US 20050119052 A1
Embodiments of the invention allow a player to have a unique gaming experience, different than other players, even when playing on the same network. A game may span several gaming sessions. States of a game, for example a bonus game, may be stored when the player decides to stop playing the game. When the player initiates a next gaming session, at the same or another location, the previous state of the game is re-loaded onto the gaming machine and the player returns to the previous state. Further, additional bonuses can be implemented because the network knows the identity and other information about the player. The additional bonuses may be unique to that player. Messages particular to a player are exchanged between a gaming device and a gaming network.
1. A gaming network, comprising:
a gaming device coupled to the gaming network;
a host system structured to communicate with the gaming device and structured to store historical information about a player of the gaming device;
a game state database coupled to the host system and structured to store a state of a game of the player after the player is no longer playing the game;
a packet generator structured to generate a message packet that includes a unique player identifier of the player of the game and to send it to the host system; and
a packet receiver structured to receive the message packet, decode the player identifier, and perform a function based on the identity of the player.
2. The gaming network of
a second gaming device coupled to the gaming network; and
a second packet generator, structured to generate a second message packet that includes the unique player identifier of the player and to send it to the host system.
3. The gaming network of
4. The gaming network of
a player tracking system including a mechanical card reader; and
a process structured to operate on a processor that is coupled to the mechanical card reader and is structured to send a card data message to a packet receiver on the gaming device.
5. The gaming network of
6. A method of delivering a game on a gaming network, comprising:
on a local gaming device:
identifying a player,
creating a data packet including a unique identifier of the player,
sending the data packet to a game server; and
on a central host device:
receiving the data packet,
determining the unique identifier from the data packet,
retrieving a previously stored state of a game based on the unique identifier, and
sending a signal indicative of the previously stored state of the game to the local gaming device.
7. The method of
8. The method of
sending a signal indicating a second stored state to the central host device.
9. A method on a gaming network, comprising:
determining an award on a gaming device may be awarded but has not yet been awarded; and
providing an indication of the determination.
10. The method of
11. The method of
This application claims priority from U.S. provisional application 60/503,516 filed Sep. 15, 2003, entitled Player Specific Network, the contents of which are incorporated by reference herein. Additionally, this application is related to U.S. non-provisional application Ser. No. 10/699,260, entitled Player Specific Rewards, and is related to U.S. patent application Ser. No. 10/247,786, filed on Sep. 18, 2002, entitled Player Specific Gaming System, the contents of both of which are incorporated herein by reference.
This disclosure is related to gaming networks and, more particularly, to gaming networks that can be tailored based on an identity and/or a history of the player.
Because there are many choices of casinos from which a patron can choose, casinos are constantly searching for ways to differentiate themselves. One such method is by developing new games and gaming environments that encourage players to return. Loyalty programs are well known; where players earn an award for playing gaming devices with the amount of the award determined by the amount of coins deposited into the game, game outcome, certain bonuses or extra awards won, or other various factors. Typically, the awards accumulate in an account, similar to frequent flyer miles, until used by the patron. By returning to the same casino, or same group of casinos, the award account can accumulate to a valuable amount.
Although loyalty programs are successful in encouraging patrons to return, patrons are always seeking new, unique, and interesting ways to be entertained and to get a maximum benefit from their entertainment dollar.
Embodiments of the invention address this need.
Embodiments of the invention are directed to an electronic gaming device machine platform that is operative over a gaming network. A player tracking system can be integrated with the machine via the PSGS Architecture. Embodiments of the invention allow an ability to track individual game activity and adjust game characteristics to meet a player's tastes, play habits, and gaming budget, an ability to provide loyalty inducing awards that directly impact game play, and ability to allow a casino to more directly communicate loyalty building promotional information to a customer, and an ability for the casino to rapidly change loyalty promotions, for instance.
In this disclosure, is assumed that traditional gaming machine functionality exists in the game platform as is known in the art, such as reels, video displays, spin buttons, bet buttons, player tracking systems, etc.
An architecture system 10 is illustrated in
The machine 80 will integrate with the player tracking system 60 via a Player Specific Gaming System (PSGS) 70 described below. The PSGS system 70 can be a collection of one or more computer servers operating in conjunction to host programs and data to create a user-specific gaming system. The PSGS 70 includes of a patron database 72 that stores player related information from play session to play session. It also contains a slot machine database 74. The patron database 72 is linked to each gaming device 80 by a dedicated high-speed communication network. This network is independent from any existing slot accounting/player-tracking network. The PSGS 70 is designed to work in parallel with existing slot accounting/player-tracking systems.
Several unique reward mechanisms can be operated on the architecture system 10. The game theme will define the basic rules of play for that game. Different game themes and art treatments can be applied to each reward mechanism. The reward mechanisms may have two events, a minor reward, which does not award cash or monetary value, and major reward that awards cash or a monetary equivalent. A game theme may have the ability to operate more than one reward feature.
An underlying game theme on the gaming machine 80 is a 5 or 9-line, 5 reel video slot machine. It is assumed that the game machine 80 includes a second screen reward feature that could be won by carded and non-carded players alike. The second reward screen feature may be funded by the overall payback percentage of the machine, however most player specific reward features would typically be funded by a reward pool mechanism, as described below. The reward pool mechanism may be funded similar to a progressive.
An example reward pool mechanism defines a minimum and maximum value, and an associated increment rate. The increment rate may be a percent of coin-in. The gaming machine 80 chooses a value between the minimum and maximum value. Each value between the minimum and maximum are likely to be chosen. This value is given and stored in the PSGS 70. As activity on the gaming machine 80 occurs, the machine 80 increments the player's actual value towards the target value. The actual value is managed by the machine 80 and stored in the PSGS 70. Upon reaching the target value, the machine 80 activates a minor or major reward, as described below.
The target value and actual value are given to PSGS 70 based upon four card-in, minor reward, and major reward events, for example. The target value and actual value are given to the machine 80 upon player identification card insertion.
The minimum, maximum, and increment rates are configured at the PSGS 70. The random number generator used to choose the value between the minimum and maximum may be located on the machine 80.
Both minor and major rewards can be triggered based upon the reward pool mechanism. The minor reward may always be triggered and the reward pool mechanism does not always trigger the major reward. The machine 80 is responsible for triggering minors and majors, utilizing information stored and downloaded from the PSGS 70 or through events that occur in normal game play, example a scatter pay reward game initiator, as is known in the art.
The player will win a minor reward when the pool mechanism is triggered. The minor reward will be awarded via reward game screens in similar manner to traditional game reward. The minor reward awards the player the opportunity to win cash prizes at a future date, based upon a future outcome. The minor reward does not have an actual money value associated with the reward until the major reward is triggered at a future date or outcome.
The major reward can occur in three ways; first, a reward pool mechanism is triggered, second, the player reaches an overall goal, or third, based on a machine outcome. The major reward is awarded via reward screens in a similar manner to game within a game bonus in the marketplace today. The major reward is when the minor rewards earned during prior games or sessions are given a cash value.
While a player is participating in a reward, the pay table remains constant. Upon conclusion of the reward session, a new pay table will be associated with the reward.
Four reward features are described in this section. They are Collection, Return rewards, Cash Drawing Rewards, and Draw Card. Each reward feature is broken into Minor Reward and Major Reward summarizes.
