U.S. patent application number 12/545509 was filed with the patent office on 2010-02-25 for network interface, gaming system and gaming device.
This patent application is currently assigned to Aristocrat Technologies Australia PTY Limited. Invention is credited to John Leslie Boesen.
Application Number | 20100048304 12/545509 |
Document ID | / |
Family ID | 41696900 |
Filed Date | 2010-02-25 |
United States Patent
Application |
20100048304 |
Kind Code |
A1 |
Boesen; John Leslie |
February 25, 2010 |
NETWORK INTERFACE, GAMING SYSTEM AND GAMING DEVICE
Abstract
An example gaming device and network interface device adapted to
connect a gaming device to a network are provided. The network
interface device includes a data handler and a firewall. The data
handler has processing and memory resources, and is adapted to
perform data handling functions for transferring data between a
network and a gaming device controller. The firewall is adapted to
inhibit transfer of at least some unauthorised data received from
the network to the gaming device controller.
Inventors: |
Boesen; John Leslie; (Menai,
AU) |
Correspondence
Address: |
HANLEY, FLIGHT & ZIMMERMAN, LLC
150 S. WACKER DRIVE, SUITE 2100
CHICAGO
IL
60606
US
|
Assignee: |
Aristocrat Technologies Australia
PTY Limited
North Ryde
AU
|
Family ID: |
41696900 |
Appl. No.: |
12/545509 |
Filed: |
August 21, 2009 |
Current U.S.
Class: |
463/42 |
Current CPC
Class: |
G07F 17/3241 20130101;
G07F 17/32 20130101 |
Class at
Publication: |
463/42 |
International
Class: |
A63F 9/24 20060101
A63F009/24 |
Foreign Application Data
Date |
Code |
Application Number |
Aug 22, 2008 |
AU |
2008904365 |
Claims
1. A network interface device adapted to connect a gaming device to
a network, the network interface device comprising: a data handler
having processing and memory resources, the data handler being
adapted to perform data handling functions for transferring data
between a network and a gaming device controller; and a firewall
adapted to inhibit transfer of at least some unauthorised data
received from the network to the gaming device controller.
2. A network interface device as claimed in claim 1 wherein the
firewall uses processing and memory resources which are independent
of the gaming device controller.
3. A network interface device as claimed in claim 2 wherein the
firewall is implemented as a function of the data handler.
4. A network interface device as claimed in claim 3 wherein the
data handler is implemented using one or more of a digital signal
processor, micro-controller, microprocessor, microcomputer or
FPGA.
5. A network interface device as claimed in claim 4 wherein the
firewall determines whether to allow or deny data transfer based on
fire wall rules.
6. A network interface device as claimed in claim 5 wherein the
data handler is programmable to update firewall rules.
7. A network interface device as claimed in claim 1 further
comprising: a first data port adapted for establishing a data
connection with a network; and a second data port for establishing
a data connection with a controller of a gaming device.
8. A network interface device as claimed in claim 7 wherein the
first data port is an Ethernet port.
9. A network interface device as claimed in claim 8 wherein the
second data port is a serial data port.
10. A network interface as claimed in claim 9 wherein the data
handler is further adapted to convert packetized data received from
the network to serial data for outputting to the device
controller.
11. A network interface device as claimed in claim 7 implemented as
a network interface card adapted for installation into a gaming
device.
12. A network interface device as claimed in claim 11 wherein the
network interface card is an Ethernet card.
13. A network interface device as claimed in claim 11 wherein the
gaming device for which the network interface card is adapted is
any one or more of a gaming machine, a gaming server, a game
controller, a game tournament controller, a bonus server, a player
interface module or a player tracking module.
14. A gaming device comprising: a controller adapted to execute
game functions; and a network interface comprising: a data handler
having processing resources independent of the controller, the data
handler being adapted to perform data handling functions for
transferring of data between the network and the controller, and a
firewall adapted to inhibit transfer of at least some unauthorised
data received from the network to the controller.
15. A gaming device as claimed in claim 14 wherein the firewall is
implemented using processing and memory resources which are
independent of the controller.
16. A gaming device as claimed in claim 14 wherein the firewall is
implemented as a function of the data handler.
17. A gaming device as claimed in claim 16 wherein the data handler
is implemented using one or more of a digital signal processor,
micro-controller, microprocessor, microcomputer or FPGA.
18. A gaming device as claimed in claim 17 wherein the firewall
determines whether to allow or deny data transfer based on fire
wall rules.
19. A gaming device as claimed in claim 18 wherein the data handler
is programmable to update firewall rules.
20. A gaming device as claimed in claim 14 wherein the network
interface further comprises: a first data port adapted for
establishing a data connection with a network; and a second data
port for establishing a data connection with the controller.
21. A gaming device as claimed in claim 20 wherein the first data
port is an Ethernet port.
22. A gaming device as claimed in claim 21 wherein the second data
port is a serial data port.
23. A gaming device as claimed in claim 20 wherein the network
interface is a network interface card.
24. A gaming device as claimed in claim 23 wherein the network
interface card is an Ethernet card.
25. A gaming device as claimed in claim 14 wherein the gaming
device is a gaming machine, a gaming server, a game controller, a
game tournament controller, a bonus server, a player interface
module or a player tracking module.
