SERVER-ASSISTED AND SERVER-BASED GAMING MINIMUM TECHNICAL STANDARDS

Last Updated: 
2017-06-01

agco-server-en.png

Version 1.1 | June 2017

Alcohol and Gaming Commission of Ontario
90 SHEPPARD AVE E - SUITE 200 TORONTO ON M2N 0A4
Tel: 416 326-8700 or 1 800 522-2876 toll free in Ontario
Fax: 416 326-8711

4347E (2017/07)      © Queen’s Printer for Ontario, 2017

Download this guide in PDF format

Introduction

Last Updated: 
2017-06-01

The Registrar of Alcohol, Gaming and Racing is appointed under the Alcohol and Gaming Regulation and Public Protection Act, 1996 and has powers and duties under the Gaming Control Act, 1992 and its Regulations. Under section 3.8 of the Gaming Control Act, 1992, the Registrar is authorized to establish standards and requirements for the conduct, management and operation of Gaming Sites, “lottery schemes” or businesses related to a Gaming Site or a “lottery scheme”. The Registrar has established these technical standards as the minimum standards to be used in assessing Server-Assisted and Server-Based Electronic Gaming Equipment and Systems for approval in Ontario, as applicable to a specific electronic solution.

The Registrar may decide to approve, without testing, the equipment or the system, as the case may be, if it has been approved in another jurisdiction where gaming is legal. Any differences in our standards may necessitate additional review for approval in Ontario. The Registrar has delegated to the Deputy Registrar the authority to make decisions on the approval of Gaming Supplies and Gaming Management Systems.

The intent of this document is to provide minimum technical standards for server-assisted and server-based gaming equipment with regards to the technical integrity, safety and security of the equipment or the system, including its accounting capability.

These revised minimum technical standards will become effective on July 1, 2017. Server-assisted and server-based gaming equipment submitted for approval prior to this date will not be subject to these revised minimum technical standards unless they suffer an issue of technical integrity, safety, security or accounting capability.

Other Standards and Requirements Applicable

Suppliers and operators of server-assisted and server-based gaming equipment and systems must comply with the standards described in this document, together with the applicable Standards and Requirements 1.12, 1.22, 1.24, 1.25, 1.26, 1.27, 1.29, 1.34, 1.35, 1.36, 1.37, 1.38, 1.39, 1.41, 2.4. 2.8, 2.11, 4.2, 4.3, 4.5, 4.6, 4.7, 4.8, 4.10, 4.11, 4.13, 5.2, and 5.8 from the Registrar’s Standards for Gaming, and the Electronic Gaming

Equipment Minimum Technical Standards

While every attempt has been made to avoid duplication / contradiction of information between these minimum technical standards and the Registrar’s Standards for Gaming, the Registrar’s Standards for Gaming override these minimum technical standards in the event of contradiction. Please see the Registrar’s Standards for Gaming for additional information.

Modifications to the Technical Standards Document

From time to time it may be necessary to make modifications to this document in order to address the following:

  1. Changes in technology;
  2. Changes, deletions or additions to meet the intent described earlier;
  3. Introduction of new equipment where no standards have been set;
  4. Rephrasing of a particular standard(s) to provide clarification.

Introduction of New Technology in Ontario

Last Updated: 
2017-06-01

The AGCO encourages innovation in Ontario’s gaming industry by supporting the early adoption of new technology/concepts. Existing Technical Standards are based on known technology, and may not extend or apply to innovative concepts or technologies. In the absence of Technical Standards, interim approvals will be based on the principles of technical integrity, safety, security, and accounting capability. Stakeholders are encouraged to submit innovative concepts or technology for approval at any time after consultation with the AGCO Gaming Lab, including when relevant technical standards have not yet been developed.

Early consultations with the AGCO Gaming Lab at the concept and/or design phase in the product development life cycle allow for effective planning of the introduction of new technology/concepts to Ontario, and enable the Registrar to expedite approval of new technology/concepts.

Assumptions

It is assumed that standard industry practices will be applied (standard software develop- ment practices, design and development including handling of abnormal operations, etc.). Therefore, they are not included in these standards.

It is recognized that the evolution of technology and game design may result in some standards becoming obsolete. In such cases, we encourage the Suppliers to contact the Director/Deputy Registrar to discuss how the proposed technology/game design can com- ply with the intent of these standards.

