The present invention relates generally to wager based gaming devices and systems, and more specifically allowing games to be developed over time and authenticated at gaming machines according to the high security requirements and rigid certification requirements of gaming jurisdictions.
Executable software applications that run on electronic wager based games should be authenticated prior to execution. This is to ensure that the applications in the gaming machine are not tampered with, for example, to change the odds of winning in one's favor. Such security is also required by various gaming jurisdictions. Certain jurisdictions require that the gaming machine authenticates all of its software when the machine powers on, and, at least every 24 hours thereafter. In prior systems, security techniques relied upon providing the keys of the providers of the applications, together with the software code responsible to authenticate the applications using the keys, in a protected memory of the gaming machine. The application author's specific keys were typically provided in hardware and, for a new application to be authenticated, the hardware needed to be replaced. Likewise, in the event of the expiration or unavailability of a key, the hardware needed to be replaced. While this provides a high level of security, it also results in extremely limited flexibility in terms of providing and verifying new applications for a gaming machine after it has been deployed, and makes maintaining such machines and related systems difficult when certain providers are no longer available.