26. A networked gaming system comprising: one or more gaming
devices connected for data communication via a network, wherein at
least one gaming devices comprises: a controller adapted to execute
game functions; and a network interface comprising: a data handler
having processing resources independent of the controller, the data
handler being adapted to perform data handling functions for
transferring of data between the network and the controller, and a
firewall adapted to inhibit transfer of at least some unauthorised
data received from the network to the controller.
27. A networked gaming system as claimed in claim 26 wherein each
gaming device connected via the network includes a network
interface having a firewall.
28. A method of enhancing security in a networked gaming system,
the method comprising providing a firewall adapted to operate
during reception of data from a network to inhibit at least some
unauthorised data being transferred to a gaming device
controller.
29. A method as claimed in claim 28 further comprising the step of
providing a gaming device with a network interface card having data
handling processing resources independent of processing resources
used by the gaming device for executing gaming functions, wherein
the data handling processing resources are used for: receiving data
from the network; applying firewall rules to inhibit or allow data;
and transferring any allowed data to the gaming device
controller.
30. A method as claimed in claim 29 wherein the network interface
card is an Ethernet card.
31. A method as claimed in claim 29 further comprising the step of
updating firewall rules.
32. A computer readable storage medium comprising computer readable
instructions which when executed by a processor of a network
interface card cause the processor to implement a method of
enhancing security in a networked gaming system, the method
comprising providing a firewall adapted to operate during reception
of data from a network to inhibit at least some unauthorised data
being transferred to a gaming device controller.
33. A processor device for a network interface programmed with
instructions which when executed cause the processor device to
implement a method of enhancing security in a networked gaming
system, the method comprising providing a firewall adapted to
operate during reception of data from a network to inhibit at least
some unauthorised data being transferred to a gaming device
controller.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] The present application claims the benefit of priority to
Australian Provisional Patent Application No. 2008904365, filed on
Aug. 22, 2008, entitled "NETWORK INTERFACE, GAMING SYSTEM AND
GAMING DEVICE", which is herein incorporated by reference in its
entirety.
FIELD
[0002] The field of the invention is networked gaming systems and
network connectable gaming devices for use in gaming systems.
BACKGROUND
[0003] Gaming systems wherein two or more gaming devices are
connected via a network are known. A known example of such as
networked gaming system is a private network implemented within a
gaming venue. In such systems the network security is an important
to ensure the gaming system performs correctly for player
enjoyment.
[0004] While such gaming systems provide users with enjoyment, a
need exists for alternative gaming systems in order to maintain or
increase player enjoyment.
SUMMARY
[0005] A first aspect provides a network interface device adapted
to connect a gaming device to a network, the network interface
device including: [0006] a data handler having processing and
memory resources, the data handler being adapted to perform data
handling functions for transferring data between a network and a
gaming device controller; and [0007] a firewall adapted to inhibit
transfer of at least some unauthorised data received from the
network to the gaming device controller.
[0008] In some embodiments the firewall uses processing and memory
resources which are independent of the gaming device
controller.
[0009] The firewall can be implemented as a function of the data
handler. For example, data handler can be implemented using one or
more of a digital signal processor, micro-controller,
microprocessor, microcomputer or FPGA. The firewall can determine
whether to allow or deny data transfer based on fire wall rules. In
some embodiments the data handler is programmable to update
firewall rules.
[0010] An embodiment of the network interface device further
includes: [0011] a first data port adapted for establishing a data
connection with a network; and [0012] a second data port for
establishing a data connection with a controller of a gaming
device.
[0013] In an embodiment the first data port is an Ethernet
port.
[0014] The second port can be a serial data port.
[0015] The data handler can be further adapted to convert
packetized data received from the network to serial data for
outputting to the device controller.
[0016] The network interface device can be implemented as a network
interface card adapted for installation into a gaming device. For
example, the network interface card can be an Ethernet card.
[0017] The gaming device for which the network interface card is
adapted can be any one or more of a gaming machine, a gaming
server, a game controller, a game tournament controller, a bonus
server, a player interface module or a player tracking module.
[0018] A second aspect provides a gaming device including: [0019] a
controller adapted to execute game functions; and [0020] a network
interface including: [0021] a data handler having processing
resources independent of the controller, the data handler being
adapted to perform data handling functions for transferring of data
between the network and the controller, and [0022] a firewall
adapted to inhibit transfer of at least some unauthorised data
received from the network to the controller.
[0023] The firewall can be implemented using processing and memory
resources which are independent of the controller.
[0024] The firewall can be implemented as a function of the data
handler.
[0025] The data handler can be implemented using one or more of a
digital signal processor, micro-controller, microprocessor,
microcomputer or FPGA.
[0026] The gaming device can be a gaming machine, a gaming server,
a game controller, a game tournament controller, a bonus server, a
player interface module or a player tracking module.
[0027] A third aspect provides a networked gaming system including:
[0028] one or more gaming devices connected for data communication
via a network, wherein at least one gaming devices includes: [0029]
a controller adapted to execute game functions; and [0030] a
network interface including: [0031] a data handler having
processing resources independent of the controller, the data
handler being adapted to perform data handling functions for
transferring of data between the network and the controller, and
[0032] a firewall adapted to inhibit transfer of at least some
unauthorised data received from the network to the controller.
