Technological advances in the field of electronics and computers tend to precede many needed and desirable security and authentication systems, and it is well known that hackers, thieves and cheats sometimes defeat even the most well designed and secured devices, machines and networks. In light of the various concerns related to using such items, many entities, both public and private, have various requirements for security on their electronic machines, systems and networks. One example of an electronic device or machine requiring heightened security and authorization capabilities is a gaming machine (i.e., slot machine or other gambling device).
Because gaming machines frequently utilize a variety of security features, techniques and systems, gaming machines in particular comprise an ideal illustrative example for the types of electronic security and authentication systems disclosed and discussed herein. Thus, although the following discussion and illustrative examples are directed primarily to electronic security and authentication systems in gaming machines as a matter of convenience, it should be borne in mind that such electronic security and authentication systems are readily applicable to other types of electronic devices and systems as well.
Over the past few decades, the casino and gaming industries have experienced a marked shift from the use of fully mechanical gaming machines to electronic and microprocessor based gaming machines. Such microprocessor based gaming machines include both hardware and software components to provide a wide variety of game types and game playing capabilities, with such hardware and software components being generally well known in the art. Hardware components can include, for example, a cathode ray tube (CRT) or other video display for displaying game play, one or more speakers for providing audio output, one or more mechanical buttons, switches, levers or microphones for enabling various player inputs, assorted coin acceptors and detectors, and various electronic components typically found in a microprocessor based system, such as a central processing unit (CPU), programmable logic devices, converters, memory modules, busses and the like. Software components can include, for example, boot and initialization routines, various game play programs and subroutines, credit and payout routines, image and audio generation programs, and a random number generator, among others.
Because casinos and other forms of gaming comprise a growing multi-billion dollar industry wherein large sums of money can quickly change hands during many types of fast paced games, casinos and other gaming establishments are a prime target for thieves, cheats and a variety of assorted cons. Gaming machines, and microprocessor based gaming machines in particular, comprise a particularly favorite target for such activities, due in part to their relatively isolated nature and increasing technological complexity and sophistication. While increases and advances in technological complexity and sophistication are generally welcome, in that such advances can provide more interesting and exciting types of game play and ways to win, such advances also usually provide a new variety of ways for nefarious or unscrupulous individuals to steal from, cheat, or otherwise defraud a gaming machine. One such way to cheat or defraud a gaming machine is to introduce unauthorized or otherwise unsecured data or machine code into the gaming machine in a manner so as to trick or defeat the programming or electronics of the machine, and such techniques have been the modus operandi of many hackers and cheats.
In early designs of electronic gaming machines, the addressing of memory locations containing information and/or programs that determine the outcome of games played on such machines was accomplished by simply using discrete logic gates. Similar discrete logic gates were likewise used in the coin in and coin out logic in such gaming machines, whereby AND, OR, NAND, NOR and INVERTER gates were wired together using simple printed circuit board technology to form decoders, bus steering, addressing, decoding, logic blocks and the like. Unfortunately, however, such simple printed circuit boards could be easily modified to change the connections of these elements surreptitiously. Such modifications were readily accomplished by cutting various printed circuit board traces and then soldering jump wires to the cut traces and the discrete logic gates. This “cut and jump” technique could then be used, for example, to create different game results by altering the decoders to point to a different memory location where other code was stored, which code could be legitimate or, more often than not, imposed from a hacker. Another “cut and jump” example of defrauding a gaming machine would be to use this technique to prevent a “coin in/coin out” logic block from communicating errors to the gaming machine whenever any number of cheating tools or techniques were used to defraud or cheat the machine at a location controlled by that logic block.
Although the foregoing examples are just a few of the possibilities that could be achieved with a cut and jump or similar nefarious technique, such techniques were easily recognized, as this type of modification resulted in the obvious cutting of the printed circuit board and visible implementation of jump wires. As will be readily understood, such cut and jump and other similar cheat or hack techniques are not limited to the electronics of gaming machines, and such techniques could be similarly used in a wide variety of microprocessor based devices and machines as well. In response to such practices in gaming machines, many gaming and regulatory bodies amended their various regulations accordingly to require the use of at least one Simple Programmable Logic Device (SPLD) and/or at least one Complex Programmable Logic Device (CPLD) within the controlling circuitry of new microprocessor based gaming machines. As is generally known in the art, such SPLDs and CPLDs are essentially chips that comprise a plurality of internal logic gates with internal programmable interconnections, such that cutting and jumping techniques are rendered significantly more difficult, or even impossible. These and other similar solutions have also been utilized in electronic devices and machines outside the gaming machine context and the gaming industry in general.
SPLDs and CPLDs are typically programmed at the factory with a code that causes the various interconnections to form the various elements, such as, for example, decoders, bus steering, addressing, decoding, logic blocks and the like, that are required to operate the gaming machine correctly. In this factory programming process, bits are sometimes set so that future programming cannot take place, with such set devices being commonly known as One Time Programmable (OTP) devices. Additional security features also usually exist in this type of hardware, such as one or more protection features that keep the information inside the device from being read, which feature or features makes it difficult to reverse engineer such devices or parts. These and other various methods and apparatuses for providing security and/or electronic authentication in a gaming machine are generally known, and instances of such apparatuses and methods can be found in, for example, U.S. Pat. No. 6,149,522 to Alcorn, et al., U.S. Pat. No. 6,251,014 to Stockdale, et al., and U.S. Pat. No. 6,488,581 to Stockdale, all of which are incorporated herein by reference in their entirety and for all purposes. Other related systems, apparatuses and methods for programming and/or providing security in programmable devices generally are also known, and descriptions of such related systems, apparatuses and methods can be found, for example, in U.S. Pat. Nos. 4,812,675; 5,237,652; 5,640,107; 5,768,288; 5,805,794; 5,835,503; 5,841,867; 5,996,091; 6,011,407; 6,118,869; 6,279,146; 6,314,539; 6,351,814; 6,414,871; 6,425,101; 6,488,581; and 6,507,213, all of which are also incorporated herein by reference in their entirety and for all purposes.
