US20130159988A1 - Gaming machine - Google Patents

Gaming machine Download PDF

Info

Publication number
US20130159988A1
US20130159988A1 US13/771,752 US201313771752A US2013159988A1 US 20130159988 A1 US20130159988 A1 US 20130159988A1 US 201313771752 A US201313771752 A US 201313771752A US 2013159988 A1 US2013159988 A1 US 2013159988A1
Authority
US
United States
Prior art keywords
gaming machine
software component
recent
memory device
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/771,752
Inventor
Drazen Lenger
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aristocrat Technologies Australia Pty Ltd
Original Assignee
Aristocrat Technologies Australia Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2008901441A external-priority patent/AU2008901441A0/en
Application filed by Aristocrat Technologies Australia Pty Ltd filed Critical Aristocrat Technologies Australia Pty Ltd
Priority to US13/771,752 priority Critical patent/US20130159988A1/en
Assigned to ARISTOCRAT TECHNOLOGIES AUSTRALIA PTY LIMITED reassignment ARISTOCRAT TECHNOLOGIES AUSTRALIA PTY LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LENGER, DRAZEN
Publication of US20130159988A1 publication Critical patent/US20130159988A1/en
Priority to US14/142,262 priority patent/US20140115573A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/32Coin-freed apparatus for hiring articles; Coin-freed facilities or services for games, toys, sports, or amusements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/654Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/32Coin-freed apparatus for hiring articles; Coin-freed facilities or services for games, toys, sports, or amusements
    • G07F17/3225Data transfer within a gaming system, e.g. data sent between gaming machines and users
    • G07F17/323Data transfer within a gaming system, e.g. data sent between gaming machines and users wherein the player is informed, e.g. advertisements, odds, instructions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/32Coin-freed apparatus for hiring articles; Coin-freed facilities or services for games, toys, sports, or amusements
    • G07F17/3225Data transfer within a gaming system, e.g. data sent between gaming machines and users
    • G07F17/3232Data transfer within a gaming system, e.g. data sent between gaming machines and users wherein the operator is informed
    • G07F17/3234Data transfer within a gaming system, e.g. data sent between gaming machines and users wherein the operator is informed about the performance of a gaming system, e.g. revenue, diagnosis of the gaming system

