A secure smart card or other secure modular memory device is plugged into (or otherwise connected to) a port of a game controller board internal to a gaming machine. The smart card is programmed to detect an encrypted "challenge" message from the host CPU and output an encrypted "response." If the host CPU determines that the response has the expected properties, then the host CPU verifies that the game program is authentic (i.e., the game program is accurate and authorized for use by that particular gaming machine and customer), and the game can be played. The challenge/request exchange may be performed before every game is played on the machine or at any other time. If the response is improper, then the host CPU will issue a halt command to halt play of the game. By controlling access to the properly programmed smart card, gaming machines cannot run unauthorized copies of the game program. Various other security features are disclosed for protecting communications and data within the gaming machine, such as erasing secure memories if tampering is detected and requiring that an authorized secure smart card be connected to each one of multiple game boards in a single gaming machine for accurate secure communications between boards.