PCT
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`(51) International Patent Classification 6 :
`WO 98/40140
`A63F 9/24, 9/22 II G06F 161:00, G07F
`17/32
`
`WORLD INTELLECTUAL PROPERTY ORGANIZATION
`International Bureau
`
`(11) International Publication Number:
`
`Al
`
`(43) International Publication Date:
`
`17 September 1998 (17.09.98)
`
`(21) International Application Number:
`
`PCT/AU98/00152
`
`(22) International Filing Date:
`
`10 March 1998 (10.03.98)
`
`(30) Priority Data:
`PO 5543
`
`10 March 1997 (10.03.97)
`
`AU
`
`(71) Applicant (for all designated States except US): ARISTOCRAT
`LEISURE INDUSTRIES PTY. LTD. [AU/AU]; 85-113
`Dunning Avenue, Rosebery, NSW 2018 (AU).
`
`(81) Designated States: AL, AM, AT, AU, AZ, BA, BB, BG, BR,
`BY, CA, CH, CN, CU, CZ, DE, DK, EE, ES, Fl, GB, GE,
`GH, GM, GW, HU, ID, IL, IS, JP, KE, KG, KP, KR, KZ,
`LC, LK, LR, LS, LT, LU, LV, MD, MG, MK, MN, MW,
`MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL,
`TJ, TM, TR, TT, UA, UG, US, UZ, VN, YU, ZW, ARIPO
`patent (GH, GM, KE, LS, MW, SD, SZ, UG, ZW), Eurasian
`patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), European
`patent (AT, BE, CH, DE, DK, ES, FI, FR, GB, GR, IE, IT,
`LU, MC, NL, PT, SE), OAPI patent (BF, BJ, CF, CG, Cl,
`CM, GA, GN, ML, MR, NE, SN, TD, TG).
`
`(72) Inventor; and
`(75) Inventor/Applicant (for US only): MUIR, Robert, Linley
`[AU/AU]; 7/6 Benton Avenue, Artarmon, NSW 2064 (AU).
`
`Published
`With international search report.
`
`(74) Agent: F.B. RICE & CO.; 605 Darling Street, Balmain, NSW
`2041 (AU).
`
`(54) Title: PERSONAL GAMING SYSTEM
`
`(57) Abstract
`
`A gaming console and a gaming console controller are
`provided where the controller includes a secure credit storage,
`a secure processing device, a secure program storage and secure
`communications, such that the control device may perform all of
`the essential secure functions of a gaming console. The control
`means may be removable from the console and personal to the
`user or may be permanently fixed into the console.
`
`CONSOLE
`
`PLAYER
`INPUT
`
`18
`
`DISPLAY
`
`17
`
`.SGC
`
`13
`
`14c
`
`/6
`
`14a
`
`12.
`
`11
`
`ACCOUNTING
`
`COMBINAi/ONS
`
`RANDOM
`N(.JMBER
`6ENERATm
`
`f5
`
`

`

`FOR THE PURPOSES OF INFORMATION ONLY
`
`Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT.
