U.S. Pat. No. 5,643,086 describes a method of securing a gaming machine such that unapproved software on the mass storage will not be executed. The BIOS chip responsible for booting the system checks the cryptographic digital signature of software it loads from the hard disk (or other device) and only if it is valid will the software be executed. It is possible to tamper with this system by modifying the software in the BIOS to eliminate the digital signature checking. This modification could be detected if the gaming machine is examined in detail, though this is not suggested in the prior art document.
Gaming regulations typically require that BIOS chips be socketed, so that regulators are able to easily verify the contents of the memory and detect such illegal tampering. However this does make it very easy to illegally modify the BIOS.
The use of custom hardware can protect against such BIOS modifications, but prevents the use of industry standard hardware, such as PC's. A smartcard for example is easily able to implement secure program memory.
The Microsoft X-BOX Game console is based on standard PC technology, with some modifications. One of the security mechanisms is to boot the CPU from a small ROM embedded in the customised graphics controller, which is then responsible for authenticating the remaining BIOS software. The BIOS then goes on to provide security for the rest of the loading process. It is not feasible to tamper with the code in the custom graphics chip, and hence in theory provides a high level of security, however it is very difficult and expensive to customise such a significant part of the PC architecture.
U.S. Pat. No. 4,862,156 to Atari for a “Video Computer System” (a home game console) describes a security system in which digital signature authentication is performed on console games. If the check fails, part of the functionality of the console is disabled. Only if authentication passes is full functionality enabled.
U.S. Pat. No. 6,071,190 describes a method of improving the security off a gaming machine, and verifying the stored program therein. The security depends security of the BIOS.
U.S. Patent application No. 20030064771 “Reconfigurable Gaming Machine” describes a gaming machine in which security again is dependant on the BIOS. U.S. Pat. No. 5,802,592 “System and Method for Protecting Integrity of Alterable ROM using Digital Signature” describes a system into which the BIOS is partitioned into alterable and unalterable parts. The CPU first executes the unalterable BIOS, which authenticates the alterable part. This system protects against tampered software in the alterable BIOS, but not against modifications to the unalterable BIOS (for example if it is physically replaced).
U.S. Pat. No. 5,844,986 “Secure BIOS” describes a system in which BIOS updates are cryptographically controlled, such that only authentic updates can be written to the BIOS memory.
U.S. Pat. No. 6,488,581 describes device for protecting a mass storage device (eg disk drive) against modification by filtering out unauthorised commands to the device.
US Government standard FIPS 140-1 “Security requirements for Cryptographic modules” describes, in section “4.11.1 Power-Up Tests” software/firmware tests in which software/firmware residing in a cryptographic module is cryptographically authenticated at power up. The same technique is used in gaming machines (e.g. U.S. Pat. No. 5,643,086), but is more secure due the physical security of the cryptographic module—i.e. it is not physically possibly to tamper with the boot program.
Each of these prior art arrangements either relies on the BIOS being secure or uses a non-standard hardware configuration that is incompatible with a standard PC hardware configuration.
U.S. Pat. No. 6,401,208 “Method for BIOS authentication prior to BIOS execution” by Intel Corp., describes a method of BIOS protection that results in a similar outcome to the arrangement of the present invention, however the method of achieving that result is quite different and more complex than that now proposed. The Intel proposal relies on a special modified mother board chip set and a processor which employs an op-code emulation bit to allow a data fetch to be disguised as an instruction fetch. This approach may not be accessible by smaller dedicated application developers, or at least, not at a reasonable cost.
The Trusted Computing Platform Alliance (TCPA) is a group of companies in the computing industry promoting new hardware/software extensions to the PC to enable more secure computing and digital rights management (DRM). TCPA enables an external computer to determine the exact software configuration of a PC. It is not required that the PC must boot particular software, only that the software that it does boot can be determined externally. While ideal for network connected DRM, as it lets a content provider permit downloads only to suitably configured machines, it is not sufficient for a gaming machine which should never be permitted to execute non-approved software, and is often not even connected to a network. Further the security of TCPA rests in part on the security of the BIOS against tampering, and this is not secure in the current PC standard. Securing the BIOS from tampering would require more extensive changes to the PC architecture standard. (“Trusted Computing Platforms TCPA Technology In Context”, ISBN 0-13-009220-7).
Throughout this specification the word “comprise”, or variations such as “comprises” or “comprising”, will be understood to imply the inclusion of a stated element, integer or step, or group of elements, integers or steps, but not the exclusion of any other element, integer or step, or group of elements, integers or steps.
Any discussion of documents, acts, materials, devices, articles or the like which has been included in the present specification is solely for the purpose of providing a context for the present invention. It is not to be taken as an admission that any or all of these matters form part of the prior art base or were common general knowledge in the field relevant to the present invention as it existed before the priority date of each claim of this application.