A collection reward feature awards unique and non-unique items that are to be collected as the Minor Reward and awards cash for the number of unique items as the Major Reward.
The Minor Reward is based upon the Reward Pool Mechanism detailed above. The game sets the coin-in trigger that causes the machine to grant the collection of an item. The player obtains their grant by choosing from a selection of objects presented to the player on a gamescreen. The collection of the item can be a unique item or a non-unique item. In the event the item is unique, it is stored in the PSGS 70. The player can look at the inventory of items and their worth at any point in the game. In the event that the item has already been earned, the machine tells the player that the item was a duplicate. The non-unique items earned are stored in PSGS 70, but may be held unavailable for the customer to review. The value of the items collected is displayed in the Reward Feature Message area, which is described below.
The Major Reward is based upon the player earning the predetermined number of collection opportunities. Upon reset or inserting the card for the first time, the machine 80 decides how many opportunities the player will have to earn unique items. This number is stored in the PSGS 70. The machine will examine how many opportunities a player has had, upon meeting the criteria the machine will trigger the Major Reward. The PSGS 70 stores how many times the player has had an opportunity, as well as the number of opportunities the player will have to earn unique items. Based upon the number of items, the machine 80 will award a cash prize to the customer through a series of screens, similar to a game Reward round. Upon completing the award, the customer starts over collecting items, and all Reward Pool Mechanisms and predetermined opportunities are reset to corresponding values.
The Return Reward Feature awards promotional credits that can be redeemed at a later date. The qualification for Return Rewards is the Minor Reward, and the winning and redemption of the promotional or extra credits occurs at a future date via the Major Reward.
The Minor Reward is based upon the Reward Feature Pool Mechanism detailed above. The game 80 sets the coin-in trigger that causes the machine to grant the Return Rewards feature. Upon the trigger occurring, the player will be notified of their qualification and when they will be able to redeem the reward. The PSGS 70 stores the fact that the player has qualified for the Reward.
The Major Reward is based upon a player returning to the casino after a specified period of time and placing their player tracking card in an appropriately configured game 80. Upon inserting the card, the machine 80 presents a selection mechanism, for example a video wheel that has multiple values. The values on the wheel are provided by the PSGS 70. Upon spinning the wheel, the customer will be informed that they have won a number of promotional credits redeemable at that time. In some embodiments the player must redeem the prize at that moment. The machine 80 will update the PSGS 70 on the status of the player's redemption. The player will then have the ability to play their promotional credits. The player receives the credits through a series of screens reinforcing why they received the credits.
The Cash Draw Rewards feature awards Cash Drawing Tickets, which can be redeemed at future date for cash prizes during the Cash Drawing. The awarding of Cash Drawing Tickets is the Minor Reward, and the Cash Drawing Rewards where the tickets are awarded a value is the Major Reward. For example, upon inserting a player tracking card, the game changes one or more squares located on a game board from “Casino Night” to “Cash Drawing”. These squares are hit when a player hits a scatter pay triggering the game Reward, and than lands on a Cash Drawing square located on the game board. Of course, the drawing tickets can be provided to the player in other ways, but typically would include a chance mechanism.
The Minor Reward is based upon the Reward Pool Mechanism detailed above. The game 80 sets the coin-in trigger that causes the machine to grant the player an opportunity to win a number of Cash Drawing Tickets. Upon the trigger occurring, the player will proceed to have an opportunity to earn a random number of tickets. The number of ticket earned is stored on the PSGS 70. The player has the ability to examine their inventory of tickets. Each ticket may be assigned a series of numbers that are represented on the ticket. In addition to the series of number representing the unique value of the ticket, the ticket also may have an individual color assigned to the ticket by the player during the Reward Feature. The player can choose one of, for example, four available colors. There typically is a maximum number of Cash Drawing Tickets that can be earned before triggering the Cash Drawing Major Reward. If the maximum number is reached, the system 10 may limit the number of any future tickets issued to the player until after the already issued tickets have been redeemed.
The Major Reward is based upon the player landing on a specific spot on game board during a machine Reward round. A scatter pay triggers the machine Reward round. Upon landing on the spot, the player gets to participate in a Cash Drawing Rewards. There can be, for example, five levels of prizes that can be won.
Beginning with the lowest prize, the machine 80 simulates a Cash Drawing. If the machine 80 chooses a player's winning ticket, the value is awarded to the player, using any conventional manner, and the player advances to the next level of prize. The winning ticket is eliminated from future Cash Drawing Rewards. If the player does not have a winning ticket, the player advances to the next level. Each level is repeated, upon completing all levels remaining tickets are declared non-winning, and the player collects the winnings and begins earning Cash Drawing Rewards tickets all over again. All non-winning tickets are forfeited at the conclusion of the drawing.
The Draw Card Reward is based upon the Reward Pool Mechanism detailed above. The awarding of Draw Cards is the Minor Reward, and the redemption of Draw Cards for value occurs in the Major Reward.
The Minor Reward for the Draw Card is based upon the Reward Pool Mechanism. The game sets the coin-in trigger that causes the machine to grant the Draw Card Tickets. Upon the trigger occurring, the machine 80 will proceed to show a ticket drawn and placed on the game board. The location and value of the Draw Cards are stored in the PSGS 70. The player has the ability to view their game screen. In some embodiments, Draw Cards cannot be placed on the Cash Drawing square located on the game board.
The Major Reward for the Draw Card is based upon the player landing on a specific spot on game board during a machine Reward round. The machine Reward round occurs on a scatter pay. Upon landing on the spot, the player wins an amount based upon the base game Reward. In addition to the base game pay, the player gets to collect additional cash prizes for having a Draw Card-in that location. As a player moves past locations with Draw Cards, the Draw Cards are removed from the game board.
Example Game Screen
A Game Start Screen is a screen shown on the machine display 82 at the commencement of a game. In some embodiments, the Game Start Screen merchandises the Reward Feature, emphasizing the use of the player's card. In addition, this screen will allow the non-carded player to view a details screen, described below, as well as the pay table for the Reward Feature. Upon insertion of the player card, the Reward Feature Messaging 210 area will welcome the customer by name, and will begin communicating their status in the Reward Feature. This communication is described in more detail below.
The game played on the machine 80 may continually display information to the player that summarizes their current Reward Feature Status in the Reward Feature Messaging Area 210. The following messaging in Table 1 are examples of what might be displayed:
Promotional concepts implemented in the PSGS 70 system are based on the presumption that details about the player are known somewhere on the architecture 10. The details may be stored on the machine 80. These details may also be stored in the patron database 72 of the PSGS 70 or elsewhere on the architecture 10. The player will be identified to the machine 80 using the existing player tracking card and slot data collection system. An example data flow through the PSGS is illustrated in
In some embodiments, all messages and transactions between the machine 80 and the PSGS 70 of the architecture 10 of
A Card Reader Monitor 24 (
One of the purposes of having the card reader monitor 24 is that it allows signals coming out of the hardware card reader to be read and used by other portions of the PSGS 70. The Card Reader Monitor 24 provides a standard mechanism to detect and derive information from player cards that is separate and distinct from existing player tracking/patron management systems.