Glossary

Last Updated: 
2017-06-01

Activated Game: A game that is available for play at a server-assisted slot machine or client station.

Alterable Storage Media Device: Any electronic storage media whose contents can be modified through the use of gaming equipment circuitry or programming. This does not include RAM or media that has its write functionality disabled.

Client Station: Gaming equipment which is connected to and administered by a server-based slot system and is the public interface part of a server-based slot system that cannot operate independently from the system.

Configurable Options: Settable options required to ensure the integrity, security and accounting capability of the game.

Critical Software: Any gaming-related software that is:

  1. integral to the operation of a game; or
  2. used to control game functions, game outcome, payout, security or accounting functions.

Deactivated Game: A game that is no longer available for play on the server-assisted slot machine or client station.

Message Digest:  A digitally created hash (fingerprint) of a file, data or software program generated using  a cryptographic hash function such as the SHA-2 algorithms, for the purpose of validating the contents of a software program, file or data were not changed in any manner whatsoever after the message digest was created.

Play: All gaming events that may be initiated by the making of a specific wager. A play includes the making of a wager, the activation of the gaming equipment game by the patron and an indication to the patron of the outcome of the wager including, if an award is won, the payment of the award.

Server–Assisted Slot Machine: Gaming equipment connected to and administered by a server-assisted slot system and is the public interface part of a server-assisted slot system. A server-assisted slot ma- chine must be able to operate independently from the server-assisted slot system.

Server-Assisted Slot System: A system comprised of one or more server-assisted slot machines connected to a slot machine server and an associated computer network which provides access to approved games and other related software from the slot machine server to the server-assisted slot machine. In a server-assisted slot system, the game outcome is determined by the server-assisted slot machine. (Note: Any design that deviates from this concept will be considered on a case-by-case basis by the Registrar.)

Server-Based Slot System: A system comprised of one or more client stations connected to a slot machine server and an associated computer network which provides access to approved games and other related software from the slot machine server to the client stations. In a server-based slot system, the game outcome is determined by the server. (Note: Any design that deviates from this concept will be considered on a case-by-case basis by the Registrar.

Slot Machine Server: A dedicated computer system that receives and stores approved server-assisted or server-based slot system software, including game software, and authenticates the critical software. The slot machine server uploads and communicates with the connected server-assist- ed slot machines and client stations. A slot machine server is also used to effect changes in the configuration of connected server-assisted slot machines or client stations. Nothing herein shall preclude a server-based or server-assisted slot system design that utilizes more than one slot machine server. All slot machine servers are subject to approval by the Registrar.

Server-Assisted and Server- Based Gaming Minimum Technical Standards

Last Updated: 
2017-06-01

1. Security

Last Updated: 
2017-06-01

1.1  Server Access Control

1.1.1  Critical software and computer files must be controlled only from the slot machine server through the downloaded server-assisted slot machine or client station software, and must not be controlled at or by any of the individual server-assisted slot machines or client stations con- nected to the slot machine server or at or by any other gaming management system or device. Any critical electronic gaming machine program or computer file that is not controlled by the slot machine server must be authenticated. The operator’s procedures for controlling such programs must, at a minimum, require:

  1. Compliance with the applicable log files of sections 6, Reports and Logs below; and
  2. Compliance with section 3.3.1 below, regarding changes to games and options.

1.1.2  The slot machine server must be configured as a dual authorization access system, prior to providing access to files and directories containing critical software or any other sensitive data.

1.2  Software Integrity and Security

1.2.1  A slot machine server must not be capable of altering any component of critical software on any connected server-assisted slot machine that would interrupt, or affect the functions, game outcome, or configurable options of a game in progress on any server-assisted slot machine connected to the slot machine server; provided however, that a slot machine server may stop a game or disable a server-assisted slot machine at any time if there is a valid reason to do so..

1.2.2  A slot machine server must not be capable of altering any component on any connected client station that would interrupt or affect the functions, game outcome, or configurable options of a game in progress; provided however, that a slot machine server may stop a game or disable a client station at any time if there is a valid reason to do so.

