PURPOSE: This rule establishes the minimum standards for authenticating critical program storage media (CPSM). The objective of the technical standard is to require electronic gaming devices (EGD) manufacturers to support a port and protocol, referred to as game authentication terminal (GAT), for EGD verification. GAT would permit a commission agent to authenticate items defined as CPSM external to the EGD's locked logic area. In short, the central processing unit (CPU) board and CPSM will not be required to be removed in order to verify content.
(1) Electronic gaming device (EGD) platforms submitted for approval after November 30, 2011, shall provide the following support for authenticating critical program storage media (CPSM): (A) Employ a verification mechanism, approved by the commission, which authenticates all CPSM. The authentication mechanism shall-1. Be accessible via a communication port and protocol approved by the commission;2. Possess an approved communication port located within the locked EGD cabinet and be accessible without requiring access to the locked logic compartment;3. Provide on-demand authentication of each EGD CPSM. This function shall not require the EGD power to be cycled and the execution time shall not exceed twenty (20) minutes;4. Generate a unique signature for each CPSM utilizing Secure Hashing Algorithm-1 (SHA-1) with Hash-Based Message Authentication Code (HMAC), as defined by the National Institute of Standards and Technology (NIST). Hashing methodologies will be continually reevaluated by the commission; and5. Provide support for escrowing verification results. Verification results shall be preserved and retrievable pending a subsequent verification request or a loss of power; and(B) Provide means for the use of third-party authentication tools approved by the commission.(2) All EGD platforms submitted for approval prior to November 30, 2011, possessing a communication port, paragraph (1)(A)2. notwithstanding, shall comply with subsection (1)(A) of this rule by July 1, 2012, by upgrading the CPSM to meet compliance unless otherwise approved in writing by the commission. Legacy EGD platforms which do not offer a communication port are excluded from this requirement.(3) All EGDs shall be designed to permit a copy of random access memory (RAM) to be extracted utilizing tools and procedures approved by the commission and which shall be provided by the EGD supplier. AUTHORITY: section 313.805, RSMo Supp. 2010.* Original rule filed March 30, 2011, effective Nov. 30, 2011. *Original authority: 313.805, RSMo 1991, amended 1993, 1994, 2000, 2008, 2010.