In implementation the card reader monitor 24 includes a communication system, such as a cabling system attached between the hardware card reader to convert the output to, for example, a standard RS-232 format. The other end of this cable is then attached to a serial port on the machine 80. The card reader monitor 24 also includes a process, such as a software process that runs on a processor in the player tracking system 20 or on the machine 80, for example. This running process monitors that RS-232 port, detects incoming data, decodes the data, and sends an appropriate message to the message controller interface between the machine 80 and the PSGS 70.
Messages sent by the card reader monitor 24 can include, for example card in (with Card ID) card out (with Card ID), and abandoned card (with Card ID). After a message is created it is sent to the PSGS 70 to update the current status of the inserted player tracking card.
A “heartbeat” (periodic messages to ensure another component is still “alive”) is initiated by the game 80 or the PSGS 70 to ensure the Card reader monitor 24 is still active. If, for any reason, that heartbeat is lost, the Game 80 is signaled to disable PSGS 70 functionality. A detailed description of a heartbeat implementation is described below.
The card reader monitor 24 may use power from the SMIB 28 for its uP, and power from the machine 80 serial port for optoisolation. In some particular embodiments, if the player tracking card is successfully inserted, the machine 80 will receive a packet from the card reader monitor 24 with the following format: “ISnnnnnnnnn.hh”, where Ascii ‘I’ denotes card insertion detected by the reader switch or optoisolator, Ascii ‘S’ denotes detection of the card stripe “sync” character, ‘n . . . n’ are the numeric Ascii representation of characters ‘0’through ‘9’ encoded on the card. Up to 15 may be included, ‘.’ is the Ascii delimiter between the end of the card numeric data and the beginning of the check field, and ‘hh’ is the two-digit Ascii-Hex check field that represents the exclusive-oring of the Ascii characters from the ‘S’ to the ‘.’, inclusive. This will be used by the machine to verify the reception of a valid packet. On a failed insertion, the machine 80 will see: “Ifx”, where ‘I’ denotes an insertion, ‘f’ denotes a failure, and ‘x’ is a placeholder for an Ascii lower-case failure code letter: ‘c’ denotes a failure of expected clock detection, ‘s’ denotes a failure of expected sync character detection, and ‘I’ denotes a failure of expected longitudinal redundancy check. When the card is removed from the reader under any circumstances, the machine 80 will receive a signal including “R<cr>”, where Ascii ‘R’ denotes card removal detected by the reader switch or optoisolator.
A session begins as the PSGS 70 recognizing a player's card in the PSGS 70 database 72, 74, or from the patron database of the player tracking system 40. The PSGS 70 recalls the player status in the reward feature. The player status is forwarded to the machine 80. The machine 80 begins managing the player's progress.
A session ends upon the PSGS 70 receiving a card out signal from either the player-tracking system or the Card Reader Monitor 24. However, if a game fails or the PSGS goes down the player's session will end.
For the best possible database accuracy, the updating of the player database from the Machine will be redundant, based upon, for example, four methods:
In the event that PSGS loses connection with Machine 80, during idle periods or prior to the insertion of a player card, the machine 80 will continue to operate in a mode that does not allow players to qualify for the player-based Rewards. The machine 80 will offer to card players the same features and benefits that are offered to non-carded players.
In embodiments of the invention, the machine 80 records all transactions necessary to update the PSGS 70 on all customers who have a card-in before the link failed. In the event that a player has card-inserted with prior to link failure, the machine will need to keep information specific to that session stored and will need to update the PSGS 70 when it comes back on-line. The machine 80 preferably has a capacity to store 200 or more events related to player status in the Reward Feature. Any information required by the PSGS 70 to make the Reward Feature work should be saved in the stored events.
The PSGS 70 and the machine 80 communicate by sending messages between themselves over a “PSGS Network” 90 illustrated in
In one example messaging system, the Message Type communicates the origin of the sender. Machine Location and Machine Number represent unique identifiers associate with the Machine 80. Timestamp places a date on each packet. Message Authentication validates the message contents and sender to ensure proper authorization for the information. Detail are illustrated in Table 2.
Acknowledgement messages are replies to the sender, indicating the reception and validation of the transmitted message, such as illustrated in Table 3.
Non-acknowledgement (Nak) messages are replies to the sender, indicating the partial reception or invalidation of the transmitted message, as illustrated in Table 4.
Reward enable and disable data structures describes control from PSGS to Machine enabling and disabling Rewarding Features. A communication check message packet is used to verify connectivity between the machine 80 and the PSGS 70.
Configuration Set messaging may include the following fields: Feature Independent Fields, Item Collection Reward Fields and Drawing Reward Fields. These fields detail Reward operation parameters.
Script/Random Mode defines how the machine 80 is to award prize amounts. The scripted mode is a reward sequence where a series of graphical steps results in a predetermined outcome. The random mode is a random number generator (RNG) call performed by the machine to determine the reward outcome. Minimum Reward Position assists the Machine in graphically communicating to the player the start position in the Major Reward. Maximum Reward Position assists the Machine in graphically communicating to the player the ending position in the Major Reward. Collection Pool Minimum is the minimum position for the Reward Pool Mechanism. Collection Pool Maximum is the maximum position for the Reward Pool Mechanism. The Collection Pool Increment Rate is a percent of coin-in used to fund the final prize amount. Examples are illustrated in Table 5.
Script/Random Mode defines how the Machine 80 is to award prize amounts. The scripted mode is a reward sequence where a series of graphical steps results in a predetermined outcome. The random mode is a random number generator (RNG) call performed by the machine to determine the reward outcome. An example message protocol is illustrated in Table 6.
Script/Random Mode defines how the Machine 80 is to award prize amounts. The scripted mode is a reward sequence where a series of graphical steps results in a predetermined outcome. The random mode is a random number generator (RNG) call performed by the machine to determine the reward outcome. Minimum Draw Card Rewards Position stores minimum location of the card on the game board. Maximum Draw Card Rewards Position stores maximum location of the card on the game board. An example message protocol is illustrated in Table 7.
Card-in response messaging may include the following fields: Feature Independent Fields, Item Collection Reward Fields, and Drawing Reward Fields. These fields detail Reward status and parameters. Player Nick Name or First Name is used in the Reward Feature Messaging Area to welcome the guest. The Player Last Name is used to continue to create unique identifiers for the PSGS. Player tier is a quality ranking. Currently, this field is not used but may be used in future applications. Player ID is the unique number identifier for the Player Tracking System. Pin is the unique number that the player uses to access their account. Pin Lock Count is used to assist with managing the Machine and the PSGS in the event that PIN entry has failed. An example message protocol is illustrated in Table 8.
The Current Position is the player's location in the collection Reward. Total Number of Unique Items is the maximum number of opportunities the player will have to collect unique items. The Final Prize Award Table Index points the machine to the player specific pay table. The pay table is located on the machine. This is the pay table associated with this Reward Feature. Collection Count is the number of unique items in a player's collection. Collection Array is the indexed value of earned items. Collection Pool Current is the current pool amount based upon the player's coin-in and associated incrimination. The Collection Pool Threshold is the target position to trigger the Major Reward. This value is created by the Machine and stored by the PSGS. An example message protocol is illustrated in Table 9.
