Gaming network

US 20070054734A1
Filed: 09/07/2005
Published: 03/08/2007
Est. Priority Date: 09/07/2005
Status: Active Grant

First Claim

Patent Images

1. A method for initializing communication between a network device and a host located on a gaming network, comprising:

negotiating a first security association between the network device and the host to enable the network device and the host to be authenticated to each other;

using the first security association to generate a second security association to protect message traffic between the network device and the host.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The gaming network described herein includes network security features, host security features, audit protocols, and design architecture approaches to reduce the possibility of network attacks. The gaming network provides for traffic confidentiality, encryption, message authentication, secure authentication mechanisms, anti-replay protection of traffic, key management mechanisms, robust network availability, misrouting and redirection protection and prevention, rejection of external traffic, and a high entry-barrier to device addition to the network. The host protection and security includes secure host initialization, disabling unneeded components, download verification, disabling of unused IP ports, discarding traffic, strong passwords, dynamic one-time passwords for remote login, disabling default accounts, and appropriate “least-level” device privileges. Audit requirements include integrity protection of audit logs, appropriate definition of auditable events, auditing of anomalous behavior, chain of evidence preservation, shutdown if audit disabled, full log entry audit, personal ID and time access audit trail, and auditing of internal user actions.

45 Citations

View as Search Results

30 Claims

1. A method for initializing communication between a network device and a host located on a gaming network, comprising:
- negotiating a first security association between the network device and the host to enable the network device and the host to be authenticated to each other;
  
  using the first security association to generate a second security association to protect message traffic between the network device and the host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the step of negotiating the first security association comprises exchanging certain identification information in plaintext between the network device and the host, and using the identification information to exchange authentication information in encrypted form between the network device and the host.
  - 3. The method of claim 2, wherein the authentication information is used to generate the second security association to encrypt traffic between the network device and the host.
  - 4. The method of claim 3, wherein the second security association has a predetermined life and additional security associations are generated to protect the traffic when the second security association expires.
  - 5. The method of claim 1, wherein negotiating the first security association is accomplished by using the Internet Key Exchange (IKE) protocol.
  - 6. The method of claim 5, wherein negotiating the first security association is accomplished by executing phase I of the IKE.
  - 7. The method of claim 1, wherein generating the second security association is accomplished by using the Internet Key Exchange (IKE) protocol.
  - 8. The method of claim 7, wherein generating the second security association is accomplished by executing phase II of the IKE.
  - 9. The method of claim 1, further including the step of verifying the operating system of the network device.
  - 10. The method of claim 9, further including the step of enabling permitted network services on the network device when the operating system is verified.

11. A gaming network comprising:
- a core layer comprising a server coupled to a first switch;
  
  a distribution layer comprising a second switch coupled to the first switch;
  
  an access layer comprising a third switch coupled to the second switch and to a gaming device;
  
  an intrusion detector coupled to the network to detect attempts to attack the gaming network.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The gaming network of claim 11, further including an intrusion detector coupled between the core layer and the distribution layer for detecting attempts to attack the gaming network.
  - 13. The gaming network of claim 12, further including an intrusion detector coupled between the distribution layer and the access layer for detecting attempts to attack the gaming network.
  - 14. The gaming network of claim 13, wherein traffic on the gaming network is protected by a first level of security.
  - 15. The gaming network of claim 14, wherein certain traffic messages and transactions on the gaming network are protected by a second level of security.
  - 16. The gaming network of claim 15, further including a plurality of ports available to the gaming network and, wherein unused ports are disabled.
  - 17. The gaming network of claim 16, wherein repeat messages are rejected by all devices coupled to the gaming network.
  - 18. The gaming network of claim 17, wherein the intrusion detectors are used to detect changes in the association between IP addresses and MAC addresses of devices on the gaming network.
  - 19. The gaming network of claim 18, wherein a device whose association between its IP address and MAC address has changed is disabled.
  - 20. The gaming network of claim 19, wherein the gaming network uses private network IP addresses.

21. A method of initializing a gaming network, comprising:
- initializing a host of the gaming network;
  
  associating IP addresses with MAC addresses of network devices coupled to the gaming network and/or with device IDs;
  
  (DIDs) of devices associated with the network device;
  
  monitoring changes to the IP/MAC/DID association of devices on the gaming network;
  
  disabling a network device when its IP/MAC/DID association is changed.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The method of claim 21, wherein the step of disabling a network device when its IP/MAC association is changed is accomplished automatically.
  - 23. The method of claim 22, further including the step of notifying a network administrator when the IP/MAC association of a network device is changed and logging the changed association.
  - 24. The method of claim 23, wherein the network administrator is notified automatically.
  - 25. The method of claim 24, wherein the step of monitoring the IP/MAC associations of network devices on the gaming network is accomplished using intrusion detectors.
  - 26. The method of claim 25, wherein the intrusion detector is implemented using an arpwatch intrusion detection system.
  - 27. The method of claim 25, further including the step of disabling a portion of the gaming network coupled to the disabled network device.

28. A gaming network comprising;
- a host server;
  
  a switching network coupling the host to a plurality of network devices, the network devices including gaming machines;
  
  first software executed on the host server, on the switching network, and on the plurality of network devices to protect message traffic on the gaming network;
  
  second software independent of the first software for auditing all events on the gaming network;
  
  storage means coupled to the host server for storing audit information generated by the second software.

29. A method for authenticating communication from a device on a gaming network comprising:
- sending a communication from a device that includes a quality of service (QOS) request;
  
  receiving the communication at a host server and comparing the QOS request to a permitted QOS request for the device;
  
  authenticating the communication when the QOS request matches the permitted QOS request.
- View Dependent Claims (30)
- - 30. The method of claim 29 wherein the QOS request is independent of the type of communication sent from the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sg Gaming, Inc. (Scientific Games Corporation)
Original Assignee
Bally Gaming Incorporated (Scientific Games Corporation)
Inventors
Carman, David, Morrow, James, Osgood, Paul

Granted Patent

US 8,392,707 B2
Time in Patent Office

Days
Field of Search
US Class Current

463/29
CPC Class Codes

G07F 17/32 for games, toys, sports, or...

G07F 17/3241 Security aspects of a gamin...

Gaming network

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Gaming network

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links