`
`AL
`AM
`AT
`AU
`AZ
`BA
`BB
`BE
`BF
`BG
`BJ
`BR
`BY
`CA
`CF
`CG
`CH
`CI
`CM
`CN
`cu
`CZ
`DE
`DK
`EE
`
`Albania
`Annenia
`Austria
`Australia
`Azerbaijan
`Bosnia and Herzegovina
`Barbados
`Belgium
`Burkina Faso
`Bulgaria
`Benin
`Brazil
`Belarus
`Canada
`Central African Republic
`Congo
`Switzerland
`Ci\te d'Ivoire
`Cameroon
`China
`Cuba
`Czech Republic
`Germany
`Denmark
`Estonia
`
`ES
`FI
`FR
`GA
`GB
`GE
`GH
`GN
`GR
`HU
`IE
`IL
`IS
`IT
`JP
`KE
`KG
`KP
`
`KR
`KZ
`LC
`LI
`LK
`LR
`
`Spain
`Finland
`France
`Gabon
`United Kingdom
`Georgia
`Ghana
`Guinea
`Greece
`Hungary
`Ireland
`Israel
`Iceland
`Italy
`Japan
`Kenya
`Kyrgyzstan
`Democratic People's
`Republic of Korea
`Republic of Korea
`Kazakstan
`Saint Lucia
`Liechtenstein
`Sri Lanka
`Liberia
`
`LS
`LT
`LU
`LV
`MC
`MD
`MG
`MK
`
`ML
`MN
`MR
`MW
`MX
`NE
`NL
`NO
`NZ
`PL
`PT
`RO
`RU
`SD
`SE
`SG
`
`Lesotho
`Lithuania
`Luxembourg
`Latvia
`Monaco
`Republic of Moldova
`Madagascar
`The fonner Yugoslav
`Republic of Macedonia
`Mali
`Mongolia
`Mauritania
`Malawi
`Mexico
`Niger
`Netherlands
`Norway
`New Zealand
`Poland
`Portugal
`Romania
`Russian Federation
`Sudan
`Sweden
`Singapore
`
`SI
`SK
`SN
`sz
`TD
`TG
`TJ
`TM
`TR
`TT
`UA
`UG
`us
`uz
`VN
`YU
`zw
`
`Slovenia
`Slovakia
`Senegal
`Swaziland
`Chad
`Togo
`Tajikistan
`Turkmenistan
`Turkey
`Trinidad and Tobago
`Ukraine
`Uganda
`United States of America
`Uzbekistan
`Viet Nam
`Yugoslavia
`Zimbabwe
`
`

`

`WO 98/40140
`
`PCT/AU98/00152
`
`1
`
`Personal gaming system
`
`Introduction
`The present invention relates generally to the field of gaming machines
`and in particular, the invention provides a device for controlling gaming
`machines which simplifies the security arrangements in both conventional
`and portable gaming machines.
`Background of the invention
`A traditional gaming machine is a self contained unit containing a
`player interface and microprocessor control logic and software games.
`Several types are popular, including the traditional upright slot machine,
`slant top, and bar top slot machines.
`Features typical of these machines are:
`• These machines are physically large and heavy.
`• They are fixed in place and cannot easily be moved. Some units must be
`fixed in place to prevent serious personal injury if they fell on a person,
`due to their weight. Security of the money inside is also maintained by
`their being fixed in place.
`• The security provided by the machines is primarily physical, such as locks
`and doors, backed by electronic sensors, and auditing recorded meter
`values (records of cash in/out etc). In addition, the machines are usually
`used in full view of the operators, preventing any serious attempt by the
`public at stealing from them.
`• Security is required to prevent tampering with the machine by either
`casino staff or customers. Physical security involves physical locks and
`electronic sensors, both on the main chassis and internal logic cage.
`Auditing of metered values, including cash in and cash out, can provide
`further checking of the integrity of operation. The logic cage is an
`internal high security cage containing the highly sensitive CPU, game
`storage memory, security control logic, and any other components that
`may affect the game outcome.
`• Machines must be available to government inspectors, who can check that
`the machines have not been illegally modified to cheat the public.
`Due to these features and gaming laws, gaming machines are restricted
`to carefully prescribed venues, including casinos and certain clubs.
`Security considerations mandate the use of a logic cage enclosing the
`sensitive components. Due to practical considerations (an enclosure is
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO 98/40140
`
`PCT I AU98/00152
`
`2
`
`required to physically hold all the assemblies) it also usually holds most of
`the rest of the logic in the machine. For example the music generation
`circuit may not be considered as sensitive but is typically within the logic
`cage.
`
`Currently, gaming toys such as those made by Radica: "', allow
`"pretend" gambling, where no money can be won or lost. Imaginary money is
`gambled, and typically, when the credit level reaches zero, more credits are
`automatically added.
`Many governments require gaming machines to be monitored to
`control illegal gaming and ensure taxes are collected. However this is
`difficult in many underdeveloped areas in the world as poor communications
`limit the areas and reliability of on-line (telephone) monitoring.