The Return Reward Status from the PSGS system 70 to the machine 80 signals the machine 80 to know whether the player has a pending Return Rewards or whether the player has been awarded a value. Return Reward Credit Value is the award given to the player based upon the outcome of the Award Table and associated probabilities. The Return Rewards Award Table is the award and the probability of winning the award in this feature. This table is downloaded and associated with the player each time the redeem the Reward. The Relative Time to Availability is the minimum time required before the player is eligible to redeem their Return Rewards prize.
Random Mode defines how the Machine 80 awards prize amounts. The random mode is a random number generator (RNG) call performed by the machine to determine the reward outcome. The Return Rewards Award Table is the award and the probability of winning the award in this feature. This table is downloaded and associated with the player each time the redeem the Reward. Return Rewards Pool Minimum is minimum pool value set for the Reward Pool Mechanism, and the Return Rewards Pool Maximum is the maximum pool value set for the Reward Pool Mechanism. The Return Rewards Pool Increment Rate is the contribution of coin-in to fund the Reward. An example message protocol is illustrated in Table 10.
The Current Chances are the number of chances based upon tickets earned. The Chances per Drawing sets the maximum number of tickets earned, which if achieved would shut down the Minor Reward feature in the Cash Drawing Reward feature. The Drawing Award Table Index is the pay table values used in the redemption of tickets for prizes. This table is located on the machine and is associated with each player. A player must complete the Major Bonus before a new pay table index can be associated with the player. Chances Array is the accumulated chances for drawing, which are identified by eight digit numbers and characterized by player chosen color. Chance Pool Current is the current value in the pool. The Chance Pool Threshold is the target value of the pool, which was set by the Machine and stored by the PSGS. The Cash Drawing Pool Minimum is the minimum position for the Reward Pool Mechanism. The Cash Drawing Pool Maximum is the maximum position for the Reward Pool Mechanism. The Cash Drawing Pool Increment Rate is the percent of coin-in used to fund the award table. An example message protocol is illustrated in Table 11.
The Current Position is the location of the player on the game board. Location Table is the value and geographical position of the Draw Cards on the game board. Location Pool Current is the current value in the pool. The Location Pool Threshold is the target value of the pool, which was set by the Machine and stored by the PSGS. The Draw Card Pool Minimum is the minimum value used in the Reward Pool Mechanism. The Draw Card Pool Maximum is the maximum value used in the Reward Pool Mechanism. The Draw Card Rewards Pool Increment Rate is the contribution of coin-in to fund the Reward. An example message protocol is illustrated in Table 12.
Because the Machine 80 has no internal notice that the player has removed his card from the player-tracking panel, the database must request it. This message need not have any particular data fields.
Card-out event messaging may include the following fields: Feature Independent Fields, Item Collection Reward Fields, and Drawing Reward Fields. These fields detail Player-based Reward status and parameters.
The Current Position is the player's location in the collection Reward. Collection Count is the number of unique items in a player's collection. Collection Array is the indexed value of earned items. Collection Pool Current is the current pool amount based upon the player's coin-in and associated incrimination. The Collection Pool Threshold is the target position to trigger the Major Reward. This value is created by the Machine and stored by the PSGS 70. An example message protocol is illustrated in Table 13.
The Return Reward Status lets the machine 80 know whether the player has a pending Return Rewards or whether the player has been awarded a value. Return Reward Credit Value is the award given to the player based upon the outcome of the Award Table and associated probabilities. The Absolute Time to Availability is the minimum time required for the player to redeem the prize. An example message protocol is illustrated in Table 14.
The Current Chances are the number of chances based upon tickets earned. Chances Array is the accumulated chances for drawing, which are identified by eight digit numbers, and characterized player chosen color. Chance Pool Current is the current value in the pool. The Chance Pool Threshold is the target value of the pool, which was set by the Machine and stored by the PSGS. An example message protocol is illustrated in Table 15.
The Current Position is the location of the player on the game board. Location Table is the value and geographical position of the Draw Cards on the game board. Location Pool Current is the current value in the pool. The Location Pool Threshold is the target value of the pool, which was set by the Machine and stored by the PSGS. An example message protocol is illustrated in Table 16.
Reward event messaging may include the following message fields: Feature Independent Fields, Item Collection Reward Fields, and Drawing Reward Fields. These fields detail Player-based Reward status and parameters.
The Current Position is the player's location in the collection Reward. Collection Count is the number of unique items in a player's collection. Collection Array is the indexed value of earned items. Collection Pool Current is the current pool amount based upon the player's coin-in and associated incrimination. The Collection Pool Threshold is the target position to trigger the Major Reward. This value is created by the Machine and stored by the PSGS. An example message protocol is illustrated in Table 17.
The Return Reward Status lets the machine 80 know whether the player has a pending Return Rewards or whether the player has been awarded a value. Return Reward Credit Value is the award given to the player based upon the outcome of the Award Table and associated probabilities. The Absolute Time to Availability is the minimum time required for the player to redeem the prize. An example message protocol is illustrated in Table 18.
The Current Chances are the number of chances based upon tickets earned. A Chances Array is the accumulated chances for drawing, which are identified by, for example, eight digit numbers, and characterized by a player chosen color. Chance Pool Current is the current value in the pool. The Chance Pool Threshold is the target value of the pool, which was set by the Machine and stored by the PSGS. An example message protocol is illustrated in Table 19.
The Current Position is the location of the player on the game board. Location Table is the value and geographical position of the Draw Cards on the game board. Location Pool Current is the current value in the pool. The Location Pool Threshold is the target value of the pool, which was set by the Machine and stored by the PSGS 70. An example message protocol is illustrated in Table 20.
The Machine 80 manages all graphical messages and the triggers to cause those messages will typically be managed by the PSGS 70. In the event communication between the PSGS 70 and the Machine 80 is lost, the loss of communication should cause a message error to display a message that the Player Based Reward offering is unavailable. Message errors and communication can take any appropriate form. In addition, some game designs could require that the Reward Message Area be capable of moving around on the screen.
Unique Machine Identification
As mentioned above, the architecture 10 can include (and typically will include) several machines 80 coupled to the PSGS 70 and the data interface 60. One way to uniquely identify the machines 80 is to include a non-volatile memory, for example an EEPROM that can be coded with a unique serial number. In some embodiments, the EEPROM may store an Internet Protocol address. The non-volatile memory may be changed or updated as the machine numbers 80 change.
In other embodiments, the Machine 80 may include a “dongle” or other data port connection that includes codes to make the machine 80 uniquely identified. Initialization of machines 80 according to these embodiments may be conducted by configuring the address of the slot machine by installing a UID (Universal ID) Dongle on a parallel port of the machine 80. The Dongle will fix the TCP/IP address to prevent loss of addressing while, for example, replacing the machine electronics. The machine will read the Dongle on reset. The PSGS 70 may be provided the TCP/IP address through a manual entry process.
Advantages of the Dongle method for maintaining TCP/IP addressing at the slot machine are that it assures the system of having a unique id for the slot machine 80. It also allows the architecture 10 to embed a communication encryption key on to the Dongle. Such a structure is simple to setup in the field.
To prevent duplicate TCP/IP addresses, due to the casino network configuration, the architecture 10 may require additional network and software components to be added to the casino's network level.
