Authentication has always been the subject of great debate, being a task of balancing the human right to privacy and gathering and storing enough information to effectively authenticate an entity, be it a person, computer or any other device, object or medium. Authentication can be found at every level of human society and it is important that is, as without it there would be chaos and no one would be able to posses or claim ownership of anything. Online gaming on Video Games consoles is no exception to this rule and the methods of authentication can be an important differential when marketing the online services on consoles. This article will look at the methods used in 2 of the 3 current Video Games systems, Microsoft’s Xbox 360 and Nintendo’s Wii and explore how they affect the experience and privacy of consumers that use them.
As with any idea or methodology a company might come up with, authentication methods and ideas for online gaming are often protected by the companies that see a use or a need for those methods and ideas. One of the main ways of doing this is secrecy, however if the information is leaked then the company has no way of preventing other parties copying their idea. So the other main approach to the problem is the exact opposite, making the idea or method public in return for the legal right to pursue any party who copies the idea for a set amount of time. This is how the Patent system works. There are various different patent offices that grant these patents after assessing each claim made in relation to a particular idea. With regard to Nintendo and Microsoft in relation to online video game functionality, the US patents office has granted several patents. On closer inspection of these patents, it is interesting to find that Nintendo has filed and been issued a patent that covers any online gaming activity on Video Games consoles including voice chat, meaning that both Nintendo’s main rivals, Microsoft and Sony, have online services on their consoles which fall into the terms of the patent which was added to in 2003 (Nintendo of America Inc., 2003). There is no real evidence of any deals done between the Nintendo and its rivals or even if Nintendo has actually taken any action at all in relation to its patent. Ironically, Nintendo is the last of the Big Three console manufacturers to go online properly with a video games system, with Microsoft being the first.
Although it is the most interest, the aforementioned patent is not the only one to be filed or issued for online functionality in video games consoles. There are two patents relating to the method of authentication for online services, one from each company. These patents, although filed as early as November 2000, are extremely similar to the structure seen in the current online systems of the 2 companies. Microsoft filed a patent in 2001 that describes a system that allows multiple users to connect to a central server from the same console and have an authentication system that allows the server to simultaneously authenticate “multiple users, a gaming console identity, a game title identity, and an identity of the online service” (Microsoft Corporation, 2001). This system includes the use of techniques such as sessions assigned to the ticket with a timeout and an encryption key relating to an online service, all of which are commonly used in many authentication systems already, but because of the specific combination of the techniques, as well as the application of the system being only to video games online, the patent was issued in 2007. The implementation of the ticket system in the current online games system, which is known as Xbox Live is unknown, however the ability of multiple users to sign in to the online services from the same console is one of the primary features of Xbox Live and used by many gamers around the world.
Nintendo filed a patent in November 2000 relating to a “Messaging service for video game systems with buddy list” (Nintendo Co. Ltd., 2000), which also displays the game currently being played by ‘buddies’. Again, Nintendo itself does not yet provide the functionality of being able to see the games being played by friends, but Microsoft does and has done for some time. However, the method of adding and removing ‘buddies’ from the list indicated in the patent clearly has similarities with the current system employed on both the Nintendo DS and Wii, whereby both users, the player and his buddy, must input the unique Wii number of the other. These requests are then synchronised with each other by a centralised server, which can take time. When both systems were tested for this article, the Xbox Live sign up process was instantaneous as far as adding buddies were concerned, whereas the Wii would sometimes take in excess of 12 hours before the link between the two friends had been established and were able to communicate with one another. So although both systems use centralised servers, Xbox Live clearly has a more efficient system of dealing with requests. Patents are used by both of these companies, but with different intentions. Nintendo evidently uses them to protect ideas that may be used in gaming in general by whatever company, but doesn’t necessarily use the ideas themselves, whereas Microsoft uses them to protect ideas and specific methods that it will employ in its own products, as evidenced by the close proximity of the 2001 filing date and the launch of Xbox Live in 2002(Microsoft, 2007a).
As previously mentioned, the two online services were tested for this article, including the sign up process, gaming online and the buddy system on each console. From these tests it is clear that Microsoft’s diversity as a company has huge benefits for its online gaming functionality. First the sign up process, which is the first thing that any user must do when using the system. On the Nintendo Wii, all that is required is setting up the internet connection, then going to the Wii store or any other Wii Connect 24 channel and using the system, meaning the authentication is purely based on the Wii console rather than a specific user. The console can however be linked to a Club Nintendo account, an account on the Nintendo website where a user can get stars for registering games purchased. By contrast, Xbox Live requires a hotmail or Live email account and password and uses a username created on signup, which is then associated to the email address. The aforementioned system of multiple users on one console is in full effect here, as a single Xbox 360 can have as many accounts on it as is needed. These very different systems reflect the ideology and intended consumers of each system, with the Wii being open to the family on one console and the 360 centring the whole experience to one registered account at a time, which is accessed by inputting the username and password. It should also be noted that once the user has signed up to Xbox Live using their email account details, the contacts list is imported to the Xbox Live account as buddies. The Wii limits user interaction online and requires heavy authentication in order to do so, whereas once logged into the Xbox 360, the user has the ability to interact with anyone logged into the community around the world.
