Upload
truongnga
View
214
Download
0
Embed Size (px)
Citation preview
Gaming Devices:
Technical Developments inSoftware Verification
“Testing Tomorrow's Technology Today"
Copyright © 2010
Game Design• 3 reel 1 line, line up 3 red cherry to win bonus• Line up any 2 cherry to win $10,000• Code
class paytable{ int returnWin(int reelStop, int symbol) { int payWin; if(reelStop ==2 && symbol=RED) { payWin=2xNetBet+BONUS; } return payWin; }
• Binary Equivalent• 1001 0011 1110 1010
• Signature Equivalent• HAP7
“Testing Tomorrow's Technology Today"
Copyright © 2010
The Past Technology
- Electro Mechanical- Micro Controller
Devices- EPROMs
Procedures- Level 1
Industry Standards- Nevada- New Jersey- Kobetron 3rd Party
“Testing Tomorrow's Technology Today"
Copyright © 2010
The Present Technology
- Micro Processors- Computer Architecture
Devices- EPROM, SIMM, HD- CD, Compact Flash- Memory Sticks
Procedures- Level 1 & Level 2
Industry Standards- GLI - Testing- GSA - Protocols- Kobetron - Verification
“Testing Tomorrow's Technology Today"
Copyright © 2010
The Future Technology
- Bios Chips- Embedded Firmware- “Trusted Party”
Devices- Flash Cards- Thumb Drives (USB)
Procedures- Level 1, 2 and 3
Industry Standards- GLI Testing- GSA Protocols- Kobetron Verification/Validation
“Testing Tomorrow's Technology Today"
Copyright © 2010
Gaming Industry Standards
Testing Standard• GLI• Jurisdictional
Protocol Standard• GSA - G2S (BOB)• IGT - Super SAS (SAS)• Bally - SDS
Verification and Validation Standards• Kobetron (3rd Party Proprietary)• SHA-1 (Public)
“Testing Tomorrow's Technology Today"
Copyright © 2010
GSA Protocol StandardsSystem-To-System (S2S)
The standard provides the communication link for the casino to link their variousdatabase systems, and hospitality / POS Systems.
Game-To-System (G2S)
The standard is merged from the BOB and SuperSAS protocols, based on provencomputer industry standard technologies, such as Ethernet, TCP/IP and XML.This will allow the industry to migrate to downloadable games such as client / servergames, Intranet and Internet environments, while still maintaining the games oftoday, well into the future.
Gaming Device (GDS)
Gaming Device Standard controls the flow of information between a slot machine andthe array of peripheral devices operating inside, including Bill Validators, CardReaders and Ticket Printers utilizing Universal Serial Bus (USB) standards protocol.
Gaming Authentication Terminal (GAT)This communication link allows for authenticating game programs residing in the
machine, based on manufacturer’s self-verification.
“Testing Tomorrow's Technology Today"
Copyright © 2010
Industry Standards
• Gaming Laboratories International (GLI)
– Software Verification: “The device shall have the ability to allow for anindependent integrity check of the device’s software from an outsidesource and is required for all control programs that may affect theintegrity of the game. This must be accomplished by beingauthenticated by a third-party device, which may be embedded withinthe game software or by having an interface port for a third-party deviceto authenticate the media.”
(Source: GLI Standards 11 (4.19), 18 (3.6), and 21 (6.19).)
“Testing Tomorrow's Technology Today"
Copyright © 2010
Industry Standards(continued)
• Gaming Standards Association (GSA)– Certification – The procedure by which a 3rd party gives written assurance that
a product conforms to specific requirements.
(Source: GSA Las Vegas Operator’s Forum, 5/19/09)
• Nevada Gaming Control Board’s Minimum Internal Control Standards– B32. Slots MICS #91 – Does a Kobetron need to be used to test the EPROMS
for slot machines which have an “audit” function available to be used?
• The slot machine’s “audit” function does not satisfy the requirement of thisMICS. This method relies on the game itself to tell you if it containedapproved software or not. The intent of this MICS is to externally verify theprograms using a device or mechanism independent of the slot machine.This can be done by removing the EPROM or other game storage mediaand comparing the signature of the image contained on that device to theknown image signature approved by the Board.
(Source: Frequently Asked Questions, posted 7/27/09)
“Testing Tomorrow's Technology Today"
Copyright © 2010
Process Should Be 3rd PartyIndependent Verification & Validation
Independent Verification: Essential Actionto Assure Integrity in the Voting Process
byRoy G. Saltman
Consultant and Author on Voting [email protected]
submitted toNational Institute of Standards and Technology
Gaithersburg, MD 20899under
Order No. SB134106W0703August 22, 2006
“Testing Tomorrow's Technology Today"
Copyright © 2010
Independent Verification &Validation Definitions
• Kobetron’s definition of a independent third-party verification toolis a device that can produce multiple signatures based on both publicand proprietary algorithms. This offers regulators a double check to“self-verification” public algorithms.
• Verification: Certifying that the software was accurately loaded and isnot corrupt by verifying that the signature of the data matches thepublished signature for that data.