In addition to standard TCP/IP security, the dongle can include a Public/Private Key Encryption (PKE) that can be accessed by the machine 80. Authenticating messages are sent between the machine 80 and the PSGS 70. PKE may be a number of 128-byte encryption or better. A Secure Hashing Algorithm or another acceptable algorithm can be used for hashing. The machine 80, via the dongle and the PSGS 70 can verify packets with each others' public and private keys. Of course, other security methods can be implemented provided they accomplish the requisite level of security needed. An example of a security flow between the PSGS 70 and the machine 80 is illustrated in
Downloading Machine Pay Tables
Using the architecture 10 system described above, it is possible to add an additional element to the PSGS 70. Specifically, machine pay tables themselves can be downloaded from a central location and into the gaming device 80. Pay tables relate the outcome of a game played and the benefit received by the player for the particular game outcome.
Gaming devices 80 can include a standard pay table for a game, i.e., the pay table that is the standard pay table offerings for that game. In addition, one or more (or all) of the elements within the pay table can be changed. Once changed, they can be downloaded into a gaming device 80 to become the new game table for a particular game.
Game tables can be changed for a number of reasons. For instance they can be changed for different times of the day. Also, they can be changed for specific promotions. The machine pay tables can also be changed for individual players. For instance, a first set of game pay tables can be created for a player with no detail history. Then, as more is learned about the player's style, habits, preferences, skill level, etc., for example the data stored by fields in the patron database or the player tracking database or other database, then the game tables can be modified. Once modified, the PSGS 70 can ensure that the modified pay table is downloaded to the game for the player. In one embodiment, when a player identifies himself or herself by inserting a player tracking card, the PSGS 70 retrieves the personalized machine pay table and downloads it to the machine at which the player is playing. Then, the gaming device changes its current pay table to the one just loaded by the PSGS 70, such that the gaming table is personalized for that player.
As one can imagine, countless variations in modifying machine tables are possible. The PSGS 70 may modify machine paytables at games to which it is connected every hour. Therefore, a particular machine outcome at 5:00 am may be different from one at 11:00 pm. Additionally, if a player known to the PSGS is playing a machine at 5:00 am, the PSGS 70 can be programmed to either override the standard “modified” pay table, or to load the pay table that has been “created” for that particular player. It is also possible to change the paytable to the player specific pay table at some times and not at others. For instance, it is possible to give a player the highest (or lowest) possible payback between either the standard machine paytable or the personalized pay table.
Even further, it is possible to have modified pay tables for each individual game on a machine 80. For instance, pay tables can be modified for games at a first casino, but not at a second casino. Or, pay tables can be modified for a particular game at a casino based on the game's physical location. In short, the PSGS 70 control of modified game tables can extend down to the level of a different pay table for a player for each and every single game to which the PSGS 70 is connected. However, there may be too much overhead in keeping so many modified pay tables for each of the players, and keeping modified pay tables per game type for particular players may be an acceptable level of control/service for the overhead involved.
Authenticating a Game to the PSGS System
Another part of initializing the gaming machines concerns authorization i.e., is the machine 80 allowed to communicate to the databases connected to the PSGS 70, and is the game player recognized by the PSGS system.
Each machine 80 authenticates with a PSGS 70 database when it powers up. In one embodiment, a message controller sends an XML machine authentication message from the gaming machine to the PSGS server 70. Next, the PSGS 70 performs lookups, and cross-references a machine identification, casino identification, game identification, etc. with the PSGS database illustrated in
More than one method is possible. In one embodiment, the PSGS 70 replies that the gaming device 80 cannot be identified, and then the machine cannot enable PSGS 70 functionality. The game 80 may continue to function normally as a normal slot machine, but will not have PSGS 70 specific features. In another method, the PSGS 70 may add a trusted game's identity to the list of valid games when the game 80 connects to the server.
The PSGS 70 is a secure closed system that includes of a server and a series of client Machines 80. Communication between the PSGS 70 and the machine clients 80 can be conducted utilizing an industry standard format of XML-RPCs and can be encrypted using the SSL protocol.
A first level of authentication occurs when an initial connection attempt is made between the Machine 80 and the PSGS 70. If the Machine 80 has a valid public key, which corresponds to the server's private key, then access is granted. If it does not have such a key, then the authentication attempt is logged and the client machine is denied access to the PSGS 70.
In some very secure embodiments, to further enhance the security of the system, each client machine 80 must contain a valid entry in the PSGS 70 (i.e. it must be registered with the server). If so desired, the system administrator can configure the system to allow for machine self-registration. If this option has been enabled, on start-up the PSGS 70 will accept the credentials of the requesting machine 80 and make the appropriate entries in the PSGS 70 database.
An example startup process is as follows: At machine start-up the machine 80 sends a Machine Authentication message from a Message Controller (MC) to the PSGS 70. On receipt of the message, the PSGS 70 decodes the message, extracts necessary key information, and attempts a database lookup within the PSGS 70 database. If successful, the data retrieved from the database is utilized to construct a Machine Transfer message that is sent from the server 70 back to the MC on the sending machine 80. This message can contain pertinent location informational data (for example, positional data on the casino floor, whether or not PSGS functionality is enabled on this machine, casino specific art and sound, target souvenir information (position, description, value, etc.) The message is used to initialize the game on the machine 80 with specific parameters that customize the look, feel, and functionality for the casino property. If unsuccessful and self-registration is enabled, then the server 70 accepts the credentials of the machine 80 and utilizes them to make the appropriate entries in the PSGS database. It then grants access and sends back necessary configuration data. If instead self-registration is disabled, then the server will deny access to the PSGS 70.
Players may also have to be identified to have games that interact with the PSGS 70. Player identity, as described above, is gathered from a player tracking card that is inserted or otherwise read by the gaming device. Once the player identity is known, the PSGS 70 checks the identity with players who have data previously stored in the PSGS 70. Additionally, the PSGS 70 may contact other data sources that are connected to the PSGS but not necessarily stored in the PSGS to verify the player's identity, before that the particular player is allowed to connect to the PSGS system.
Even if the player identification data does not match exactly, for example an address or other data may have changed, the PSGS 70 can still allow the player to connect to the PSGS. In some embodiments, a database in the PSGS 70 is automatically updated with the new or changed information.
Database Structure for Multiple Resort Groups and Multiple Casinos
One or more databases stored in the PSGS 70 have been structured such that a single instance database can be utilized in many situations—such as in the following scenarios a single casino, a resort group consisting of multiple casinos, or a central hosting facility serving multiple resort groups and/or single entity casinos.
In one implementation, the casino can include a bank of machines communicating with the PSGS 70, which works well. If, for example, a spacious casino has a centralized data facility, all of the slot machines in Casino A and all of the slot machines in Casino B can communicate with a centralized data facility. Alternatively, a centralized facility could be separately hosted. In this scenario, a series of small independent casinos that are distinct and separate can all communicate with the central hosting faculty. They wouldn't have the expenditures of the data of the centralized hardware in the server room. Although the machines could all tie in to the centralized facility, as far as the casino patrons are concerned, they're going to see information and content specific to that casino, even though there may be data for more than one, or several, casinos stored in the central facility.
Each of the records or groups of records could be encrypted separately, with their own keys. Only the casino with the proper key could retrieve the proper data.
In some embodiments the database could be a PostGres operating on a Linux server.