Definitions

  • the present invention relates to a gaming machine and a method of conducting a software update of a gaming machine.
  • Program code to be run on gaming machines sometimes needs to be updated to address problems with existing code or to add a capability.
  • the invention provides a method of conducting a software update of a gaming machine, including:
  • updating the gaming machine includes replacing each corresponding software component with each more recent software component.
  • determining that the memory device contains at least one authentic software component which is more recent than a corresponding software component currently stored in a memory of the gaming machine includes:
  • authenticating each software component stored on the memory device by using a public key stored at the gaming machine to verify that the software component has been signed with the corresponding public key.
  • the method includes determining that the version number is more recent if it is higher than a version of the corresponding software component.
  • the method includes determining that a main door of the gaming machine is open prior to updating each more recent authentic software component.
  • the method includes determining that a logic door of the gaming machine is open prior to updating each more recent authentic software component.
  • the method includes restarting the boot process subsequent to completion of the update.
  • the method includes continuing the boot process subsequent to completion of the update.
  • the method includes determining that the memory device is connected to a USB port of the gaming machine.
  • conduct of the boot process is caused by a processor of the gaming machine executing instruction stored in gaming machine memory.
  • the invention provides a gaming machine including:
  • gaming machine memory storing updateable software components and storing instructions to cause the processor to conduct a boot process, the gaming machine arranged to:
  • the gaming machine includes at least one USB port, the gaming machine arranged to determine that a memory device in the form of a USB compatible drive is connected to the USB port.
  • the gaming machine includes a main door and arranged to determine that the main door is open prior to updating each more recent authentic software component.
  • the gaming machine includes a logic door and arranged to determine that the logic door is open prior to updating each more recent authentic software component.
  • the gaming machine is arranged to only mount the USB drive for the duration of the boot process.
  • the gaming machine is arranged to update the gaming machine by replacing each corresponding software component with each more recent software component.
  • the gaming machine is arranged to determine that the memory device contains at least one authentic software component which is more recent than a corresponding software component currently stored in a memory of the gaming machine by:
  • the gaming machine is arranged to authenticate each software component stored on the memory device by using a public key stored at the gaming machine to verify that the software component has been signed with the corresponding public key.
  • the gaming machine is arranged to determine that the version number is more recent if it is higher than a version of the corresponding software component.
  • FIG. 1 is a perspective view of a gaming machine
  • FIG. 2 is a schematic diagram of the main components of the gaming machine of a first embodiment that relate to implementation of a boot process featuring software update;
  • FIG. 3 is a flow chart of the software update process.
  • a gaming machine 10 is illustrated in FIG. 1 .
  • the gaming machine 10 includes a console 12 having a display 14 on which is displayed representations of a game 16 that can be played by a player.
  • a mid-trim 20 of the gaming machine 10 houses a bank of buttons 22 for enabling a player to interact with the gaming machine, in particular during game play.
  • the mid-trim 20 also houses a credit input mechanism 24 which in this example includes a coin input chute 24 A and a bill collector 24 B.
  • Other credit input mechanisms may also be employed, for example, a card reader for reading a smart card, debit card or credit card.
  • a reading device may also be provided for the purpose of reading a player tracking device, for example as part of a loyalty program.
  • the player tracking device may be in the form of a card, flash drive or any other portable storage medium capable of being read by the reading device.
  • a top box 26 may carry artwork 28 , including for example pay tables and details of bonus awards and other information or images relating to the game. Further artwork and/or information may be provided on a front panel 29 of the console 12 .
  • a coin tray 30 is mounted beneath the front panel 29 for dispensing cash payouts from the gaming machine 10 .
  • the display 14 shown in FIG. 1 is in the form of a video display unit, particularly a cathode ray tube screen device.
  • the display 14 may be a liquid crystal display, plasma screen, any other suitable video display unit, or the visible portion of an electromechanical device.
  • the top box 26 may also include a display, for example a video display unit, which may be of the same type as the display 14 , or of a different type.
  • FIG. 2 illustrates one embodiment of a boot process which is described in more detail in Australian patent application 2007203243, the disclosure of which is incorporated herein by reference.
  • the electronic gaming machine has a central processing unit (CPU) 210 .
  • Boot program code is stored in BIOS 220 .
  • Logically the boot program code consists of a BIOS loader, a boot-loader and a BIOS-control-program.
  • BIOS loader contains an RSA master public key
  • BIOS control program contains an RSA signature of the BIOS control program SHA 1 hash that is signed by the RSA master private key corresponding to the RSA master public key.
  • the CPU (processor) 210 of electronic gaming machine begins executing the first instruction of the BIOS loader stored in the BIOS 220 .
  • the monitoring device 230 snoops every read access to the BIOS loader to thereby monitor reading of the BIOS loader by the CPU 210 .
  • the monitoring device is implemented by a field programmable gate array and contains a duplicate copy of the BIOS loader monitors access to the BIOS 220 that provides validation code that can be used to determine that the BIOS loader is valid.
  • the monitoring device verifies that the BIOS loader read out by the CPU matches the validation copy of the BIOS loader stored in the monitoring device.
  • the monitoring device halts operation in such a manner that this will ultimately cause the electronic gaming machine to fail booting. This ensures that the electronic gaming machine is running a valid, unmodified copy of the BIOS loader and hence that the code to check the validity of the BIOS control program (as described in further detail below) is still present and will be executed by CPU 210 .
  • the BIOS loader calculates a hash of the BIOS control program and copies the BIOS control program to RAM.
  • the BIOS loader then retrieves a RSA signature from the BIOS-control-program and retrieves the RSA master public key from the BIOS loader.
  • the BIOS loader decrypts the signature of the BIOS-control-program hash and determines whether the hashes match. If the hashes fail to match booting is failed. Otherwise the verification is successful and execution is transferred to the BIOS-control-program now stored in RAM.
  • the BIOS-control-program then seeks to verify any external BIOSes 240 by reference to a signed table of external BIOS hashes 250 .
  • the CPU 220 calculates a hash of each external BIOS 360 .
