2. Authentication
2.1 Self-Authentication of Gaming Software on the Server
2.1.1 The critical software stored on media other than EPROM that will be installed on or used by a slot machine server must contain a message digest or similar mechanism to detect un- authorized changes to critical software pursuant to Electronic Gaming Equipment Minimum Technical Standards section 1.2.1, Critical Files on Media Other than EPROM.
2.1.2 If an unauthorized change occurs:
- The slot machine server must provide notification of the error, including the associated invalid program or programs and/or the electronic gaming machine tilt, to the appropriate departments (e.g., MIS, Slots, Surveillance, Audit), where technically possible;
- The server must be capable of automatically creating a report which must detail the date, time and outcome of the failed authentication, and identify the invalid program or pro- grams; and
2.2 Self-Authentication of Gaming Software on the Server-Assisted Slot Machine and Client Station
2.2.1 Downloading of software or the download process from the server-assisted or server-based server to the server-assisted slot machine or client station must not by-pass the self-authenti- cation process of the server-assisted slot machine or client station, nor its established chain of trust.
2.3 Field Authentication of Software on the Server
2.3.1 All critical software on the slot machine server must be capable of being authenticated by an independent device or independent software which, at a minimum, must authenticate each message digest of the designated software to ensure that it is an authentic copy of the ap- proved software. The method of authentication must use a mechanism, which ensures the authenticity of the critical software using industry good practices.