software systems secure solutions

  view pdf documents:

  RNG Integrity Presentation

  Trusted Product Suite

  Trusted Ticket™ Overview

  Trusted Audit™ Overview

  Trusted Play+™ Overview

  Trusted Transactions™ Overview

  Trusted Monitor™ Overview

  Trusted Play™ Overview

  Trusted Play™ Technical Spec

  Trusted Draw™ White Paper

  Trusted Draw™ Technical Spec

  Electronic Draw Security Threats

  Security Requirements

  Electronic Draw Recommendations

  Trusted Products White Paper

  Breakthrough Technology

run lotto draw

run numbers draw

Products

Szrek2Solutions, the experts in secure gaming systems, now offer Trusted Family™ of products to the gaming industry:

Trusted Draw 360 is a modern, secure and cost effective draw proposition for any lottery or a game provider seeking a draw machine for a new game or planning to replace existing draw machines. Trusted Draw will support all current client lottery games and draw needs within a single system platform and be easily adapted to game changes or new games in the future, including add-on, instant win or promotional games. Trusted Draw uses a patented RNG method of generation of auditable random numbers with built in fraud detection. The Trusted Draw RNG has been certified by multiple independent labs. Trusted Draw has been used successfully by lotteries since 2005 in the US and internationally.

Trusted Play+™ - innovative random number server generating instant and interactive game outcomes and draw results in a secure way, providing fraud protection through its Trusted Audit system. Audit detects any potential integrity issue or fraud attempt against the system, including hard to detect insider attacks. Audit also offers internal control functions such as bet integrity verification and winner selection verification. Trusted Play+ and Audit run on Windows Server 2003 / 2008 platform. Random Number Generation (RNG) and Audit processes and results can be monitored via system monitoring tool, Trusted Monitor.

 

Trusted Monitor™ is a monitoring tool developed for Trusted Draw™, Trusted Play™ and Trusted Play+™ systems, to view the RNG and audit activity progress and results. It is a web application providing monitor and control functionality over the Trusted Play and Trusted Draw servers and their applications. To ensure security Trusted Monitor is deployed on a web server outside of the secure environment of the data center where Trusted Draw / Trusted Play are installed (outside of the firewall). Trusted Monitor provides easy-to-use, browser based graphical user interface to monitor the status of all Trusted Play / Trusted Draw applications on all servers. In addition TM offers console processes that can be used by the off-the-shelf monitoring tools such as Tivoli or Big Brother to monitor remote systems. The inter-process communication interface used by Trusted Monitor for control and monitoring is XML-RPC, which is supported on virtually all platforms and languages.

 

Trusted Transactions offers a unique, time-efficient method of securing gaming transactions before a draw, at a precise time, to ensure bet integrity; protect from any potential alteration of bet data participating in the draw. Trusted Transactions utilizes a patented technology of digital time-stamping a file with gaming transactions just before the draw. To ensure highest level of security, Szrek2Solutions employs a NIST certified tamper proof cryptographic Hardware Security Module, which in addition to performing the time-stamping allows audit of the process.

Trusted Play™ is a secure subsystem for determining winners in computerized 'instant win' games. With Trusted Play™ you can be assured that winners are selected randomly and fairly, and, most importantly, you can prove that this is the case because audit ability is built-in. Trusted Play™ is the only instant winner selection product that provides provable system integrity, eliminating the possibility of undetected insider fraud. Provable to you, provable to your players, and provable to your auditors.

Trusted Draw™ is an electronic winning numbers draw system that provides secure and auditable winning numbers for any lottery-type game. With Trusted Draw™ you can eliminate the expense and complexity of conducting daily or weekly televised draws. Instead, you can rely on Trusted Draw™ to provide you with provably random and fair winning numbers. Trusted Draw™ is especially useful in games such as Keno where using physical devices is impractical because draws occur every few minutes.


What is Time-stamping?                                                      

Time-stamping is a process of digitally signing data together with time. Why is time-stamping important? - standard digital signature provides a proof of the content of the data; it proves that the data corresponds to its signature. However a traditional signature could be made at any time, even after the draw. To ensure that draw data has not been altered before the draw, the time-stamping of the data is done – digital signature of the data together with time. Typically time-stamping of large files, such as lottery transaction files containing millions of bets, is time consuming. Szrek2Solutions solved the technical challenge of time-stamping large files in a very short time, which is critical for draw security applications. This technology used by Szrek2Solutions in Trusted Transactions system is also successfully developed for its Trusted Play and Trusted Draw products.

Time-stamping is not new to the lottery industry; it has been successfully employed by some lotteries (e.g. in Germany).  However currently used approaches require complex modification of the lottery transaction processing system and of the Internal Control System (ICS). The approach proposed by Szrek2Solutions allows Trusted Transactions deployment with minimal or no changes to the current lottery transaction processing system, and with minimal or no changes to the existing ICS.

TT system provides rapid time-stamping of bet data before the draw; it allows closing of sales in less than 5 minutes before the draw. Trusted Transactions time-stamping creates a proof of transaction file content which can be verified after the draw. It is a more secure solution than traditional preventive approaches, which are exposed to insider fraud. Trusted Transactions time-stamp proof is incorruptible and provable to a third party any time after the draw – one minute after or years after.


What is Trusted Play™?

Trusted Play™ is a secure subsystem for determining winners in computerized 'instant win' games.