2. Authentication

Last Updated: 
2017-06-01

2.1  Self-Authentication of Gaming Software on the Server

2.1.1  The critical software stored on media other than EPROM that will be installed on or used by a slot machine server must contain a message digest or similar mechanism to detect un- authorized changes to critical software pursuant to Electronic Gaming Equipment Minimum Technical Standards section 1.2.1, Critical Files on Media Other than EPROM.

2.1.2  If an unauthorized change occurs:

  1. The slot machine server must provide notification of the error, including the associated invalid program or programs and/or the electronic gaming machine tilt, to the appropriate departments (e.g., MIS, Slots, Surveillance, Audit), where technically possible;
  2. The server must be capable of automatically creating a report which must detail the date, time and outcome of the failed authentication, and identify the invalid program or pro- grams; and

2.2  Self-Authentication of Gaming Software on the Server-Assisted Slot Machine and Client Station

2.2.1  Downloading of software or the download process from the server-assisted or server-based server to the server-assisted slot machine or client station must not by-pass the self-authenti- cation process of the server-assisted slot machine or client station, nor its established chain of trust.

2.3  Field Authentication of Software on the Server

2.3.1  All critical software on the slot machine server must be capable of being authenticated by an independent device or independent software which, at a minimum, must authenticate each message digest of the designated software to ensure that it is an authentic copy of the ap- proved software. The method of authentication must use a mechanism, which ensures the authenticity of the critical software using industry good practices.

3. Software Download and Installation

Last Updated: 
2017-06-01

3.1  Scheduling Software

3.1.1  A server-assisted or server-based slot system may contain or control scheduling software which instructs the slot machine server to download critical software or computer files to con- nected server-assisted slot machines or client stations, and to activate, modify or deactivate such programs, either on demand or at pre-established times and dates.

3.1.2  Scheduling software must include, at a minimum, reports of all pending, successful and unsuccessful events, including the user name, date, time, identification numbers of critical software and computer files successfully or unsuccessfully added, deleted, moved, activat- ed or deactivated, and the status of each event.

3.2  Change Controls

3.2.1  At a minimum, on a daily basis and prior to any critical software being added to or removed from a server-assisted slot machine or client station, any configurable option changes, or any activations or deactivations of an electronic gaming machine game on a server-assisted or server-based slot system, a complete set of electronic gaming machine game data must be successfully and accurately communicated to the slot machine server, a slot management sys- tem, or another approved slot accounting system to include, but not be limited to, the following:

  1. Error Logs, Electronic Gaming Equipment Minimum Technical Standards section 11, Error Conditions;

  2. All applicable meters required by Electronic Gaming Equipment Minimum Technical Stan- dards section 18, Meters;

  3. Last Game Recall for client stations, Electronic Gaming Equipment Minimum Technical Standards section 17, Last Game Recall;
  4. Cashless Transaction Logs, Electronic Gaming Equipment Minimum Technical Standards section 5, Cashless Wagering System.

3.2.2  Software must not be activated, deactivated, added to, modified or removed from a server-as- sisted slot machine or client station while an error or tilt condition, or hand pay lockup exists on the server-assisted slot machine or client station, except as necessary to rectify the error or tilt condition.

3.2.3  The removal of any software from a server-assisted slot machine, client station or slot machine server must in no way affect the requirement to maintain and store the logs of events related to that software and logged pursuant to sections 6.2.1 and 6.2.2 below.

3.3  Electronic Gaming Machine Requirements for Download and Installation

3.3.1  The server-assisted or server-based slot system must not permit any activation of gaming software, paytable (payback/game theme) change or configuration changes to occur until the server-assisted slot machine or client station meets all of the following conditions:

  1. Be in idle mode with no game play, no credits, no hand pay, no tilts or error conditions for at least four minutes prior to activation of gaming software, paytable change or configura- tion changes;
  2. During activation of any, the server-assisted slot machine or client station on which the game is offered must be disabled and rendered unplayable until the activation or implemen- tation process is successfully completed;
  3. While the server-assisted slot machine or client station is disabled for activation, the serv- er-assisted slot machine or client station on which the game is offered must continuously display a conspicuous message stating that the game configuration is being changed. A patron, however, may have the option to bypass this message if he/she chooses to resume play prior to the end of the required time period; and
  4. If the change in the active software is the direct result of a player request, the delay re- quirements of this technical standard are not applicable. However, the active software may not be changed if an error or tilt exists, or if a pending hand pay remains on the server-as- sisted slot machine or client station.

