The objective of the requirements in this section is to ensure the integrity of the Critical Software and Critical Game Data during Game operation.
3.1.1 The integrity of the Critical Software on the Gaming Devices must be maintained at all times to ensure the Game operates as designed.
3.1.2 The Gaming Devices must verify the integrity of Critical Software as part of the boot up process prior to the Critical Software being executed. Detection of any compromised Critical Software must cause a tilt and place the Gaming Devices into an unplayable state.
Guidance:
3.1.3 The integrity of Critical Software must be safeguarded from the point it is loaded into memory and during its execution.
3.2.1 The Game must accurately maintain the integrity of Critical Game Data to ensure the Game operates as expected and is auditable.
3.2.2 The Game must employ methods to detect corruption and unauthorized alteration to its Critical Game Data to prevent integrity issues from occurring.
Guidance:
This standard is intended to minimize any integrity issues arising as a result of corruption or unauthorized alteration of Critical Game Data.
3.2.3 Detection of corrupted or unauthorized alteration of Critical Game Data that cannot be recovered from must cause Game Play to be halted immediately and must cause the Gaming Device to enter into a tilt condition, and not resume Play until the condition has been addressed.
3.2.4 The Critical Game Data must be preserved when power to its storage media is lost to provide data loss protection in the event of power outages as well as time for transportation and examination of Critical Game Data storage devices.
3.2.5 Clearing of Critical Game Data must only be capable of being performed through a Restricted Technical Procedure.
3.3.1 The Gaming Device must implement an authentication mechanism that meets industry good practices and provide one of the following methods to authenticate all Critical Software:
Guidance:
It is most efficient and effective for the industry to standardize the method used for on-demand Critical Software authentication. GAT appears to be the method that is most commonly used.
3.4.1 All deployed Critical Software must be capable of being securely authenticated by the Slot Monitoring System when deployed at Gaming Sites to ensure only approved Critical Software is installed.
3.4.2 All Gaming Devices must be capable of calculating and providing cryptographic Hashes or CRCs of all Critical Software upon request from a Slot Monitoring System in accordance with the protocol implemented (e.g. a request from a Slot Monitoring System using SAS protocol LP21, Read-Only Memory Signature (ROMSig)).