  • BIOS-control-program Before the BIOS-control-program transfers control to the master boot record of the active boot partition on the active boot device 260 it verifies the active boot partition and boot cylinder by calculating a hash of the active boot partition and the hash of the boot cylinder and verifying the hash against the RSA signature stored on the active boot device using the RSA master key and RSA. If they do not match the boot is failed.
  • the active boot partition includes a number of different partitions including a game partition, a platform partition and an operating system partition, each of which are verified independently.
  • the operating system may be Linux.
  • the process proceeds to load the master boot record which in turn loads the boot loader in the boot cylinder.
  • the boot loader verifies the contents of the game, platform and operating system partition using the RSA public keys stored in the boot loader against the RSA signatures stored in files in each of the partitions. If the verification is successful, the process proceeds to load and execute the operating system. These steps ensure the electronic gaming machine is running an operating system and system software that had previously signed by the RSA master key.
  • the operating system then loads the platform software from main memory 220 being software components specific to the hardware on which the operating system is running and the game is expected to run. Once the platform is established, the game software is loaded.
  • the update process 300 involves checking 310 whether a USB memory device 290 is attached to the USB port 280 and mounting any such USB drive 315 . If no memory device 290 is attached, the boot process is continued 320 .
  • a memory device 290 if a memory device 290 is attached a number of additional checks are made before any code can be stored to a memory of the gaming device. These checks have the advantage of increasing the likelihood that the software update is legitimate and not an attempt to illegitimately access the gaming machine.
  • the memory to which the code is ultimately stored will vary depending on the specific embodiment and the type of code being updated, for example, it could be used to update code in BIOS 220 or main memory 295 (which may be compact flash, for example).
  • BIOS 220 main memory 295
  • main memory 295 which may be compact flash, for example.
  • “gaming machine memory” is used to refer to memory normally resident within the gaming machine including the BIOS 220 and main memory 295 .
  • the memory device 290 is to be manually attached to a USB port 280 of the gaming machine.
  • a memory device may be placed in data communication with the gaming machine in some other manner, for example, the gaming machine may have a network card and be configured to check for a memory device at a particular network address during the update process.
  • the first check 330 is that the main door of the gaming machine 10 is open. If it is not open, an error process 335 is initiated which can be resolved by removing the USB memory device (the USB port may be externally accessible) in which case the boot process continues 320 .
  • the second check 340 is that the door of the logic cage is open. (The logic cage contains the main board of the gaming machine.) Again an error process can be resolved in by removing the USB memory device 290 (the USB port may externally accessible of the logic cage when the main door is open) in which case the boot process continues 320 .
  • the first and second checks are designed to ensure that the person attaching the USB drive is a technician authorised to access the logic cage and has done so in the correct manner.
  • the third check 350 is to determine whether the memory device contains any “authentic” software components, e.g. which pass a digitally signed authentication test which demonstrates that they have been signed by a private key corresponding, for example to the RSA master public key stored in the boot-loader. If there are no authentic software components, a message is displayed to ask the technician to remove the USB drive 355 so that the boot process can continue 320 . If there are one or more authentic software components, the process proceeds to the fourth check 360 .
  • authentic software components e.g. which pass a digitally signed authentication test which demonstrates that they have been signed by a private key corresponding, for example to the RSA master public key stored in the boot-loader. If there are no authentic software components, a message is displayed to ask the technician to remove the USB drive 355 so that the boot process can continue 320 . If there are one or more authentic software components, the process proceeds to the fourth check 360 .
  • the fourth check 360 involves checking whether any of the authentic software components is more recent than the current version of the software component stored in a memory of the gaming machine. In this embodiment, code is more recent if it has a higher version number. If there are no more recent components, a message is displayed to ask the technician to remove the USB drive 355 so that the boot process can continue 320 . If there are one or more authentic and more recent software components the process proceeds to storing 365 the more recent components, typically by overwriting the previous version but the previous version may be kept, for example, by renaming it to allow a restore. It is then determined 370 whether a re-boot is necessary based on the nature of the upgraded code and either the gaming machine is re-booted 375 or the boot process continues 320 .
  • the method involves performing a manual RAM reset. If a reboot is not necessary, the boot process continues 320 and the USB drive is demounted 325 .
  • this protects against the possibility that a person will attempt to illegitimately access the gaming machine via the USB port while it is running That is, USB drives will only be mounted during the boot process.
  • the program code may include different code elements, depending on the particular implementation and what it is desired to update, for example it may contain the most up to date boot loader code, the most up to date code for the boot partition, the most up to date system code, and or the most up to date game code for the gaming machine. Indeed, it may include some or all of the above such that irrespective of the current state of code of the gaming machine, it is brought completely up to date by virtue of the update process 300 .
  • certificates rooted in the master public key may be stored with the software components rather than public keys.
  • the present invention contemplates methods, systems and program products on any electronic device and/or machine-readable media suitable for accomplishing its operations. Certain embodiments of the present invention may be implemented using an existing computer processor and/or by a special purpose computer processor incorporated for this or another purpose or by a hardwired system, for example.
  • Embodiments within the scope of the present invention include program products comprising machine-readable media for carrying or having machine-executable instructions or data structures stored thereon.
  • machine-readable media can be any available media that can be accessed by a general purpose or special purpose computer or other machine with a processor.
  • machine-readable media may comprise RAM, ROM, PROM, EPROM, EEPROM, Flash, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code in the form of machine-executable instructions or data structures and which can be accessed by a general purpose or special purpose computer or other machine with a processor.
  • Machine-executable instructions comprise, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing machines to perform a certain function or group of functions.