`The player interacts with the gaming machine via a number of means:
`• Graphics are displayed to the player, typically on a video display or
`stepper reels.
`• Sound effects are output from an audio speaker.
`• The player controls the game through various means, including but not
`limited to, a handle, buttons, and touch screen.
`Throughout this specification, the following definitions will apply:
`• A casino is used to refer not only to a traditional casino, but a more
`general financial institution that backs the games played with money. A
`real physical casino in the traditional sense may not exist, and such an
`institution more closely resembles a bank. For the purpose of this patent a
`traditional casino, pub, hotel, aircraft, or ship, etc, can also be considered
`as a casino.
`• Game data refers to that data on a console that is required to provide a
`user interface to the player, including graphics, sound, and code (but not
`combinations).
`• The combinations of a game describe the mathematical structure of the
`game and define all possible games, including the winning patterns and
`the payouts associated with each. From the combinations the game
`statistics are determined, including the theoretical return to the player.
`• A game outcome is the result of a game including the amount returned to
`the player in a winning game and the code defining the image displayed to
`the user to indicate the game result. In the case of a game console (as
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO 98/40140
`
`PCT/AU98/00152
`
`3
`
`opposed to a control device) game outcome also includes the actual
`display image displayed at the end of the game.
`• Credits represent money in the gaming environment. The casino
`interchanges money and credits for the player, although credits may be
`exchanged for other types of value (gifts, etc).
`• SAM refers to Secure Access Means.
`• SPM refers to Secure Processing Means.
`• SSM refers to Secure Storage Means.
`• SGC refers to Secure Gaming Controller, which may include an SPM an
`SSM and secure communication means.
`• A distributed gaming system is one in which the players user interface is
`physically separated from the game outcome logic. Internet gaming is a
`prime example.
`Summary of the invention
`According to a first aspect, the present invention provides a game
`console secure control device implemented as a single secure integrated
`control circuit arranged to perform game outcome determination of a game
`played on a game console to which the control device is connected, the
`integrated control circuit having input/output means to allow
`communications with the console.
`According to a second aspect, the present invention provides a game
`console secure control device implemented as a secure single integrated
`control circuit arranged to perform game outcome determination of a game
`played on a game console to which the control device is connected, the
`integrated control circuit having data storage means and input/output means
`, the data storage means, including game outcome storage means whereby the
`control device is preprogrammed with a set of game outcomes in the game
`outcome storage means and when a player playing the connected console
`initiates a game, a game outcome is determined from the set of game
`outcomes and the input/output means being arranged to allow
`communication with the console.
`Preferably the secure control means is a data processing means having
`associated program storage means, preferably also the program storage means
`includes a control program to control the playing of games on a gaming
`machine into which the control device is connected.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO98/40140
`
`PCT/AU98/00152
`
`4
`
`The control device preferably also includes data storage means, which
`in some embodiments includes credit storage means, enabling the control
`device to be preprogrammed with a credit amount. In use a wager would
`then be deducted from the credit amount in the credit storage means, and in
`the event that the generated game outcome is a winning outcome, a prize
`value is credited to the credit value.
`In other embodiments the secure data storage means is provided
`externally to the control device, and the input/output means is arranged to
`provide secure communications with the data storage means such that a
`credit balance associated with the player playing the game may be stored in
`the data storage means. In a further embodiment the external secure data
`storage means may instead or additionally hold a set of game outcomes, a set
`of random seed values, a set of game combinations, or programs associated
`with the playing of games on the console. In the case of outcomes, seeds,
`combinations, or programs, when a player playing the connected console
`initiates a game, a game outcome is determined from the set of game
`outcomes or a seed value is used to generate a random outcome and or one of
`the sets of combinations or programs is used to determine the outcome or
`outcome indication on the console.
