Methods have been put forward for the authentication of gaming software using cryptographic digital signatures. Such methods check that each software module to be loaded has been signed by the authorized signer before. It will not load a module without a valid signature. The security of the machine can be traced back to the boot software which resides in EPROM or flash memory. The boot software will load no unauthorized code, which in turn will load no unauthorized code, as this is a requirement for code to authorized in the first place. However, these methods have the disadvantage that the machine can be tampered with by modifying the boot code to remove the signature checks.
In gaming the term multigame refers to a game machine in which more than one game is selectable without changing the hardware or software, usually by the player, but also by the operator. In a multigame machine the software is preferably separated into separate physical parts (e.g. EPROM) or files. A system program provides supporting functions and the operating system while the game program provides that code which is different between games. A Multigame machine is then typically comprised of System program and multiple independent game programs. This flexibility introduces the possibility of unauthorized copying and use of games. It is relatively easy for an operator to copy game EPROMS and use them in machines for which they are not authorized.
In non-gaming applications non-volatile re-writable memory, typically Flash, is becoming very widely used for its high capacity and ease of field upgrades. In the past, upgrading the boot program of a gaming machine has not been feasible for security reasons. Regulators have been concerned that illegal code could be downloaded to the gaming machine. Regulators also generally require that code inside a gaming machine be verifiable, however if the boot code were changed it would only be possible to verify the data by removing the chip and reading it in a special purpose chip reader. The program cannot be self verifying as tampered code could fake the correct response. This is very inconvenient in system design and customer use.