Both manufacturers use their online update systems to both deter and protect against attacks and modifications to the consoles themselves. This is done in different ways however, whereas Microsoft authenticate the console before allowing it to update, Nintendo have taken the hard-line approach with each update disables any Wii that has been modified (Sorrel, 2007), rendering it useless. This approach allows Nintendo to ensure that any pirated games have no online functionality and anyone with modified consoles cannot enjoy any of the benefits afforded by online updates and new channels that users can download. The approach Microsoft has taken achieves much the same as the Nintendo approach, but uses more advanced methods of authenticating unmodified consoles and is centralised, whereas the authentication Nintendo uses is federated, with the authentication attributes being assigned by the central system and checked locally by the console, meaning that it is more vulnerable to being bypassed. Potentially a modification to the console could be effected again after each update, currently however the rate at which updates are released means that any modifications made to a console will be useless too soon to be of much use if the console is updated regularly. Xbox Live has a greater need to authenticate centrally, as certain modifications such as the ‘Timing Attack' can allow a user to install Linux on the console itself (Chris, 2007), allowing the user more control and therefore access to Xbox Live must be denied altogether. Also of note is the fact that in order to play games online, Gold membership is required, which costs £60 a year. Although there have been isolated attacks on the Xbox 360 console itself and an update on the Wii caused a few consoles to become unusable (Seff, 2006), the security measures in place have thus far prevent any major attacks on both online systems.
The long debated issue of privacy have a different impact on each of the two companies, with Microsoft catering more to the hardcore gamer market and Nintendo branching out to the mainstream. For hardcore gamers, who will generally be used to giving out information many times over for various different online products and services, giving information to Microsoft for access to online gaming and other services will not be a problem. Also, the fact that most will already have a hotmail or live email address, means that it will seem as if they are giving Microsoft any personal information at all. The mainstream market of the Wii on the other hand would be far less willing to give any personal details over to Nintendo, especially those who do not use the internet on a regular basis. These factors will have been instrumental in the design of the systems and as such the Wii requires no personal information to access the online features including online gaming and downloading games.
The Wii online system is severely limited however, with connection to the internet being slow, possibly because of the authentication procedures each time a user connects, although this is pure speculation, as Nintendo has not released any information to actual methods of authentication used. Nintendo’s policy with the Wii’s online infrastructure has always been to limit interaction between users to prevent grooming and other such abuse, with Xbox Live users frequently having abusive and sometimes offensive language hurled at them, including the time spent online in the tests for this article. Nintendo has opted for privacy over accessibility, where no one will ever hear or see anything from anyone other than buddies approved by both parties. Nintendo has gotten round the problem of having no friends for online gaming by allowing ‘auto matching’, a feature that matches a group of players anonymously. Nintendo has also allowed other games companies such as EA to use their own servers and authentication methods for online gaming and downloads, meaning developers who want to make open Xbox Live like services can do so. Xbox Live on the other hand is completely centralised and as such uses its own authentication methods, but is a much more open system anyway. It also offer features such as demo downloads and stats tables as standard (Microsoft, 2007b), so companies like EA and Ubisoft can use the centralised system unimpeded. It could be argued that this system has greater privacy as far as giving personal details is concerned, as only Microsoft is collecting the information and only collecting it once. Nintendo do not collect any information themselves for online, but other companies require registration on their websites and therefore personal details are collected by many different companies if a user wishes to play many games online. Although Xbox Live is centralised and does not necessitate the need to give correct information for an email address, Nintendo gives the choice of accessibility or privacy and the fact that a sign up on Xbox Live can be completely under a false name and personal details means that it is more common for Xbox Live accounts to be impersonated online, especially since Gold Membership costs money.
Nintendo has the approach of testing the waters with online, a complete reversal of their current Blue Oceans strategy (Casamassina, 2006), patenting many internet gaming concepts, but not using them in Nintendo products. Xbox Live has been at the forefront of online gaming on consoles and is a much more open system. The Wii online features will in the future be a mesh of separate networks each requiring their own authentication and collection of personal data, unless Nintendo decide to centralise the system, which would be an extremely difficult task. However the user is given the choice of whether to give out any personal information or not, whereas on Xbox Live there is no choice, it’s everything or nothing. Both systems will be hugely popular, but with different people, the mainstream market turning to Nintendo for gaming and downloads under the umbrella of anonymity and the hardcore community-driven gamers who want to be able to gloat and interact with opponents on the battlefield relying on Xbox Live for their gaming needs. Authentication is subjective and as such there will continue to be differing methods for its application.