Because cutting and jumping techniques are not the only ways whereby a gaming machine (or other electronic device) can be electronically defrauded, gaming industry regulations and laws have also historically forbidden the use of “writable” memory devices for the storage of computer codes that control various significant aspects associated with a gaming machine, such as payouts. It is readily apparent that such computer codes are critical, in that any manipulation or corruption of such codes or files, either accidentally or deliberately, can result in the defrauding of the gaming machine or the cheating or shortchanging of players. Because of such regulations, and because code or file manipulation or corruption poses such a significant threat to the integrity of a gaming machine, storage of most or all gaming machine codes is typically handled by less volatile (i.e., non-writable) types of memory, such as those found in standard Read Only Memory (ROM) or some types of Electrical Erasable Programmable Read Only Memory (EEPROM) devices.
In recent years, technological advances and the demands for more sophisticated gaming machines have resulted in devices of even greater complexity being designed into gaming machines in place of the relatively smaller SPLD, CPLD and other similar devices. Such devices include a variety of different large volatile programmable electronic devices, which can include, for example, a Field Programmable Gate Array (FPGA). An FPGA, or a similarly large volatile programmable electronic device, is generally a substantially larger and more complicated device that can handle not only many or all of the various interconnections and codes required for all of the various machine elements, but is also large enough to function as many or all of the actual decoders, bus steering, addressing, decoding, logic blocks and the like required within the gaming machine as well. As the name implies, an FPGA is programmed in the field, with a smaller electronic device attached to the FPGA typically being read to program or otherwise configure the FPGA every time the machine powers up. Such a reprogramming or reconfiguring of a gaming machine FPGA upon each power up is in accordance with various gaming regulations that require the full erasing or “dumbing down” of data within an FPGA or similarly large volatile programmable component within a gaming machine at every machine power off or shut down. The configuring data or information inside this smaller electronic device being read, which is typically an EEPROM or comparable ROM unit, is then used to configure and program the FPGA and its internal memory upon each boot or power up.
One problem associated with a large and comprehensive volatile programmable device such as an FPGA, however, is that such devices contain a sufficient amount of internal memory and data that can be used to hack other programs or provide a hack code itself. The resulting ability of this device to potentially alter the outcome of a game played on a gaming machine hence places it in a category of devices that must have the highest level of security. Unlike the obvious instances of cutting and jumping, however, if the configuration information or data read into an FPGA or similar device has a hacked code, algorithm or data in it, inspectors and regulators may never be able to detect that hacking has occurred. This is especially troublesome where third parties have access to a configurator, such as an EEPROM, ROM or other configuring memory component, before or during installation into the gaming machine, or where third parties who are familiar with the type of configuring memory components in a gaming machine are able to attempt a “cut and jump” from an intended configuring memory component to a similar but differently programmed hack memory component.
Accordingly, there exists a need for improved methods and apparatuses to provide security within an electronic device or machine, and in particular for such improved methods and apparatuses to provide ways of securely authenticating configuration data for a volatile programmable electronic device, such as an FPGA, within a gaming machine.
In addition, under the laws and regulations of many gaming jurisdictions, strict security and authentication must be provided for various software components of an electronic gaming machine or system. Such components must typically be stored in unalterable memory, which can be an unalterable ROM or EEPROM. At least one copy of the contents of such a critical ROM or EEPROM, or a message digest of such contents, as such an item is known to those skilled in the art, must typically be kept on file in a secure location as designated by a gaming authority. The actual contents or a message digest of the contents of any particular EEPROM or ROM removed from a gaming machine can then be verified against such a custodial version, if necessary, via a device such as an EEPROM Comparator, with such devices and the use of same being well known in the art.
Such an instance can occur, for example, when a patron has hit ajackpot on a gaming machine, whereby a critical EEPROM or ROM is then physically removed from its socket within that gaming machine, and a copy or message digest of the EEPROM or ROM contents is computed directly from the EEPROM or ROM and compared with the copy or message digest on file at the designated custodial location. If the two copies or message digests match, then the contents of the EEPROM or ROM are considered to be authenticated and a payout can be made to the player.
Such a procedure can tend to be time-consuming and stressful, however, as authorities need to be called in, the affected gaming machine must be taken apart, the appropriate chip or chips must removed, the appropriate custodial authenticating version or versions must be found, and all chips must then be placed on a special testing board and tested for authenticity. In addition, items such as FPGAs, ROMs, EEPROMs and the like are static sensitive devices that can be damaged or have internal data corrupted if not handled properly, rendering the physical removal of such components for testing and/or reprogramming purposes a less than ideal circumstance. Furthermore, continued removal and replacement of such items introduces wear and tear to various contacting components, whereby parts are eventually worn out even where one or more individual pins or contacts are not significantly damaged in certain cases of removal and reinsertion.
Accordingly, there also exists a need for improved methods and apparatuses to provide faster yet wholly reliable authentication or reprogramming of critical electronic components within a gaming machine on demand, without the need for removing such electronic components from the machine or their sockets.