[0033] In an embodiment of the networked gaming system each gaming
device connected via the network includes a network interface
having a firewall.
[0034] A fourth aspect provides a method of enhancing security in a
networked gaming system, the method including providing a firewall
adapted to operate during reception of data from a network to
inhibit at least some unauthorised data being transferred to a
gaming device controller.
[0035] The method can further include the step of providing a
gaming device with a network interface card having data handling
processing resources independent of processing resources used by
the gaming device for executing gaming functions, wherein the data
handling processing resources are used for: [0036] receiving data
from the network; [0037] applying firewall rules to inhibit or
allow data; and [0038] transferring any allowed data to the gaming
device controller.
[0039] In an embodiment the network interface card is an Ethernet
card.
[0040] The method can further include the step of updating firewall
rules.
[0041] A fifth aspect provides a program including computer
readable instructions which when executed by a processor of a
network interface card cause the processor to implement the above
method.
[0042] A sixth aspect provides a computer readable medium including
computer readable instructions which when executed by a processor
of a network interface card cause the processor to implement the
above method.
[0043] A seventh aspect provides a data signal including the above
program.
[0044] An eighth aspect provides a processor device for a network
interface programmed with instructions which when executed cause
the processor device to implement the above method.
BRIEF DESCRIPTION OF DRAWINGS
[0045] Certain exemplary embodiments of the invention will now be
described with reference to the accompanying drawings in which:
[0046] FIG. 1 is a block diagram of the core components of a gaming
system;
[0047] FIG. 2 is a perspective view of a stand alone gaming
machine;
[0048] FIG. 3 is a block diagram of the functional components of a
gaming machine;
[0049] FIG. 4 is a schematic diagram of the functional components
of a memory;
[0050] FIG. 5 is a schematic diagram of a network gaming
system;
[0051] FIG. 6 is a further block diagram of a gaming system;
[0052] FIGS. 7a and 7b illustrate two embodiments of network
interface cards; and
[0053] FIG. 8 is a flow chart of an embodiment.
[0054] Features, further aspects, and advantages of the present
invention will become apparent from the following description of
embodiments thereof, by way of example only, with reference to the
accompanying drawings. Also, various embodiments of the aspects
described in the preceding paragraphs will be apparent from the
appended claims, the following description and/or the accompanying
drawings. It should be understood, however, that the present
invention is not limited to the arrangements and instrumentality
shown in the attached drawings.
DETAILED DESCRIPTION
[0055] Although the following discloses example methods, systems,
articles of manufacture, and apparatus including, among other
components, software executed on hardware, it should be noted that
such methods and apparatus are merely illustrative and should not
be considered as limiting. For example, it is contemplated that any
or all of these hardware and software components could be embodied
exclusively in hardware, exclusively in software, exclusively in
firmware, or in any combination of hardware, software, and/or
firmware. Accordingly, while the following describes example
methods, systems, articles of manufacture, and apparatus, the
examples provided are not the only way to implement such methods,
systems, articles of manufacture, and apparatus.
[0056] When any of the appended claims are read to cover a purely
software and/or firmware implementation, in at least one
embodiment, at least one of the elements is hereby expressly
defined to include a tangible medium such as a memory, DVD, CD,
etc. storing the software and/or firmware.
[0057] Referring to the drawings, there is shown a gaming system
wherein gaming devices, such as player operable gaming machines, of
the system can be connected via a network. Each gaming device
includes a network interface to enable connection to the network.
The network interface includes a data handler having processing and
memory resources, the data handler being adapted to perform data
handling functions for transferring data between a network and a
gaming device controller. The network interface can be provided
with a firewall to inhibit transfer of at least some unauthorised
data from the network to the gaming device controller thus,
improving security in the networked gaming system. The firewall can
be implemented to use processing and memory resources which are
independent of the processing resources used by the gaming device
for controlling game play.
[0058] A gaming system can take a number of different forms. In a
first form, a stand alone gaming machine is provided wherein all or
most components to implement the game are present in a player
operable gaming machine.
[0059] In a second form, a distributed architecture is provided
wherein some of the components to implement the game are present in
a player operable gaming machine and some of the components to
implement the game are located remotely relative to the gaming
machine. For example, a "thick client" architecture may be used
wherein part of the game is executed on a player operable gaming
machine and part of the game is executed remotely, such as by a
gaming server; or a "thin client" architecture may be used wherein
most of the game is executed remotely such as by a gaming server
and a player operable gaming machine is used only to display
audible and/or visible gaming information to the player and receive
gaming inputs from the player.
[0060] However, it will be understood that other arrangements are
envisaged. For example, an architecture may be provided wherein a
gaming machine is networked to a gaming server and the respective
functions of the gaming machine and the gaming server are
selectively modifiable. For example, the gaming system may operate
in stand alone gaming machine mode, "thick client" mode or "thin
client" mode depending on the game being played, operating
conditions, and so on. Other variations will be apparent to persons
skilled in the art.
