software systems secure solutions
|
view pdf documents: Trusted Transactions™ Overview
Trusted Play™
Overview
Electronic Draw Security Threats |
||
Products
Szrek2Solutions, the experts in secure gaming systems, now offers Trusted Family™ of innovative products to the gaming industry:
Trusted Play+™ - innovative random number server generating instant and interactive game outcomes and draw results in a secure way, providing fraud protection through its Trusted Audit system. Audit detects any potential fraud against the system, including hard to detect insider attacks. Audit also offers internal control functions such as bet integrity verification and winner selection verification. Random Number Generation (RNG) and Audit processes and results can be monitored via system monitoring tool, Trusted Monitor.
Trusted Monitor™ is a monitoring tool developed for Trusted Draw™, Trusted Play™ and Trusted Play+™ systems, to view the RNG and audit activity progress and results. It is a web application providing monitor and control functionality over the Trusted Play and Trusted Draw servers and their applications. To ensure security Trusted Monitor is deployed on a web server outside of the secure environment of the data center where Trusted Draw / Trusted Play are installed (outside of the firewall). Trusted Monitor provides easy-to-use, browser based graphical user interface to monitor the status of all Trusted Play / Trusted Draw applications on all servers. In addition TM offers console processes that can be used by the off-the-shelf monitoring tools such as Tivoli or Big Brother to monitor remote systems. The inter-process communication interface used by Trusted Monitor for control and monitoring is XML-RPC, which is supported on virtually all platforms and languages.
Trusted Transactions™ offers a unique, time-efficient method of securing gaming transactions before a draw, at a precise time, to ensure bet integrity; protect from any potential alteration of bet data participating in the draw. Trusted Transactions™ utilizes a patent applied for technology of digital time-stamping a file with gaming transactions just before the draw. To ensure highest level of security, Szrek2Solutions employs a NIST certified tamper proof cryptographic Hardware Security Module, which in addition to performing the time-stamping allows audit of the process.
-
Trusted Play™
product brochure
Trusted Play™ is a secure subsystem for determining winners in computerized 'instantaneous winner' games. With Trusted Play™ you can be assured that winners are selected randomly and fairly, and, most importantly, you can prove that this is the case because audit ability is built-in. Trusted Play™ is the only instantaneous winner selection product that provides provable system integrity, eliminating the possibility of undetected insider fraud. Provable to you, provable to your players, and provable to your auditors.
-
Trusted Draw™ product brochure
Trusted Draw™ is an electronic winning numbers draw system that provides secure and auditable winning numbers for any lottery-type game. With Trusted Draw™ you can eliminate the expense and complexity of conducting daily or weekly televised draws. Instead, you can rely on Trusted Draw™ to provide you with provably random and fair winning numbers. Trusted Draw™ is especially useful in games such as Keno where using physical devices is impractical because draws occur every few minutes.
Time-stamping is a process of digitally signing data together with time. Why is time-stamping important? - standard digital signature provides a proof of the content of the data; it proves that the data corresponds to its signature. However a traditional signature could be made at any time, even after the draw. To ensure that draw data has not been altered before the draw, the time-stamping of the data is done – digital signature of the data together with time. Typically time-stamping of large files, such as lottery transaction files containing millions of bets, is time consuming. Szrek2Solutions solved the technical challenge of time-stamping large files in a very short time, which is critical for draw security applications. This technology used by Szrek2Solutions in Trusted Transactions™ system is also successfully developed for its Trusted Play and Trusted Draw products.
Time-stamping is not new to the lottery industry; it has been successfully employed by some lotteries (e.g. in Germany). However currently used approaches require complex modification of the lottery transaction processing system and of the Internal Control System (ICS). The approach proposed by Szrek2Solutions allows Trusted Transactions™ deployment with minimal or no changes to the current lottery transaction processing system, and with minimal or no changes to the existing ICS.
TT system provides rapid
time-stamping of bet data before the draw; it allows
closing of sales in less than 5 minutes before the draw.
Trusted Transactions™ time-stamping creates a proof of transaction file
content which can be verified after the draw. It is a
more secure solution than traditional preventive
approaches, which are exposed to insider fraud.
Trusted Transactions™
time-stamp proof is incorruptible and provable to a
third party any time after the draw – one minute after
or years after. Trusted Play™ is a
secure subsystem for determining winners in
computerized 'instantaneous winner' games. Instantaneous winner games have been
introduced in recent years to
add the thrill of an instantaneous win to traditional daily or weekly lottery
games. When a player buys a normal ticket, the player is also offered a chance
to try for an Instant Win for an extra dollar. Also, there are many games
offered on the Internet where a player can buy a chance for an Instant Win.
These on-line instantaneous winner games replace the traditional 'scratch
tickets' that are popular throughout the world. In all cases, for on-line instantaneous winner games, winners are
somehow determined by bet processing software running on an on-line system.