`Preferably the control device includes credit adjustment means
`arranged to adjust the credit balance associated with a player playing the
`game, to deduct a wager from the credit balance and, when a prize value is
`awarded as a result of the game, crediting the prize value to the credit
`balance. In one embodiment the credit adjustment means is arranged to read
`the credit balance, calculate a new balance and write the new balance to the
`data storage means, while in another embodiment the credit adjustment
`means is arranged to communicate a credit balance adjustment amount to the
`data storage means, and the data storage means is arranged to calculate and
`store a new balance.
`Preferably the secure means is implemented as a secure integrated
`circuit or module.
`According to a third aspect, the present invention provides a game
`console including outcome indication means and user input means, control
`means arranged to control the non-secure functions of the game console, and
`secure control device interface means to provide communication between the
`secure control device and the control means whereby, when the secure
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO98/40140
`
`PCT/ AU98/00152
`
`5
`
`control device is present and the game console is in use, a game initiating
`input made by a player to initiate a game causes a game outcome to be
`determined by the secure control device and communicated to the console,
`the game outcome causing an outcome indication selected from a set of
`possible indications to be exhibited by the outcome indication means.
`According to a fourth aspect, the present invention provides a method
`of verifying authorisation of a host device or system to use a program or
`preprogrammed device having a secure function which it performs when
`stored or located in or connected to the host device or system wherein the
`host device or system is provided with a secure authorisation device and the
`program or programmed device interrogates the authorisation device by
`transmitting or otherwise communicating a message to the authorisation
`device and receiving a response from the authorisation device, determining,
`if the response corresponds with the original message, the authorisation
`device being passed as authentic and the program or programmed device
`being permitted proceed to perform its secure function only if this
`correspondence exists.
`In gaming applications, the authentication device will be located in the
`console and the control device authenticates the console by detecting the
`authentication device.
`Preferably, the control device is implemented using known security
`technology such as smartcard technology, and may for example, use a
`smartcard or smartcard chip or alternatively, in a different card arrangement
`such as a PCMCIA card, or a custom card arrangement. Arrangements are
`also proposed in which a smartcard chip is mounted into a floppy disk casing
`together with a magnetic interface for communication with the heads of a
`floppy disk drive. The control device may also be a fixed function logic
`circuit. Game outcome indication may be voice messages, video displays or
`other suitable indications, but in the preferred embodiment, output
`indications will be displayed on a video display device. However, other
`embodiments may employ non-video display devices such as spinning reels.
`In some embodiments, at least some game outcomes will have associated
`with them, a plurality of possible outcome indications, or displays, of equal
`prize value and the game console or control device control program will
`select one display from the set of displays of equal value. The selection may
`be made on a sequential or random basis.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO98/40140
`
`6
`
`PCT I AU98/00152
`
`In one possible embodiment of the invention, the game console is
`capable of playing a plurality of different games and the outcome indication
`means will display an output indication from a set of possible indications for
`the game in play.
`Preferably, the game console control device is arranged to control each
`of a plurality of different types of game console and a common game is
`available for play on all of the console types, although, the outcome
`indications may differ in detail from one console type to another ( eg,
`between a hand held gaming console with a small LCD display and a
`traditional upright gaming console with high resolution video display.
`The program and data memory of the control device may optionally
`include code and data for generating user interface displays on a display
`device in the game console and for monitoring user input devices of the game
`console or alternatively, the programs, screen definitions etc may reside in
`non-secure memory in the game console, external to the control device, or
`may be downloaded from the control device to the console.
`The control device may be a removable device carried by the user and
`inserted into a game console of choice by the user. Alternatively, the control
`device may be permanently or semi-permanently mounted in the console in a
`location that is not user accessible. Consoles may also be of different styles
`such as, for example, hand held devices or traditional free standing
`Electronic Gaming Machines (EGMs).
`The game console may be a permanently or semi-permanently located
`console housing similar in function and appearance to a standard slot
`machine or may be a portable or hand held unit. The game console may also
`be a personal computer with a suitable interface to receive the control device
`or a video game controller connected to a television.
`Random number generation within the control device may either be by
`way of a random number generating circuit employing, for example, a noise
`generating circuit, or relying on the randomness of user input timing.