[0061] Irrespective of the form, the gaming system includes several
core components. At the broadest level, the core components are a
player interface 50 and a game controller 60 as illustrated in FIG.
1. The player interface is arranged to enable manual interaction
between a player and the gaming system and for this purpose
includes the input/output components for the player to enter
instructions to play the game and observe the game outcomes.
[0062] Components of the player interface may vary from embodiment
to embodiment but will typically include a credit mechanism 52 to
enable a player to input credits and receive payouts, one or more
displays 54, a game play mechanism 56 that enables a player to
input game play instructions (e.g. to place a wager), and one or
more speakers 58.
[0063] The game controller 60 is in data communication with the
player interface and typically includes a processor 62 that
processes the game play instructions in accordance with game play
rules and outputs game play outcomes to the display. Typically, the
game play instructions are stored as program code in a memory 64
but can also be hardwired. Herein the term "processor" is used to
refer generically to any device that can process game play
instructions in accordance with game play rules and may include: a
microprocessor, microcontroller, programmable logic device or other
computational device, a general purpose computer (e.g. a PC) or a
server.
[0064] A gaming system in the form of a stand alone gaming machine
202 is illustrated in FIG. 2. The gaming machine 202 includes a
console 12 having a display 14 on which are displayed
representations of a game 16 that can be played by a player. A
mid-trim 20 of the gaming machine 202 houses a bank of buttons 22
for enabling a player to interact with the gaming machine, in
particular during game play. The mid-trim 20 also houses a credit
input mechanism 24 which in this example includes a coin input
chute 24A and a bill collector 24B. Other credit input mechanisms
may also be employed, for example, a card reader for reading a
smart card, debit card or credit card. Other gaming machines may
configure for ticket in such that they have a ticket reader for
reading tickets having a value and crediting the player based on
the face value of the ticket. A player marketing module (not shown)
having a reading device may also be provided for the purpose of
reading a player tracking device, for example as part of a loyalty
program. The player tracking device may be in the form of a card,
flash drive or any other portable storage medium capable of being
read by the reading device. In some embodiments, the player
marketing module may provide an additional credit mechanism, either
by transferring credits to the gaming machine from credits stored
on the player tracking device or by transferring credits from a
player account in data communication with the player marketing
module.
[0065] A top box 26 may carry artwork 28, including for example pay
tables and details of bonus awards and other information or images
relating to the game. Further artwork and/or information may be
provided on a front panel 29 of the console 12. A coin tray 30 is
mounted beneath the front panel 29 for dispensing cash payouts from
the gaming machine 202.
[0066] The display 14 shown in FIG. 2 is in the form of a video
display unit, particularly a cathode ray tube screen device.
Alternatively, the display 14 may be a liquid crystal display,
plasma screen, any other suitable video display unit, or the
visible portion of an electromechanical device. The top box 26 may
also include a display, for example a video display unit, which may
be of the same type as the display 14, or of a different type.
[0067] FIG. 3 shows a block diagram of operative components of a
typical gaming machine which may be the same as or different to the
gaming machine of FIG. 2.
[0068] The gaming machine 100 includes a game controller 101 having
a processor 102. Instructions and data to control operation of the
processor 102 are stored in a memory 103, which is in data
communication with the processor 102. Typically, the gaming machine
100 will include both volatile and non-volatile memory and more
than one of each type of memory, with such memories being
collectively represented by the memory 103.
[0069] The gaming machine has hardware meters 104 for purposes
including ensuring regulatory compliance and monitoring player
credit, an input/output (I/O) interface 105 for communicating with
peripheral devices of the gaming machine 100. The input/output
interface 105 and/or the peripheral devices may be intelligent
devices with their own memory for storing associated instructions
and data for use with the input/output interface or the peripheral
devices. A random number generator module 113 generates random
numbers for use by the processor 102. Persons skilled in the art
will appreciate that the reference to random numbers includes
pseudo-random numbers.
[0070] In the example shown in FIG. 3, a player interface 120
includes peripheral devices that communicate with the game
controller 101 include one or more displays 106, a touch screen
and/or buttons 107 (which provide a game play mechanism), a card
and/or ticket reader 108, a printer 109, a bill acceptor and/or
coin input mechanism 110 and a coin output mechanism 111.
Additional hardware may be included as part of the gaming machine
100, or hardware may be omitted based on the specific
implementation. For example, while buttons or touch screens are
typically used in gaming machines to allow a player to place a
wager and initiate a play of a game any input device that enables
the player to input game play instructions may be used. For
example, in some gaming machines a mechanical handle is used to
initiate a play of the game.
[0071] In addition, the gaming machine 100 may include a
communications interface, for example a network card 112. The
network card may, for example, send status information, accounting
information or other information to a central controller, server or
database and receive data or commands from the central controller,
server or database. In embodiments employing a player marketing
module, communications over a network may be via player marketing
module--i.e. the player marketing module may be in data
communication with one or more of the above devices and communicate
with it on behalf of the gaming machine. In accordance with network
card embodiments described herein, the network card 112 can include
a firewall to inhibit any malicious data circulating on a connected
network from being transferred to the game controller processor
102.