An example single casino layout is illustrated in
An example multi-property configuration is illustrated in
Another multiple property configuration is illustrated in
Enhanced messaging Capability
Enhanced messaging defines the messaging between the PSGS system 70 and the gaming device 80. In some embodiments, the PSGS server 70 communicates to a message controller 84 (MC), which is a process running on the machine 80, via XML PC. This is functionally illustrated in
The message controller 84 acts as the “Traffic Cop” receiving, translating, and routing messages to the intended recipients. Its primary responsibility is to offload message processing from the game, freeing it to handle all game related activities.
When messages are received, the message controller 84 determines the routing for the message type, translates the message for respective receiver, and sends the translated message.
In some embodiments, the message controller 84 runs separately from the game machine 80, is started prior to game, bonus engine, etc. utilizing current AGPx start-up process, automatically restarts and re-establishes communications if it is terminated abnormally, and is responsible for receiving and dispersing messages to/from authorized/intended processes.
The gaming machine 80 may include a server, such as PostgreSQL, Tomcat, etc., and may include a LOL (Local Online) Card Reader Monitor, as described above. In some embodiments, the game machine 80 registers itself at start up with the PSGS server 70 via a message structure, accepts registrations from locally running processes (game, card reader monitor, etc.), utilizes the pre-existing game messaging format when communication with the game, and utilizes an industry standard XML based message format between the MC and the server processes.
A heartbeat, described above, can be maintained between the gaming machine 80 and the PSGS server 70, as well as between the message controller 84 and all other registered processes.
In some embodiments, the message controller 84 can function in two modes: normal, where all mandatory processes are present; where at least one mandatory process is missing and the message controller 84 is started in such a fashion to allow simulation.
The following describes the messaging protocols utilized internally, between the message controller 84 and the gaming machine 80, and externally, between the message controller 84 and the PSGS server 70, within the architecture 10.
The message format between the game machine 80 and the message controller 84 is dictated by the current message format serialized message format. Communication between the message controller 84 and the game is via RMI (Remote Method Invocation).
The message controller 84 will maintain an open messaging format to allow external applications the ability to interface with, and transmit messages to the gaming device for processing, as well as a closed format that would not be provided to outside parties, which will ensure integrity of the gaming system.
The XML format and protocol (XML-RPC) can be utilized by systems developed in languages other than Java.
All messages between the message controller 84 and external processes are preferably encrypted utilizing SSL. The message controller 84 will cache only a limited number of messages at the local level, because caching a large amount could be unsafe due to the possibility that a player could actually hit numerous bonus events and or reward redemptions during a communications failure. Under such a scenario, a player could in fact redeem his/her winnings then move to another machine and resume play. The PSGS 70 system would be unaware that the player had redeemed the awards and would resume play at the point where communications had failed. This, in effect, would provide the player with the possibility of redeeming rewards twice. With that in mind, only a very limited number of messages are allowed to go unacknowledged by the server before PSGS functionality shall be disabled.
If the PSGS 70 server does not respond before the message limit is reached, a message will be sent to the machine 80 disabling PSGS 70 functionality due to server non-availability. In case of a power failure on the game machine 80, the message controller 84 should be able to retain the message log and resynchronize with the server once it is available.
Many different message types are possible between the game machine 80 and the PSGS server 70, such as the following example message types:
Using embodiments of this invention, dynamic content can be delivered to a game 80 that is based on specific player and/or casino preferences. A “my calendar” concept, which is a calendar that is tailored to a particular game player is a natural outgrowth of this dynamic data mining process.
Utilizing this approach, the PSGS 70 would be granted access to external data sources through in-house integration efforts (providing direct access to data) or through traditional screen-scraping techniques where data is derived from published sources, such as predefined web pages.
Examples of such integrations include: a tie in to the Sports Book market, which would provide a way of filtering data, such as displaying sports data on the gaming screen (or an area of the game screen) to a player of a gaming device in real time, while the player is in the midst of slot (or other game) play. This could take the form of: event start/finish/game outcomes, win notifications, etc., i.e., displaying the notifications on the game screen, and bringing this data to the player's attention in the form of banner messages or pop-ups. The tie in could become a two-way operation and bets could be taken for events w/o having the player leave the comfort of his/her slot machine. Once betting information was placed on the machine display 82, bet buttons could accept a player's input and cause the bet to be made. Funds could be debited from the meters on the gaming machine 80, or from a pre-established credit line (or deposit account) with the casino.
A tie into other areas of casino operations could also be accomplished. Examples of these could be announcements of: upcoming bingo sessions, upcoming future and results of past keno games, availability of poker seats in poker rooms, restaurants/show reservations.
One appealing aspect of this customization is that through the use of a player tracking card, the casino knows exactly who and where the card holder is, and can target a message directly to the card holder . . . and not broadcast the message to an entire casino or to an entire bank of machines.
With a two-way flow of data between the gaming machine 80 and the PSGS 70, the architecture 10 can provides for, for example, making reservations for dining/events by using the gaming screen, checking a player club status, etc by using the gaming screen, and checking airline flight status by using the gaming screen, etc.
By extending this data mining/integration concept onto the PSGS server 70, the ability to link these systems together is enhanced, which provides the player with a “portal” into their casino/gaming experience.
An example PSGS system 70 can consist of a server (or series of servers) connected to a series of slot machines, as described above with reference to
In some embodiments, a dynamic content generator 76 (
The dynamic generator 76 could filter information before providing to the screen of the gaming device. In one embodiment, a “my calendar” button could appear on the gaming screen 82 that, when selected, causes the dynamic content generator 76 to get public and private events, format them, and display a calendar for the player.
To generate the calendar, or any other outside content, the dynamic content generator 76 could go to any external source for data content. In addition, the data could be made to flow in two directions, so that the player could generate data that is delivered to the PSGS 70 network or to other connected networks. For instance, the gaming device could be linked to a casino's sports book operation and bring over some sports book information, including game scores, etc. The player could place bets and the bets placed with a casino's sports book. A player could hook into a scheduling system for poker tables so that when a poker table that came available, the table could get pushed to the player and a notification would appear on the player's game screen. Show, dinner, or transportation reservations could be made.
In another embodiment, a player could check into a hotel before the player's room was ready. Then, after the player inserted his or her card in the gaming device 80, the PSGS 70 system could communicate with the hotel open room system, and could send a message to the player when his or her room was ready, and even specify the room number or any additional information, for instance.
Such notices could be placed on a particular portion of the game screen 82, for instance, or could be made into a pop-up message that appears over the screen. Of course, the popup would not interfere with an existing game, such as by waiting until the end of a turn or a game before popping up on the screen.
Currently, games and gaming systems operate in closed environment and do not allow outside content to be displayed or allow for dynamic information and content. The idea of having a system like above is that it allows for other systems to “speak” to the game using a communication protocol such as XML. As mentioned above, some of the benefits of this type of application are listed below: streaming information personalized to the player's tastes. I.e. streaming stock quotes, sports scores, allowing a customer to make sports wagers on the game. For instance, a ticket printer, known in the art, could print the sports betting ticket and bill valuator could redeem the winning ticket. Such a system could notify the customer of upcoming bingo sessions. Such a system could take keno wagers and allow the customer to review past and current results. A ticket printer could print the ticket and the validator could redeem the ticket. In such a system the customer could be notified of a poker room table opening up and their status on the wait list. The customer could access a calendar of events, such as that illustrated in
The customer could access information about their points, comps, and cash back. The customer could make and review reservations for dinning, rooms, poker tables and special events. The system could allow for player specific tailored advertising messages. These messages could be simple text or complex animations.