Instant win games have been introduced in recent years to add the thrill of an instant win to traditional daily or weekly lottery games. When a player buys a normal ticket, the player is also offered a chance to try for an Instant Win for an extra dollar. Also, there are many games offered on the Internet where a player can buy a chance for an Instant Win. These on-line instant win games replace the traditional 'scratch tickets' that are popular throughout the world.

In all cases, for on-line instant win games, winners are determined by bet processing software running on an on-line system. This presents new security and integrity challenges to the gaming operator and requires new security measures to prove system integrity. To assure the trust of the players, it is a requirement to have the same - or better - security for these bets as for traditional, off-line lottery draws. Trusted Play™ provides that assurance.

What are the security risks?

The introduction of instant win games increases the risk of insider fraud. Existing security measures could be circumvented by a skilled insider with knowledge of software and access to the system. For example, the winner selection software could be secretly exchanged with software that generates results that are favorable to an insider. Additionally, current approaches to winner selection use random number generators (RNGs) that have a drawback: they are either somewhat predictable or they are not auditable. Therefore, if an insider changed the software to obtain winning bets, then restored the original software, there would be no indication that such fraud took place.

Traditional security measures, like limiting access to the software, help reduce the risk of such fraud, but they do not eliminate the possibility - it is possible and is not easily detectible. With Trusted Play™, any attempt to fraudulently generate winners can be detected by standard audit procedures. Also, Trusted Play™ provides unpredictable random numbers, so no one - neither an insider nor a player - can analyze the algorithm and gain any playing advantage.

How does Trusted Play™ Work?

Trusted Play™ uses an innovative method of combining strong cryptographic techniques and digital signatures. Our patented method assures that:

. There can be only one set of valid winning numbers at a given time
. Winning numbers can not be predicted ahead of time
. Winning numbers have any desired random distribution
. Each random number generation is accounted for
. The winning number selection and draw time can be audited.

The ability to audit the data is the key element that proves the integrity of the system.

Trusted Play™ can be implemented to work with your existing system and can provide random results for all types of games. A Trusted Play™ system includes a random number server communicating with your client application, a digital signature server and a verification device.

For digital signatures Trusted Play™ uses LYNKS Privacy Card - a plug-in digital signature device by SPYRUS used by many government and private organizations.

Instant win bets need to be audited to prove system integrity and protect against insider fraud. Trusted Play™ product provides this capability - it generates unpredictable random numbers used to determine winners, and it allows you to audit the results for correctness.

What is Trusted Draw™ ?

Trusted Draw™ is an electronic winning numbers draw system that provides secure and auditable winning numbers for any lottery-type game. With Trusted Draw™ you can obtain draw results with any desired frequency and distribution for any game of chance: lotto, keno, numbers, wheel, cards, etc. It can hold hundreds of draws per second.

In recent years more and more lotteries have introduced on-line games with high draw frequency - with tens or hundreds of draws per day. With draws taking place every few minutes, the drawing process has to be very fast. Traditional drawing machines, with mechanical ball drawing, cannot reasonably be used in such games since they require extensive space, personnel, and physical security. Consequently some new types of drawing machines have been introduced, where computer software rather then 'ball machines' is used to generate winners. The security of these types of drawing machines is mainly based on physical security, which is not sufficient.

Trusted Draw™ solves that problem. Trusted Draw™ provides methods to ensure the integrity of draw software and standard ways to audit the draw software outcome - the generated random draw numbers. Any attempt by an insider to modify draw generation software to generate different results would be exposed in the audit. Only the proper draw numbers would be the accepted outcome of the Trusted Draw™ system. This method of verification is foolproof because it audits the draw results themselves, not just the generation process.

What are security risks of computerized draws?

Current security approaches to computerized draws have drawbacks: physical security is difficult to maintain and is expensive, as are frequent process audits and code inspections. This is not sufficient in today's world. With enough access to a system, a skilled insider could circumvent virtually any current computerized draw process. For example the insider could exchange the valid software with malicious software to produce some specific winning combinations. An intelligent insider, with sufficient access, could do this so that current process audit or statistical analysis of the generated numbers would not detect fraud.

What is needed is a way to prove that the draw numbers themselves were properly generated, thus providing the ultimate protection against fraud. Trusted Draw™ solves this by its ability to detect any tampering with the drawing.

How does Trusted Draw™ work?

Trusted Draw™, like Trusted Play™, uses an innovative method of combining strong cryptographic techniques and digital signatures. Our patented method assures that:

. There can be only one set of valid winning numbers at a given time
. Winning numbers can not be predicted ahead of time
. Winning numbers have any desired random distribution
. Each random number generation is accounted for
. The winning number selection and draw time can be audited.

The ability to audit the data is the key element that proves the integrity of the system. There is no other product on the market that offers draw security nearly as strong.

Trusted Draw™ can be implemented to work with your existing system and can provide random results for all types of games. Trusted Draw™ system includes a random number server that communicates with your client application, a digital signature server and a verification device.

Trusted Draw™ works with LYNKS Privacy Card - a plug-in digital signature device by SPYRUS used by many government and private organizations.

The LYNKS Privacy card is a tamper evident device. It keeps its private key in non volatile memory not accessible externally and provides a public key for signature verification. This allows any client, with access to the public key, to audit the draw data.

S2S

1