In previous systems, authentication of content on read/write media or non-secured media storage involves calculating a hash value over the data contents and then using the hash value in conjunction with a digital signature and public key to verify that the data contents are authentic.
Typically there is a secure memory, or read only sealed memory, such as an EPROM which contains the authentication algorithm. Additionally there is non-secure media that contains the content to be authenticated. The secure memory can be removed and independently verified and authenticated with external devices; however data in non-secure device cannot be easily removed, thus verification and authentication is more difficult. Therefore, it is desirable to have a program that is running from the secure memory authenticate the contents of the non-secure device.
The authentication methods usually involve calculating a hash value over the entire contents of non-secure media, or major portions thereof, at boot time. The problem with this method is that it takes a considerable amount of processing time to calculate a hash value over the entire contents of the non-secure media, especially if it is a hard drive, CD-ROM, or DVD-ROM that contains a large amount of data. This results in considerably longer boot times for gaming machines and other devices that require verification and authentication. For example, some boot times are as long as ten minutes or more. As gaming machines and other devices become more sophisticated, the storage requirements for the non-secure media is growing, resulting in even longer durations for boot time authentication.
Moreover, in many gaming jurisdictions, there are regulatory requirements that mandate that authentication of a system be performed by a program running from the non-secure media. For gaming machines based on personal computer (PC) architecture, this typically means that the BIOS must reside on the EPROM and the authentication code executed from the BIOS EPROM. This puts a further limitation on gaming machines because authentication code executing from the BIOS EPROM may not run as quickly as code executing from the faster PC-based RAM.
An alternative to the above method is to have the BIOS authenticate the operating system only, load the operating system, and then have the operating system authenticate the remainder of the non-secure media. However, this method still increases the boot time because the entire content of the non-secure media is authenticated by the operating system at boot time.
Additionally, regulatory gaming jurisdictions require that the contents of the non-secure media, and contents of programs executing from volatile memory, be checked on a periodic basis, or whenever significant events occur. For example, when a main door closes, the gaming machine must make sure that all code executing from RAM is authentic and that such code has not been modified. Some gaming machines have handled this requirement by re-authenticating the programs on the non-secure media and reloading them into RAM for execution. These requirements further contribute to significant delays that occur due to complying with authentication regulations.
An added concern is creating an authentication methodology that can be used on one or more memory devices, where the methodology used accommodates memory devices that were created without ‘native’ support of the authentication algorithms. The application of this allows use, for example, of legacy game memory devices that were previously developed, tested, and approved by gaming regulators. This methodology would allow legacy memory devices that had already been approved by regulatory gaming jurisdictions to be authenticated using any algorithm supported by the gaming device. The legacy game memory devices can be either secure media (non-alterable) or non-secure media (alterable). The alternative would be to re-sign the legacy memory device and submit for regulatory testing and approval, which can be costly in terms of time and money.
Furthermore, it is possible to download data from a central host on the network to the non-secure media. It is desirable to have the ability to download individual files or groups of files to change the capabilities of the gaming machine. This may involve downloading a new game for use by the player or downloading some enhancement to the operating system files. Nevertheless, if there is just one digital signature for the entire contents of the non-secure media device, then updating small portions of the contents through downloading becomes more difficult because the host must also download the new digital signature. This means the host needs to re-sign the contents prior to download. Such a process has its drawbacks because the host may not be secure if it is in a casino location and not controlled by the gaming manufacturer that produced the code.
Accordingly, those skilled in the art have long recognized the need for a system and method to download individual files or groups of files, and to have each file or group of files independently authenticated from the rest of the files on the non-secure media on an “as-needed” basis. This invention clearly addresses these and other needs.