3.3.2  Before gaming software, paytable (payback/game theme) change, or configuration change to a game is made available for patron play, one of the following conditions must be met:

  1. There is a clear change to the game display from the previously activated game where the patron can determine that there has been a change made to the game, e.g. a new theme, new denomination, notification of the date/time of the last configuration change (e.g. when activated paytable was changed), etc. This must be displayed until the first game is played after the change is made, or for a period of 24 hours;                        
  2. The paytable is unavailable for play for a period of twenty four (24) hours; or
  3. A sign or notification declaring that a change is to be made has been placed or displayed on the machine for a period of twenty four (24) hours after the change is made.

3.3.3  The change procedure described in section 3.3.1 above must also apply to an activated server-assisted slot machine or client station that offers multiple games.

3.3.4  Alarms required but not limited to Electronic Gaming Equipment Minimum Technical Standards sections 3.3.2, 11.1.2b), and 11.1.3c), Tilt Conditions, as applicable, must be able to be commu- nicated to the gaming management system and/or slot machine server during any part of the download and activation process.

3.3.5  Any feature or setting of a game which is not approved for use must be disabled in the configurable options of the game’s program through the use of a hardware device, secure password or other restricted technical procedure.

4. Error Conditions

Last Updated: 
2017-06-01

4.1.1  The operator must be immediately notified of any malfunctioning element within the server-based or server-assisted slot system upon the occurrence of any communication failure. The results of a self-monitoring process of the system’s critical interface elements (such as central hosts, network devices, firewalls, etc) must be run at least once each gaming day, and the operator must be noti- fied of any malfunctioning element.

4.1.2  Pursuant to Electronic Gaming Equipment Minimum Technical Standards sections 1.5.4 and 1.5.5, where an unrecoverable memory corruption must result in a RAM error that requires a full RAM clear, the RAM clear event must be performed in a secure manner and in accordance with the Notification Matrix, whether the RAM clear is performed from the slot machine serv- er, the server-assisted slot machine or client station.

4.1.3  A server-based game must be rendered unplayable if communication from the server is lost. The client station must provide a means, such as a hand pay or the issuance of a payout voucher, for patrons to cash out credits indicated on the client station at the time the commu- nication was lost. If a payout voucher is issued, the system must ensure proper reporting and accounting of the voucher.

4.1.4  The client station, or the related gaming application installed on the client station, must stay in a tilt condition in the event no server-based slot system is available for any reason such as a primary and secondary server failure, switch over failure, etc, until the server-based slot system is available again.

4.1.5  The slot machine server must generate error conditions with the date and time of any other logged events which reasonably indicate that the system is not operating as expected, e.g. memory corruption, authentication failure.

5. Meters

Last Updated: 
2017-06-01

5.1.1  Server portions of system-based slot systems must record, store and maintain meters required in Electronic Gaming Equipment Minimum Technical Standards section 18, Meters. The server portion of system-based slot systems must also record all such meters for each individual game (each specific paytable that is activated on each individual client station), as well as for the server-based game in its entirety. The server must be able to send this meter information to a slot monitoring/accounting system, if the server-based slot system is not capable of generating the necessary accounting reports.

5.1.2  Client stations or an applicable server-based system utility must be able to display on de- mand the required meter information (from 5.1.11) that corresponds to the play associated with the particular client station.

6. Reports and Logs

Last Updated: 
2017-06-01

The slot machine server report requirements of this section may be satisfied by the slot machine server and/or the slot accounting/monitoring system.

6.1  Server Requirements for Reports and Audit Logs

6.1.1  Logical access to the slot machine server shall be logged on the server and on a secondary logging device which resides outside the server room and is not accessible to the individual accessing the server room. This information is not required to be logged on the secondary logging device if the information has been rendered unalterable on the server. Logged data shall include time and date of the access and the identification of the accessing individual(s). The resulting logs shall be retained for a minimum of ninety days.

6.1.2  A slot machine server must create a log entry, at a minimum, every time any critical software component is added, removed or altered including any configuration or paytable/game theme changes in the slot machine server, which must contain:

  1. The date and time of the action;
  2. Identification of the software affected, both removed and installed;
  3. The names and unique identification (e.g. registration ID) of the individuals performing the modification; and
  4. The reason for the modification and any pertinent validation information.