[0072] FIG. 4 shows a block diagram of the main components of an
exemplary memory 103. The memory 103 includes RAM 103A, EPROM 103B
and a mass storage device 103C. The RAM 103A typically temporarily
holds program files for execution by the processor 102 and related
data. The EPROM 103B may be a boot ROM device and/or may contain
some system or game related code. The mass storage device 103C is
typically used to store game programs, the integrity of which may
be verified and/or authenticated by the processor 102 using
protected code from the EPROM 103B or elsewhere.
[0073] It is also possible for the operative components of the
gaming machine 100 to be distributed, for example input/output
devices 106, 107, 108, 109, 110, 111 to be provided remotely from
the game controller 101.
[0074] FIG. 5 shows a gaming system 200 in accordance with an
alternative embodiment. The gaming system 200 includes a network
201, which for example may be an Ethernet network. Gaming machines
202, shown arranged in three banks 203 of two gaming machines 202
in FIG. 5, are connected to the network 201. The gaming machines
202 provide a player operable interface and may be the same as the
gaming machines 10, 100 shown in FIGS. 2 and 3, or may have
simplified functionality depending on the rules, guidelines,
requirements, and/or preferences for implementing game play. While
banks 203 of two gaming machines are illustrated in FIG. 5, banks
of one, three or more gaming machines are also envisaged.
[0075] One or more displays 204 may also be connected to the
network 201. For example, the displays 204 may be associated with
one or more banks 203 of gaming machines. The displays 204 may be
used to display representations associated with game play on the
gaming machines 202, and/or used to display other representations,
for example promotional or informational material.
[0076] In a thick client embodiment, game server 205 implements
part of the game played by a player using a gaming machine 202 and
the gaming machine 202 implements part of the game. With this
embodiment, as both the game server and the gaming device implement
part of the game, they collectively provide a game controller. A
database management server 206 may manage storage of game programs
and associated data for downloading or access by the gaming devices
202 in a database 206A. Typically, if the gaming system enables
players to participate in a Jackpot game, a Jackpot server 207 will
be provided to perform accounting functions for the Jackpot game. A
loyalty program server 212 may also be provided.
[0077] In a thin client embodiment, game server 205 implements most
or all of the game played by a player using a gaming machine 202
and the gaming machine 202 essentially provides only the player
interface. With this embodiment, the game server 205 provides the
game controller. The gaming machine will receive player
instructions, pass these to the game server which will process them
and return game play outcomes to the gaming machine for display. In
a thin client embodiment, the gaming machines could be computer
terminals, e.g. PCs running software that provides a player
interface operable using standard computer input and output
components. Other client/server configurations are possible, and
further details of a client/server architecture can be found in WO
2006/052213 and PCT/SE2006/000559, the disclosures of which are
incorporated herein by reference.
[0078] Servers are also typically provided to assist in the
administration of the gaming network 200, including for example a
gaming floor management server 208, and a licensing server 209 to
monitor the use of licenses relating to particular games. An
administrator terminal 210 is provided to allow an administrator to
run the network 201 and the devices connected to the network.
[0079] Persons skilled in the art will appreciate that in
accordance with known techniques, functionality at the server side
of the network may be distributed over a plurality of different
computers. For example, elements may be run as a single "engine" on
one server or a separate server may be provided. For example, the
game server 205 could run a random generator engine. Alternatively,
a separate random number generator server could be provided.
Further, persons skilled in the art will appreciate that a
plurality of game servers could be provided to run different games
or a single game server may run a plurality of different games
based on the terminals.
[0080] The gaming system 200 may communicate with other gaming
systems, other local networks, for example a corporate network,
and/or a wide area network such as the Internet, for example
through a firewall 211. Persons skilled in the art should
appreciate that the firewall 211 acts to prevent malicious data
which may exist on an external network, such as the Internet or a
wide area network, from entering the gaming network. For example
the firewall 211 may be associated with an access server providing
a connection to another network.
[0081] Great care is taken in gaming venues to ensure the security
of the gaming network 201. Typical security measures include
limiting physical access to the gaming system network cabling and
servers. Data access is also limited to authorised personnel or
equipment through use of passwords and authorised access procedures
from within the gaming network 201. The external firewall 211 is
provided to protect the gaming network 201 against external attacks
or malicious data present on an external network.
[0082] Prohibiting physical access to gaming servers and control
equipment is effective where most gaming functionality is resident
in the servers, for example the thin client embodiment described
above. However, physical isolation of all equipment implementing
critical game functions is not possible in a thick client
embodiment where part of the game is implemented in the gaming
machines 202 on the gaming floor. Similarly some stand alone game
machines may be network connectable, for example for monitoring or
player tracking. In these cases the game is implemented entirely in
the gaming machine 202 which is played by the user on the gaming
venue floor.
[0083] It should be appreciated that while gaming devices are
publicly accessible on a gaming floor there is a risk of the
devices or the network connecting such devices being compromised
and malicious data being injected into the gaming network. This is
a particular problem where networked gaming devices on the gaming
floor may have game server functionality. For example, a player
operable gaming machine may have both game client and gamer server
capability to enable implementation of games where one game machine
operates as a game server to control aspects of a game being played
on other gaming machines acting as game clients. It should be
understood that in such embodiments the gaming server is more
vulnerable to attack than an embodiment where the game server is
inaccessible to the public.
