Server-Assisted and Server- Based Gaming Minimum Technical Standards
1. Security
1.1 Server Access Control
1.1.1 Critical software and computer files must be controlled only from the slot machine server through the downloaded server-assisted slot machine or client station software, and must not be controlled at or by any of the individual server-assisted slot machines or client stations con- nected to the slot machine server or at or by any other gaming management system or device. Any critical electronic gaming machine program or computer file that is not controlled by the slot machine server must be authenticated. The operator’s procedures for controlling such programs must, at a minimum, require:
- Compliance with the applicable log files of sections 6, Reports and Logs below; and
- Compliance with section 3.3.1 below, regarding changes to games and options.
1.1.2 The slot machine server must be configured as a dual authorization access system, prior to providing access to files and directories containing critical software or any other sensitive data.
1.2 Software Integrity and Security
1.2.1 A slot machine server must not be capable of altering any component of critical software on any connected server-assisted slot machine that would interrupt, or affect the functions, game outcome, or configurable options of a game in progress on any server-assisted slot machine connected to the slot machine server; provided however, that a slot machine server may stop a game or disable a server-assisted slot machine at any time if there is a valid reason to do so..
1.2.2 A slot machine server must not be capable of altering any component on any connected client station that would interrupt or affect the functions, game outcome, or configurable options of a game in progress; provided however, that a slot machine server may stop a game or disable a client station at any time if there is a valid reason to do so.
2. Authentication
2.1 Self-Authentication of Gaming Software on the Server
2.1.1 The critical software stored on media other than EPROM that will be installed on or used by a slot machine server must contain a message digest or similar mechanism to detect un- authorized changes to critical software pursuant to Electronic Gaming Equipment Minimum Technical Standards section 1.2.1, Critical Files on Media Other than EPROM.
2.1.2 If an unauthorized change occurs:
- The slot machine server must provide notification of the error, including the associated invalid program or programs and/or the electronic gaming machine tilt, to the appropriate departments (e.g., MIS, Slots, Surveillance, Audit), where technically possible;
- The server must be capable of automatically creating a report which must detail the date, time and outcome of the failed authentication, and identify the invalid program or pro- grams; and
2.2 Self-Authentication of Gaming Software on the Server-Assisted Slot Machine and Client Station
2.2.1 Downloading of software or the download process from the server-assisted or server-based server to the server-assisted slot machine or client station must not by-pass the self-authenti- cation process of the server-assisted slot machine or client station, nor its established chain of trust.
2.3 Field Authentication of Software on the Server
2.3.1 All critical software on the slot machine server must be capable of being authenticated by an independent device or independent software which, at a minimum, must authenticate each message digest of the designated software to ensure that it is an authentic copy of the ap- proved software. The method of authentication must use a mechanism, which ensures the authenticity of the critical software using industry good practices.
3. Software Download and Installation
3.1 Scheduling Software
3.1.1 A server-assisted or server-based slot system may contain or control scheduling software which instructs the slot machine server to download critical software or computer files to con- nected server-assisted slot machines or client stations, and to activate, modify or deactivate such programs, either on demand or at pre-established times and dates.
3.1.2 Scheduling software must include, at a minimum, reports of all pending, successful and unsuccessful events, including the user name, date, time, identification numbers of critical software and computer files successfully or unsuccessfully added, deleted, moved, activat- ed or deactivated, and the status of each event.
3.2 Change Controls
3.2.1 At a minimum, on a daily basis and prior to any critical software being added to or removed from a server-assisted slot machine or client station, any configurable option changes, or any activations or deactivations of an electronic gaming machine game on a server-assisted or server-based slot system, a complete set of electronic gaming machine game data must be successfully and accurately communicated to the slot machine server, a slot management sys- tem, or another approved slot accounting system to include, but not be limited to, the following:
- Error Logs, Electronic Gaming Equipment Minimum Technical Standards section 11, Error Conditions;
-
All applicable meters required by Electronic Gaming Equipment Minimum Technical Stan- dards section 18, Meters;
- Last Game Recall for client stations, Electronic Gaming Equipment Minimum Technical Standards section 17, Last Game Recall;
- Cashless Transaction Logs, Electronic Gaming Equipment Minimum Technical Standards section 5, Cashless Wagering System.
3.2.2 Software must not be activated, deactivated, added to, modified or removed from a server-as- sisted slot machine or client station while an error or tilt condition, or hand pay lockup exists on the server-assisted slot machine or client station, except as necessary to rectify the error or tilt condition.
3.2.3 The removal of any software from a server-assisted slot machine, client station or slot machine server must in no way affect the requirement to maintain and store the logs of events related to that software and logged pursuant to sections 6.2.1 and 6.2.2 below.
