Lotteries and other gaming organizations consider security and integrity of their games one of the key factors of their operations. A lottery draw, when winning numbers are selected and prizes for games are calculated, is an important element of such gaming organizations. There have been attempts to ensure security of the draw and guarantee that all valid transactions sold for a game, and only such transactions, participate in the draw. Various processes have been used by lotteries to secure the file containing the numerous transactions. These prior attempts include storing the transaction file on a physical media (e.g., disc, tape, and CD ROM) and securing the media. It is common to ensure the integrity of the transactions by use of some form of data checksum or hash calculation. Also, cryptographic technology such as digital signatures is commonly used for the purpose of securing information generally.
Prior methods for securing the transaction file in gaming applications, however, suffer from many drawbacks. These methods are only secure to a point where the procedure of securing the transaction file is performed as defined. In other words, conventional methods rely on the personnel to actually follow the specified procedure. If a procedure is compromised, and a transaction file is manipulated by an insider, there is no way to detect this breach of security. Even if a digital signature is used to secure the transaction file, there is no guarantee that the signature was generated before the gaming event (e.g., the draw). Some jurisdictions use a particular form of digital time-stamping that inefficiently requires significant changes to the gaming software.
Also, conventional efforts at calculating a hash for a digital signature of a transaction file take a relatively long time, especially for large files containing millions of transactions. Because the security procedure must be finished before the draw or other game event starts, the time needed to perform the procedure is essential; that is, it is often critical to reduce the time between the end of sales and the game event to a minimum. Players like to enter gaming transactions (i.e., place bets, pick numbers, make wagers, etc.) as close to a game event as possible and the game providers wish to make their games most attractive to maximize sales. Consequently, the current methods deployed for securing the transactions calculate the transaction hash in real time while sales take place. Unfortunately, there are many technical issues related to real time hash calculations of gaming transactions that undermine its usefulness. In lottery applications, for example, certain transactions may modify some already calculated data (e.g., cancellation of a transaction may change the original transaction and invalidate an already calculated hash, so the data has to be restored to its original state for verification). Accommodating these issues requires extensive software implementation.
Another shortcoming of currently used security methods is that they are usually gaming system specific and dependent on the exact format of the transaction file. Consequently, they may require significant implementation effort on the lottery system when being developed or modified for new games. This is costly and introduces time delays required to develop code and test it, as well as a risk factor when installing new code on the lottery system. This affects potentially both the online lottery and gaming system on which the transaction file signature is generated and an Internal Control System (ICS) on which the signature is verified.
Existing gaming processes lack the ability to secure transactions in real time or at a time before a draw or game event in a way that cannot be compromised. Further, existing gaming processes lack an ability to prove and verify that the transactions participating in a draw or game event were not compromised. Existing gaming processes also lack the ability to secure transactions within a short time that is acceptable for the type of game or event. Although existing gaming processes provide transactions with a security function, they cannot do so in a way that avoids extensive development work on the side of the gaming system or ICS system.