Traditionally, gaming systems with a dedicated console were standalone machines that accommodated a limited number of players (e.g., 4). PC-based gaming grew in popularity in part due to the ability to play games online with many remote players over a network (e.g., the Internet). Thus, one trend for dedicated gaming systems is to provide broadband capabilities to facilitate online gaming. Microsoft Corporation recently announced its Xbox™ video gaming system that is equipped with a hard-disk drive to enhance gaming, and broadband connectivity to support online gaming.
Creating an online gaming system for a dedicated console poses several unique and difficult problems. One problem concerns authentication of the participants. To establish an online gaming event, a local game being played on one game console goes online and communicates with other game consoles, players, and/or online services. This involves some level of trust among the participants, which the game attempts to establish by identifying itself, the game console, and the one or more players currently on the machine to other participants on the network in a secure manner. Additionally, the game console may also want to discover trusted services with which it can communicate over the network.
The PC-based games do not experience such problems. For instance, PC-based games do not typically experience multiple simultaneous users; rather only a single user is involved in the online game. On a PC, the users can easily enter their data via keyboard and the trusted services are easily configurable. Also, PC users tolerate network operations that take a little longer. If the PC game takes five extra seconds to start because it is making multiple round-trips to an authentication server, no one will complain. This is not the case in the gaming world.
Accordingly, the constraints on a dedicated game console make authentication a difficult problem for the following reasons:
Consoles do not have keyboards. Game controllers are not efficient data-entry devices, thus user-entered data should be kept to a minimum.
Gaming systems are plug-and-go; they plug into the wall and are ready for play. Configuration is not expected or tolerated in the game console community.
Console games should be playable with as little start up time as possible. Players expect to put a game disk into the console, turn it on, and be playing the game a few seconds later.
Consoles are a closed development environment in order to ensure high content quality. Thus, consoles need to know that they are communicating with trusted, quality controlled services. The need for trusted communications is further driven by the addition of a hard disk drive into the console in that any malicious damage rendered to the hard disk drive's data by an external source makes it difficult or impossible to repair without reformatting.
Cheating is not yet a major problem in the online console-based gaming community. In anticipation that it might one day pose a problem, there is a need for a solution that addresses cheating. Part of the solution is to make the console itself as secure as possible and tamper resistant, such that any tampering by a user will be discovered or render the console inoperable. While security and tamper resistant solutions help, it does not prevent the case where a rogue player writes PC software to emulate a console machine on the network, enabling cheating without a game console.
To prevent such impostor cheating, there is a need for an authentication protocol that verifies a player claiming to be on a console machine really is that player, as well as guarantees that the game console is indeed a trusted game console and not an impostor or one that has been compromised.