• Validation: Ensuring that the software residing in the game isappropriate and authorized. This is done by verifying that thesoftware is approved for use in the jurisdiction.
“Testing Tomorrow's Technology Today"
Copyright © 2010
Why Is An IndependentThird Party Important?
• The independent third-party verification tool provides the sameassurance as independent accounting firms such as Price Waterhouseauditing (verifying) a Fortune 500 Company’s financial information pergovernment regulations.
• The mission of a regulator has always been to maintain the integrity ofgaming devices in the Industry by using all necessary means to assurea “Fair Game of Chance.”
• An independent third-party verification tool is an essential ingredient inachieving the gaming regulator’s mission, which is to provide a checkand balance system similar to our government (judicial, executive andlegislative branches).
“Testing Tomorrow's Technology Today"
Copyright © 2010
Three Levels of Verification
“Testing Tomorrow's Technology Today"
Copyright © 2010
Verification & Validation Process• Critical Program Storage Media (CPSM)
– BIOS Chips– EPROM’s– SIMM’s– Files– Folders– CD ROM– Compact Flash– Hard Drives– USB Thumb Drives
• Hardware- and software-based testing methods
– Signature testing method required depends on type of media
• When is IV&V required?
– Initial set-up
– Casino changes game software
– Manufacturer sends game software updates
– New machine is added to the floor
– Required internal audits
– External audits
– Player disputes
– Jackpot verifications
“Testing Tomorrow's Technology Today"
Copyright © 2010
GLI Manual Examples
“Testing Tomorrow's Technology Today"
Copyright © 2010
GLI Manual Examples
“Testing Tomorrow's Technology Today"
Copyright © 2010
GLI Manual Examples (con’t.)
“Testing Tomorrow's Technology Today"
Copyright © 2010
GLI Manual Examples (con’t.)
“Testing Tomorrow's Technology Today"
Copyright © 2010
IVVM Menu
“Testing Tomorrow's Technology Today"
Copyright © 2010
Server Based Game Download Systems
Common Examples of Server Based Gaming
Video Lottery Terminals (VLTs) – VLTs are connected to a central system thatcan control the functionality of the terminal.
Bingo and Keno Systems – These systems are predicated on a server basedarchitecture that will send results to terminals are handheld devices.
Finite - Scratch Ticket Systems – Finite Scratch Ticket systems use a serverbased architecture to send the ‘ticket’ to the gaming device.
Downloadable Games – Downloadable Games constitutes the transfer of game‘packages’ to player terminals stationed on the gaming floor.
“Testing Tomorrow's Technology Today"
Copyright © 2010
Methods of Downloading
• Non-System Based
• System Based
This method utilizes a server, which has the ability todownload games directly to gaming terminal on the casinofloor.
The ability to download directly at the gaming device using acommunication port of some kind.
Server Based Game Download Systems
“Testing Tomorrow's Technology Today"
Copyright © 2010
Download Server Report Server
In this example, theentire game kit isdownloaded to theplayer terminal, andall gaming functionsare run at the playerterminal.
Server Based Game DownloadSystems Topology
“Testing Tomorrow's Technology Today"
Copyright © 2010
Central Server
Report Server
In this configuration, seed values are sent tothe gaming terminals with each press of theplay button. The random outcome is thendetermined at the gaming device.
Seed Values
Seed Values
Server Based Game DownloadSystems Topology
“Testing Tomorrow's Technology Today"
Copyright © 2010
Bonus Server
In this scenario, the gameshave their own internalRNG, yet they share abonus server. The bonusserver will usually be calledupon, during certain eventslike the triggering of abonus game. The bonusserver will then generatethe random event used inthe bonus.
Server Based Game DownloadSystems Topology
“Testing Tomorrow's Technology Today"
Copyright © 2010
Houston, we have a problem…
…We’ve lost control !!!“Testing Tomorrow's Technology Today"
Copyright © 2010
Have We Lost Control?
• S2000 Platform
• AVP Platform
“Testing Tomorrow's Technology Today"
Copyright © 2010
Verification Requirements AreManufacturer Driven, But Should Be
Regulator Driven
New Verification Methods Evolve In Three Ways:
1) Manufacturer requests a method to independently verify and validate theCPSM.
2) Laboratory is examining product and requests 3rd Party or internallydevelops method to verify.
3) Regulatory body requests an independent, 3rd party verification method.
“Testing Tomorrow's Technology Today"
Copyright © 2010
Need For Regulator To Take Control
Prevent The “Runaway Train On A Circular Track” Syndrome
“Testing Tomorrow's Technology Today"
Copyright © 2010
Regulator’s Mission
Mind the Store
- Game Regulations
Fair Game of Chance
- Device Verification and Validation
Chart the Course
- Control Mechanism
“Testing Tomorrow's Technology Today"
Copyright © 2010
Key Ingredients for Success• Expanded Levels of Verification
• Internal/External Device Verification
• Third-Party Verification & Validation
“Testing Tomorrow's Technology Today"
Copyright © 2010