`Alternatively, the control device may employ a pseudo-random number
`generating algorithm. In the case of a random number generating algorithm,
`one or more seeds may optionally be loaded int? the control device
`periodically ( eg when performing a credit transaction) to break the pseudo-
`random sequence.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO 98/40140
`
`PCT/AU98/00152
`
`7
`
`According to a fifth aspect the present invention provides a game
`console secure data storage means implemented as a secure single integrated
`memory circuit arranged to be connected externally to a secure control
`device, the data storage means including game outcome storage means
`whereby the data storage means is preprogrammed with a set of game
`outcomes, the data storage means having input/output means arranged to
`provide secure communication with the integrated control circuit, such that
`when a player playing the connected console initiates a game, a game
`outcome is determined from the set of game outcomes.
`In one embodiment the data storage means includes credit balance
`storage means whereby a credit balance associated with the player playing
`the game is stored in the data storage means.
`In various embodiments the secure data storage means may be
`permanently or semi-permanently connected to the console, or may be
`removably connectable to the console, whereby the player may possess the
`data storage device and insert it into a console of choice.
`The secure communication with the secure control device may be by
`way of cryptographic security means. or physical security means.
`The secure control device includes credit adjustment means arranged
`to adjust the credit balance associated with a player playing the game to
`account for any wager bet and prize value won as a result of the game. The
`credit adjustment may be achieved by various methods, including:
`1. Deducting a wager value from the credit balance at the
`commencement of the game and if a prize is awarded adding the prize value
`to the credit balance after the outcome is determined.
`Reading the credit balance, calculating a new balance and writing
`2.
`the new balance to the data storage means after the outcome is determined.
`Communicating a credit balance adjustment amount to the data
`3.
`storage means after the outcome is determined, and calculating and storing a
`new balance within the data storage means.
`Brief Description of the Drawings
`Embodiments of the invention will now be described by way of
`example, with reference to the accompanying drawings in which:
`Figure 1 shows a block diagram of an architecture for one embodiment
`of the invention;
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO 98/40140
`
`PCT/ AU98/00152
`
`8
`
`Figure 2 shows a flow chart for an initialisation routine for the
`embodiment of Figure 1;
`Figure 3 shows a block diagram for an Account Register sub-system,
`employed in embodiments of the invention;
`Figure 4 shows a flow chart for a game play sequence employed in
`embodiments of the invention;
`Figure 5 shows a diagram of funds transfer paths which can be
`employed with certain embodiments of the present invention;
`Figure 6 shows a block diagram of a console embodying the present
`invention and illustrating the use of a co-operating license chip.
`Detailed Description of the Preferred Embodiments
`Embodiments of the invention form part of a system which will
`include several parts that together comprise a playable gaming system:
`• An SGC on which the secure aspects of a gaming machine are run. The
`SGC may independently communicate with other systems for the transfer
`of credits.
`• A console that presents to the player a user interface and runs those parts
`of the game system that are not required to be secure. In some
`implementations the console may be integrated with the SGC, for example
`a smartcard with built-in LCD display and buttons.
`• A casino that finances games played on the gaming system.
`• Communications between SGC and casino.
`• The SAM provides secure access to the SSM.
`• This secure game controller is comprised of the SPM and SSM connected
`via secure communications. The SSM holds data on the player's account,
`including the amount of credits available, accounting information as
`required for auditing and optionally combinations to be used by the SPM
`to play the game. The SPM implements the gaming application and stores
`accounting information as required for auditing.
`• A SAM may be used to securely read and update the SSM, and keeps
`accounting information as required for auditing. It may provide on-line or
`off-line communications between the SSM and the casino.
`• Two implementations are described:
`• A single smartcard integrating SSM and SPM.
`• Two smartcards, one implementing the SSM and the other
`implementing the SPM.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO 98/40140
`
`PCT/AU98/00152
`
`9
`
`References to the SGC in are also intended in some cases to apply
`equally to the SPM and/or SSM and/or SAM. In the interests of clarity only
`the SGC is referred and the exact meaning depends on context.