3.3 Electronic Gaming Machine Requirements for Download and Installation
3.3.1 The server-assisted or server-based slot system must not permit any activation of gaming software, paytable (payback/game theme) change or configuration changes to occur until the server-assisted slot machine or client station meets all of the following conditions:
- Be in idle mode with no game play, no credits, no hand pay, no tilts or error conditions for at least four minutes prior to activation of gaming software, paytable change or configura- tion changes;
- During activation of any, the server-assisted slot machine or client station on which the game is offered must be disabled and rendered unplayable until the activation or implemen- tation process is successfully completed;
- While the server-assisted slot machine or client station is disabled for activation, the serv- er-assisted slot machine or client station on which the game is offered must continuously display a conspicuous message stating that the game configuration is being changed. A patron, however, may have the option to bypass this message if he/she chooses to resume play prior to the end of the required time period; and
- If the change in the active software is the direct result of a player request, the delay re- quirements of this technical standard are not applicable. However, the active software may not be changed if an error or tilt exists, or if a pending hand pay remains on the server-as- sisted slot machine or client station.
3.3.2 Before gaming software, paytable (payback/game theme) change, or configuration change to a game is made available for patron play, one of the following conditions must be met:
- There is a clear change to the game display from the previously activated game where the patron can determine that there has been a change made to the game, e.g. a new theme, new denomination, notification of the date/time of the last configuration change (e.g. when activated paytable was changed), etc. This must be displayed until the first game is played after the change is made, or for a period of 24 hours;
- The paytable is unavailable for play for a period of twenty four (24) hours; or
- A sign or notification declaring that a change is to be made has been placed or displayed on the machine for a period of twenty four (24) hours after the change is made.
3.3.3 The change procedure described in section 3.3.1 above must also apply to an activated server-assisted slot machine or client station that offers multiple games.
3.3.4 Alarms required but not limited to Electronic Gaming Equipment Minimum Technical Standards sections 3.3.2, 11.1.2b), and 11.1.3c), Tilt Conditions, as applicable, must be able to be commu- nicated to the gaming management system and/or slot machine server during any part of the download and activation process.
3.3.5 Any feature or setting of a game which is not approved for use must be disabled in the configurable options of the game’s program through the use of a hardware device, secure password or other restricted technical procedure.
4. Error Conditions
4.1.1 The operator must be immediately notified of any malfunctioning element within the server-based or server-assisted slot system upon the occurrence of any communication failure. The results of a self-monitoring process of the system’s critical interface elements (such as central hosts, network devices, firewalls, etc) must be run at least once each gaming day, and the operator must be noti- fied of any malfunctioning element.
4.1.2 Pursuant to Electronic Gaming Equipment Minimum Technical Standards sections 1.5.4 and 1.5.5, where an unrecoverable memory corruption must result in a RAM error that requires a full RAM clear, the RAM clear event must be performed in a secure manner and in accordance with the Notification Matrix, whether the RAM clear is performed from the slot machine serv- er, the server-assisted slot machine or client station.
4.1.3 A server-based game must be rendered unplayable if communication from the server is lost. The client station must provide a means, such as a hand pay or the issuance of a payout voucher, for patrons to cash out credits indicated on the client station at the time the commu- nication was lost. If a payout voucher is issued, the system must ensure proper reporting and accounting of the voucher.
4.1.4 The client station, or the related gaming application installed on the client station, must stay in a tilt condition in the event no server-based slot system is available for any reason such as a primary and secondary server failure, switch over failure, etc, until the server-based slot system is available again.
4.1.5 The slot machine server must generate error conditions with the date and time of any other logged events which reasonably indicate that the system is not operating as expected, e.g. memory corruption, authentication failure.
5. Meters
5.1.1 Server portions of system-based slot systems must record, store and maintain meters required in Electronic Gaming Equipment Minimum Technical Standards section 18, Meters. The server portion of system-based slot systems must also record all such meters for each individual game (each specific paytable that is activated on each individual client station), as well as for the server-based game in its entirety. The server must be able to send this meter information to a slot monitoring/accounting system, if the server-based slot system is not capable of generating the necessary accounting reports.
5.1.2 Client stations or an applicable server-based system utility must be able to display on de- mand the required meter information (from 5.1.11) that corresponds to the play associated with the particular client station.
6. Reports and Logs
The slot machine server report requirements of this section may be satisfied by the slot machine server and/or the slot accounting/monitoring system.
6.1 Server Requirements for Reports and Audit Logs
6.1.1 Logical access to the slot machine server shall be logged on the server and on a secondary logging device which resides outside the server room and is not accessible to the individual accessing the server room. This information is not required to be logged on the secondary logging device if the information has been rendered unalterable on the server. Logged data shall include time and date of the access and the identification of the accessing individual(s). The resulting logs shall be retained for a minimum of ninety days.
