In the case of games by electronic means, the players participate in game hands by using electronic systems, computers, and/or communication networks. In some occasions, the games by electronic means are on-site. In such cases, the player directly interacts with a gaming electronic machine located in a gaming centre or in a certain place where the player must be present to be able to play. In other occasions, the games by electronic means are remote. In such other cases, the player remotely interacts with the electronic system of gaming, usually through his/her personal computer and an Internet (or equivalent network) connection. In both cases the variety of offered games is broad: casino games such as roulette or blackjack, sport books, poker hands, bingo, jackpot machines, etcetera.
Gaming by electronic means, in any of its forms, implies a lack of transparency that may produce suspicions and lack of trust regarding critical aspects of honesty and fairness. In fact, in some occasions the lack of transparency of gaming by electronic means has been successfully utilized to commit fraud. For this reason, the electronic gaming industry has been using two mechanisms to try to ensure the correct development of the games. On one hand, the source code certification of the computer programs that determine the functioning of the electronic games. On the other hand, the audits of the statistics of prizes awarding.
Nonetheless, both mechanisms have serious deficiencies. Indeed, the certification of the source code of the gaming programs is in fact an inspection of the system done at a given time by an independent testing laboratory. This inspection can ensure that, at that precise time, the system presented a correct design that would therefore lead to an honest behavior. However, this inspection has no means to prove that the system will keep having, from that moment and on, those correct design and behavior. The programs of an electronic gaming module can be certified today but, perhaps tomorrow they will be altered or substituted, either accidentally or intentionally. Although some procedures to check for changes and manipulations in a computer program do exist, the actual capability to easily and quickly substitute the critical correct modules by the fake ones and vice versa, prevents in practice these procedures from being successful as security measures.
The audits of prizes awarding are done after the games have taken place. These audits try to demonstrate the correct functioning of the electronic games by matching the publicly known statistics of every type of game against the actual data derived from the real prizes awarded by the gaming system. Unfortunately, these audits are just able to warrant that the amount of prizes awarded is statistically correct. However, they are absolutely unable to prove the fairness or honesty of the occurred games. In practice, a given fraction of the prizes could have been awarded deliberately to certain players in order to launder money or just to obtain a financial gain by cheating some players.
Given the previously introduced limitations of the main control mechanisms used by the electronic gaming industry, there is currently some unrest regarding the trustworthiness of the games by electronic means. The following issues can be highlighted:                1. In the case of remote electronic gaming, the identification of players is an issue. The use of low-quality player identification allows fraudulent actions, such as money laundering. It also allows access to the games by non-authorized players (e.g., minors).        2. In the case of electronic games based on electronically generated randomness (almost all types of electronic games excepting few cases such as sport booking), there can be reasonable doubts regarding the fraudulent manipulation of the process of generating the random events (e.g., manipulations to predict or somehow to influence the outcome of future random events).        3. Later audits take as input the records generated by the electronic gaming system itself. Nonetheless, these records are insufficiently protected against internal attacks (e.g., from technical staff with privileged access to the electronic gaming system). As a result, the truthfulness of the records remains unsure.        
A deeper analysis of these three issues and of the solutions proposed up to date is now discussed.
The identification of players in remote electronic gaming has been up to date supported by the ownership of the credit card used for the money transfers caused by bets and prizes. However, this identification mechanism is clearly insufficient since any person can impersonate another just by having access to the credit card of the latter (which is relatively easy for example in the case of members of the same family or if the credit card was stolen). In addition, this mechanism is not satisfactory for the management of lists of auto-excluded players or problem gamblers. The identification of players based on the ownership of credit cards has been usually combined with the “loginname/password” mechanism. In these cases, the identity of the player is verified by checking that the provided “password” matches the one generated during a previous process of user registration. However, the “loginname/password” mechanism has well-known weaknesses that make its use inadequate in open networks. Not only passwords can be intercepted (allowing impersonation by non-authorized persons), but they can also be attacked by “phishing”, Trojan horses, or brute-force attacks, among other methods. A complete analysis of the weaknesses presented by the “loginname/password” mechanism can be found in [A. Shimizu, T. Horioka y H. Inagaki, A Password Authentication Method for Contents Communication on the Internet, IEICE Transactions on Communications, vol. E81-B, no. 8, pp. 1666-1673, August 1998] or [F. Bao, Security Analysis of a Password Authenticated Key Exchange Protocol, Proceedings of 6th Information Security Conference—ISC 2003, LNCS 2851, pp. 208-217, Springer-Verlag Heidelberg, 2003, ISSN: 0302-9743, Information Security: 6th International Conference, ISC 2003, Bristol, UK, Oct. 1-3, 2003. Proceedings, ISBN: 3-540-20176-9].