Abstract

A method of conducting a software update of a gaming machine, including: starting a boot process of the gaming machine; determining during the boot process that a memory device potentially containing at least one software component more recent than a corresponding software component currently stored in gaming machine memory is in data communication with the gaming machine; determining that the memory device contains at least one authentic, more recent software component; and updating gaming machine memory with each more recent software component.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This patent arises from and claims priority to a continuation of U.S. patent application Ser. No. 13/315,878, filed on Dec. 9, 2011, entitled “A GAMING MACHINE,” which is a continuation of U.S. patent application Ser. No. 12/412,081, filed Mar. 26, 2009, entitled “A GAMING MACHINE,” which claims the benefit of priority to Australian Provisional Patent Application No. 2008901441, filed on Mar. 26, 2008, entitled “A GAMING MACHINE”, each of which is herein incorporated by reference in its entirety.
    • FIELD
  • The present invention relates to a gaming machine and a method of conducting a software update of a gaming machine.
    • BACKGROUND
  • Program code to be run on gaming machines sometimes needs to be updated to address problems with existing code or to add a capability. Given the nature of gambling regulations, there is a need for a high degree of confidence in the security of an electronic gaming machines. Accordingly, current software updates are performed by physically swapping memory components of a gaming machine. There is a need for alternative techniques for updating software which provides and a high degree of security.
    • SUMMARY
  • In a first aspect, the invention provides a method of conducting a software update of a gaming machine, including:
  • starting a boot process of the gaming machine;
  • determining during the boot process that a memory device potentially containing at least one software component more recent than a corresponding software component currently stored in gaming machine memory is in data communication with the gaming machine;
  • determining that the memory device contains at least one authentic, more recent software component; and
  • updating gaming machine memory with each more recent software component.
  • In an embodiment, updating the gaming machine includes replacing each corresponding software component with each more recent software component.
  • In an embodiment, determining that the memory device contains at least one authentic software component which is more recent than a corresponding software component currently stored in a memory of the gaming machine includes:
  • authenticating each software component stored on the memory device; and
  • determining that a version number of each authenticated software component stored on the memory device is indicative of a more recent version of the software component than a corresponding software component stored in the memory of the gaming machine.
  • In an embodiment, authenticating each software component stored on the memory device by using a public key stored at the gaming machine to verify that the software component has been signed with the corresponding public key.
  • In an embodiment, the method includes determining that the version number is more recent if it is higher than a version of the corresponding software component.
  • In an embodiment, the method includes determining that a main door of the gaming machine is open prior to updating each more recent authentic software component.
  • In an embodiment, the method includes determining that a logic door of the gaming machine is open prior to updating each more recent authentic software component.
  • In an embodiment, the method includes restarting the boot process subsequent to completion of the update.
  • In an embodiment, the method includes continuing the boot process subsequent to completion of the update.
  • In an embodiment, the method includes determining that the memory device is connected to a USB port of the gaming machine.
  • In an embodiment, conduct of the boot process is caused by a processor of the gaming machine executing instruction stored in gaming machine memory.
  • In a second aspect, the invention provides a gaming machine including:
  • a processor;
  • gaming machine memory storing updateable software components and storing instructions to cause the processor to conduct a boot process, the gaming machine arranged to:
  • determine during the boot process that a memory device potentially containing at least one software component more recent than a corresponding software component currently stored in gaming machine memory is in data communication with the gaming machine;
  • determine that the memory device contains at least one authentic, more recent software component; and
  • conduct an update process of gaming machine memory in respect of each more recent software component.
  • In an embodiment, the gaming machine includes at least one USB port, the gaming machine arranged to determine that a memory device in the form of a USB compatible drive is connected to the USB port.
  • In an embodiment, the gaming machine includes a main door and arranged to determine that the main door is open prior to updating each more recent authentic software component.
  • In an embodiment, the gaming machine includes a logic door and arranged to determine that the logic door is open prior to updating each more recent authentic software component.
  • In an embodiment, the gaming machine is arranged to only mount the USB drive for the duration of the boot process.
  • In an embodiment, the gaming machine is arranged to update the gaming machine by replacing each corresponding software component with each more recent software component.
  • In an embodiment, the gaming machine is arranged to determine that the memory device contains at least one authentic software component which is more recent than a corresponding software component currently stored in a memory of the gaming machine by:
  • authenticating each software component stored on the memory device; and
  • determining that a version number of each authenticated software component stored on the memory device is indicative of a more recent version of the software component than a corresponding software component stored in the memory of the gaming machine.
  • In an embodiment, the gaming machine is arranged to authenticate each software component stored on the memory device by using a public key stored at the gaming machine to verify that the software component has been signed with the corresponding public key.
  • In an embodiment, the gaming machine is arranged to determine that the version number is more recent if it is higher than a version of the corresponding software component.
    • DESCRIPTION OF DRAWINGS
  • Exemplary embodiments of the invention will now be described in relation to the following drawings in which:
  • FIG. 1 is a perspective view of a gaming machine;
  • FIG. 2 is a schematic diagram of the main components of the gaming machine of a first embodiment that relate to implementation of a boot process featuring software update; and
  • FIG. 3 is a flow chart of the software update process.
    •
  • Features, further aspects, and advantages of the present invention will become apparent from the following description of embodiments thereof, by way of example only, with reference to the accompanying drawings. Also, various embodiments of the aspects described in the preceding paragraphs will be apparent from the appended claims, the following description and/or the accompanying drawings. It should be understood, however, that the present invention is not limited to the arrangements and instrumentality shown in the attached drawings.
    • DETAILED DESCRIPTION
  • Referring to the drawings, there is shown an embodiment of an electronic gaming machine arranged to implement a software update process.
  • A gaming machine 10 is illustrated in FIG. 1. The gaming machine 10 includes a console 12 having a display 14 on which is displayed representations of a game 16 that can be played by a player. A mid-trim 20 of the gaming machine 10 houses a bank of buttons 22 for enabling a player to interact with the gaming machine, in particular during game play. The mid-trim 20 also houses a credit input mechanism 24 which in this example includes a coin input chute 24A and a bill collector 24B. Other credit input mechanisms may also be employed, for example, a card reader for reading a smart card, debit card or credit card. A reading device may also be provided for the purpose of reading a player tracking device, for example as part of a loyalty program. The player tracking device may be in the form of a card, flash drive or any other portable storage medium capable of being read by the reading device.
  • A top box 26 may carry artwork 28, including for example pay tables and details of bonus awards and other information or images relating to the game. Further artwork and/or information may be provided on a front panel 29 of the console 12. A coin tray 30 is mounted beneath the front panel 29 for dispensing cash payouts from the gaming machine 10.
  • The display 14 shown in FIG. 1 is in the form of a video display unit, particularly a cathode ray tube screen device. Alternatively, the display 14 may be a liquid crystal display, plasma screen, any other suitable video display unit, or the visible portion of an electromechanical device. The top box 26 may also include a display, for example a video display unit, which may be of the same type as the display 14, or of a different type.
  • FIG. 2 illustrates one embodiment of a boot process which is described in more detail in Australian patent application 2007203243, the disclosure of which is incorporated herein by reference. The electronic gaming machine has a central processing unit (CPU) 210. Boot program code is stored in BIOS 220. Logically the boot program code consists of a BIOS loader, a boot-loader and a BIOS-control-program.
  • The different portion of code contains components for different security features. Specifically: BIOS loader contains an RSA master public key; and the BIOS control program contains an RSA signature of the BIOS control program SHA 1 hash that is signed by the RSA master private key corresponding to the RSA master public key.
  • When the electronic gaming machine is reset such that a boot process is started, the CPU (processor) 210 of electronic gaming machine begins executing the first instruction of the BIOS loader stored in the BIOS 220. The monitoring device 230 snoops every read access to the BIOS loader to thereby monitor reading of the BIOS loader by the CPU 210. The monitoring device is implemented by a field programmable gate array and contains a duplicate copy of the BIOS loader monitors access to the BIOS 220 that provides validation code that can be used to determine that the BIOS loader is valid. The monitoring device verifies that the BIOS loader read out by the CPU matches the validation copy of the BIOS loader stored in the monitoring device. If it does not match, the monitoring device halts operation in such a manner that this will ultimately cause the electronic gaming machine to fail booting. This ensures that the electronic gaming machine is running a valid, unmodified copy of the BIOS loader and hence that the code to check the validity of the BIOS control program (as described in further detail below) is still present and will be executed by CPU 210.