6.1.3  The slot machine server must create a log entry whenever any change is made to software in a server-assisted slot machine or client station, including but not limited to software programs, graphics, sound information paytable/game theme, and configuration changes. This log entry must contain the date and time of the event, an identification of the software affected, the name of the individual performing the modification, and any pertinent software identification information. The log entries must be retained on the slot machine server for a minimum of ninety days; provided that logged events older than ninety days can be retained.

6.1.4  The slot machine server must be capable of generating a record detailing any software modification to the slot machine server, or, if not capable of generating such a record, an alternative method of record keeping must be performed.

6.1.5  The slot machine server must generate daily monitoring logs with the date and time of:

  1. User access; and
  2. Any other logged events which reasonably indicate that the system is not operating as expected, e.g. memory corruption, authentication failure.

6.1.6  The slot machine server must be capable of maintaining the logs on the slot machine server and the other logging device referenced in sections 6.1.1, 6.1.2, 6.1.3 and 6.1.4 above, for a minimum of ninety days.

6.1.7  The slot machine server must be capable of retaining a record and generating a report pursuant to section 6.2.1 and 6.2.2 below of all titles of all active games offered on all server-assisted slot machines or client stations, and all changes made to any of the games, for each twenty-four hour period the games are in operation.

6.2  Server-Assisted Slot Machine and Client Station Requirements for Reports and Audit Logs:

6.2.1  Whenever any change is made to software in a server-assisted slot machine, including but not limited to software programs, graphics, sound information, paytable/game theme, or config- uration changes, a log entry must be made on the server-assisted slot machine which must contain the date and time of the event and an identification of the software affected. The logs must be capable of being retained on the server-assisted slot machine for a minimum of 100 logged events.

6.2.2  Whenever any change is made to software in a client station, including but not limited to software programs, graphics, sound information, paytable/game theme, or configuration changes, a log entry must be made which must contain the date and time of the event and an identification of the software affected. This log entry must be made either on the client station, or on a secondary logging device which resides outside the server room and is not accessible to the individual making the program modification. This information is not re- quired to be logged on the secondary logging device if the information has been rendered unalterable on the server.

6.3  General Requirements for Reports and Audit Logs:

6.3.1  Each report contained herein must include the report title and date and time the report was generated. The slot machine server must be able to generate reports with all or any subset of the following information as it pertains to the system:

  1. User access rights by user and by role;
  2. System configurations;
  3. List of all active gaming devices;
  4. List of all deactivated gaming devices;
  5. All software installed on the slot machine server;
  6. All games and paytables installed on the slot machine server;
  7. All games and paytables active on the gaming floor with location and gaming device infor- mation;
  8. All game and paytable changes to be reported in daily, weekly and monthly periods; and
  9. A report of all progressive jackpots listing the participating games.

6.3.2  All information required to be logged pursuant to this section must be available on demand in a report format. Each log report required herein must include the report title and the date and time the report is generated. Where applicable, audit logs must include the source and destination IP addresses, port numbers and MAC addresses. At a minimum, the following log reports must be available and include the information in the referenced requirement:

  1. A firewall log report;
  2. A software integrity log report pursuant to section 2.1.2b) above;
  3. A slot machine server log report pursuant to sections 6.1.2, 6.1.4 and 6.1.5 above;
  4. A server-assisted slot machine and client station log report pursuant to sections 6.1.3 and 6.2.1 above;
  5. A daily monitoring log report pursuant to section 6.1.5 above;
  6. A scheduling log report pursuant to sections 3.1.2 and 6.3.1c) above;
  7. A server-assisted log report pursuant to section 6.1.7 above;
  8. A server-based log report pursuant to section 6.1.7 above; and
  9. Software authentication log reports pursuant to section 2.1.2 above
  10. Progressive jackpot reconciliation reports or alternative means of enabling reconciliation to be performed must be available for each progressive jackpot level and must include suffi- cient information to enable reconciliation to be successfully performed for each progressive level.

7. Forensic Capabilities

Last Updated: 
2017-06-01

7.1.1  It must be possible to perform a forensic analysis of any anomaly that occurs which may include viewing the data at the slot machine server and being able to place the data onto a duplicate device for the examination without shutting down or compromising the integrity of the data being transferred nor the integrity of the production server.