`In the preferred implementation, the SGC comprising an SPJ:vl and
`SSM, is an ISO 7816 smartcard (or smartcard chip) with embedded
`microprocessor, ROM, RAM, E2PROM and communications interface. The
`SGC implementation could also be a micro-controller or a secure multi(cid:173)
`component module, or be composed of a number of physical devices
`connected via secure communication. Communications with the SGC may
`be via a direct electrical interface or may be contactless, such as an infra-red
`or rf link. The key requirement being that it is not possible to determine or
`influence the internal operation or memory contents of the module, and
`hence influence the outcome of games or adjust the account.
`The console varies depending on the application, some of which are:
`• A personal gaming machine comprising of a small hand held console,
`similar in concept to a "Gameboy"'" games console, or "Radica:"'" gaming
`toy into which a SGC is either inserted by the player or embedded by the
`manufacturer (Game boy is a trade mark of Nintendo Corporation and
`Radica is a trade mark of Radica Games Limited).
`• A hand held gaming machine for use in a traditional gaming environment
`with an embedded security device to prevent the machine being removed
`from the premises, in a manner similar to that used to prevent theft in a
`shop.
`• A traditional gaming machine with enhanced security features provided by
`an embedded SGC.
`• A small gaming machine in which the machine output is in the form of
`voice and/or sound effects.
`• A traditional gaming machine used as the console, with the SGC being
`carried by the player from machine to machine.
`• A new type of gaming machine, such as may be used in Hotel in-room,
`cafe, pub, or aircraft gaming, where traditional security of the machine is
`not possible. Security is then provided by the SGC, which may or may not
`be embedded within the machine.
`• Gaming on a home or business computer, with the computer as the
`console. Credits may be transferred to the smartcard via a
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO 98/40140
`
`PCT/AU98/00152
`
`10
`
`communications link to the casino. The computer may be an Internet
`terminal and credits transferred via the Internet.
`• An SGC that is carried by the player, rather than being embedded within
`the console, may be used in more than one of the appropriate applications
`described above. For example the player may have a hand held console,
`but take the SGC from it and play it in a traditionally styled machine in a
`casino.
`• A plug-in module for a game console (eg Sony Playstation TM or Nintendo
`Ultra 64™), containing the game program game data, for the console and
`the SGC. The module may additionally have a modem for communication
`as will be described later.
`An SGC that is carried by the player, rather than being embedded
`within the console, may be used in more than one of the appropriate
`applications described above. For example the player may have a hand held
`console, but take the SGC from it and play it in a traditionally styled machine
`in a casino.
`The complete gaming machine then comprises of two parts, the
`console and smart card, as shown in Figure 1. The SGC 11 contains at least
`those components of the game that determine the game payout. In a
`traditional machine the high security logic cage protects these, and other
`elements against tampering. Each of the following components should be
`absolutely secure to prevent tampering, and are therefore located within the
`SGC 11 although other components of the game may also be included:
`• The combinations 12 of the game held in secure memory (SSM) 23.
`• Accounting data 13 held in SSM.
`• Communications 14a, including means for transfer of credits to and from
`the smartcard 11.
`• The random number generator (RNG) 15 used to determine game
`outcomes.
`• The SGC 11 is managed by a processor 21 which coordinates the other
`functions of the SGC.
`The console 16 provides a user interface to the player for the games
`running on the SGC 11. The user interface provided by console 16 may
`include any of the traditional components, including a video display 17,
`audio output, buttons, handle and touch screen input. When in
`communication with the casino via optional communications link, the
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO 98/40140
`
`PCT/AU98/00152
`
`11
`
`console 16 may act as the intermediary to transfer credit to the SGC 11. The
`console may have other communications systems provided via the link to
`allow it to run distributed games or for the collection of game statistics by a
`controller. The console 16 is managed by a processor 22 which coordinates
`the functions of the console.
`In one alternative implementation the SGC also contains some or all of
`the data required by the console to play the game. Currently smartcards do
`not have much storage capacity, but as this increases it will become feasible
`to store some or all the game data on a smartcard.