  • The BIOS loader calculates a hash of the BIOS control program and copies the BIOS control program to RAM. The BIOS loader then retrieves a RSA signature from the BIOS-control-program and retrieves the RSA master public key from the BIOS loader. The BIOS loader decrypts the signature of the BIOS-control-program hash and determines whether the hashes match. If the hashes fail to match booting is failed. Otherwise the verification is successful and execution is transferred to the BIOS-control-program now stored in RAM. The BIOS-control-program then seeks to verify any external BIOSes 240 by reference to a signed table of external BIOS hashes 250. The CPU 220 calculates a hash of each external BIOS 360. It decrypts the signed table of external BIOS hashes 250 using RSA and the RSA master public key contained in the boot-loader. Each external BIOS 240 is hashed and compared to the now decrypted stored hash 365. Any external BIOSES not matched are ignored. Otherwise control is transferred to the external BIOSes.
  • These steps ensure the electronic gaming machine is running a BIOS control program that has been signed by a master private key.
  • Before the BIOS-control-program transfers control to the master boot record of the active boot partition on the active boot device 260 it verifies the active boot partition and boot cylinder by calculating a hash of the active boot partition and the hash of the boot cylinder and verifying the hash against the RSA signature stored on the active boot device using the RSA master key and RSA. If they do not match the boot is failed.
  • The active boot partition includes a number of different partitions including a game partition, a platform partition and an operating system partition, each of which are verified independently. The operating system may be Linux.
  • If the verification is successful, the process proceeds to load the master boot record which in turn loads the boot loader in the boot cylinder. The boot loader verifies the contents of the game, platform and operating system partition using the RSA public keys stored in the boot loader against the RSA signatures stored in files in each of the partitions. If the verification is successful, the process proceeds to load and execute the operating system. These steps ensure the electronic gaming machine is running an operating system and system software that had previously signed by the RSA master key. The operating system then loads the platform software from main memory 220 being software components specific to the hardware on which the operating system is running and the game is expected to run. Once the platform is established, the game software is loaded.
  • As described in FIG. 3, at an appropriate point after the boot process is started 305 an update process is started. In this embodiment, early in the process of the operating system loading the platform software, the update process 300 involves checking 310 whether a USB memory device 290 is attached to the USB port 280 and mounting any such USB drive 315. If no memory device 290 is attached, the boot process is continued 320.
  • In this embodiment, if a memory device 290 is attached a number of additional checks are made before any code can be stored to a memory of the gaming device. These checks have the advantage of increasing the likelihood that the software update is legitimate and not an attempt to illegitimately access the gaming machine. In this respect, the memory to which the code is ultimately stored will vary depending on the specific embodiment and the type of code being updated, for example, it could be used to update code in BIOS 220 or main memory 295 (which may be compact flash, for example). Herein, “gaming machine memory” is used to refer to memory normally resident within the gaming machine including the BIOS 220 and main memory 295.
  • In this embodiment, it is assumed that the memory device 290 is to be manually attached to a USB port 280 of the gaming machine. In other embodiments, a memory device may be placed in data communication with the gaming machine in some other manner, for example, the gaming machine may have a network card and be configured to check for a memory device at a particular network address during the update process.
  • The first check 330 is that the main door of the gaming machine 10 is open. If it is not open, an error process 335 is initiated which can be resolved by removing the USB memory device (the USB port may be externally accessible) in which case the boot process continues 320.
  • The second check 340 is that the door of the logic cage is open. (The logic cage contains the main board of the gaming machine.) Again an error process can be resolved in by removing the USB memory device 290 (the USB port may externally accessible of the logic cage when the main door is open) in which case the boot process continues 320. The first and second checks are designed to ensure that the person attaching the USB drive is a technician authorised to access the logic cage and has done so in the correct manner.
  • The third check 350 is to determine whether the memory device contains any “authentic” software components, e.g. which pass a digitally signed authentication test which demonstrates that they have been signed by a private key corresponding, for example to the RSA master public key stored in the boot-loader. If there are no authentic software components, a message is displayed to ask the technician to remove the USB drive 355 so that the boot process can continue 320. If there are one or more authentic software components, the process proceeds to the fourth check 360.
  • The fourth check 360 involves checking whether any of the authentic software components is more recent than the current version of the software component stored in a memory of the gaming machine. In this embodiment, code is more recent if it has a higher version number. If there are no more recent components, a message is displayed to ask the technician to remove the USB drive 355 so that the boot process can continue 320. If there are one or more authentic and more recent software components the process proceeds to storing 365 the more recent components, typically by overwriting the previous version but the previous version may be kept, for example, by renaming it to allow a restore. It is then determined 370 whether a re-boot is necessary based on the nature of the upgraded code and either the gaming machine is re-booted 375 or the boot process continues 320. After any re-boot, the method involves performing a manual RAM reset. If a reboot is not necessary, the boot process continues 320 and the USB drive is demounted 325. Advantageously, this protects against the possibility that a person will attempt to illegitimately access the gaming machine via the USB port while it is running That is, USB drives will only be mounted during the boot process.
  • The program code may include different code elements, depending on the particular implementation and what it is desired to update, for example it may contain the most up to date boot loader code, the most up to date code for the boot partition, the most up to date system code, and or the most up to date game code for the gaming machine. Indeed, it may include some or all of the above such that irrespective of the current state of code of the gaming machine, it is brought completely up to date by virtue of the update process 300.
  • Persons skilled in the art will appreciate that there may be variations on the above boot and update processes. For example, while the above embodiment employs SHA-1 hashes and RSA signatures, other cryptographic hashes and signatures maybe employed. For example, SHA-1 HMAC or DSA or a mixture of techniques. There may also be some additional steps carried out before software is executed. For example, the signature of system and game software components may be checked by checking the entire disk partitions, directories or individual files. Such checks may be performed on demand, that is immediately prior to a component being loaded or in advance, that is prior to any components being accessed. Further in some instances it may be appropriate to check components with multiple signatures. This allows the loading of a component to be prevented if it has not be signed by all required parties which may include the manufacture of the gaming machine, a regulatory body or a third party developer.
  • Further, certificates rooted in the master public key may be stored with the software components rather than public keys. These and other variations will be apparent to persons skilled in the art and should be considered as falling within the invention described herein. It will also be appreciated that other embodiments of the invention can be formed from the features described above.
  • In the claims which follow and in the preceding description of certain embodiments of the invention, except where the context indicates otherwise due to express language or necessary implication, the word “comprise” or variations such as “comprises” or “comprising” is used in an inclusive sense, i.e. to specify the presence of the stated features but not to preclude the presence or addition of further features in various embodiments of the invention.
  • It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive. Several embodiments are described above with reference to the drawings. These drawings illustrate certain details of specific embodiments that implement the systems and methods and programs of the present invention. However, describing the invention with drawings should not be construed as imposing on the invention any limitations associated with features shown in the drawings. It will be understood that the invention disclosed and defined in this specification extends to all alternative combinations of two or more of the individual features mentioned or evident from the text or drawings. All of these different combinations constitute various alternative aspects of the invention.
  • The present invention contemplates methods, systems and program products on any electronic device and/or machine-readable media suitable for accomplishing its operations. Certain embodiments of the present invention may be implemented using an existing computer processor and/or by a special purpose computer processor incorporated for this or another purpose or by a hardwired system, for example.
  • Embodiments within the scope of the present invention include program products comprising machine-readable media for carrying or having machine-executable instructions or data structures stored thereon. Such machine-readable media can be any available media that can be accessed by a general purpose or special purpose computer or other machine with a processor. By way of example, such machine-readable media may comprise RAM, ROM, PROM, EPROM, EEPROM, Flash, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code in the form of machine-executable instructions or data structures and which can be accessed by a general purpose or special purpose computer or other machine with a processor. When information is transferred or provided over a network or another communications connection (either hardwired, wireless, or a combination of hardwired or wireless) to a machine, the machine properly views the connection as a machine-readable medium. Thus, any such a connection is properly termed a machine-readable medium. Combinations of the above are also included within the scope of machine-readable media. Machine-executable instructions comprise, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing machines to perform a certain function or group of functions.

