3. Critical Software and Data Integrity
The objective of the requirements in this section is to ensure the integrity of the Critical Software and Critical Game Data during Game operation.
3.1 Critical Software Integrity
3.1.1 The integrity of the Critical Software on the Gaming Devices must be maintained at all times to ensure the Game operates as designed.
3.1.2 The Gaming Devices must verify the integrity of Critical Software as part of the boot up process prior to the Critical Software being executed. Detection of any compromised Critical Software must cause a tilt and place the Gaming Devices into an unplayable state.
Guidance:
- This may be achieved by Gaming-Related Suppliers using industry good practices for software verification.
- When Critical Software is copied from one medium or device to another in whole or in part, the integrity of the copied Critical Software should be verified prior to the Critical Software being loaded into Random Access Memory (RAM) for execution.
3.1.3 The integrity of Critical Software must be safeguarded from the point it is loaded into memory and during its execution.
3.2 Critical Game Data Integrity
3.2.1 The Game must accurately maintain the integrity of Critical Game Data to ensure the Game operates as expected and is auditable.
3.2.2 The Game must employ methods to detect corruption and unauthorized alteration to its Critical Game Data to prevent integrity issues from occurring.
Guidance:
This standard is intended to minimize any integrity issues arising as a result of corruption or unauthorized alteration of Critical Game Data.
3.2.3 Detection of corrupted or unauthorized alteration of Critical Game Data that cannot be recovered from must cause Game Play to be halted immediately and must cause the Gaming Device to enter into a tilt condition, and not resume Play until the condition has been addressed.
3.2.4 The Critical Game Data must be preserved when power to its storage media is lost to provide data loss protection in the event of power outages as well as time for transportation and examination of Critical Game Data storage devices.
3.2.5 Clearing of Critical Game Data must only be capable of being performed through a Restricted Technical Procedure.
3.3 On-Demand Critical Software Authentication
3.3.1 The Gaming Device must implement an authentication mechanism that meets industry good practices and provide one of the following methods to authenticate all Critical Software:
- The Gaming Device must provide a mechanism to authenticate all Critical Software on demand via a communication port using Game Authentication Terminal (GAT); or
- Another mechanism as approved by the Registrar.
Guidance:
It is most efficient and effective for the industry to standardize the method used for on-demand Critical Software authentication. GAT appears to be the method that is most commonly used.
3.4 Remote Critical Software Authentication
3.4.1 All deployed Critical Software must be capable of being securely authenticated by the Slot Monitoring System when deployed at Gaming Sites to ensure only approved Critical Software is installed.
3.4.2 All Gaming Devices must be capable of calculating and providing cryptographic Hashes or CRCs of all Critical Software upon request from a Slot Monitoring System in accordance with the protocol implemented (e.g. a request from a Slot Monitoring System using SAS protocol LP21, Read-Only Memory Signature (ROMSig)).