MOBILE GAMING SYSTEM POLICIES



Similar documents
Security. TestOut Modules

Business ebanking Fraud Prevention Best Practices

Complying with PCI Data Security

Copyright Telerad Tech RADSpa. HIPAA Compliance

Configuring Security Solutions

Hang Seng HSBCnet Security. May 2016

Best Practices Guide to Electronic Banking

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Massey University Wireless Network - Client

Scenario: IPsec Remote-Access VPN Configuration

Integrating a Hitachi IP5000 Wireless IP Phone

Two Factor Authentication in SonicOS

Transport Layer Security Protocols

Wireless Network Configuration Guide

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Configure WorkGroup Bridge on the WAP131 Access Point

Online Banking Customer Awareness and Education Program

Section 12 MUST BE COMPLETED BY: 4/22

Airnet-Student is a new and improved wireless network that is being made available to all Staffordshire University students.

BeamYourScreen Security

A brief on Two-Factor Authentication

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Web Security Considerations

Corporate and Payment Card Industry (PCI) compliance

ADM:49 DPS POLICY MANUAL Page 1 of 5

DATA SECURITY AGREEMENT. Addendum # to Contract #

MIKOGO SECURITY DOCUMENT

AGREEMENT on cpanel Hosting service use. AGREEMENT No. Concluded on: 1. (hereinafter: the Customer) Article 1 Subject and Definition

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

User Guide for eduroam

Scenario: Remote-Access VPN Configuration

United States Trustee Program s Wireless LAN Security Checklist

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

IDENTITY THEFT: DATA SECURITY FOR EMPLOYERS. Boston, MA Richmond, Virginia Tel. (617) Tel. (804)

FileCloud Security FAQ

STANDARD SERIES GLI-18: Promotional Systems in Casinos. Version: 2.1

Connecting to UNOSECURE using Windows 7

Security Policy Revision Date: 23 April 2009

CTS2134 Introduction to Networking. Module Network Security

Installation Guides - Information required for connection to the Goldfields Institute s (GIT) Wireless Network

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

PA-DSS Implementation Guide: Steps to ensure that your POS system is secure

The Security Behind Sticky Password

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Secure Web Access Solution

Computer Networks. Secure Systems

GPC JagTalk Secure Wireless Network. Connection Instructions

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Setting Up Scan to SMB on TaskALFA series MFP s.

Standard: Network Security

Advanced Administration

Paladin Computers Privacy Policy Last Updated on April 26, 2006

CHIS, Inc. Privacy General Guidelines

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

RuggedCom Solutions for

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

GE Measurement & Control. Cyber Security for NEI 08-09

Industrial Communication. Securing Industrial Wireless

Using PowerBroker Identity Services to Comply with the PCI DSS Security Standard

BlackShield ID Agent for Remote Web Workplace

Remote Deposit Terms of Use and Procedures

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Developing Network Security Strategies

Information Security Basic Concepts

Network Security Guidelines. e-governance

Implementation Guide

Privacy Policy. What is Covered in This Privacy Policy. What Information Do We Collect, and How is it Used?

Security Awareness. Wireless Network Security

esnc ACCESS AGREEMENT

Peachtree Ridge High School Bring Your Own Device Training for Students

Neutralus Certification Practices Statement

Shipping Services Files (SSF) Secure File Transmission Account Setup

Penn State Wireless 2.0 and Related Services for Network Administrators

Did you know your security solution can help with PCI compliance too?

Supplier IT Security Guide

Network Services One Washington Square, San Jose, CA

How to connect to NAU s WPA2 Enterprise implementation in a Residence Hall:

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Cisco Unified Wireless Network Solution Positioning for the New PCI DSS Wireless Guideline

Ensuring the security of your mobile business intelligence

CHAPTER 1 INTRODUCTION

NETWORK SECURITY GUIDELINES

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Transcription:

MOBILE GAMING SYSTEM POLICIES This document is intended to provide further clarification on applicable mobile gaming Technical Standards and additionally to define policies associated with the manufacturing and operation of mobile gaming systems. It is important to note that mobile gaming is an extension of the Technical Standards for System Based and System Supported Gaming Devices. Revised 5/18/06 Technical Standard 1.050. Physical Security. 2(a) For the client portion of the system supported game, comply with Technical Standard 1.050(1). Policy 1.050(2)(a): System supported mobile gaming clients must: 1. Actively monitor physical entry into the device and report entry to the system portion of the device; 2. Retain physical evidence of the entry. This can be accomplished through the use of physical seals, locks, etc.; and 3. Render itself unusable for gaming transactions until properly cleared by authorized personnel. 3(a) For the client portion of the system based game, comply with Technical Standard 1.050(1). Policy 1.050(3)(a): System based mobile gaming devices must retain evidence of any illegal entry. Technical Standard 4.010. User Authorization. 1. Mobile gaming systems must employ a mechanism approved by the Chairman which is capable of verifying that the mobile communications device is being operated by an authorized person. Policy 4.010(1): 1. All systems must support and employ strong user authentication, authorization, and accounting that checks against a user database. MOBILE GAMING SYSTEM STANDARDS AND POLICIES Page 1