This presents new security and integrity challenges to the gaming operator and
requires new security measures to prove system integrity. To assure the trust
of your players, it is a requirement to have the same - or better - security
for these bets as you would for traditional, off-line lottery draws. Trusted
Play™ provides that assurance. What are the security risks? The introduction of instantaneous winner games increases the risk
of insider fraud. Existing security measures could be circumvented by a skilled
insider with knowledge of software and access to the system. For example, the
winner selection software could be secretly exchanged with software that
generates results that are favorable to an insider. Additionally, current
approaches to winner selection use random number generators (RNGs) that have a
drawback: they are either somewhat predictable or they are not auditable.
Therefore, if an insider changed the software to obtain winning bets, then
restored the original software, there would be no indication that such fraud
took place.
Traditional security measures, like limiting access to the software, help
reduce the risk of such fraud, but they do not eliminate the possibility - it
is possible and is not easily detectible. With Trusted Play™, any attempt to
fraudulently generate winners can be detected by standard audit procedures.
Also, Trusted Play™ provides unpredictable random numbers, so no one - neither
an insider nor a player - can analyze the algorithm and gain any playing
advantage. How does Trusted Play™ Work? Trusted Play™ uses an innovative method of combining strong
cryptographic techniques and digital signatures. Our patent-pending method
assures that:
. There can be only one set of valid winning numbers at a given time
The ability to audit the data is the key element that proves the integrity of
the system.
Trusted Play™ can be implemented to work with your existing system and can
provide random results for all types of games. A Trusted Play™ system includes
a random number server communicating with your client application, a digital
signature server and a verification device. For digital signatures Trusted Play™ uses
LYNKS Privacy Card - a
plug-in digital signature device by
SPYRUS
used by many government and private organizations.
Instantaneous winner bets need to be audited to prove system
integrity and protect against insider fraud. Trusted Play™ product provides
this capability - it generates unpredictable random numbers used to determine
winners, and it allows you to audit the results for correctness. Trusted Draw™ is an electronic winning numbers draw system that
provides secure and auditable winning numbers for any lottery-type game. With
Trusted Draw™ you can obtain draw results with any desired frequency and
distribution for any game of chance: lotto, keno, numbers, wheel, cards, etc.
It can hold hundreds of draws per second. In recent years more and more lotteries have introduced on-line
games with high draw frequency - with tens or hundreds of draws per day. With
draws taking place every few minutes, the drawing process has to be very fast.
Traditional drawing machines, with mechanical ball drawing, cannot reasonably
be used in such games since they require extensive space, personnel, and
physical security. Consequently some new types of drawing machines have been
introduced, where computer software rather then 'ball machines' is used to
generate winners. The security of these types of drawing machines is mainly
based on physical security, which is not sufficient. Trusted Draw™ solves that problem. Trusted Draw™ provides methods
to ensure the integrity of draw software and standard ways to audit the draw
software outcome - the generated random draw numbers. Any attempt by an insider
to modify draw generation software to generate different results would be
exposed in the audit. Only the proper draw numbers would be the accepted
outcome of the Trusted Draw™ system. This method of verification is foolproof
because it audits the draw results themselves, not just the generation process. What are security risks of computerized draws? Current security approaches to computerized draws have drawbacks:
physical security is difficult to maintain and is expensive, as are frequent
process audits and code inspections. This is not sufficient in today's world.
With enough access to a system, a skilled insider could circumvent virtually
any current computerized draw process. For example the insider could exchange
the valid software with malicious software to produce some specific winning
combinations. An intelligent insider, with sufficient access, could do this so
that current process audit or statistical analysis of the generated numbers
would not detect fraud.
What is needed is a way to prove that the draw numbers themselves were properly
generated, thus providing the ultimate protection against fraud. Trusted Draw™
solves this by its ability to detect any tampering with the drawing. How does Trusted Draw™ work? Trusted Draw™, like Trusted Play™, uses an innovative method of
combining strong cryptographic techniques and digital signatures. Our
patent-pending method assures that:
. There can be only one set of valid winning numbers at a given time
The ability to audit the data is the key element that proves the integrity of
the system. There is no other product on the market that offers draw security
nearly as strong. Trusted Draw™ can be implemented to work with your existing system
and can provide random results for all types of games. Trusted Draw™ system
includes a random number server that communicates with your client application,
a digital signature server and a verification device. Trusted Draw™ works with LYNKS Privacy Card - a plug-in digital
signature device by
SPYRUS used by many
government and private organizations.
The
LYNKS Privacy card is a tamper evident device. It keeps its
private key in non volatile memory not accessible externally and provides a
public key for signature verification. This allows any client, with access to
the public key, to audit the draw data.
. Winning numbers can not be predicted ahead of time
. Winning numbers have any desired random distribution
. The winning number selection can be audited.
. Winning numbers can not be predicted ahead of time
. Winning numbers have any desired random distribution
. The winning number selection can be audited.
S2S