More recent proposals suggest the use of biometric mechanisms to ensure a correct identification of players, both in on-site gaming systems and in remote gaming systems. To cite some proposals, the inventions described in U.S. Pat. No. 6,612,928, US 2004192438 and US 2004192442 are examples applicable to remote gaming environments. The patent application US 2002160834 proposes a solution based on a biometric reader placed on several kiosks. Therefore, this solution is suitable for on-site electronic gaming environments. However, biometric identification has its own disadvantages. On one hand, it is too intrusive for the player. On the other hand, in remote gaming environments, it is still not clear how to ensure that the reading of the biometric pattern takes place at the time of the game (i.e., that it does not provide from a previous reading).
With regard to the trustworthiness of the generation, by electronic means, of random events, the root of the problem is in the vulnerability presented by excessively centralized generations. Indeed, in the current electronic gaming modules, the control of the process of generating randomness is fully deposited on a single central point (always under the command of the gaming operator and/or its staff). There are some previous proposals with the objective of overcoming the problems of fraudulent generation of randomness posed by this vulnerability. These proposals are based on the joint generation of randomness by different parties, in such a way that none of them (in particular, the gaming operator) becomes a central point of control. The use of these joint generation methods ensures the fairness of the resulting random numbers, provided that all of the different parties do not collude. Not only none of the parties is able to manipulate the outcome of the electronic joint generation of random events, but also none of the parties has any privileged information regarding future random events. Representative examples of collaborative or joint generation of random numbers are the proposals made by Manuel Blum in 1982 [Blum M., Coin Flipping by Telephone: a Protocol for Solving Impossible Problems, Proc. IEEE Computer Conference, pp. 133-137, IEEE, 1982] and by Joe Kilian in 1990 [Kilian, J., Uses of Randomness in Algorithms and Protocols, ACM Distinguished Dissertation, MIT, 1990, ISBN: 0-262-11153-5]. The previous inventions described in U.S. Pat. No. 6,099,408, U.S. Pat. No. 6,030,288, WO 2004/035159 and WO 2005/021118, take advantage of these mechanisms of joint or collaborative generation of random numbers, to try to ensure the fairness of games. Nonetheless, the main problem of these proposals is their lack of practicality, since they require the active participation of the players in the process of joint generation of randomness. In practice, this creates a dependency on the behavior of unknown and highly heterogenic systems (i.e., the client systems used by players). A possible variant, based on the delegation of the joint generation to a third party not directly controlled by the players, would overcome this technical limitation. Still, the players in this case would not be able to verify by themselves that the generation of randomness had been fair.
Additionally, there are some other proposals that happen to be, at the most, partial solutions to possible security problems encountered during the development of the games. None of them however develops any solution to the issue of the fairness of the generated randomness. As examples, the inventions described in U.S. Pat. No. 4,926,327, U.S. Pat. No. 5,038,022, GB 2307184, present methods and/or systems related to the operation of electronic games. Other inventions are focused on network-level security, proposing the use of cryptosystems to ensure the security of the communications between the different participants in the games, but however without paying any attention to the previously described issues of the fairness and the honesty of the games. Representative examples of these inventions can be found in the references U.S. Pat. No. 6,106,396, U.S. Pat. No. 6,117,011, U.S. Pat. No. 6,264,560 and WO 98/11686.
Finally, the third trust problem that is still not adequately solved refers to the possibility of inspecting and auditing electronic gaming systems. Obviously there is a need for reliable, external and independent control of the honesty essential characteristics of an electronic gaming module. These essential characteristics include the control of players' identities, the honesty of the development of the games, and the fitting of the games with the limitations posed by the regulation or by the account of every player (e.g., with regard to the maximum amount to be wagered monthly). Currently, however, the external control of these characteristics relies on audits that depend excessively upon data provided by the games operator itself. In addition, these data are not adequately protected and, as a result, they could be very easily manipulated. Up to date, there are no proposals, efficient enough, that introduce methods to audit in a secure way the occurred games. In on-site electronic gaming environments, some inventions comprise contributions to reach a certain degree of security. As an example, US200424321 proposes means for fraud detection by developing the games in two separate machines and monitoring the latter to detect eventual fraud. The proposal of invention US2004198494 consists of using a cryptographic apparatus to ensure the security of the gaming module. This is done by preventing the access by non-authorized persons and/or possible manipulations. However, the auditing method proposed by both inventions is not efficient and is not completely secure in real electronic gaming environments. Indeed, these are solutions that need to manage huge amounts of digital data, since they utilize absolutely all the information related to the occurred games. Additionally, these proposals do not provide any mechanisms to ensure that the digital information to be audited has not been manipulated during the games or afterwards.
To conclude, all previous proposals known by the inventors fail to specify a game operation that covers an entire cycle allowing players, even without their direct implication in the generation of randomness, to verify the honesty and fairness of the games. In addition, the auditing process is generally not addressed in previous inventions. Those proposals that address this issue, propose costly (given the huge amounts of data to be processed in real time during the games) and not reliable (because of their dependency on data that is not adequately protected) auditing mechanisms. Moreover, these auditing mechanisms do not provide any conclusion regarding the identity of the players that have participated in the games.