtual Private Networks-Technologies and
Solutions," by R. Yueh and T. Strayer, Addison-Wesley, 2001,
ISBN#0-201-70209-6, which is incorporated herein by reference and
for all purposes.
[0122] There are many ways in which IP VPN services may be
implemented, such as, for example, Virtual Leased Lines, Virtual
Private Routed Networks, Virtual Private Dial Networks, Virtual
Private LAN Segments, etc. Additionally VPNs may be implemented
using a variety of protocols, such as, for example, IP Security
(IPSec) Protocol, Layer 2 Tunneling Protocol, Multiprotocol Label
Switching (MPLS) Protocol, etc. Details of these protocols,
including RFC reports, may be obtained from the VPN Consortium, an
industry trade group (http://www.vpnc.com, VPNC, Santa Cruz,
Calif.).
[0123] For security purposes, any information transmitted to or
from a gaming establishment over a public network may be encrypted.
In one implementation, the information may be symmetrically
encrypted using a symmetric encryption key, where the symmetric
encryption key is asymmetrically encrypted using a private key. The
public key may be obtained from a remote public key server. The
encryption algorithm may reside in processor logic stored on the
gaming machine. When a remote server receives a message containing
the encrypted data, the symmetric encryption key is decrypted with
a private key residing on the remote server and the symmetrically
encrypted information sent from the gaming machine is decrypted
using the symmetric encryption key. A different symmetric
encryption key is used for each transaction where the key is
randomly generated. Symmetric encryption and decryption is
preferably applied to most information because symmetric encryption
algorithms tend to be 100-10,000 faster than asymmetric encryption
algorithms.
[0124] As mentioned elsewhere herein, U.S. patent application Ser.
No. 11/225,408, entitled "METHODS AND DEVICES FOR AUTHENTICATION
AND LICENSING IN A GAMING NETWORK" by Kinsley et al., describes
novel methods and devices for authentication, game downloading and
game license management. This application has been incorporated
herein by reference.
[0125] Providing a secure connection between the local devices of
the SBG system and IGT's central system allows for the deployment
of many advantageous features. For example, a customer (e.g., an
employee of a gaming establishment) can log onto an account of
central system 1263 (in this example, IGT.com) to obtain the
account information such as the customer's current and prior
account status.
[0126] Moreover, such a secure connection may be used by the
central system 1263 to collect information regarding a customer's
system. Such information includes, but is not limited to, error
logs for use in diagnostics and troubleshooting. Some
implementations of the invention allow a central system to collect
other types of information, e.g., information about the usage of
certain types of gaming software, revenue information regarding
certain types of games and/or gaming machines, etc. Such
information includes, but is not limited to, information regarding
the revenue attributable to particular games at specific times of
day, days of the week, etc. Such information may be obtained, at
least in part, by reference to an accounting system of the gaming
network(s), as described in U.S. patent application Ser. No.
11/225,407, by Wolf et al., entitled "METHODS AND DEVICES FOR
MANAGING GAMING NETWORKS," which has been incorporated herein by
reference.
[0127] Automatic updates of a customer's SBG server may also be
enabled. For example, central system 1263 may notify a local SBG
server regarding new products and/or product updates. For example,
central system 1263 may notify a local SBG server regarding updates
of new gaming software, gaming software updates, peripheral
updates, the status of current gaming software licenses, etc. In
some implementations of the invention, central system 1263 may
notify a local SBG server (or another device associated with a
gaming establishment) that an additional theme-specific data set
and/or updates for a previously-downloaded global payout set are
available. Alternatively, such updates could be automatically
provided to the local SBG server and downloaded to networked gaming
machines.
[0128] After the local SBG server receives this information, it can
identify relevant products of interest. For example, the local SBG
server may identify gaming software that is currently in use (or at
least licensed) by the relevant gaming entity and send a
notification to one or more host devices, e.g., via email. If an
update or a new software product is desired, it can be downloaded
from the central system. Some relevant downloading methods are
described elsewhere herein and in applications that have been
incorporated herein by reference, e.g., in U.S. patent application
Ser. No. 11/078,966. Similarly, a customer may choose to renew a
gaming software license via a secure connection with central system
1263 in response to such a notification.
[0129] Secure communication links allow notifications to be sent
securely from a local SBG server to host devices outside of a
gaming establishment. For example, a local SBG server can be
configured to transmit automatically generated email reports, text
messages, etc., based on predetermined events that will sometimes
be referred to herein as "triggers." Such triggers can include, but
are not limited to, the condition of a gaming machine door being
open, cash box full, machine not responding, verification failure,
etc.
[0130] In addition, providing secure connections between different
gaming establishments can enable alternative implementations of the
invention. For example, a number of gaming establishments, each
with a relatively small number of gaming machines, may be owned
and/or controlled by the same entity. In such situations, having
secure communications between gaming establishments makes it
possible for a gaming entity to use a single SBG server as an
interface between central system 1263 and the gaming
establishments.
[0131] While embodiments and applications of this invention have
been shown and described, it would be apparent to those skilled in
the art having the benefit of this disclosure that many more
modifications than mentioned above are possible without departing
from the inventive concepts herein. The invention, therefore, is
not to be restricted except in the spirit of the appended
claims.
* * * * *
References