[0084] Malicious data may effect the operation of individual gaming
machines, servers or degrade network performance in an unacceptable
manner, for example preventing the system from operating in
compliance within regulatory requirements. This risk exists in all
network connected gaming systems and the ability to mitigate this
risk is severely limited in current systems.
[0085] FIG. 6 illustrates and example of a network interface 600
for use in a network connectable gaming device 610. The network
interface 600 includes a data handler 630 and a firewall 620. The
data handler 630 is adapted to process the transfer of data between
a connected network 605 and a gaming device processor 630 using
processing resources independent of those used for processing game
play functions. For example, the data handler performs protocol
stack operations for transmitting data from the gaming device to
the network and receiving data for the gaming device from the
network. The protocol stack processing performed by the data
handler may vary depending on the embodiment. The firewall 620 is
adapted to inhibit transfer of at least some unauthorised data
between a network 605 and a gaming device controller 640. The
firewall may be implemented as a hardware firewall or as a firewall
engine in a processor adapted to apply firewall rules to inhibit or
allow data transfer. In various embodiments firewall rules can be
defined specific for the gaming device and game being played.
[0086] Incorporating the firewall into the network interface
enables firewall operations to be executed using processing and
memory resources which are independent of the gaming device
processing resources used for controlling game play.
[0087] It should be appreciated that a network interface having a
firewall can be utilised in a number of different types of gaming
devices, such as stand alone gaming machines, networked gaming
machines for thin or thick client embodiments, gaming servers, game
controllers etc. By integrating a firewall into the network
interface for individual devices, the devices can be protected
individually from malicious data which may be injected into the
internal gaming network.
[0088] FIGS. 7a and 7b illustrate two alternative embodiments of a
network interface in the form of an Ethernet card adapted for
installation in a gaming device. The Ethernet card 710 represented
in FIG. 7a has an Ethernet port 715 for connection to a network
(not shown) and a serial port 740 for establishing a data
connection to the processor of a gaming device (not shown). It
should be appreciated by a person skilled in the art that the
serial port 740 may be connected to a motherboard of a gaming
device via a direct connection, cable or wired connection or via a
backplane or other connecting board to provide data communication
between a gaming device controller and the network interface.
[0089] In this embodiment the data handler 730 and firewall 720 are
provided using different hardware components. For example, the data
handler 730 may be a digital signal processor (DSP) adapted to
perform data link layer and network layer protocol stack
processing. In this embodiment the firewall 720 is implemented
using a separate processor. For example, the firewall may be
implemented using a microprocessor having firewall rules programmed
in microprocessor memory. The firewall 720 may also be implemented
using a hardware device having firewall rules hardwired or
programmed into the device, for example an application specific
integrated circuit (ASIC) or field programmable gate array (FPGA).
Using an ASIC or FPGA for implementing the firewall can minimise
the hardware required and provide processing speed advantages over
a generic microprocessor. Further an ASIC embodiment having fixed
firewall rules and no re-programming facility can have an advantage
in that the firewall itself cannot be compromised by a malicious
attempt to reprogram the firewall rules. However, there is a trade
off in such an embodiment wherein authorised reprogramming of
firewall rules hardwired in the ASIC is also not possible.
[0090] The firewall processor and DSP are in data communication,
such that the firewall can inspect each data packet as it is
processed by the data handler and apply firewall rules to allow or
deny data transfer. Allowed packets will be processed by the data
handler and the data transferred to the gaming device processor via
the serial port 740. Denied data packets can be ignored, also known
as being dropped, by the data handler and processing discontinued
for these packets.
[0091] The firewall can be implemented as a rule engine in
communication with the data handler to apply firewall rules to the
data being processed by the data handler, and instruct accepting or
rejecting of data packets. For example, firewall rules may define
that data packets only originating from a group of defined
addresses may be allowed. The firewall microprocessor is provided
with a packet origin address by the data handler, checks whether
the address is valid and instructs the data handler to drop a data
packet from an unknown and invalid address and continue processing
of a packet from a known and valid address. Alternatively or
additionally, the firewall rules may require the firewall to
inspect the data format or content to determine whether the data
packet complies with a gaming system specific protocol or is
relevant to a particular game being played.
[0092] The firewall may also be adapted to perform additional
actions, such as send an alarm signal to a server or send a signal
to cause the gaming device to shut down, inhibit further game play
or otherwise quarantine the gaming device from malicious data. For
example, in response to malicious data detection from the firewall
a game machine may inhibit play and display an "out of order"
message. Any patron playing the machine when the detection occurred
may be directed to contact the gaming floor supervisor or staff.
Alternatively, a stand alone gaming machine may close its network
connection in response to detection of malicious data by the
firewall. This enables gaming to continue locally but prevents any
network accessible features. For example, in this case the gaming
machine may still be played using credit entered at the gaming
machine in the form of physical notes, coins, tokens or tickets,
but be disabled from a player using credit from a network
accessible account. The game machine will also be prevented from
participating in any network implemented bonus scheme while
disconnected from the network. Participation in jackpots or
multiplayer features may also be inhibited.
