NETWORK INTERFACE, GAMING SYSTEM AND GAMING DEVICE

An example gaming device and network interface device adapted to connect a gaming device to a network are provided. The network interface device includes a data handler and a firewall. The data handler has processing and memory resources, and is adapted to perform data handling functions for transferring data between a network and a gaming device controller. The firewall is adapted to inhibit transfer of at least some unauthorised data received from the network to the gaming device controller.

Skip to: Description  ·  Claims  · Patent History  ·  Patent History
Description
CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims the benefit of priority to Australian Provisional Patent Application No. 2008904365, filed on Aug. 22, 2008, entitled “NETWORK INTERFACE, GAMING SYSTEM AND GAMING DEVICE”, which is herein incorporated by reference in its entirety.

FIELD

The field of the invention is networked gaming systems and network connectable gaming devices for use in gaming systems.

BACKGROUND

Gaming systems wherein two or more gaming devices are connected via a network are known. A known example of such as networked gaming system is a private network implemented within a gaming venue. In such systems the network security is an important to ensure the gaming system performs correctly for player enjoyment.

While such gaming systems provide users with enjoyment, a need exists for alternative gaming systems in order to maintain or increase player enjoyment.

SUMMARY

A first aspect provides a network interface device adapted to connect a gaming device to a network, the network interface device including:

    • a data handler having processing and memory resources, the data handler being adapted to perform data handling functions for transferring data between a network and a gaming device controller; and
    • a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the gaming device controller.

In some embodiments the firewall uses processing and memory resources which are independent of the gaming device controller.

The firewall can be implemented as a function of the data handler. For example, data handler can be implemented using one or more of a digital signal processor, micro-controller, microprocessor, microcomputer or FPGA. The firewall can determine whether to allow or deny data transfer based on fire wall rules. In some embodiments the data handler is programmable to update firewall rules.

An embodiment of the network interface device further includes:

    • a first data port adapted for establishing a data connection with a network; and
    • a second data port for establishing a data connection with a controller of a gaming device.

In an embodiment the first data port is an Ethernet port.

The second port can be a serial data port.

The data handler can be further adapted to convert packetized data received from the network to serial data for outputting to the device controller.

The network interface device can be implemented as a network interface card adapted for installation into a gaming device. For example, the network interface card can be an Ethernet card.

The gaming device for which the network interface card is adapted can be any one or more of a gaming machine, a gaming server, a game controller, a game tournament controller, a bonus server, a player interface module or a player tracking module.

A second aspect provides a gaming device including:

    • a controller adapted to execute game functions; and
    • a network interface including:
      • a data handler having processing resources independent of the controller, the data handler being adapted to perform data handling functions for transferring of data between the network and the controller, and
      • a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the controller.

The firewall can be implemented using processing and memory resources which are independent of the controller.

The firewall can be implemented as a function of the data handler.

The data handler can be implemented using one or more of a digital signal processor, micro-controller, microprocessor, microcomputer or FPGA.

The gaming device can be a gaming machine, a gaming server, a game controller, a game tournament controller, a bonus server, a player interface module or a player tracking module.

A third aspect provides a networked gaming system including:

    • one or more gaming devices connected for data communication via a network, wherein at least one gaming devices includes:
      • a controller adapted to execute game functions; and
      • a network interface including:
        • a data handler having processing resources independent of the controller, the data handler being adapted to perform data handling functions for transferring of data between the network and the controller, and
        • a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the controller.

In an embodiment of the networked gaming system each gaming device connected via the network includes a network interface having a firewall.

A fourth aspect provides a method of enhancing security in a networked gaming system, the method including providing a firewall adapted to operate during reception of data from a network to inhibit at least some unauthorised data being transferred to a gaming device controller.

The method can further include the step of providing a gaming device with a network interface card having data handling processing resources independent of processing resources used by the gaming device for executing gaming functions, wherein the data handling processing resources are used for:

    • receiving data from the network;
    • applying firewall rules to inhibit or allow data; and
    • transferring any allowed data to the gaming device controller.

In an embodiment the network interface card is an Ethernet card.

The method can further include the step of updating firewall rules.

A fifth aspect provides a program including computer readable instructions which when executed by a processor of a network interface card cause the processor to implement the above method.

A sixth aspect provides a computer readable medium including computer readable instructions which when executed by a processor of a network interface card cause the processor to implement the above method.

A seventh aspect provides a data signal including the above program.

An eighth aspect provides a processor device for a network interface programmed with instructions which when executed cause the processor device to implement the above method.

