Statutes, codes, and regulations
New York Codes, Rules and Regulations
Title 9 - EXECUTIVE DEPARTMENTSubtitle T - New York State Gaming CommissionChapter IV - Division of GamingSubchapter B - Casino Gaming
Part 5319 - Standards for Gaming Devices
Section 5319.14 - Control program requirements

N.Y. Comp. Codes R. & Regs. tit. 9 § 5319.14

Download
PDF
Current through Register Vol. 46, No. 45, November 2, 2024
Section 5319.14 - Control program requirements
(a) Control program verification.
(1) EPROM-based program storage. Gaming devices that have control programs residing in one or more EPROMs shall employ a mechanism to verify control programs and data. Such mechanism shall use, at a minimum, a checksum. It is recommended that a cyclic redundancy check be used (at least 16-bit).
(2) Non-EPROM program storage.
(i) Software shall provide a mechanism for the detection of unauthorized and corrupt software elements, upon any access, and subsequently prevent the execution or usage of such corrupt elements by a gaming device. Such mechanism shall employ a hashing algorithm that produces a message digest output of at least 128 bits.
(ii) In the event of a failed authentication after a game has been powered up, a gaming device immediately should enter an error condition and display an appropriate error. This error shall require operator intervention to clear and shall not clear until the data authenticates properly, following operator intervention, or the media are replaced or corrected, and the gaming device's memory is cleared. Control program verification mechanisms will be evaluated on a case-by-case basis based on industry-standard security practices.
(3) Alterable media. In addition to the requirements set forth in paragraph (2) of this subdivision shall:
(i) employ a mechanism that tests unused or unallocated areas of the alterable media for unintended programs or data and tests the structure of the media for integrity. Such mechanism shall prevent further play of the gaming device if unexpected data or structural inconsistencies are found; and
(ii) employ a mechanism for keeping a record any time a control program component is added, removed or altered on any alterable media. Such record shall contain a minimum of the last 10 modifications to the media and each record shall contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information. Alterable program storage does not include memory devices typically considered to be alterable that have been rendered "read-only" by either a hardware or software means.
(b) Program identification. Program storage devices that do not have the ability to be modified while installed in a gaming device during normal operation shall be marked clearly with sufficient information to identify the software and revision level of the information stored in such devices.
(c) Independent control program verification. A gaming device shall have the ability to allow for an independent integrity check of such device's software from an outside source. An independent integrity check is required for all control programs that may affect the integrity of the game. In such integrity check, the software shall be authenticated by a third-party device, which may be embedded within the game software, by having an interface port for a third-party device to authenticate the media, or by allowing for removal of the media such that the media can be verified externally. This integrity check shall provide a means for field verification of the software to identify and validate the program. An approved testing laboratory shall, prior to device approval, evaluate the integrity-check method. If the authentication program is contained within the game software, the manufacturer shall receive written approval from the testing laboratory prior to submission for testing.

N.Y. Comp. Codes R. & Regs. Tit. 9 § 5319.14

Adopted New York State Register November 16, 2016/Volume XXXVIII, Issue 46, eff. 11/16/2016