Disclosed is a
system and method that uses
digital signature technology to authenticate the contents of one or more manifests located on a storage device. Each manifest contains a
list of file records, where each
record contains the name of a file stored on the storage device, and a signature value derived from the contents of the file. At boot time, the gaming
machine first authenticates the contents of the manifest and then authenticates the contents of the files using the signature value stored in the manifest. Files are verified using the signature, as they are needed, during the boot up of the
operating system and throughout normal operation. This method reduces the boot time of the gaming
machine and eliminates the need to check digital signatures for each individual file or over the entire contents of a non-secure media. Similarly, a method of adding
authentication ability to legacy
software components without necessarily altering the legacy
software components is disclosed. Introduction of a stronger
authentication algorithm, or when a private key has been compromised would normally require the
software component to be re-built to support the new
algorithm or private / public key pair; however, a method is disclosed where algorithms and key pairs may be changed and applied to legacy software without having to re-built, re-test, re-sign, or re-submit the component to regulatory agencies for approval. Also disclosed is a
system and method of establishing a trusted environment containing a gaming
operating system and associated
authentication module,
file system drivers, and / or network drivers that may be used to in the process of authenticating contents of one or more manifests located on a storage device.