[0093] The firewall 725 can be implemented in the same processor as
the data handler 735. An example of an embodiment having an
integrated firewall 725 and data handler 735 is illustrated in FIG.
7b. In this embodiment the data handler processor 735 executes both
firewall and data handling functions. For example, a digital signal
processor may be programmed to apply firewall rules while
processing a data packet though a protocol stack. The firewall
rules applicable for each protocol layer can be applied to the data
packet during processing operations for that layer. In accordance
with the firewall rules the processing of the next layer can
continue or be terminated.
[0094] In some embodiment the firewall may be provided with
additional information by a gaming processor, such as a game state,
which may also be used when applying game rules. For example, a
game state may be used to select appropriate rules such as a
"reject all" rule if the game is in a state where no data is
expected to be received from the network. In an alternative example
the game state may be information applied during processing of a
firewall rule, such as identifying a mismatch where a data packet
is received from a valid origin but when the game is in a state
where no data is expected from this origin. In an alternative
embodiment the firewall may be adapted to read additional
information such as a game state from memory used by the gaming
processor. The game state may be stored in memory used by the
firewall processor which is independent of memory used for
processing game play functions, for example a game processor may
send a game state signal to a firewall processor to update the game
state stores in firewall memory each time the game state changes.
The firewall processor can then use the game state stored in memory
so no exchange of information between the separate game processor
and firewall processor is required during application of firewall
rules to received packets.
[0095] An example of a process for receiving a data packet from the
network is illustrated in FIG. 8. A data packet is received from
the network 810 by the network interface. The initial packet
reception can include error detection, such as checksum tests,
performed by the data handler to ensure the physical reception of
data from the network is of adequate quality before beginning data
processing. The packet header is examined and address information
is read from the data packet header, for example media access
control (MAC) address information. Firewall rules can be applied to
this address information 825 to determine whether the address
information indicates an invalid packet. For example, the firewall
rules may compare the address information against known authorised
packet origin addresses or known blocked/unauthorised addresses.
Packets from blocked addresses will be deemed invalid. In some
cases packets from unknown addresses may also be deemed invalid
depending on the defined rule. Alternatively, parts of the address
information may be compared against defined criteria and the packet
deemed invalid if the criteria are not met. For example, multicast
data packets may be automatically deemed invalid. Processing for
the packet is stopped 880 if the packet is deemed invalid.
Otherwise the processing continues with examination of the packet
payload data 830.
[0096] Firewall rules may define allowed formats for the packet
payload data. For example, a header of packet payload data may be
read to determine whether the data format is valid in accordance
with firewall rules 840 and processing stopped for any invalid
packets 880. The game state may also be checked 850 to determine
whether or not the data packet is valid in the context of the game
860. For example, based on whether or not the data is expected in
the read game state or whether the data is in the correct format
for the game state. Where the data packet is allowed in accordance
with the firewall rules the data packet is processed 870 as
necessary for transfer to the processor executing gaming functions
and transferred 875 to the gaming device processor. It should be
appreciated that the gaming device processor has been quarantined
from the data and not been involved in any data processing until
the data is transferred in step 875.
[0097] Where the packet is deemed invalid in accordance with the
firewall rules the processing is stopped 880. The data handler then
proceeds to process the next packet received from the network
810.
[0098] It should be appreciated that the level of packet data
analysis by the firewall may vary in different embodiments. For
example, the firewall may act as a simple packet filter accepting
or rejecting packets based on packet header data, or perform more
comprehensive analysis of packet payload data to determine whether
the data is valid in the gaming system or in the context of game
play. The complexity of the firewall may vary depending on the type
of gaming device enabling the firewall functionality to be targeted
to protection required for the specific type of gaming device.
[0099] In some embodiments the firewall can be implemented using a
programmable processor or using rules stored in programmable
memory, thus enabling the firewall to be updated and firewall rules
modified if necessary. This also enables game specific firewall
modifications, such as adding rules for new game states or to
recognise game data specific to a particular game.
[0100] Integrating a firewall into the network interface of a
gaming device can have advantages for hardware footprint
minimisation. This is important advantage for gaming venues where
the number of gaming devices which can be made available to patrons
for their enjoyment is limited by the physical size of the gaming
devices.
[0101] An embodiment having an integrated data handler and firewall
implemented in a single processor can have advantages for
minimising the hardware required for the device. This embodiment
may also provide processing and programming advantages as the need
for interwork between separate data handler and firewall processors
is alleviated. However, the program for the data handler may be
complicated by including the application of firewall rules and any
required additional instructions for actions taken in the event of
malicious data being detected.
[0102] A set of instructions or program integrating the data
handler and firewall may be installed in a processor of a
pre-existing network interface card to upgrade the card to have the
firewall functionality. For example, a pre-existing Ethernet card
having a sufficiently powerful DSP or microprocessor, may be
re-programmed using a set of instructions for an integrated data
handler and firewall.
[0103] Although the above embodiments describe a separate network
interface card, the network interface including a firewall can also
be provided on a main circuit board for a gaming device to minimise
the hardware footprint, in this instance the main circuit board
would include two separate processors, a first processor for
executing gaming functions and a second processor for executing the
data handling and firewall functions of the network interface.