6.1.2 A slot machine server must create a log entry, at a minimum, every time any critical software component is added, removed or altered including any configuration or paytable/game theme changes in the slot machine server, which must contain:
- The date and time of the action;
- Identification of the software affected, both removed and installed;
- The names and unique identification (e.g. registration ID) of the individuals performing the modification; and
- The reason for the modification and any pertinent validation information.
6.1.3 The slot machine server must create a log entry whenever any change is made to software in a server-assisted slot machine or client station, including but not limited to software programs, graphics, sound information paytable/game theme, and configuration changes. This log entry must contain the date and time of the event, an identification of the software affected, the name of the individual performing the modification, and any pertinent software identification information. The log entries must be retained on the slot machine server for a minimum of ninety days; provided that logged events older than ninety days can be retained.
6.1.4 The slot machine server must be capable of generating a record detailing any software modification to the slot machine server, or, if not capable of generating such a record, an alternative method of record keeping must be performed.
6.1.5 The slot machine server must generate daily monitoring logs with the date and time of:
- User access; and
- Any other logged events which reasonably indicate that the system is not operating as expected, e.g. memory corruption, authentication failure.
6.1.6 The slot machine server must be capable of maintaining the logs on the slot machine server and the other logging device referenced in sections 6.1.1, 6.1.2, 6.1.3 and 6.1.4 above, for a minimum of ninety days.
6.1.7 The slot machine server must be capable of retaining a record and generating a report pursuant to section 6.2.1 and 6.2.2 below of all titles of all active games offered on all server-assisted slot machines or client stations, and all changes made to any of the games, for each twenty-four hour period the games are in operation.
6.2 Server-Assisted Slot Machine and Client Station Requirements for Reports and Audit Logs:
6.2.1 Whenever any change is made to software in a server-assisted slot machine, including but not limited to software programs, graphics, sound information, paytable/game theme, or config- uration changes, a log entry must be made on the server-assisted slot machine which must contain the date and time of the event and an identification of the software affected. The logs must be capable of being retained on the server-assisted slot machine for a minimum of 100 logged events.
6.2.2 Whenever any change is made to software in a client station, including but not limited to software programs, graphics, sound information, paytable/game theme, or configuration changes, a log entry must be made which must contain the date and time of the event and an identification of the software affected. This log entry must be made either on the client station, or on a secondary logging device which resides outside the server room and is not accessible to the individual making the program modification. This information is not re- quired to be logged on the secondary logging device if the information has been rendered unalterable on the server.
6.3 General Requirements for Reports and Audit Logs:
6.3.1 Each report contained herein must include the report title and date and time the report was generated. The slot machine server must be able to generate reports with all or any subset of the following information as it pertains to the system:
- User access rights by user and by role;
- System configurations;
- List of all active gaming devices;
- List of all deactivated gaming devices;
- All software installed on the slot machine server;
- All games and paytables installed on the slot machine server;
- All games and paytables active on the gaming floor with location and gaming device infor- mation;
- All game and paytable changes to be reported in daily, weekly and monthly periods; and
- A report of all progressive jackpots listing the participating games.
6.3.2 All information required to be logged pursuant to this section must be available on demand in a report format. Each log report required herein must include the report title and the date and time the report is generated. Where applicable, audit logs must include the source and destination IP addresses, port numbers and MAC addresses. At a minimum, the following log reports must be available and include the information in the referenced requirement:
- A firewall log report;
- A software integrity log report pursuant to section 2.1.2b) above;
- A slot machine server log report pursuant to sections 6.1.2, 6.1.4 and 6.1.5 above;
- A server-assisted slot machine and client station log report pursuant to sections 6.1.3 and 6.2.1 above;
- A daily monitoring log report pursuant to section 6.1.5 above;
- A scheduling log report pursuant to sections 3.1.2 and 6.3.1c) above;
- A server-assisted log report pursuant to section 6.1.7 above;
- A server-based log report pursuant to section 6.1.7 above; and
- Software authentication log reports pursuant to section 2.1.2 above
- Progressive jackpot reconciliation reports or alternative means of enabling reconciliation to be performed must be available for each progressive jackpot level and must include suffi- cient information to enable reconciliation to be successfully performed for each progressive level.
7. Forensic Capabilities
7.1.1 It must be possible to perform a forensic analysis of any anomaly that occurs which may include viewing the data at the slot machine server and being able to place the data onto a duplicate device for the examination without shutting down or compromising the integrity of the data being transferred nor the integrity of the production server.