BRIEF DESCRIPTION OF DRAWINGS

Certain exemplary embodiments of the invention will now be described with reference to the accompanying drawings in which:

FIG. 1 is a block diagram of the core components of a gaming system;

FIG. 2 is a perspective view of a stand alone gaming machine;

FIG. 3 is a block diagram of the functional components of a gaming machine;

FIG. 4 is a schematic diagram of the functional components of a memory;

FIG. 5 is a schematic diagram of a network gaming system;

FIG. 6 is a further block diagram of a gaming system;

FIGS. 7a and 7b illustrate two embodiments of network interface cards; and

FIG. 8 is a flow chart of an embodiment.

Features, further aspects, and advantages of the present invention will become apparent from the following description of embodiments thereof, by way of example only, with reference to the accompanying drawings. Also, various embodiments of the aspects described in the preceding paragraphs will be apparent from the appended claims, the following description and/or the accompanying drawings. It should be understood, however, that the present invention is not limited to the arrangements and instrumentality shown in the attached drawings.

DETAILED DESCRIPTION

Although the following discloses example methods, systems, articles of manufacture, and apparatus including, among other components, software executed on hardware, it should be noted that such methods and apparatus are merely illustrative and should not be considered as limiting. For example, it is contemplated that any or all of these hardware and software components could be embodied exclusively in hardware, exclusively in software, exclusively in firmware, or in any combination of hardware, software, and/or firmware. Accordingly, while the following describes example methods, systems, articles of manufacture, and apparatus, the examples provided are not the only way to implement such methods, systems, articles of manufacture, and apparatus.

When any of the appended claims are read to cover a purely software and/or firmware implementation, in at least one embodiment, at least one of the elements is hereby expressly defined to include a tangible medium such as a memory, DVD, CD, etc. storing the software and/or firmware.

Referring to the drawings, there is shown a gaming system wherein gaming devices, such as player operable gaming machines, of the system can be connected via a network. Each gaming device includes a network interface to enable connection to the network. The network interface includes a data handler having processing and memory resources, the data handler being adapted to perform data handling functions for transferring data between a network and a gaming device controller. The network interface can be provided with a firewall to inhibit transfer of at least some unauthorised data from the network to the gaming device controller thus, improving security in the networked gaming system. The firewall can be implemented to use processing and memory resources which are independent of the processing resources used by the gaming device for controlling game play.

A gaming system can take a number of different forms. In a first form, a stand alone gaming machine is provided wherein all or most components to implement the game are present in a player operable gaming machine.

In a second form, a distributed architecture is provided wherein some of the components to implement the game are present in a player operable gaming machine and some of the components to implement the game are located remotely relative to the gaming machine. For example, a “thick client” architecture may be used wherein part of the game is executed on a player operable gaming machine and part of the game is executed remotely, such as by a gaming server; or a “thin client” architecture may be used wherein most of the game is executed remotely such as by a gaming server and a player operable gaming machine is used only to display audible and/or visible gaming information to the player and receive gaming inputs from the player.

However, it will be understood that other arrangements are envisaged. For example, an architecture may be provided wherein a gaming machine is networked to a gaming server and the respective functions of the gaming machine and the gaming server are selectively modifiable. For example, the gaming system may operate in stand alone gaming machine mode, “thick client” mode or “thin client” mode depending on the game being played, operating conditions, and so on. Other variations will be apparent to persons skilled in the art.

Irrespective of the form, the gaming system includes several core components. At the broadest level, the core components are a player interface 50 and a game controller 60 as illustrated in FIG. 1. The player interface is arranged to enable manual interaction between a player and the gaming system and for this purpose includes the input/output components for the player to enter instructions to play the game and observe the game outcomes.

Components of the player interface may vary from embodiment to embodiment but will typically include a credit mechanism 52 to enable a player to input credits and receive payouts, one or more displays 54, a game play mechanism 56 that enables a player to input game play instructions (e.g. to place a wager), and one or more speakers 58.

The game controller 60 is in data communication with the player interface and typically includes a processor 62 that processes the game play instructions in accordance with game play rules and outputs game play outcomes to the display. Typically, the game play instructions are stored as program code in a memory 64 but can also be hardwired. Herein the term “processor” is used to refer generically to any device that can process game play instructions in accordance with game play rules and may include: a microprocessor, microcontroller, programmable logic device or other computational device, a general purpose computer (e.g. a PC) or a server.