Heart Beat Monitoring
A heart beat monitor operates within the machine 80 that is able to be coupled to the PSGS 70 system. This monitoring system gives the PSGS 70 the knowledge that the EGM is alive and has not been compromised by any problems.
In practice, the heart beat is a message format that is sent to ensure that all the components of the machine 80 are still active. If the components of the machine 80 are not up and active enough, the PSGS 70 will disconnect the machine 80 from the system or will send commands to shut down the machine. In this way, no player would continue to play on a machine that is not connected to the PSGS system 70.
Such a message could be sent at any time period, such as, for example, every thirty seconds. Many components could be polled, for example messages could be sent to the game, the card reader monitor 24, and/or the server 70. If any one of those components drop out, the heart beat monitoring system can disable PSGS functionality.
The heart beat monitor can be a process running on the game 80 processor, which communicates with other software processes or hardware processes within the game, within the PSGS server 70, or elsewhere on the architecture 10.
The following points can be considered. This process is defined as the monitoring of critical system components on a fixed interval basis. If that heartbeat is lost, predefined steps can be taken to either continue operations in a secure mode or perform an orderly shutdown of the system. In the case of the PSGS 70 system, the primary purpose is to insure the robustness and reliability of the overall gaming system. It is critical that the player be assured that contributions derived from coin-in are attributed to their session/account in a timely and accurate fashion.
Generally, this monitoring occurs between certain critical system components. In the case of a dual server solution, a heartbeat is maintained between the two servers such that the “standby” server can assume responsibility if the heartbeat is lost with the “live” server. In the case of the PSGS 70, this monitoring occurs between these major internal and external system components: game (internal to machine 80), message controller 84 (internal to machine 80) Card Reader Monitor 24 (internal to machine 80), PSGS server 70 (external to machine 80).
As defined in the configuration options, a heartbeat message is sent between all major components every n seconds. The component, upon receipt of the heartbeat message, must respond within n seconds with an acknowledgement (Ack) message. If a response is not received, the sending component is responsible for notifying the local controlling authority that communication has been lost and PSGS functionality should be disabled.
An example basic logic flow of a sample heartbeat between 2 components is illustrated in
Representative examples of a message flow is as follows:
Successful Message Controller to Card Reader Monitor Transaction:
Different bonuses provide incentive for someone at a gaming machine to play additional games. In embodiments of the invention, an indicator may be presented on the gamescreen 82 when a bonus or other type of event may occur in the near future. Thus, when the player sees the indicator, they may be enticed to stay at the game longer and wait for the event to occur.
A lucky coin bonus is a bonus in which an award is won by a player after a randomly selected amount of total play has occurred on participating machines. Such bonuses are well known in the industry and appear in, for example, U.S. Pat. No. 6,375,569.
A lucky coin indicator is a type of upcoming event indicator, which, as described above, is a visual indicator of the lucky coin bonus that is presented to a player when the player is playing a gaming device.
In one embodiment, the indicator appears on the gaming screen on one of three conditions. In the example illustrated in
For example, as illustrated in
As illustrated in
As illustrated in
The indicator could be used to signal impending or immediate awarding of other awards. For example, it could trigger a redemption box to redeem collected souvenirs.
Because the game 80 may not be directly connected to the PSGS 70 system, game verification is a unique way of ensuring that the proper game is connected to the PSGS network 10. This verification can be performed by a secure Java classloader and an in-memory verification.
In embodiments of the invention using a Java Classloader, each class is loaded up into the JVM goes through a check first, and a signature is computed. The signatures are then checked against known good signatures that have been pre-computed and stored in a non-volatile memory. In some embodiments, a hash mark check sum value of a signature is performed on each class. In this process, as the machine is powered up, a process runs that computes a signature on a CD that is present in the game. The signature is compared to a pre-calculated signature stored in non-volatile memory, for example an EEPROM. If it matches, the game proceeds to the next stage of the verification. If the signatures do not match, the game is prevented from connecting to the PSGS 70 network.
In embodiments of the invention using in-memory verification, a list of standard processes that are authorized to be running on the machine are sampled every so often, for example every few seconds, and a query is made to the proc-file system, which is built up a list of processes. The authorized list is compared to the proc-file system. If the lists match, then the machine is authorized. If they do not match, the machine is shut down, or disconnected from the PSGS network 70.
In one embodiment, the entire list of processes is memorized, then each process is independently verified. In some embodiments, the unique signature is derived based on the file name, the path, the command line parameters and other pertinent information.
Additional details of both the memory verification and the Java classloader are illustrated below.
A basic requirement levied by gaming regulators is for the continual verification of memory utilized by a gaming machine 80. The basic premise behind this is that the known “memory map” is constantly being compared at a byte level to a known good and that if the maps differ, the game will fault.
Since the gaming machine 80 can utilize a dynamically loading operating system, it is virtually impossible to predict what will be loaded where (and at what time). As such, an alternative method can be used.
Implementation of verification utilizing a /proc file system is a two step process. The first step is accomplished at build time and the second step is accomplished at runtime.
At build time, a list of authorized processes is derived from a test configuration of the game. This is combined with the known operating system processes that are authorized to be running on the game machine 80. Once the combined list has been created, it is run through a series of custom applications used to extract information about those processes (process name, invocation path, command line parameters, memory utilization, etc.). This information is then used to create a unique signature for each process. Once the series of unique signatures has been created it is stored on EPROM for future utilization.
At run time the /proc system is continually accessed to derive a list of processes that are active at that moment in time. Since not all processes are guaranteed to be active at all times, a direct one for one comparison cannot be made. Instead, a signature for those processes that are currently active is derived using the same techniques as used at build time. After the signature has been derived, the corresponding signature is extracted from the EPROM and is compared. If the signature matches, the game continues on. If it does not match, an entry is made to the system log and the game faults. If, during the process of extracting a signature from the EPROM, one cannot be found for the process currently in memory, the game will fault.
The purpose of System Verification is to continuously check that the gaming device is in a known state—a known state being that known and only known processes are running and that known and only known Java classes are being executed.
During game execution three pieces come together for the successful verification needed to allow the game to continue to execute: the CD that the game code and data are delivered on, the security prom which must be matched with the CD, and the run time environment of the executing game.
The CD contains all executables and data needed for game execution. The changes to CD from previous version of this platform to support system verification is the additional code to track and verify classes and processes loaded into the run time environment. The CD is stored within a game cabinet, outside the reach of patrons.
The security prom contains checksums and signatures to verify the validity of the CD. The security prom could contain an MD5 checksum of the entire CD to ensure a valid CD was loaded. This data remains in place and still actively verifies that the CD and security prom loaded on this machine are indeed a matched set. The security prom can also include the class and process signatures required to support system verification. A seed used to create these signatures is determined during the build process and is unique to each revision of CD/prom pair.
The run time environment has 2 additions to support System verification; 1) code to track which classes and processes are currently loaded into the runtime environment and 2) code to generate signatures for these loaded classes and processes and compare the active signatures with the known signatures located on the security prom. If the signature of any active class or process does not match that on or is not found on the security chip error messages are logged and the game is terminated.