Claims (20)

1. A method of conducting a software update of a gaming machine, comprising:
starting a boot process of the gaming machine;
determining during the boot process that a memory device potentially containing at least one software component more recent than a corresponding software component currently stored in gaming machine memory is in data communication with the gaming machine;
determining that the memory device contains at least one authentic, more recent software component; and
updating gaming machine memory with each more recent software component.
2. A method as claimed in claim 1, wherein updating the gaming machine comprises replacing each corresponding software component with each more recent software component.
3. A method as claimed in claim 1, wherein determining that the memory device contains at least one authentic software component which is more recent than a corresponding software component currently stored in a memory of the gaming machine comprises:
authenticating each software component stored on the memory device; and
determining that a version number of each authenticated software component stored on the memory device is indicative of a more recent version of the software component than a corresponding software component stored in the memory of the gaming machine.
4. A method as claimed in claim 3, comprising authenticating each software component stored on the memory device by using a public key stored at the gaming machine to verify that the software component has been signed with the corresponding public key.
5. A method as claimed in claim 4, comprising determining that the version number is more recent if it is higher than a version of the corresponding software component.
6. A method as claimed in claim 1 comprising determining that a main door of the gaming machine is open prior to updating each more recent authentic software component.
7. A method as claimed in claim 1 comprising determining that a logic door of the gaming machine is open prior to updating each more recent authentic software component.
8. A method as claimed in claim 1 comprising restarting the boot process subsequent to completion of the update.
9. A method as claimed in claim 1 comprising continuing the boot process subsequent to completion of the update.
10. A method as claimed in claim 1 comprising determining that the memory device is connected to a USB port of the gaming machine.
11. A method as claimed in claim 1, wherein the conduct of the boot process is caused by a processor of the gaming machine executing instruction stored in gaming machine memory.
12. A gaming machine comprising:
a processor;
gaming machine memory storing updateable software components and storing instructions to cause the processor to conduct a boot process, the gaming machine arranged to:
determine during the boot process that a memory device potentially containing at least one software component more recent than a corresponding software component currently stored in gaming machine memory is in data communication with the gaming machine;
determine that the memory device contains at least one authentic, more recent software component; and
conduct an update process of gaming machine memory in respect of each more recent software component.
13. A gaming machine as claimed in claim 12 comprising at least one USB port, the gaming machine arranged to determine that a memory device in the form of a USB compatible drive is connected to the USB port.
14. A gaming machine as claimed in claim 12, comprising a main door and arranged to determine that the main door is open prior to updating each more recent authentic software component.
15. A gaming machine as claimed in claim 12 comprising a logic door and arranged to determine that the logic door is open prior to updating each more recent authentic software component.
16. A gaming machine as claimed in claim 13, arranged to only mount the USB drive for the duration of the boot process.
17. A gaming machine as claimed in claim 12, arranged to update the gaming machine by replacing each corresponding software component with each more recent software component.
18. A gaming machine as claimed in claim 12, arranged to determine that the memory device contains at least one authentic software component which is more recent than a corresponding software component currently stored in a memory of the gaming machine by:
authenticating each software component stored on the memory device; and
determining that a version number of each authenticated software component stored on the memory device is indicative of a more recent version of the software component than a corresponding software component stored in the memory of the gaming machine.
19. A gaming machine as claimed in claim 18, arranged to authenticate each software component stored on the memory device by using a public key stored at the gaming machine to verify that the software component has been signed with the corresponding public key.
20. A gaming machine as claimed in claim 18, arranged to determine that the version number is more recent if it is higher than a version of the corresponding software component.
US13/771,752 2008-03-26 2013-02-20 Gaming machine Abandoned US20130159988A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US13/771,752 US20130159988A1 (en) 2008-03-26 2013-02-20 Gaming machine
US14/142,262 US20140115573A1 (en) 2008-03-26 2013-12-27 Gaming machine