A gaming system in the form of a stand alone gaming machine 202 is illustrated in FIG. 2. The gaming machine 202 includes a console 12 having a display 14 on which are displayed representations of a game 16 that can be played by a player. A mid-trim 20 of the gaming machine 202 houses a bank of buttons 22 for enabling a player to interact with the gaming machine, in particular during game play. The mid-trim 20 also houses a credit input mechanism 24 which in this example includes a coin input chute 24A and a bill collector 24B. Other credit input mechanisms may also be employed, for example, a card reader for reading a smart card, debit card or credit card. Other gaming machines may configure for ticket in such that they have a ticket reader for reading tickets having a value and crediting the player based on the face value of the ticket. A player marketing module (not shown) having a reading device may also be provided for the purpose of reading a player tracking device, for example as part of a loyalty program. The player tracking device may be in the form of a card, flash drive or any other portable storage medium capable of being read by the reading device. In some embodiments, the player marketing module may provide an additional credit mechanism, either by transferring credits to the gaming machine from credits stored on the player tracking device or by transferring credits from a player account in data communication with the player marketing module.

A top box 26 may carry artwork 28, including for example pay tables and details of bonus awards and other information or images relating to the game. Further artwork and/or information may be provided on a front panel 29 of the console 12. A coin tray 30 is mounted beneath the front panel 29 for dispensing cash payouts from the gaming machine 202.

The display 14 shown in FIG. 2 is in the form of a video display unit, particularly a cathode ray tube screen device. Alternatively, the display 14 may be a liquid crystal display, plasma screen, any other suitable video display unit, or the visible portion of an electromechanical device. The top box 26 may also include a display, for example a video display unit, which may be of the same type as the display 14, or of a different type.

FIG. 3 shows a block diagram of operative components of a typical gaming machine which may be the same as or different to the gaming machine of FIG. 2.

The gaming machine 100 includes a game controller 101 having a processor 102. Instructions and data to control operation of the processor 102 are stored in a memory 103, which is in data communication with the processor 102. Typically, the gaming machine 100 will include both volatile and non-volatile memory and more than one of each type of memory, with such memories being collectively represented by the memory 103.

The gaming machine has hardware meters 104 for purposes including ensuring regulatory compliance and monitoring player credit, an input/output (I/O) interface 105 for communicating with peripheral devices of the gaming machine 100. The input/output interface 105 and/or the peripheral devices may be intelligent devices with their own memory for storing associated instructions and data for use with the input/output interface or the peripheral devices. A random number generator module 113 generates random numbers for use by the processor 102. Persons skilled in the art will appreciate that the reference to random numbers includes pseudo-random numbers.

In the example shown in FIG. 3, a player interface 120 includes peripheral devices that communicate with the game controller 101 include one or more displays 106, a touch screen and/or buttons 107 (which provide a game play mechanism), a card and/or ticket reader 108, a printer 109, a bill acceptor and/or coin input mechanism 110 and a coin output mechanism 111. Additional hardware may be included as part of the gaming machine 100, or hardware may be omitted based on the specific implementation. For example, while buttons or touch screens are typically used in gaming machines to allow a player to place a wager and initiate a play of a game any input device that enables the player to input game play instructions may be used. For example, in some gaming machines a mechanical handle is used to initiate a play of the game.

In addition, the gaming machine 100 may include a communications interface, for example a network card 112. The network card may, for example, send status information, accounting information or other information to a central controller, server or database and receive data or commands from the central controller, server or database. In embodiments employing a player marketing module, communications over a network may be via player marketing module—i.e. the player marketing module may be in data communication with one or more of the above devices and communicate with it on behalf of the gaming machine. In accordance with network card embodiments described herein, the network card 112 can include a firewall to inhibit any malicious data circulating on a connected network from being transferred to the game controller processor 102.

FIG. 4 shows a block diagram of the main components of an exemplary memory 103. The memory 103 includes RAM 103A, EPROM 103B and a mass storage device 103C. The RAM 103A typically temporarily holds program files for execution by the processor 102 and related data. The EPROM 103B may be a boot ROM device and/or may contain some system or game related code. The mass storage device 103C is typically used to store game programs, the integrity of which may be verified and/or authenticated by the processor 102 using protected code from the EPROM 103B or elsewhere.

It is also possible for the operative components of the gaming machine 100 to be distributed, for example input/output devices 106, 107, 108, 109, 110, 111 to be provided remotely from the game controller 101.

FIG. 5 shows a gaming system 200 in accordance with an alternative embodiment. The gaming system 200 includes a network 201, which for example may be an Ethernet network. Gaming machines 202, shown arranged in three banks 203 of two gaming machines 202 in FIG. 5, are connected to the network 201. The gaming machines 202 provide a player operable interface and may be the same as the gaming machines 10, 100 shown in FIGS. 2 and 3, or may have simplified functionality depending on the rules, guidelines, requirements, and/or preferences for implementing game play. While banks 203 of two gaming machines are illustrated in FIG. 5, banks of one, three or more gaming machines are also envisaged.

One or more displays 204 may also be connected to the network 201. For example, the displays 204 may be associated with one or more banks 203 of gaming machines. The displays 204 may be used to display representations associated with game play on the gaming machines 202, and/or used to display other representations, for example promotional or informational material.

In a thick client embodiment, game server 205 implements part of the game played by a player using a gaming machine 202 and the gaming machine 202 implements part of the game. With this embodiment, as both the game server and the gaming device implement part of the game, they collectively provide a game controller. A database management server 206 may manage storage of game programs and associated data for downloading or access by the gaming devices 202 in a database 206A. Typically, if the gaming system enables players to participate in a Jackpot game, a Jackpot server 207 will be provided to perform accounting functions for the Jackpot game. A loyalty program server 212 may also be provided.

In a thin client embodiment, game server 205 implements most or all of the game played by a player using a gaming machine 202 and the gaming machine 202 essentially provides only the player interface. With this embodiment, the game server 205 provides the game controller. The gaming machine will receive player instructions, pass these to the game server which will process them and return game play outcomes to the gaming machine for display. In a thin client embodiment, the gaming machines could be computer terminals, e.g. PCs running software that provides a player interface operable using standard computer input and output components. Other client/server configurations are possible, and further details of a client/server architecture can be found in WO 2006/052213 and PCT/SE2006/000559, the disclosures of which are incorporated herein by reference.

Servers are also typically provided to assist in the administration of the gaming network 200, including for example a gaming floor management server 208, and a licensing server 209 to monitor the use of licenses relating to particular games. An administrator terminal 210 is provided to allow an administrator to run the network 201 and the devices connected to the network.

Persons skilled in the art will appreciate that in accordance with known techniques, functionality at the server side of the network may be distributed over a plurality of different computers. For example, elements may be run as a single “engine” on one server or a separate server may be provided. For example, the game server 205 could run a random generator engine. Alternatively, a separate random number generator server could be provided. Further, persons skilled in the art will appreciate that a plurality of game servers could be provided to run different games or a single game server may run a plurality of different games based on the terminals.

The gaming system 200 may communicate with other gaming systems, other local networks, for example a corporate network, and/or a wide area network such as the Internet, for example through a firewall 211. Persons skilled in the art should appreciate that the firewall 211 acts to prevent malicious data which may exist on an external network, such as the Internet or a wide area network, from entering the gaming network. For example the firewall 211 may be associated with an access server providing a connection to another network.

Great care is taken in gaming venues to ensure the security of the gaming network 201. Typical security measures include limiting physical access to the gaming system network cabling and servers. Data access is also limited to authorised personnel or equipment through use of passwords and authorised access procedures from within the gaming network 201. The external firewall 211 is provided to protect the gaming network 201 against external attacks or malicious data present on an external network.

Prohibiting physical access to gaming servers and control equipment is effective where most gaming functionality is resident in the servers, for example the thin client embodiment described above. However, physical isolation of all equipment implementing critical game functions is not possible in a thick client embodiment where part of the game is implemented in the gaming machines 202 on the gaming floor. Similarly some stand alone game machines may be network connectable, for example for monitoring or player tracking. In these cases the game is implemented entirely in the gaming machine 202 which is played by the user on the gaming venue floor.

It should be appreciated that while gaming devices are publicly accessible on a gaming floor there is a risk of the devices or the network connecting such devices being compromised and malicious data being injected into the gaming network. This is a particular problem where networked gaming devices on the gaming floor may have game server functionality. For example, a player operable gaming machine may have both game client and gamer server capability to enable implementation of games where one game machine operates as a game server to control aspects of a game being played on other gaming machines acting as game clients. It should be understood that in such embodiments the gaming server is more vulnerable to attack than an embodiment where the game server is inaccessible to the public.

Malicious data may effect the operation of individual gaming machines, servers or degrade network performance in an unacceptable manner, for example preventing the system from operating in compliance within regulatory requirements. This risk exists in all network connected gaming systems and the ability to mitigate this risk is severely limited in current systems.

FIG. 6 illustrates and example of a network interface 600 for use in a network connectable gaming device 610. The network interface 600 includes a data handler 630 and a firewall 620. The data handler 630 is adapted to process the transfer of data between a connected network 605 and a gaming device processor 630 using processing resources independent of those used for processing game play functions. For example, the data handler performs protocol stack operations for transmitting data from the gaming device to the network and receiving data for the gaming device from the network. The protocol stack processing performed by the data handler may vary depending on the embodiment. The firewall 620 is adapted to inhibit transfer of at least some unauthorised data between a network 605 and a gaming device controller 640. The firewall may be implemented as a hardware firewall or as a firewall engine in a processor adapted to apply firewall rules to inhibit or allow data transfer. In various embodiments firewall rules can be defined specific for the gaming device and game being played.

Incorporating the firewall into the network interface enables firewall operations to be executed using processing and memory resources which are independent of the gaming device processing resources used for controlling game play.

It should be appreciated that a network interface having a firewall can be utilised in a number of different types of gaming devices, such as stand alone gaming machines, networked gaming machines for thin or thick client embodiments, gaming servers, game controllers etc. By integrating a firewall into the network interface for individual devices, the devices can be protected individually from malicious data which may be injected into the internal gaming network.

FIGS. 7a and 7b illustrate two alternative embodiments of a network interface in the form of an Ethernet card adapted for installation in a gaming device. The Ethernet card 710 represented in FIG. 7a has an Ethernet port 715 for connection to a network (not shown) and a serial port 740 for establishing a data connection to the processor of a gaming device (not shown). It should be appreciated by a person skilled in the art that the serial port 740 may be connected to a motherboard of a gaming device via a direct connection, cable or wired connection or via a backplane or other connecting board to provide data communication between a gaming device controller and the network interface.

In this embodiment the data handler 730 and firewall 720 are provided using different hardware components. For example, the data handler 730 may be a digital signal processor (DSP) adapted to perform data link layer and network layer protocol stack processing. In this embodiment the firewall 720 is implemented using a separate processor. For example, the firewall may be implemented using a microprocessor having firewall rules programmed in microprocessor memory. The firewall 720 may also be implemented using a hardware device having firewall rules hardwired or programmed into the device, for example an application specific integrated circuit (ASIC) or field programmable gate array (FPGA). Using an ASIC or FPGA for implementing the firewall can minimise the hardware required and provide processing speed advantages over a generic microprocessor. Further an ASIC embodiment having fixed firewall rules and no re-programming facility can have an advantage in that the firewall itself cannot be compromised by a malicious attempt to reprogram the firewall rules. However, there is a trade off in such an embodiment wherein authorised reprogramming of firewall rules hardwired in the ASIC is also not possible.

The firewall processor and DSP are in data communication, such that the firewall can inspect each data packet as it is processed by the data handler and apply firewall rules to allow or deny data transfer. Allowed packets will be processed by the data handler and the data transferred to the gaming device processor via the serial port 740. Denied data packets can be ignored, also known as being dropped, by the data handler and processing discontinued for these packets.

The firewall can be implemented as a rule engine in communication with the data handler to apply firewall rules to the data being processed by the data handler, and instruct accepting or rejecting of data packets. For example, firewall rules may define that data packets only originating from a group of defined addresses may be allowed. The firewall microprocessor is provided with a packet origin address by the data handler, checks whether the address is valid and instructs the data handler to drop a data packet from an unknown and invalid address and continue processing of a packet from a known and valid address. Alternatively or additionally, the firewall rules may require the firewall to inspect the data format or content to determine whether the data packet complies with a gaming system specific protocol or is relevant to a particular game being played.

The firewall may also be adapted to perform additional actions, such as send an alarm signal to a server or send a signal to cause the gaming device to shut down, inhibit further game play or otherwise quarantine the gaming device from malicious data. For example, in response to malicious data detection from the firewall a game machine may inhibit play and display an “out of order” message. Any patron playing the machine when the detection occurred may be directed to contact the gaming floor supervisor or staff. Alternatively, a stand alone gaming machine may close its network connection in response to detection of malicious data by the firewall. This enables gaming to continue locally but prevents any network accessible features. For example, in this case the gaming machine may still be played using credit entered at the gaming machine in the form of physical notes, coins, tokens or tickets, but be disabled from a player using credit from a network accessible account. The game machine will also be prevented from participating in any network implemented bonus scheme while disconnected from the network. Participation in jackpots or multiplayer features may also be inhibited.

The firewall 725 can be implemented in the same processor as the data handler 735. An example of an embodiment having an integrated firewall 725 and data handler 735 is illustrated in FIG. 7b. In this embodiment the data handler processor 735 executes both firewall and data handling functions. For example, a digital signal processor may be programmed to apply firewall rules while processing a data packet though a protocol stack. The firewall rules applicable for each protocol layer can be applied to the data packet during processing operations for that layer. In accordance with the firewall rules the processing of the next layer can continue or be terminated.

In some embodiment the firewall may be provided with additional information by a gaming processor, such as a game state, which may also be used when applying game rules. For example, a game state may be used to select appropriate rules such as a “reject all” rule if the game is in a state where no data is expected to be received from the network. In an alternative example the game state may be information applied during processing of a firewall rule, such as identifying a mismatch where a data packet is received from a valid origin but when the game is in a state where no data is expected from this origin. In an alternative embodiment the firewall may be adapted to read additional information such as a game state from memory used by the gaming processor. The game state may be stored in memory used by the firewall processor which is independent of memory used for processing game play functions, for example a game processor may send a game state signal to a firewall processor to update the game state stores in firewall memory each time the game state changes. The firewall processor can then use the game state stored in memory so no exchange of information between the separate game processor and firewall processor is required during application of firewall rules to received packets.

An example of a process for receiving a data packet from the network is illustrated in FIG. 8. A data packet is received from the network 810 by the network interface. The initial packet reception can include error detection, such as checksum tests, performed by the data handler to ensure the physical reception of data from the network is of adequate quality before beginning data processing. The packet header is examined and address information is read from the data packet header, for example media access control (MAC) address information. Firewall rules can be applied to this address information 825 to determine whether the address information indicates an invalid packet. For example, the firewall rules may compare the address information against known authorised packet origin addresses or known blocked/unauthorised addresses. Packets from blocked addresses will be deemed invalid. In some cases packets from unknown addresses may also be deemed invalid depending on the defined rule. Alternatively, parts of the address information may be compared against defined criteria and the packet deemed invalid if the criteria are not met. For example, multicast data packets may be automatically deemed invalid. Processing for the packet is stopped 880 if the packet is deemed invalid. Otherwise the processing continues with examination of the packet payload data 830.

Firewall rules may define allowed formats for the packet payload data. For example, a header of packet payload data may be read to determine whether the data format is valid in accordance with firewall rules 840 and processing stopped for any invalid packets 880. The game state may also be checked 850 to determine whether or not the data packet is valid in the context of the game 860. For example, based on whether or not the data is expected in the read game state or whether the data is in the correct format for the game state. Where the data packet is allowed in accordance with the firewall rules the data packet is processed 870 as necessary for transfer to the processor executing gaming functions and transferred 875 to the gaming device processor. It should be appreciated that the gaming device processor has been quarantined from the data and not been involved in any data processing until the data is transferred in step 875.

Where the packet is deemed invalid in accordance with the firewall rules the processing is stopped 880. The data handler then proceeds to process the next packet received from the network 810.

It should be appreciated that the level of packet data analysis by the firewall may vary in different embodiments. For example, the firewall may act as a simple packet filter accepting or rejecting packets based on packet header data, or perform more comprehensive analysis of packet payload data to determine whether the data is valid in the gaming system or in the context of game play. The complexity of the firewall may vary depending on the type of gaming device enabling the firewall functionality to be targeted to protection required for the specific type of gaming device.

In some embodiments the firewall can be implemented using a programmable processor or using rules stored in programmable memory, thus enabling the firewall to be updated and firewall rules modified if necessary. This also enables game specific firewall modifications, such as adding rules for new game states or to recognise game data specific to a particular game.

Integrating a firewall into the network interface of a gaming device can have advantages for hardware footprint minimisation. This is important advantage for gaming venues where the number of gaming devices which can be made available to patrons for their enjoyment is limited by the physical size of the gaming devices.

An embodiment having an integrated data handler and firewall implemented in a single processor can have advantages for minimising the hardware required for the device. This embodiment may also provide processing and programming advantages as the need for interwork between separate data handler and firewall processors is alleviated. However, the program for the data handler may be complicated by including the application of firewall rules and any required additional instructions for actions taken in the event of malicious data being detected.

A set of instructions or program integrating the data handler and firewall may be installed in a processor of a pre-existing network interface card to upgrade the card to have the firewall functionality. For example, a pre-existing Ethernet card having a sufficiently powerful DSP or microprocessor, may be re-programmed using a set of instructions for an integrated data handler and firewall.

Although the above embodiments describe a separate network interface card, the network interface including a firewall can also be provided on a main circuit board for a gaming device to minimise the hardware footprint, in this instance the main circuit board would include two separate processors, a first processor for executing gaming functions and a second processor for executing the data handling and firewall functions of the network interface.

It should be appreciated from the above examples that the processing resources used in the network interface for data handling and implementing firewall functionality are independent of the processing resources used by the gaming device for implementing aspects of game play. For example, in the embodiments illustrated in FIGS. 7a and b the network interface is implemented as an Ethernet card having one or more processors which are adapted to perform data handling and firewall functions. Any data which is allowed by the firewall, in accordance with the firewall rules, is transferred via serial port 740 to a main board of the gaming device on which resides a main processor for implementing gaming functions, such as functions of a game controller, outcome generator or player interface.

Using processing capability which is independent of the gaming device processing capability isolates firewall processing from game processing. For example, if a software firewall was implemented in a gaming machine the firewall processing and game processing will both execute on the gaming machine processor, sharing the processing resources. If the gaming machine has a random number generator which executes in the gaming machine processor, this presents a risk of the random number generation function failing to operate in accordance with regulatory requirements if the processor becomes overloaded.

For example, if the Ethernet network connecting the game machines was compromised and a flood of data injected into the network, then the firewall may consume all or substantially all the processing capacity of the gaming machine processor for handling and filtering the malicious data packets. As a consequence the operation of the random number generator may be slowed or affected in some way which compromises the randomness of the results. It should be appreciated by persons skilled in the art that maintaining the integrity of the random number generation process is critical to the operation of a gaming machine or system. It should further be appreciated that by using processing resources for firewall functions which are independent of processing resources used for random number generation the above problem can be avoided.

Embodiments can provide the network interface and gaming processing resources on a single circuit board using one or more processors for gaming functions which are separate from one or more processors used for data handling and firewall functions. In some embodiments some resources, such as memory resources, may be shared or accessible to both processors. Care must be taken in such an embodiment that interference does not occur to effect performance of the processor executing gaming functions. In other embodiments each processor has its own independent memory resources.

It will be understood to persons skilled in the art of the invention that many modifications may be made without departing from the spirit and scope of the invention, in particular it will be apparent that certain features of the invention can be combined to form further embodiments. Although an Ethernet network has been used as an example, embodiments of the network interface for alternative networks, including various embodiments of wired, optical and wireless networks, are envisaged.

It is to be understood that, if any prior art publication is referred to herein, such reference does not constitute an admission that the publication forms a part of the common general knowledge in the art, in Australia or any other country.

In the claims which follow and in the preceding description, except where the context requires otherwise due to express language or necessary implication, the word “comprise” or variations such as “comprises” or “comprising” is used in an inclusive sense, i.e. to specify the presence of the stated features but not to preclude the presence or addition of further features in various embodiments of the invention.

It will be understood that the invention disclosed and defined in this specification extends to all alternative combinations of two or more of the individual features mentioned or evident from the text or drawings. All of these different combinations constitute various alternative aspects of the invention.

It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive. Several embodiments are described above with reference to the drawings. These drawings illustrate certain details of specific embodiments that implement the systems and methods and programs of the present invention. However, describing the invention with drawings should not be construed as imposing on the invention any limitations associated with features shown in the drawings. It will be understood that the invention disclosed and defined in this specification extends to all alternative combinations of two or more of the individual features mentioned or evident from the text or drawings. All of these different combinations constitute various alternative aspects of the invention.

The present invention contemplates methods, systems and program products on any electronic device and/or machine-readable media suitable for accomplishing its operations. Certain embodiments of the present invention may be implemented using an existing computer processor and/or by a special purpose computer processor incorporated for this or another purpose or by a hardwired system, for example.

Embodiments within the scope of the present invention include program products comprising machine-readable media for carrying or having machine-executable instructions or data structures stored thereon. Such machine-readable media can be any available media that can be accessed by a general purpose or special purpose computer or other machine with a processor. By way of example, such machine-readable media may comprise RAM, ROM, PROM, EPROM, EEPROM, Flash, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code in the form of machine-executable instructions or data structures and which can be accessed by a general purpose or special purpose computer or other machine with a processor. When information is transferred or provided over a network or another communications connection (either hardwired, wireless, or a combination of hardwired or wireless) to a machine, the machine properly views the connection as a machine-readable medium. Thus, any such a connection is properly termed a machine-readable medium. Combinations of the above are also included within the scope of machine-readable media. Machine-executable instructions comprise, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing machines to perform a certain function or group of functions.

Claims

1. A network interface device adapted to connect a gaming device to a network, the network interface device comprising:

a data handler having processing and memory resources, the data handler being adapted to perform data handling functions for transferring data between a network and a gaming device controller; and
a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the gaming device controller.

2. A network interface device as claimed in claim 1 wherein the firewall uses processing and memory resources which are independent of the gaming device controller.

3. A network interface device as claimed in claim 2 wherein the firewall is implemented as a function of the data handler.

4. A network interface device as claimed in claim 3 wherein the data handler is implemented using one or more of a digital signal processor, micro-controller, microprocessor, microcomputer or FPGA.

5. A network interface device as claimed in claim 4 wherein the firewall determines whether to allow or deny data transfer based on fire wall rules.

6. A network interface device as claimed in claim 5 wherein the data handler is programmable to update firewall rules.

7. A network interface device as claimed in claim 1 further comprising:

a first data port adapted for establishing a data connection with a network; and
a second data port for establishing a data connection with a controller of a gaming device.

8. A network interface device as claimed in claim 7 wherein the first data port is an Ethernet port.

9. A network interface device as claimed in claim 8 wherein the second data port is a serial data port.

10. A network interface as claimed in claim 9 wherein the data handler is further adapted to convert packetized data received from the network to serial data for outputting to the device controller.

11. A network interface device as claimed in claim 7 implemented as a network interface card adapted for installation into a gaming device.

12. A network interface device as claimed in claim 11 wherein the network interface card is an Ethernet card.

13. A network interface device as claimed in claim 11 wherein the gaming device for which the network interface card is adapted is any one or more of a gaming machine, a gaming server, a game controller, a game tournament controller, a bonus server, a player interface module or a player tracking module.

14. A gaming device comprising:

a controller adapted to execute game functions; and
a network interface comprising: a data handler having processing resources independent of the controller, the data handler being adapted to perform data handling functions for transferring of data between the network and the controller, and a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the controller.

15. A gaming device as claimed in claim 14 wherein the firewall is implemented using processing and memory resources which are independent of the controller.

16. A gaming device as claimed in claim 14 wherein the firewall is implemented as a function of the data handler.

17. A gaming device as claimed in claim 16 wherein the data handler is implemented using one or more of a digital signal processor, micro-controller, microprocessor, microcomputer or FPGA.

18. A gaming device as claimed in claim 17 wherein the firewall determines whether to allow or deny data transfer based on fire wall rules.

19. A gaming device as claimed in claim 18 wherein the data handler is programmable to update firewall rules.

20. A gaming device as claimed in claim 14 wherein the network interface further comprises:

a first data port adapted for establishing a data connection with a network; and
a second data port for establishing a data connection with the controller.

21. A gaming device as claimed in claim 20 wherein the first data port is an Ethernet port.

22. A gaming device as claimed in claim 21 wherein the second data port is a serial data port.

23. A gaming device as claimed in claim 20 wherein the network interface is a network interface card.

24. A gaming device as claimed in claim 23 wherein the network interface card is an Ethernet card.

25. A gaming device as claimed in claim 14 wherein the gaming device is a gaming machine, a gaming server, a game controller, a game tournament controller, a bonus server, a player interface module or a player tracking module.

26. A networked gaming system comprising:

one or more gaming devices connected for data communication via a network, wherein at least one gaming devices comprises: a controller adapted to execute game functions; and a network interface comprising: a data handler having processing resources independent of the controller, the data handler being adapted to perform data handling functions for transferring of data between the network and the controller, and a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the controller.

27. A networked gaming system as claimed in claim 26 wherein each gaming device connected via the network includes a network interface having a firewall.

28. A method of enhancing security in a networked gaming system, the method comprising providing a firewall adapted to operate during reception of data from a network to inhibit at least some unauthorised data being transferred to a gaming device controller.

29. A method as claimed in claim 28 further comprising the step of providing a gaming device with a network interface card having data handling processing resources independent of processing resources used by the gaming device for executing gaming functions, wherein the data handling processing resources are used for:

receiving data from the network;
applying firewall rules to inhibit or allow data; and
transferring any allowed data to the gaming device controller.

30. A method as claimed in claim 29 wherein the network interface card is an Ethernet card.

31. A method as claimed in claim 29 further comprising the step of updating firewall rules.

32. A computer readable storage medium comprising computer readable instructions which when executed by a processor of a network interface card cause the processor to implement a method of enhancing security in a networked gaming system, the method comprising providing a firewall adapted to operate during reception of data from a network to inhibit at least some unauthorised data being transferred to a gaming device controller.

33. A processor device for a network interface programmed with instructions which when executed cause the processor device to implement a method of enhancing security in a networked gaming system, the method comprising providing a firewall adapted to operate during reception of data from a network to inhibit at least some unauthorised data being transferred to a gaming device controller.

Patent History
Publication number: 20100048304
Type: Application
Filed: Aug 21, 2009
Publication Date: Feb 25, 2010
Applicant: Aristocrat Technologies Australia PTY Limited (North Ryde)
Inventor: John Leslie Boesen (Menai)
Application Number: 12/545,509
Classifications
Current U.S. Class: Network Type (e.g., Computer Network, Etc.) (463/42)
International Classification: A63F 9/24 (20060101);