The signature data for verification is added to the ‘security’ chip on the prom board. There are now four (4) sections to the prom image: md5 checksum, md5 executable, class signatures, and process signatures. Each section has 4 bytes of size (size of data only) followed by the actual data.
This file format remains unchanged from previous versions. This image contains one line per file where each line contains a md5 check sum and the file name and one additional line to define the game/percentage this machine can run.
There is a special provision on the md5 checksum where if the size is equal to “!agp” then there is no md5 checksum data and the system is deemed to be a development machine (md5 checksum verification is disabled).
This image starts with a few lines to define the game/percentage this machine can run. The rest of the file contains one line per file where each line contains a md5 check sum and the file name.
This section is in the security prom to support System Verification. This section contains the name and a signature for each class that is allowed to be loaded while the game is executing.
This section in the security prom supports System Verification. This section contains the name and a signature for each process that is allowed to be running while the game is executing.
Given the security of the JVM there is no way to extract the active classes out of the JVM itself short of opening up gaping security holes and adding the performance hit of enabling the debugging mode of the JVM. To keep track of which classes are currently active we add our own class loader to both load and track active classes. We tell the JVM to add our class loader into the class loader structure with the—
Our class loader was created by starting with the most secure of the available Java class loaders, adding more restrictions to the sources from which classes can be loaded from, and adding the ability to remember each and every class that is loaded into the JVM. At startup we explicitly specify to the JVM the location and name of our custom class loader.
The JVM class loading is done in a parent-child relationship with the default loader the parent and added class loaders the children. The default class loader is always present and our class loader becomes the only child class loader. When the JVM is asked to load a new class it calls the parent class loader which looks for all classes available in ‘CLASSPATH’; if the class is not found it then delegates the loading of the class to the child class loader. In order to effectively disable the parent class loader we modify the startup to set ‘CLASSPATH’ so that it does not point at any classes forcing the default parent class loader to always delegate to our class loader.
Finally we add the argument ‘-Djava.system.class.loader.path=/cdrom’ (/space/target for development systems) to the startup which tells our class loader where to look for known classes. No special startup code is needed for process verification.
Run Time Checking
Runtime verification is accomplished by creating a verification thread within the JVM. The thread performs verification on demand or 60 seconds later than the last verification. Currently on demand verification is done on a door closed event or a jackpot cleared event.
The verification thread creation and on demand kicks are done in the BaseGame object. The verification thread calls back to the destroy method of BaseGame if verification fails and the verification is not tagged as being in development mode. The verification thread handles timing and the interface between the game and the verifier code. The actual verification of active classes happens in the classloader and process packages. The basic verification is to read the class signatures off the security chip and compare these expected signatures to those of the currently active classes which are tracked within our custom class loader. If a signature mismatches or an active class does not have a signature in the ‘security’ chip the verification fails and the game is shut down (it only babbles in developer mode).
The actual verification of active processes happens in the process packages. The basic verification is to read the process signatures off the security chip and compare these expected signatures to those of the currently active processes which can be gathered from the Linux kernel. If a signature mismatches or an active process does not have a signature in the ‘security’ chip the verification fails and the game is shut down (it only babbles in developer mode).
System Terminal Support for System Monitoring
Casino and player satisfaction often hinge on very similar requirements; robustness of game play and reliability of the gaming platform. In the past, if there was a fault and/or discrepancy in the gaming platform's performance, it was often difficult if not impossible to narrow down and rapidly find the cause without extensive (and often on-site) efforts of development staff.
The need exists to rapidly detect, diagnosis, and “treat” the symptoms of an Electronic Gaming Device (EGM). To accomplish this: a remote monitoring capability is installed on the gaming machine 80; and remote access is attained, preferably in a secure and reliable manner.
Remote access uses networking support, which necessarily opens as a possibility for intrusion. As such, a secure system is incorporated to authenticate the requestor as a valid user who is authorized to perform actions on this device. SSH is an industry standard protocol suited for just such a task.
Using SSh allows a connection to be made into a gaming device from a remote location, and allows monitoring activity to occur on that gaming device. OpenSSH is a suite of tools to help secure network connections. A list of features includes: strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing), Improved privacy—all communications are automatically and transparently encrypted, secure X11 sessions—the program automatically sets DISPLAY on the server machine, and forwards any X11 connections over the secure channel, Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions). No retraining needed for normal users. Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure RSA authentication never trusts anything but the private key.
Client RSA-authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server RSA-authenticates the client machine before accepting .rhosts or/etc/hosts.equiv authentication (to prevent DNS, routing, or IP-spoofing). Host authentication key distribution can be centrally by the administration, automatically when the first connection is made to a machine. Any user can create any number of user authentication RSA keys for his/her own use. The server program has its own server RSA key which can be automatically regenerated every hour. An authentication agent, running in the user's laptop or local workstation, can be used to hold the user's RSA authentication keys. The software can be installed and used (with restricted functionality) even without root privileges. The client is customizable in system-wide and per-user configuration files. Optional compression of all data with the compression tool gzip (including forwarded X11 and TCP/IP port data), which may otherwise result in significant speedups on slow connections. Complete replacement for rlogin, rsh, and rcp.
Anyone who has access to any machine connected to a non-encrypted network can listen in on any communication. This is being done by hackers, curious administrators, employers, criminals, industrial spies, and governments. Some networks leak off enough electromagnetic radiation that data may be captured even from a distance.
If, during log in, a password would go to the network in plain text, any listener could use your account to do any evil he likes. Many incidents have been encountered worldwide where crackers have started programs on workstations without the owner's knowledge just to listen to the network and collect passwords. Programs for doing this are available on the Internet, or can be built by a competent programmer in a few hours.
Many companies are not aware that information can so easily be recovered from the network. They trust that their data is safe since nobody is supposed to know that there is sensitive information in the network, or because so much other data is transferred in the network. This is not a safe policy.
Utilizing OpenSSH as a foundation for remote access and monitoring of the EGM provides a baseline which mitigates this risk.
At startup, each gaming machine 80 as part of the init (boot) process starts an SSH server. This server continually runs in the background as a server process listening for and responding to requests for access from external sources.
A client application (external to the gaming machine 80) will attempt to connect to the gaming machine 80 via ssh. The following general steps are followed to gain access: The application (most often a request for a simple login terminal) is authenticated via a comparison of the public/private keys. Access is granted if: the keys are found to be authentic, and the requesting individual has an account on the EGM, the requesting individual provides the proper password, and the resource requested exists on the EGM.
Once authenticated access to the gaming machine 80 has been gained, a variety of applications can be accessed to perform forensic diagnosis on the machine. The user could:
Remote monitoring can also be accomplished by the installation of applications on the gaming machine 80 which receive requests for and transmit status information to external monitoring systems. Representative examples could be:
All requests would go through the same ssh authentication process as described above since (in this case) ssh would be used as a tunneling protocol to allow internal process A and external process B to communication of a secure and encrypted pipeline.
In some embodiments, a special chip can be installed in a gaming device that can allow remote access to a gaming machine only if the special chip is present. For example, the special chip or code can indicate that the game is in a “developer” mode, and only allows secure access into the gaming device if the developer chip is present in the gaming machine.