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
AU2008901441A AU2008901441A0 (en) 2008-03-26 A gaming machine
AU2008901441 2008-03-26
US12/412,081 US20090247293A1 (en) 2008-03-26 2009-03-26 Gaming machine
US13/315,878 US8407147B2 (en) 2008-03-26 2011-12-09 Gaming machine
US13/771,752 US20130159988A1 (en) 2008-03-26 2013-02-20 Gaming machine

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/315,878 Continuation US8407147B2 (en) 2008-03-26 2011-12-09 Gaming machine

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/142,262 Continuation US20140115573A1 (en) 2008-03-26 2013-12-27 Gaming machine

Publications (1)

Publication Number Publication Date
US20130159988A1 true US20130159988A1 (en) 2013-06-20

Family

ID=41118073

Family Applications (4)

Application Number Title Priority Date Filing Date
US12/412,081 Abandoned US20090247293A1 (en) 2008-03-26 2009-03-26 Gaming machine
US13/315,878 Active US8407147B2 (en) 2008-03-26 2011-12-09 Gaming machine
US13/771,752 Abandoned US20130159988A1 (en) 2008-03-26 2013-02-20 Gaming machine
US14/142,262 Abandoned US20140115573A1 (en) 2008-03-26 2013-12-27 Gaming machine

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US12/412,081 Abandoned US20090247293A1 (en) 2008-03-26 2009-03-26 Gaming machine
US13/315,878 Active US8407147B2 (en) 2008-03-26 2011-12-09 Gaming machine

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/142,262 Abandoned US20140115573A1 (en) 2008-03-26 2013-12-27 Gaming machine

Country Status (2)

Country Link
US (4) US20090247293A1 (en)
AU (1) AU2009201191A1 (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8171275B2 (en) * 2007-01-16 2012-05-01 Bally Gaming, Inc. ROM BIOS based trusted encrypted operating system
US20090247293A1 (en) 2008-03-26 2009-10-01 Aristocrat Technologies Australia Pty Limited Gaming machine
IL210169A0 (en) 2010-12-22 2011-03-31 Yehuda Binder System and method for routing-based internet security
US8777738B2 (en) * 2011-09-30 2014-07-15 Igt System and method for an extensible boot image for electronic gaming machines
US8971144B2 (en) * 2012-01-19 2015-03-03 Quixant Plc Hardware write-protection
US9003372B2 (en) 2012-08-18 2015-04-07 Luminal, Inc. System and method for replacing software components with corresponding known-good software components without regard to whether the software components have been compromised or potentially compromised
JP5838248B1 (en) * 2014-09-24 2016-01-06 株式会社 ディー・エヌ・エー System and method for providing a predetermined service to a user
US9742568B2 (en) * 2015-09-23 2017-08-22 Dell Products, L.P. Trusted support processor authentication of host BIOS/UEFI
US10341194B2 (en) 2015-10-05 2019-07-02 Fugue, Inc. System and method for building, optimizing, and enforcing infrastructure on a cloud based computing environment
US9996362B2 (en) * 2015-10-30 2018-06-12 Ncr Corporation Diagnostics only boot mode
GB2553836B (en) * 2016-09-16 2021-05-19 1E Ltd File execution
US10467439B2 (en) * 2017-07-05 2019-11-05 Dell Products, L.P. Detecting tampering of memory contents in an information handling system
US10593152B1 (en) 2018-08-22 2020-03-17 Aristocrat Technologies Australia Pty Limited Gaming machine and method for evaluating player reactions
US11189130B2 (en) 2019-01-23 2021-11-30 Aristocrat Technologies Australia Pty Limited Gaming machine security devices and methods
US10957153B2 (en) * 2019-03-15 2021-03-23 Ags Llc Technician input-free reconfiguration of secured gaming system
US11308761B2 (en) 2019-05-31 2022-04-19 Aristocrat Technologies, Inc. Ticketing systems on a distributed ledger
US11263866B2 (en) 2019-05-31 2022-03-01 Aristocrat Technologies, Inc. Securely storing machine data on a non-volatile memory device
US11195371B2 (en) 2019-12-04 2021-12-07 Aristocrat Technologies, Inc. Preparation and installation of gaming devices using blockchain
US11439911B2 (en) 2020-04-07 2022-09-13 Riot Games, Inc. Systems and methods for anti-cheat detection
US11636726B2 (en) * 2020-05-08 2023-04-25 Aristocrat Technologies, Inc. Systems and methods for gaming machine diagnostic analysis