2. Strong user authentication shall require that a minimum of two factors of authentication are verified. Factors of authentication may include the following: a. A Password or PIN associated with a username; b. A Physical Token; c. A Biometric Measurement; or d. Other factors approved by the Chairman. 3. Two factors of authentication must be verified prior to the opening of a session. 2. The mechanism used to verify that the mobile communications device is being operated by an authorized person must be capable of being initiated both on demand and on a regular basis. Policy 4.010(2): 1. Users must be verified at random time increments not to exceed 30 minutes with at least one factor of authentication. 2. A session is considered closed under the following conditions: a. User authentication has not been successfully completed within a 30 minute timeframe; b. No game activity has occurred within 5 minutes; c. The mobile unit has been disabled due to the mobile unit entering a non-gaming area; d. The user or system has terminated the session. 3. Authorization information transmitted by the mobile communications device to the mobile gaming system for identification purposes must be collected at the time of the request from the mobile gaming system and may not be stored on the mobile communications device. Policy 4.010(3): This requirement excludes user names that are associated with passwords or PINs. 4. The Chairman, in his/her sole and absolute discretion, may waive the requirements of this section for mobile communications devices that cannot be reasonably moved by a patron. MOBILE GAMING SYSTEM STANDARDS AND POLICIES Page 2

Technical Standard 4.020. Mobile Communications Device Communication with a Mobile Gaming System. 1. Communication between a mobile communications device and a mobile gaming system must be conducted using a method that securely links the mobile communications device to the mobile gaming system and authenticates both the mobile communications device and mobile gaming system as authorized to communicate over that link. Policy 4.020(1) and 1.062(1): 1. Communications between the server(s) and the mobile client must use appropriate authentication and cryptographic protocols to provide mutual authentication of the mobile unit and the server, integrity of the data communicated, and for confidentiality by encrypting the data communicated. Examples of appropriate protocols include but are not limited to SSL, TLS, IPSec, Kerberos, EAP, and 802.1x. 2. All mobile devices must be successfully authenticated prior to accessing any resources of the mobile gaming system. 3. For wireless communications the system must: a. Employ a public, peer reviewed encryption algorithm such as 3DES, AES, or another algorithm approved by the Chairman. b. Not broadcast the network identifier (i.e. SSID). c. The network identifier must be changed from the factory default and must not be made up of information related to the operator (e.g. abccasino) or the type of transactions occurring over the network (e.g. gamingap). d. Provide physical security for access points or equivalent hardware. e. Access points should implement hardware identifier (MAC) filtering. f. Mobile devices must not communicate to or through another mobile device. Communication must only occur between the mobile device and the mobile gaming system via authorized access points and other required network hardware. 4. The system must maintain an authorized list of devices which it may communicate with, which must include the device name, a unique device ID and the device s hardware identifier. 5. The system must provide a log of all failed attempts at network access which includes the device name and hardware identifier. This log must be stored for a minimum of 90 days. 2. Mobile gaming system components which interface mobile communications devices must sufficiently isolate the mobile communications devices from the server portion of the mobile gaming system. MOBILE GAMING SYSTEM STANDARDS AND POLICIES Page 3

Policy 4.020(2): 1. A firewall or equivalent hardware appliance with best practice policies in place must exist between any wireless access points or like device and the gaming server(s). 2. The Chairman or his designee may waive the hardware requirement of Policy 4.020(2)(1) if it can be demonstrated that an alternative solution adequately isolates the mobile communications devices from the server portion of the mobile gaming system. 3. A mobile communications device must be designed or programmed such that it may only communicate with authorized mobile gaming systems. Policy 4.020(3): Mobile device communications ports must be limited to ports for communication with the gaming system servers only. Other communications such as IR and Bluetooth must be disabled unless specifically used and limited to functions used to comply with a Technical Standard or Policy. Technical Standard 4.030. Location Restrictions. Mobile gaming systems must be designed to restrict the gaming operation of the mobile communications device to public areas as defined by Regulation 5.220. Policy 4.030: 1. Systems must employ technology that is capable of immediately detecting if a mobile device has entered a non-gaming area. 2. Gaming area coverage may not extend into prohibited areas. 3. If a patron enters a non-gaming area the system must: a. Suspend gaming transactions following the completion of any current transaction; and b. Notify the patron that gaming transactions have been suspended until the patron reenters a gaming area and is reauthorized. 4. Upon reentry into a gaming area the patron must be authenticated (Policy 4.010(2)) and the device must return to the last known state prior to gaming activity suspension. Technical Standard 4.040. Mobile Communications Device Volume. Mobile communications devices must be capable of adjusting and/or muting the volume on the device. MOBILE GAMING SYSTEM STANDARDS AND POLICIES Page 4

Additional Mobile Gaming Policies: 1. Mobile devices must include patron help screens that include the rules associated with the operation of the mobile device. 2. Operators must provide mobile gaming operation information to patrons such as gaming area maps, rules of operation, and how to operate. 3. System based mobile gaming systems must provide authorized personnel an easily accessible terminal that will allow for the reconciliation of game activity (play history, etc.) on any mobile unit in case of mobile device failure or disputed games. MOBILE GAMING SYSTEM STANDARDS AND POLICIES Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information