[0104] It should be appreciated from the above examples that the
processing resources used in the network interface for data
handling and implementing firewall functionality are independent of
the processing resources used by the gaming device for implementing
aspects of game play. For example, in the embodiments illustrated
in FIGS. 7a and b the network interface is implemented as an
Ethernet card having one or more processors which are adapted to
perform data handling and firewall functions. Any data which is
allowed by the firewall, in accordance with the firewall rules, is
transferred via serial port 740 to a main board of the gaming
device on which resides a main processor for implementing gaming
functions, such as functions of a game controller, outcome
generator or player interface.
[0105] Using processing capability which is independent of the
gaming device processing capability isolates firewall processing
from game processing. For example, if a software firewall was
implemented in a gaming machine the firewall processing and game
processing will both execute on the gaming machine processor,
sharing the processing resources. If the gaming machine has a
random number generator which executes in the gaming machine
processor, this presents a risk of the random number generation
function failing to operate in accordance with regulatory
requirements if the processor becomes overloaded.
[0106] For example, if the Ethernet network connecting the game
machines was compromised and a flood of data injected into the
network, then the firewall may consume all or substantially all the
processing capacity of the gaming machine processor for handling
and filtering the malicious data packets. As a consequence the
operation of the random number generator may be slowed or affected
in some way which compromises the randomness of the results. It
should be appreciated by persons skilled in the art that
maintaining the integrity of the random number generation process
is critical to the operation of a gaming machine or system. It
should further be appreciated that by using processing resources
for firewall functions which are independent of processing
resources used for random number generation the above problem can
be avoided.
[0107] Embodiments can provide the network interface and gaming
processing resources on a single circuit board using one or more
processors for gaming functions which are separate from one or more
processors used for data handling and firewall functions. In some
embodiments some resources, such as memory resources, may be shared
or accessible to both processors. Care must be taken in such an
embodiment that interference does not occur to effect performance
of the processor executing gaming functions. In other embodiments
each processor has its own independent memory resources.
[0108] It will be understood to persons skilled in the art of the
invention that many modifications may be made without departing
from the spirit and scope of the invention, in particular it will
be apparent that certain features of the invention can be combined
to form further embodiments. Although an Ethernet network has been
used as an example, embodiments of the network interface for
alternative networks, including various embodiments of wired,
optical and wireless networks, are envisaged.
[0109] It is to be understood that, if any prior art publication is
referred to herein, such reference does not constitute an admission
that the publication forms a part of the common general knowledge
in the art, in Australia or any other country.
[0110] In the claims which follow and in the preceding description,
except where the context requires otherwise due to express language
or necessary implication, the word "comprise" or variations such as
"comprises" or "comprising" is used in an inclusive sense, i.e. to
specify the presence of the stated features but not to preclude the
presence or addition of further features in various embodiments of
the invention.
[0111] It will be understood that the invention disclosed and
defined in this specification extends to all alternative
combinations of two or more of the individual features mentioned or
evident from the text or drawings. All of these different
combinations constitute various alternative aspects of the
invention.
[0112] It will be appreciated by persons skilled in the art that
numerous variations and/or modifications may be made to the
invention as shown in the specific embodiments without departing
from the spirit or scope of the invention as broadly described. The
present embodiments are, therefore, to be considered in all
respects as illustrative and not restrictive. Several embodiments
are described above with reference to the drawings. These drawings
illustrate certain details of specific embodiments that implement
the systems and methods and programs of the present invention.
However, describing the invention with drawings should not be
construed as imposing on the invention any limitations associated
with features shown in the drawings. It will be understood that the
invention disclosed and defined in this specification extends to
all alternative combinations of two or more of the individual
features mentioned or evident from the text or drawings. All of
these different combinations constitute various alternative aspects
of the invention.
[0113] The present invention contemplates methods, systems and
program products on any electronic device and/or machine-readable
media suitable for accomplishing its operations. Certain
embodiments of the present invention may be implemented using an
existing computer processor and/or by a special purpose computer
processor incorporated for this or another purpose or by a
hardwired system, for example.
[0114] Embodiments within the scope of the present invention
include program products comprising machine-readable media for
carrying or having machine-executable instructions or data
structures stored thereon. Such machine-readable media can be any
available media that can be accessed by a general purpose or
special purpose computer or other machine with a processor. By way
of example, such machine-readable media may comprise RAM, ROM,
PROM, EPROM, EEPROM, Flash, CD-ROM or other optical disk storage,
magnetic disk storage or other magnetic storage devices, or any
other medium which can be used to carry or store desired program
code in the form of machine-executable instructions or data
structures and which can be accessed by a general purpose or
special purpose computer or other machine with a processor. When
information is transferred or provided over a network or another
communications connection (either hardwired, wireless, or a
combination of hardwired or wireless) to a machine, the machine
properly views the connection as a machine-readable medium. Thus,
any such a connection is properly termed a machine-readable medium.
Combinations of the above are also included within the scope of
machine-readable media. Machine-executable instructions comprise,
for example, instructions and data which cause a general purpose
computer, special purpose computer, or special purpose processing
machines to perform a certain function or group of functions.
* * * * *