`Combinations may be programmed into smartcard RO:tvl, E2PROM or
`RAM. Programming combinations into E2PROM or RAM allows flexibility,
`with a single masked ROM smartcard being able to be used for many
`different combinations and hence games. These combinations are loaded
`into the smartcard either as a once off process during manufacture (ROM or
`E2PROM) or later as required by the user (E2PROM or RAM). Combinations
`downloaded by the user are secured to prevent tampering, using for example
`encryption or digital signatures.
`Preferably to prevent unauthorised use of the smartcard, players are
`required to identify themselves to the smartcard in order for it to function,
`typically using a pin number, password or biometric identification. Multiple
`accounts (eg. members of a family) may be accessed using a single smartcard
`and multiple pins, passwords or biometric identification.
`Alternate Implementation
`In an alternate implementation the secure processing means 21 and
`SSM functions of the secure gaming controller are split between two
`physically separate devices communicating via secure communications.
`Preferably these two devices are smartcards.
`The SSM holds the player's account data, including the amount of
`credit available, accounting information as required for auditing and
`optionally combinations or code. In an implementation of predetermined
`outcomes, the SSM may also hold predetermined outcomes. The SPM
`implements the gaming application and stores accounting information as
`required for auditing. The SPM 21 also typically implements secure storage
`24, to the extent require for operation.
`Gambling is enabled when the user connects the SSM to the SPM 21
`(in the console). Two methods of gambling and credit transfer are described:
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO 98/40140
`
`PCT/AU98/00152
`
`12
`
`• Credits bet are temporarily transferred from the players SSM to the SSM
`24 within the SGC. They are bet on, in one or more gambles, then any
`residual credits or winnings are transferred back to the SSM.
`• Gambles are made within the SPM 21 without the transfer of credit from
`the SSM. The credit account in the SSM is updated after a gamble and
`only then (for security) is the console informed of the gamble outcome.
`The SPM 21 may first check the SSM to verify enough credit is available to
`cover the bet or keep a record of the current credit available. This method
`eliminates the transfer of credit between SPM 21 and SSM and in the
`event of a power or communication failure the player retains their credit.
`A gamble that does not update the SSM has for all practical purposes not
`taken place.
`A multiple smartcard implementation may be used in a system where
`gaming is only one of a range of applications ( eg. telephone, electronic purse,
`EFTPOS, identification) provided on a multi-application smartcard.
`Typically the SSM is the multi-application smartcard held by the user. And
`the SPM is in the console into which the user inserts the smartcard. Security
`features of the SSM ensure access to the secure data is limited to authorised
`applications.
`Initialisation
`When the system is powered up, or an SGC is inserted into the
`console, communication is established between the SGC and console. The
`console interrogates 31 the SGC for its status, including results of
`initialisation diagnostics and the games (combinations) available for play and
`the SGC replies 32.
`A game is constructed using an appropriate set of combinations from
`the SGC and game data which resides on the console. The console queries
`the SGC for its available combinations 31, 32 and determines from the
`available set of game data which games are possible. Referring to Figure 2, if
`more than one game is possible the player is presented with a choice of
`games and asked 33 to make a selection. The console then waits 34 for
`player input 35 before commencing game play 36. The SGC may contain
`combinations for which the console has no game data, and multiple sets of
`game data may exist for a single combination, not all of which reside on the
`console. Where the console is connected to a remote service, for example a
`game server, it may request a download of game data to its local store for
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`

`

`WO98/40140
`
`PCT/AU98/00152
`
`13
`
`games that it would otherwise be unable to play. Download of code may be
`secured thought use of cryptographic techniques to prevent download of
`virus or other malicious code. The player will then be presented with an
`expanded choice of games available, the list of which is determined by:
`• A list of the game data available from the server, stored locally on the
`console. The list may be updated periodically or on demand.
`• The console sends to the server a list of the combinations available on the
`SGC. The server replies with the game data sets that it h