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020025850A1 (en) * 2000-01-28 2002-02-28 Hafezi Jon K. Electronic gaming monitoring and reporting system
US20040185931A1 (en) * 2002-12-23 2004-09-23 Gametech International, Inc. Enhanced gaming system
US20040254013A1 (en) * 1999-10-06 2004-12-16 Igt Download procedures for peripheral devices
US20090044003A1 (en) * 2007-08-09 2009-02-12 Hand Held Products, Inc. Methods and apparatus to change a feature set on data collection devices
US20090172384A1 (en) * 2007-12-31 2009-07-02 Datalogic Mobile, Inc. Systems and methods for configuring, updating, and booting an alternate operating system on a portable data reader

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AUPQ321699A0 (en) * 1999-09-30 1999-10-28 Aristocrat Leisure Industries Pty Ltd Gaming security system
AU2001285125B2 (en) 2000-08-21 2004-08-26 Igt Method and apparatus for software authentication
US6645077B2 (en) 2000-10-19 2003-11-11 Igt Gaming terminal data repository and information distribution system
US20040180721A1 (en) 2000-12-21 2004-09-16 Igt Gaming terminal data repository and information distribution system
US7085722B2 (en) 2001-05-14 2006-08-01 Sony Computer Entertainment America Inc. System and method for menu-driven voice control of characters in a game environment
KR20020087202A (en) * 2001-05-14 2002-11-22 삼성전자 주식회사 Computer
US6907522B2 (en) * 2002-06-07 2005-06-14 Microsoft Corporation Use of hashing in a secure boot loader
KR100523675B1 (en) 2003-06-10 2005-10-25 주식회사 엔터기술 Rf signal of karaoke data receiving pack and karaoke system using thereof
WO2005086940A2 (en) 2004-03-11 2005-09-22 Interdigital Technology Corporation Control of device operation within an area
US20060253702A1 (en) 2004-11-30 2006-11-09 Gametech International, Inc. Secure gaming server
JP4717445B2 (en) 2005-01-06 2011-07-06 株式会社バンダイナムコゲームス Image processing system, image processing device, game device, program, information storage medium, and image processing method
US20060199645A1 (en) 2005-02-28 2006-09-07 Canterbury Stephen A Wagering game with streaming usb audio
CA2504324A1 (en) 2005-04-18 2006-10-18 Alexis Georges Stell-oh
US20060287108A1 (en) 2005-05-17 2006-12-21 Canterbury Stephen A Wagering game with usb nonvolatile storage
US20070054741A1 (en) 2005-09-07 2007-03-08 Morrow James W Network gaming device peripherals
KR100750132B1 (en) 2005-09-27 2007-08-21 삼성전자주식회사 Method and system for booting, updating software automatically and recovering update error, and computer readable medium recording the method
US20090017914A1 (en) 2006-01-20 2009-01-15 Wms Gaming Inc. Interperipheral usb in a wagering game machine
US20070207862A1 (en) 2006-03-03 2007-09-06 Calhoun Cary D Video game console pedestal and multi-media hub
CA2548924A1 (en) 2006-05-04 2007-11-04 Stephen G. Gray Ultra handheld internet portable(u-hip)
US20090247293A1 (en) 2008-03-26 2009-10-01 Aristocrat Technologies Australia Pty Limited Gaming machine

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040254013A1 (en) * 1999-10-06 2004-12-16 Igt Download procedures for peripheral devices
US20020025850A1 (en) * 2000-01-28 2002-02-28 Hafezi Jon K. Electronic gaming monitoring and reporting system
US20040185931A1 (en) * 2002-12-23 2004-09-23 Gametech International, Inc. Enhanced gaming system
US20090044003A1 (en) * 2007-08-09 2009-02-12 Hand Held Products, Inc. Methods and apparatus to change a feature set on data collection devices
US20090172384A1 (en) * 2007-12-31 2009-07-02 Datalogic Mobile, Inc. Systems and methods for configuring, updating, and booting an alternate operating system on a portable data reader

Also Published As

Publication number Publication date
US20090247293A1 (en) 2009-10-01
US8407147B2 (en) 2013-03-26
AU2009201191A1 (en) 2009-10-15
US20140115573A1 (en) 2014-04-24
US20120079472A1 (en) 2012-03-29

Similar Documents

Publication Publication Date Title
US8407147B2 (en) Gaming machine
US9063752B2 (en) Security method
US9842464B2 (en) Storage method for a gaming machine
US7827397B2 (en) Gaming machine having a secure boot chain and method of use
AU2008201804B2 (en) Improved authentication system for gaming machines
US9070251B2 (en) Multi-tiered static chain of trust
US8280816B2 (en) Managing security for network-based gaming
US20110119474A1 (en) Serial Peripheral Interface BIOS System and Method
US8317608B2 (en) Gaming device having hard drive based media and related methods
AU2017200604B2 (en) A gaming machine
AU2009202742B2 (en) Gaming security system
AU2011253943A1 (en) A gaming machine
AU2011211454B2 (en) A storage method for a gaming machine
AU2011218679A1 (en) Gaming security system

Legal Events

Date Code Title Description
AS Assignment

Owner name: ARISTOCRAT TECHNOLOGIES AUSTRALIA PTY LIMITED, AUS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LENGER, DRAZEN;REEL/FRAME:030149/0631

Effective date: 20090604

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION