AU2011265486A1

AU2011265486A1 - Network interface, gaming system and gaming device

Info

Publication number: AU2011265486A1
Application number: AU2011265486A
Authority: AU
Inventors: John Leslie Boesen
Original assignee: Aristocrat Technologies Australia Pty Ltd
Current assignee: Aristocrat Technologies Australia Pty Ltd
Priority date: 2008-08-22
Filing date: 2011-12-22
Publication date: 2012-01-19

Abstract

Abstract Embodiments provide a gaming device and network interface device adapted to connect a gaming device to a network. 5 The network interface device includes a data handler and a firewall. The data handler has processing and memory resources, and is adapted to perform data handling functions for transferring data between a network and a gaming device controller. The firewall is adapted to 10 inhibit transfer of at least some unauthorised data received from the network to the gaming device controller. 3035902_1 (GKMatters) P78364.AU.2 22/08/08 Game server 650 Game Game device device ---------------------------------------------- ---------------------------- 605 ---- 605 Firewall Data 630 62G--- Handler 610 Game Device Controller 640 Figure 6 30359081 (GHMatters) P78384 AU2

Description

AUSTRALIA Patents Act 1990 COMPLETE SPECIFICATION Standard Patent Applicant(s): Aristocrat Technologies Australia Pty Limited Invention Title: NETWORK INTERFACE, GAMING SYSTEM AND GAMING DEVICE The following statement is a full description of this invention, including the best method for performing it known to me/us: - 2 NETWORK INTERFACE, GAMING SYSTEM AND GAMING DEVICE Related Application 5 This application is a divisional application of Australian application no. 2009210412 the disclosure of which is incorporated herein by reference. Most of the disclosure of that application is also included herein, however, reference may be made to the specification of application 10 no. 2009210412 as filed to gain further understanding of the invention claimed herein. Field 15 The field of the invention is networked gaming systems and network connectable gaming devices for use in gaming systems. Background 20 Gaming systems wherein two or more gaming devices are connected via a network are known. A known example of such as networked gaming system is a private network implemented within a gaming venue. In such systems the 25 network security is an important to ensure the gaming system performs correctly for player enjoyment. While such gaming systems provide users with enjoyment, a need exists for alternative gaming systems in order to 30 maintain or increase player enjoyment. Summary of the Invention A first aspect provides a network interface device adapted 35 to connect a gaming device to a network, the network interface device comprising: a data handler having processing and memory 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 3 resources, the data handler being adapted to perform data handling functions for transferring data between a network and a gaming device controller; and a firewall adapted to inhibit transfer of at least 5 some unauthorised data received from the network to the gaming device controller. In some embodiments the firewall uses processing and memory resources which are independent of the gaming 10 device controller. The firewall can be implemented as a function of the data handler. For example, data handler can be implemented using one or more of a digital signal processor, micro 15 controller, microprocessor, microcomputer or FPGA. The firewall can determine whether to allow or deny data transfer based on fire wall rules. In some embodiments the data handler is programmable to update firewall rules. 20 An embodiment of the network interface device further comprises: a first data port adapted for establishing a data connection with a network; and a second data port for establishing a data 25 connection with a controller of a gaming device. In an embodiment the first data port is an Ethernet port. The second port can be a serial data port. 30 The data handler can be further adapted to convert packetized data received from the network to serial data for outputting to the device controller. 35 The network interface device can be implemented as a network interface card adapted for installation into a gaming device. For example, the network interface card 3035902_1 (GHMatters) P7B364.AU.2 22/08/08 -4 can be an Ethernet card. The gaming device for which the network interface card is adapted can be any one or more of a gaming machine, a 5 gaming server, a game controller, a game tournament controller, a bonus server, a player interface module or a player tracking module. A second aspect provides a gaming device comprising: 10 a controller adapted to execute game functions; and a network interface comprising: a data handler having processing resources independent of the controller, the data handler being adapted to perform data handling functions for 15 transferring of data between the network and the controller, and a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the controller. 20 The firewall can be implemented using processing and memory resources which are independent of the controller. The firewall can be implemented as a function of the data 25 handler. The data handler can be implemented using one or more of a digital signal processor, micro-controller, microprocessor, microcomputer or FPGA. 30 The gaming device can be a gaming machine, a gaming server, a game controller, a game tournament controller, a bonus server, a player interface module or a player tracking module. 35 A third aspect provides a networked gaming system comprising: 3035902_1 (GHMatters) P78364.AU.2 22/08/08 -5 one or more gaming devices connected for data communication via a network, wherein at least one gaming devices comprises: a controller adapted to execute game functions; 5 and a network interface comprising: a data handler having processing resources independent of the controller, the data handler being adapted to perform data handling functions 10 for transferring of data between the network and the controller, and a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the controller. 15 In an embodiment of the networked gaming system each gaming device connected via the network includes a network interface having a firewall. 20 A fourth aspect provides a method of enhancing security in a networked gaming system, the method comprising providing a firewall adapted to operate during reception of data from a network to inhibit at least some unauthorised data being transferred to a gaming device controller. 25 The method can further comprise the step of providing a gaming device with a network interface card having data handling processing resources independent of processing resources used by the gaming device for executing gaming 30 functions, wherein the data handling processing resources are used for: receiving data from the network; applying firewall rules to inhibit or allow data; and 35 transferring any allowed data to the gaming device controller. 3035902_1 (GHMatters) P78364.AU.2 22/08/08 -6 In an embodiment the network interface card is an Ethernet card. The method can further comprise the step of updating 5 firewall rules. A fifth aspect provides a program comprising computer readable instructions which when executed by a processor of a network interface card cause the processor to 10 implement the above method. A sixth aspect provides a computer readable medium comprising computer readable instructions which when executed by a processor of a network interface card cause 15 the processor to implement the above method. A seventh aspect provides a data signal comprising the above program. 20 An eighth aspect provides a processor device for a network interface programmed with instructions which when executed cause the processor device to implement the above method. Brief Description of Drawings 25 An exemplary embodiment of the invention will now be described with reference to the accompanying drawings in which: 30 Figure 1 is a block diagram of the core components of a gaming system; Figure 2 is a perspective view of a stand alone gaming machine; 35 Figure 3 is a block diagram of the functional components of a gaming machine; 3035902_1 (GHMatters) P76364.AU.2 22/08/08 - 7 Figure 4 is a schematic diagram of the functional components of a memory; 5 Figure 5 is a schematic diagram of a network gaming system; Figure 6 is a further block diagram of a gaming system; 10 Figures 7a and 7b illustrate two embodiments of network interface cards; and Figure 8 is a flow chart of an embodiment. 15 Detailed Description Referring to the drawings, there is shown a gaming system wherein gaming devices, such as player operable gaming machines,.of the system can be connected via a network. 20 Each gaming device includes a network interface to enable connection to the network. The network interface includes a data handler having processing and memory resources, the data handler being adapted to perform data handling functions for transferring data between a network and a 25 gaming device controller. The network interface can be provided with a firewall to inhibit transfer of at least some unauthorised data from the network to the gaming device controller thus, improving security in the networked gaming system. The firewall can be implemented 30 to use processing and memory resources which are independent of the processing resources used by the gaming device for controlling game play. A gaming system can take a number of different forms. In a 35 first form, a stand alone gaming machine is provided wherein all or most components required for implementing the game are present in a player operable gaming machine. 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 8 In a second form, a distributed architecture is provided wherein some of the components required for implementing the game are present in a player operable gaming machine 5 and some of the components required for implementing the game are located remotely relative to the gaming machine. For example, a "thick client" architecture may be used wherein part of the game is executed on a player operable gaming machine and part of the game is executed remotely, 10 such as by a gaming server; or a "thin client" architecture may be used wherein most of the game is executed remotely such as by a gaming server and a player operable gaming machine is used only to display audible and/or visible gaming information to the player and 15 receive gaming inputs from the player. However, it will be understood that other arrangements are envisaged. For example, an architecture may be provided wherein a gaming machine is networked to a gaming server 20 and the respective functions of the gaming machine and the gaming server are selectively modifiable. For example, the gaming system may operate in stand alone gaming machine mode, "thick client" mode or "thin client" mode depending on the game being played, operating conditions, 25 and so on. Other variations will be apparent to persons skilled in the art. Irrespective of the form, the gaming system comprises several core components. At the broadest level, the core 30 components are a player interface 50 and a game controller 60 as illustrated in Figure 1. The player interface is arranged to enable manual interaction between a player and the gaming system and for this purpose includes the input/output components required for the player to enter 35 instructions to play the game and observe the game outcomes. 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 9 Components of the player interface may vary from embodiment to embodiment but will typically include a credit mechanism 52 to enable a player to input credits and receive payouts, one or more displays 54, a game play 5 mechanism 56 that enables a player to input game play instructions (e.g. to place a wager), and one or more speakers 58. The game controller 60 is in data communication with the 10 player interface and typically includes a processor 62 that processes the game play instructions in accordance with game play rules and outputs game play outcomes to the display. Typically, the game play instructions are stored as program code in a memory 64 but can also be hardwired. 15 Herein the term "processor" is used to refer generically to any device that can process game play instructions in accordance with game play rules and may include: a microprocessor, microcontroller, programmable logic device or other computational device, a general purpose computer 20 (e.g. a PC) or a server. A gaming system in the form of a stand alone gaming machine 202 is illustrated in Figure 2. The gaming machine 202 includes a console 12 having a display 14 on which are 25 displayed representations of a game 16 that can be played by a player. A mid-trim 20 of the gaming machine 202 houses a bank of buttons 22 for enabling a player to interact with the gaming machine, in particular during game play. The mid-trim 20 also houses a credit input 30 mechanism 24 which in this example includes a coin input chute 24A and a bill collector 24B. Other credit input mechanisms may also be employed, for example, a card reader for reading a smart card, debit card or credit card. Other gaming machines may configure for ticket in 35 such that they have a ticket reader for reading tickets having a value and crediting the player based on the face value of the ticket. A player marketing module (not 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 10 shown) having a reading device may also be provided for the purpose of reading a player tracking device, for example as part of a loyalty program. The player tracking device may be in the form of a card, flash drive or any 5 other portable storage medium capable of being read by the reading device. In some embodiments, the player marketing module may provide an additional credit mechanism, either by transferring credits to the gaming machine from credits stored on the player tracking device or by transferring 10 credits from a player account in data communication with the player marketing module. A top box 26 may carry artwork 28, including for example pay tables and details of bonus awards and other 15 information or images relating to the game. Further artwork and/or information may be provided on a front panel 29 of the console 12. A coin tray 30 is mounted beneath the front panel 29 for dispensing cash payouts from the gaming machine 202. 20 The display 14 shown in Figure 2 is in the form of a video display unit, particularly a cathode ray tube screen device. Alternatively, the display 14 may be a liquid crystal display, plasma screen, any other suitable video 25 display unit, or the visible portion of an electromechanical device. The top box 26 may also include a display, for example a video display unit, which may be of the same type as the display 14, or of a different type. 30 Figure 3 shows a block diagram of operative components of a typical gaming machine which may be the same as or different to the gaming machine of Figure 2. 35 The gaming machine 100 includes a game controller 101 having a processor 102. Instructions and data to control operation of the processor 102 are stored in a memory 103, 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 11 which is in data communication with the processor 102. Typically, the gaming machine 100 will include both volatile and non-volatile memory and more than one of each type of memory, with such memories being collectively 5 represented by the memory 103. The gaming machine has hardware meters 104 for purposes including ensuring regulatory compliance and monitoring player credit, an input/output (I/0) interface 105 for 10 communicating with peripheral devices of the gaming machine 100. The input/output interface 105 and/or the peripheral devices may be intelligent devices with their own memory for storing associated instructions and data for use with the input/output interface or the peripheral 15 devices. A random number generator module 113 generates random numbers for use by the processor 102. Persons skilled in the art will appreciate that the reference to random numbers includes pseudo-random numbers. 20 In the example shown in Figure 3, a player interface 120 includes peripheral devices that communicate with the game controller 101 comprise one or more displays 106, a touch screen and/or buttons 107 (which provide a game play mechanism), a card and/or ticket reader 108, a printer 25 109, a bill acceptor and/or coin input mechanism 110 and a coin output mechanism 111. Additional hardware may be included as part of the gaming machine 100, or hardware may be omitted as required for the specific implementation. For example, while buttons or touch 30 screens are typically used in gaming machines to allow a player to place a wager and initiate a play of a game any input device that enables the player to input game play instructions may be used. For example, in some gaming machines a mechanical handle is used to initiate a play of 35 the game. In addition, the gaming machine 100 may include a 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 12 communications interface, for example a network card 112. The network card may, for example, send status information, accounting information or other information to a central controller, server or database and receive 5 data or commands from the central controller, server or database. In embodiments employing a player marketing module, communications over a network may be via player marketing module - i.e. the player marketing module may be in data communication with one or more of the above 10 devices and communicate with it on behalf of the gaming machine. In accordance with network card embodiments described herein, the network card 112 can include a firewall to inhibit any malicious data circulating on a connected network from being transferred to the game 15 controller processor 102. Figure 4 shows a block diagram of the main components of an exemplary memory 103. The memory 103 includes RAM 103A, EPROM 103B and a mass storage device 103C. The RAM 20 103A typically temporarily holds program files for execution by the processor 102 and related data. The EPROM 103B may be a boot ROM device and/or may contain some system or game related code. The mass storage device 103C is typically used to store game programs, the 25 integrity of which may be verified and/or authenticated by the processor 102 using protected code from the EPROM 103B or elsewhere. It is also possible for the operative components of the 30 gaming machine 100 to be distributed, for example input/output devices 106,107,108,109,110,111 to be provided remotely from the game controller 101. Figure 5 shows a gaming system 200 in accordance with an 35 alternative embodiment. The gaming system 200 includes a network 201, which for example may be an Ethernet network. Gaming machines 202, shown arranged in three banks 203 of 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 13 two gaming machines 202 in Figure 5, are connected to the network 201. The gaming machines 202 provide a player operable interface and may be the same as the gaming machines 10,100 shown in Figures 2 and 3, or may have 5 simplified functionality depending on the requirements for implementing game play. While banks 203 of two gaming machines are illustrated in Figure 5, banks of one, three or more gaming machines are also envisaged. 10 One or more displays 204 may also be connected to the network 201. For example, the displays 204 may be associated with one or more banks 203 of gaming machines. The displays 204 may be used to display representations associated with game play on the gaming machines 202, 15 and/or used to display other representations, for example promotional or informational material. In a thick client embodiment, game server 205 implements part of the game played by a player using a gaming machine 20 202 and the gaming machine 202 implements part of the game. With this embodiment, as both the game server and the gaming device implement part of the game, they collectively provide a game controller. A database management server 206 may manage storage of game programs 25 and associated data for downloading or access by the gaming devices 202 in a database 206A. Typically, if the gaming system enables players to participate in a Jackpot game, a Jackpot server 207 will be provided to perform accounting functions for the Jackpot game. A loyalty 30 program server 212 may also be provided. In a thin client embodiment, game server 205 implements most or all of the game played by a player using a gaming machine 202 and the gaming machine 202 essentially 35 provides only the player interface. With this embodiment, the game server 205 provides the game controller. The gaming machine will receive player instructions, pass 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 14 these to the game server which will process them and return game play outcomes to the gaming machine for display. In a thin client embodiment, the gaming machines could be computer terminals, e.g. PCs running software 5 that provides a player interface operable using standard computer input and output components. Other client/server configurations are possible, and further details of a client/server architecture can be found in WO 2006/052213 and PCT/SE2006/000559, the disclosures of which are 10 incorporated herein by reference. Servers are also typically provided to assist in the administration of the gaming network 200, including for example a gaming floor management server 208, and a 15 licensing server 209 to monitor the use of licenses relating to particular games. An administrator terminal 210 is provided to allow an administrator to run the network 201 and the devices connected to the network. 20 Persons skilled in the art will appreciate that in accordance with known techniques, functionality at the server side of the network may be distributed over a plurality of different computers. For example, elements may be run as a single "engine" on one server or a 25 separate server may be provided. For example, the game server 205 could run a random generator engine. Alternatively, a separate random number generator server could be provided. Further, persons skilled in the art will appreciate that a plurality of game servers could be 30 provided to run different games or a single game server may run a plurality of different games as required by the terminals. The gaming system 200 may communicate with other gaming 35 systems, other local networks, for example a corporate network, and/or a wide area network such as the Internet, for example through a firewall 211. Persons skilled in 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 15 the art should appreciate that the firewall 211 acts to prevent malicious data which may exist on an external network, such as the Internet or a wide area network, from entering the gaming network. For example the firewall 211 5 may be associated with an access server providing a connection to another network. Great care is taken in gaming venues to ensure the security of the gaming network 201. Typical security 10 measures include limiting physical access to the gaming system network cabling and servers. Data access is also limited to authorised personnel or equipment through use of passwords and authorised access procedures from within the gaming network 201. The external firewall 211 is 15 provided to protect the gaming network 201 against external attacks or malicious data present on an external network. Prohibiting physical access to gaming servers and control 20 equipment is effective where most gaming functionality is resident in the servers, for example the thin client embodiment described above. However, physical isolation of all equipment implementing critical game functions is not possible in a thick client embodiment where part of 25 the game is implemented in the gaming machines 202 on the gaming floor. Similarly some stand alone game machines may be network connectable, for example for monitoring or player tracking. In these cases the game is implemented entirely in the gaming machine 202 which is played by the 30 user on the gaming venue floor. It should be appreciated that while gaming devices are publicly accessible on a gaming floor there is a risk of the devices or the network connecting such devices being 35 compromised and malicious data being injected into the gaming network. This is a particular problem where networked gaming devices on the gaming floor may have game 30359021 (GHMatters) P78364.AU,2 22/08/08 - 16 server functionality. For example, a player operable gaming machine may have both game client and gamer server capability to enable implementation of games where one game machine operates as a game server to control aspects 5 of a game being played on other gaming machines acting as game clients. It should be understood that in such embodiments the gaming server is more vulnerable to attack than an embodiment where the game server is inaccessible to the public. 10 Malicious data may effect the operation of individual gaming machines, servers or degrade network performance in an unacceptable manner, for example preventing the system from operating in compliance within regulatory 15 requirements. This risk exists in all network connected gaming systems and the ability to mitigate this risk is severely limited in current systems. Figure 6 illustrates and example of a network interface 20 600 for use in a network connectable gaming device 610. The network interface 600 includes a data handler 630 and a firewall 620. The data handler 630 is adapted to process the transfer of data between a connected network 605 and a gaming device processor 630 using processing 25 resources independent of those used for processing game play functions. For example, the data handler performs protocol stack operations for transmitting data from the gaming device to the network and receiving data for the gaming device from the network. The protocol stack 30 processing performed by the data handler may vary depending on the embodiment. The firewall 620 is adapted to inhibit transfer of at least some unauthorised data between a network 605 and a gaming device controller 640. The firewall may be implemented as a hardware firewall or 35 as a firewall engine in a processor adapted to apply firewall rules to inhibit or allow data transfer. In various embodiments firewall rules can be defined specific 30359021 (GHMatters) P78364.AU.2 22/08/08 - 17 for the gaming device and game being played. Incorporating the firewall into the network interface enables firewall operations to be executed using 5 processing and memory resources which are independent of the gaming device processing resources used for controlling game play. It should be appreciated that a network interface having a 10 firewall can be utilised in a number of different types of gaming devices, such as stand alone gaming machines, networked gaming machines for thin or thick client embodiments, gaming servers, game controllers etc. By integrating a firewall into the network interface for 15 individual devices, the devices can be protected individually from malicious data which may be injected into the internal gaming network. Figures 7a and 7b illustrate two alternative embodiments 20 of a network interface in the form of an Ethernet card adapted for installation in a gaming device. The Ethernet card 710 represented in Figure 7a has an Ethernet port 715 for connection to a network (not shown) and a serial port 740 for establishing a data connection to the processor of 25 a gaming device (not shown). It should be appreciated by a person skilled in the art that the serial port 740 may be connected to a motherboard of a gaming device via a direct connection, cable or wired connection or via a backplane or other connecting board to provide data 30 communication between a gaming device controller and the network interface. In this embodiment the data handler 730 and firewall 720 are provided using different hardware components. For 35 example, the data handler 730 may be a digital signal processor (DSP) adapted to perform data link layer and network layer protocol stack processing. In this 30359021 (GHMatters) P78364.AU.2 22/08/08 - 18 embodiment the firewall 720 is implemented using a separate processor. For example, the firewall may be implemented using a microprocessor having firewall rules programmed in microprocessor memory. The firewall 720 may 5 also be implemented using a hardware device having firewall rules hardwired or programmed into the device, for example an application specific integrated circuit (ASIC) or field programmable gate array (FPGA). Using an ASIC or FPGA for implementing the firewall can minimise 10 the hardware required and provide processing speed advantages over a generic microprocessor. Further an ASIC embodiment having fixed firewall rules and no re programming facility can have an advantage in that the firewall itself cannot be compromised by a malicious 15 attempt to reprogram the firewall rules. However, there is a trade off in such an embodiment wherein authorised reprogramming of firewall rules hardwired in the ASIC is also not possible. 20 The firewall processor and DSP are in data communication, such that the firewall can inspect each data packet as it is processed by the data handler and apply firewall rules to allow or deny data transfer. Allowed packets will be processed by the data handler and the data transferred to 25 the gaming device processor via the serial port 740. Denied data packets can be ignored, also known as being dropped, by the data handler and processing discontinued for these packets. 30 The firewall can be implemented as a rule engine in communication with the data handler to apply firewall rules to the data being processed by the data handler, and instruct accepting or rejecting of data packets. For example, firewall rules may define that data packets only 35 originating from a group of defined addresses may be allowed. The firewall microprocessor is provided with a packet origin address by the data handler, checks whether 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 19 the address is valid and instructs the data handler to drop a data packet from an unknown and invalid address and continue processing of a packet from a known and valid address. Alternatively or additionally, the firewall 5 rules may require the firewall to inspect the data format or content to determine whether the data packet complies with a gaming system specific protocol or is relevant to a particular game being played. 10 The firewall may also be adapted to perform additional actions, such as send an alarm signal to a server or send a signal to cause the gaming device to shut down, inhibit further game play or otherwise quarantine the gaming device from malicious data. For example, in response to 15 malicious data detection from the firewall a game machine may inhibit play and display an "out of order" message. Any patron playing the machine when the detection occurred may be directed to contact the gaming floor supervisor or staff. Alternatively, a stand alone gaming machine may 20 close its network connection in response to detection of malicious data by the firewall. This enables gaming to continue locally but prevents any network accessible features. For example, in this case the gaming machine may still be played using credit entered at the gaming 25 machine in the form of physical notes, coins, tokens or tickets, but be disabled from a player using credit from a network accessible account. The game machine will also be prevented from participating in any network implemented bonus scheme while disconnected from the network. 30 Participation in jackpots or multiplayer features may also be inhibited. The firewall 725 can be implemented in the same processor as the data handler 735. An example of an embodiment 35 having an integrated firewall 725 and data handler 735 is illustrated in Figure 7b. In this embodiment the data handler processor 735 executes both firewall and data 30359021 (GHMatters) P28364.AU.2 22/08/08 - 20 handling functions. For example, a digital signal processor may be programmed to apply firewall rules while processing a data packet though a protocol stack. The firewall rules applicable for each protocol layer can be 5 applied to the data packet during processing operations for that layer. In accordance with the firewall rules the processing of the next layer can continue or be terminated. 10 In some embodiment the firewall may be provided with additional information by a gaming processor, such as a game state, which may also be used when applying game rules. For example, a game state may be used to select appropriate rules such as a "reject all" rule if the game 15 is in a state where no data is expected to be received from the network. In an alternative example the game state may be information applied during processing of a firewall rule, such as identifying a mismatch where a data packet is received from a valid origin but when the game 20 is in a state where no data is expected from this origin. In an alternative embodiment the firewall may be adapted to read additional information such as a game state from memory used by the gaming processor. The game state may be stored in memory used by the firewall processor which 25 is independent of memory used for processing game play functions, for example a game processor may send a game state signal to a firewall processor to update the game state stores in firewall memory each time the game state changes. The firewall processor can then use the game 30 state stored in memory so no exchange of information between the separate game processor and firewall processor is required during application of firewall rules to received packets. 35 An example of a process for receiving a data packet from the network is illustrated in Figure 8. A data packet is received from the network 810 by the network interface. 30359021 (GHMatters) P76364.AU.2 22/08/08 - 21 The initial packet reception can include error detection, such as checksum tests, performed by the data handler to ensure the physical reception of data from the network is of adequate quality before beginning data processing. The 5 packet header is examined and address information is read from the data packet header, for example media access control (MAC) address information. Firewall rules can be applied to this address information 825 to determine whether the address information indicates an invalid 10 packet. For example, the firewall rules may compare the address information against known authorised packet origin addresses or known blocked/unauthorised addresses. Packets from blocked addresses will be deemed invalid. In some cases packets from unknown addresses may also be 15 deemed invalid depending on the defined rule. Alternatively, parts of the address information may be compared against defined criteria and the packet deemed invalid if the criteria are not met. For example, multicast data packets may be automatically deemed 20 invalid. Processing for the packet is stopped 880 if the packet is deemed invalid. Otherwise the processing continues with examination of the packet payload data 830. Firewall rules may define allowed formats for the packet 25 payload data. For example, a header of packet payload data may be read to determine whether the data format is valid in accordance with firewall rules 840 and processing stopped for any invalid packets 880. The game state may also be checked 850 to determine whether or not the data 30 packet is valid in the context of the game 860. For example, based on whether or not the data is expected in the read game state or whether the data is in the correct format for the game state. Where the data packet is allowed in accordance with the firewall rules the data 35 packet is processed 870 as necessary for transfer to the processor executing gaming functions and transferred 875 to the gaming device processor. It should be appreciated 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 22 that the gaming device processor has been quarantined from the data and not been involved in any data processing until the data is transferred in step 875. 5 Where the packet is deemed invalid in accordance with the firewall rules the processing is stopped 880. The data handler then proceeds to process the next packet received from the network 810. 10 It should be appreciated that the level of packet data analysis by the firewall may vary in different embodiments. For example, the firewall may act as a simple packet filter accepting or rejecting packets based on packet header data, or perform more comprehensive 15 analysis of packet payload data to determine whether the data is valid in the gaming system or in the context of game play. The complexity of the firewall may vary depending on the type of gaming device enabling the firewall functionality to be targeted to protection 20 required for the specific type of gaming device. In some embodiments the firewall can be implemented using a programmable processor or using rules stored in programmable memory, thus enabling the firewall to be 25 updated and firewall rules modified if necessary. This also enables game specific firewall modifications, such as adding rules for new game states or to recognise game data specific to a particular game. 30 Integrating a firewall into the network interface of a gaming device can have advantages for hardware footprint minimisation. This is important advantage for gaming venues where the number of gaming devices which can be made available to patrons for their enjoyment is limited 35 by the physical size of the gaming devices. An embodiment having an integrated data handler and 3035902_1 (CHMatters) P78364.AU.2 22/08/08 - 23 firewall implemented in a single processor can have advantages for minimising the hardware required for the device. This embodiment may also provide processing and programming advantages as the need for interwork between 5 separate data handler and firewall processors is alleviated. However, the program for the data handler may be complicated by including the application of firewall rules and any required additional instructions for actions taken in the event of malicious data being detected. 10 A set of instructions or program integrating the data handler and firewall may be installed in a processor of a pre-existing network interface card to upgrade the card to have the firewall functionality. For example, a pre 15 existing Ethernet card having a sufficiently powerful DSP or microprocessor, may be re-programmed using a set of instructions for an integrated data handler and firewall. Although the above embodiments describe a separate network 20 interface card, the network interface including a firewall can also be provided on a main circuit board for a gaming device to minimise the hardware footprint, in this instance the main circuit board would include two separate processors, a first processor for executing gaming 25 functions and a second processor for executing the data handling and firewall functions of the network interface. It should be appreciated from the above examples that the processing resources used in the network interface for 30 data handling and implementing firewall functionality are independent of the processing resources used by the gaming device for implementing aspects of game play. For example, in the embodiments illustrated in Figures 7a and b the network interface is implemented as an Ethernet card 35 having one or more processors which are adapted to perform data handling and firewall functions. Any data which is allowed by the firewall, in accordance with the firewall 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 24 rules, is transferred via serial port 740 to a main board of the gaming device on which resides a main processor for implementing gaming functions, such as functions of a game controller, outcome generator or player interface. 5 Using processing capability which is independent of the gaming device processing capability isolates firewall processing from game processing. For example, if a software firewall was implemented in a gaming machine the 10 firewall processing and game processing will both execute on the gaming machine processor, sharing the processing resources. If the gaming machine has a random number generator which executes in the gaming machine processor, this presents a risk of the random number generation 15 function failing to operate in accordance with regulatory requirements if the processor becomes overloaded. For example, if the Ethernet network connecting the game machines was compromised and a flood of data injected into 20 the network, then the firewall may consume all or substantially all the processing capacity of the gaming machine processor for handling and filtering the malicious data packets. As a consequence the operation of the random number generator may be slowed or affected in some 25 way which compromises the randomness of the results. It should be appreciated by persons skilled in the art that maintaining the integrity of the random number generation process is critical to the operation of a gaming machine or system. It should further be appreciated that by using 30 processing resources for firewall functions which are independent of processing resources used for random number generation the above problem can be avoided. Embodiments can provide the network interface and gaming 35 processing resources on a single circuit board using one or more processors for gaming functions which are separate from one or more processors used for data handling and 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 25 firewall functions. In some embodiments some resources, such as memory resources, may be shared or accessible to both processors. Care must be taken in such an embodiment that interference does not occur to effect performance of 5 the processor executing gaming functions. In other embodiments each processor has its own independent memory resources. It will be understood to persons skilled in the art of the 10 invention that many modifications may be made without departing from the spirit and scope of the invention, in particular it will be apparent that certain features of the invention can be combined to form further embodiments. Although an Ethernet network has been used as an example, 15 embodiments of the network interface for alternative networks, including various embodiments of wired, optical and wireless networks, are envisaged. It is to be understood that, if any prior art publication 20 is referred to herein, such reference does not constitute an admission that the publication forms a part of the common general knowledge in the art, in Australia or any other country. 25 In the claims which follow and in the preceding description, except where the context requires otherwise due to express language or necessary implication, the word "comprise" or variations such as "comprises" or "comprising" is used in an inclusive sense, i.e. to 30 specify the presence of the stated features but not to preclude the presence or addition of further features in various embodiments of the invention. 3035902_1 (GHMatters) P78364.AU.2 22/08/08

Claims

1. A network interface device adapted to connect a gaming device to a network, the network interface device 5 comprising: a data handler having processing and memory resources, the data handler being adapted to perform data handling functions for transferring data between a network and a gaming device controller; and 10 a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the gaming device controller.

2. A network interface device as claimed in claim 1 15 wherein the firewall uses processing and memory resources which are independent of the gaming device controller.

3. A network interface device as claimed in claim 2 wherein the firewall is implemented as a function of the 20 data handler.

4. A network interface device as claimed in claim 3 wherein the data handler is implemented using one or more of a digital signal processor, micro-controller, 25 microprocessor, microcomputer or FPGA.

5. A network interface device as claimed in claim 4 wherein the firewall determines whether to allow or deny data transfer based on fire wall rules. 30

6. A network interface device as claimed in claim 5 wherein the data handler is programmable to update firewall rules. 35

7. A network interface device as claimed in claim 1 further comprising: a first data port adapted for establishing a data 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 27 connection with a network; and a second data port for establishing a data connection with a controller of a gaming device. 5

8. A network interface device as claimed in claim 7 wherein the first data port is an Ethernet port.

9. A network interface device as claimed in claim 8 wherein the second data port is a serial data port. 10

10. A network interface as claimed in claim 9 wherein the data handler is further adapted to convert packetized data received from the network to serial data for outputting to the device controller. 15

11. A network interface device as claimed in claim 7 implemented as a network interface card adapted for installation into a gaming device. 20

12. A network interface device as claimed in claim 11 wherein the network interface card is an Ethernet card.

13. A network interface device as claimed in claim 11 wherein the gaming device for which the network interface 25 card is adapted is any one or more of a gaming machine, a gaming server, a game controller, a game tournament controller, a bonus server, a player interface module or a player tracking module. 30

14. A gaming device comprising: a controller adapted to execute game functions; and a network interface comprising: a data handler having processing resources independent of the controller, the data handler 35 being adapted to perform data handling functions for transferring of data between the network and the controller, and 3035902_1 (GHMatters) P78364AU-2 22/08/08 - 28 a firewall adapted to inhibit transfer of at least some unauthorised data received from the network to the controller. 5

15. A gaming device as claimed in claim 14 wherein the firewall is implemented using processing and memory resources which are independent of the controller.

16. A gaming device as claimed in claim 14 wherein the 10 firewall is implemented as a function of the data handler.

17. A gaming device as claimed in claim 16 wherein the data handler is implemented using one or more of a digital signal processor, micro-controller, microprocessor, 15 microcomputer or FPGA.

18. A gaming device as claimed in claim 17 wherein the firewall determines whether to allow or deny data transfer based on fire wall rules. 20

19. A gaming device as claimed in claim 18 wherein the data handler is programmable to update firewall rules.

20. A gaming device as claimed in claim 14 wherein the 25 network interface further comprises: a first data port adapted for establishing a data connection with a network; and a second data port for establishing a data connection with the controller. 30

21. A gaming device as claimed in claim 20 wherein the first data port is an Ethernet port.

22. A gaming device as claimed in claim 21 wherein the 35 second data port is a serial data port.

23. A gaming device as claimed in claim 20 wherein the 3035902_1 (GHMatters) P78364.AU.2 22/08/00 - 29 network interface is a network interface card.

24. A gaming device as claimed in claim 23 wherein the network interface card is an Ethernet card. 5

25. A gaming device as claimed in claim 14 wherein the gaming device is a gaming machine, a gaming server, a game controller, a game tournament controller, a bonus server, a player interface module or a player tracking module. 10

26. A networked gaming system comprising: one or more gaming devices connected for data communication via a network, wherein at least one gaming devices comprises: 15 a controller adapted to execute game functions; and a network interface comprising: a data handler having processing resources independent of the controller, the data handler 20 being adapted to perform data handling functions for transferring of data between the network and the controller, and a firewall adapted to inhibit transfer of at least some unauthorised data received from 25 the network to the controller.

27. A networked gaming system as claimed in claim 26 wherein each gaming device connected via the network includes a network interface having a firewall. 30

28. A method of enhancing security in a networked gaming system, the method comprising providing a firewall adapted to operate during reception of data from a network to inhibit at least some unauthorised data being transferred 35 to a gaming device controller.

29. A method as claimed in claim 28 further comprising 3035902_1 (GHMatters) P78364.AU.2 22/08/08 - 30 the step of providing a gaming device with a network interface card having data handling processing resources independent of processing resources used by the gaming device for executing gaming functions, wherein the data 5 handling processing resources are used for: receiving data from the network; applying firewall rules to inhibit or allow data; and transferring any allowed data to the gaming device 10 controller.

30. A method as claimed in claim 29 wherein the network interface card is an Ethernet card. 15

31. A method as claimed in claim 29 further comprising the step of updating firewall rules.

32. A program comprising computer readable instructions which when executed by a processor of a network interface 20 card cause the processor to implement the method of claim 28.

33. A computer readable medium comprising computer readable instructions which when executed by a processor 25 of a network interface card cause the processor to implement the method of claim 28.

34. A data signal comprising the program of claim 32. 30

35. A processor device for a network interface programmed with instructions which when executed cause the processor device to implement the method of claim 28. 3035902_1 (GHMatters) P78364.AU.2 22/08/08