software systems secure solutions

  view pdf documents:

  Trusted Play™ Overview

  Trusted Play™ Technical Spec

  Trusted Draw™ White Paper

  Trusted Draw™ Technical Spec

  Electronic Draw Security Threats

  Security Requirements

  Electronic Draw Recommendations

  Trusted Products White Paper

  Breakthrough Technology

run lotto draw

run numbers draw

Products

Szrek2Solutions, the experts in secure gaming systems, now offers Trusted Family™ of innovative products to the gaming industry:

Trusted Transactions offers a unique, time-efficient method of securing gaming transactions before a draw, at a precise time, to ensure bet integrity; protect from any potential alteration of bet data participating in the draw. Trusted Transactions utilizes a patent applied for technology of digital time-stamping a file with gaming transactions just before the draw. To ensure highest level of security, Szrek2Solutions employs a NIST certified tamper proof cryptographic Hardware Security Module, which in addition to performing the time-stamping allows audit of the process.

Trusted Play™ is a secure subsystem for determining winners in computerized 'instantaneous winner' games. With Trusted Play™ you can be assured that winners are selected randomly and fairly, and, most importantly, you can prove that this is the case because audit ability is built-in. Trusted Play™ is the only instantaneous winner selection product that provides provable system integrity, eliminating the possibility of undetected insider fraud. Provable to you, provable to your players, and provable to your auditors.

Trusted Draw™ is an electronic winning numbers draw system that provides secure and auditable winning numbers for any lottery-type game. With Trusted Draw™ you can eliminate the expense and complexity of conducting daily or weekly televised draws. Instead, you can rely on Trusted Draw™ to provide you with provably random and fair winning numbers. Trusted Draw™ is especially useful in games such as Keno where using physical devices is impractical because draws occur every few minutes.


What is Time-stamping?                                                      

Time-stamping is a process of digitally signing data together with time. Why is time-stamping important? - standard digital signature provides a proof of the content of the data; it proves that the data corresponds to its signature. However a traditional signature could be made at any time, even after the draw. To ensure that draw data has not been altered before the draw, the time-stamping of the data is done – digital signature of the data together with time. Typically time-stamping of large files, such as lottery transaction files containing millions of bets, is time consuming. Szrek2Solutions solved the technical challenge of time-stamping large files in a very short time, which is critical for draw security applications. This technology used by Szrek2Solutions in Trusted Transactions system is also successfully developed for its Trusted Play and Trusted Draw products.

Time-stamping is not new to the lottery industry; it has been successfully employed by some lotteries (e.g. in Germany).  However currently used approaches require complex modification of the lottery transaction processing system and of the Internal Control System (ICS). The approach proposed by Szrek2Solutions allows Trusted Transactions deployment with minimal or no changes to the current lottery transaction processing system, and with minimal or no changes to the existing ICS.

TT system provides rapid time-stamping of bet data before the draw; it allows closing of sales in less than 5 minutes before the draw. Trusted Transactions time-stamping creates a proof of transaction file content which can be verified after the draw. It is a more secure solution than traditional preventive approaches, which are exposed to insider fraud. Trusted Transactions time-stamp proof is incorruptible and provable to a third party any time after the draw – one minute after or years after.


What is Trusted Play™?

Trusted Play™ is a secure subsystem for determining winners in computerized 'instantaneous winner' games.

Instantaneous winner games have been introduced in recent years to add the thrill of an instantaneous win to traditional daily or weekly lottery games. When a player buys a normal ticket, the player is also offered a chance to try for an Instant Win for an extra dollar. Also, there are many games offered on the Internet where a player can buy a chance for an Instant Win. These on-line instantaneous winner games replace the traditional 'scratch tickets' that are popular throughout the world.

In all cases, for on-line instantaneous winner games, winners are somehow determined by bet processing software running on an on-line system. This presents new security and integrity challenges to the gaming operator and requires new security measures to prove system integrity. To assure the trust of your players, it is a requirement to have the same - or better - security for these bets as you would for traditional, off-line lottery draws. Trusted Play™ provides that assurance.

What are the security risks?

The introduction of instantaneous winner games increases the risk of insider fraud. Existing security measures could be circumvented by a skilled insider with knowledge of software and access to the system. For example, the winner selection software could be secretly exchanged with software that generates results that are favorable to an insider. Additionally, current approaches to winner selection use random number generators (RNGs) that have a drawback: they are either somewhat predictable or they are not auditable. Therefore, if an insider changed the software to obtain winning bets, then restored the original software, there would be no indication that such fraud took place.

Traditional security measures, like limiting access to the software, help reduce the risk of such fraud, but they do not eliminate the possibility - it is possible and is not easily detectible. With Trusted Play™, any attempt to fraudulently generate winners can be detected by standard audit procedures. Also, Trusted Play™ provides unpredictable random numbers, so no one - neither an insider nor a player - can analyze the algorithm and gain any playing advantage.

How does Trusted Play™ Work?

Trusted Play™ uses an innovative method of combining strong cryptographic techniques and digital signatures. Our patent-pending method assures that:

. There can be only one set of valid winning numbers at a given time
. Winning numbers can not be predicted ahead of time
. Winning numbers have any desired random distribution
. The winning number selection can be audited.

The ability to audit the data is the key element that proves the integrity of the system.

Trusted Play™ can be implemented to work with your existing system and can provide random results for all types of games. A Trusted Play™ system includes a random number server communicating with your client application, a digital signature server and a verification device.

For digital signatures Trusted Play™ uses LYNKS Privacy Card - a plug-in digital signature device by SPYRUS used by many government and private organizations.

Instantaneous winner bets need to be audited to prove system integrity and protect against insider fraud. Trusted Play™ product provides this capability - it generates unpredictable random numbers used to determine winners, and it allows you to audit the results for correctness.

What is Trusted Draw™ ?

Trusted Draw™ is an electronic winning numbers draw system that provides secure and auditable winning numbers for any lottery-type game. With Trusted Draw™ you can obtain draw results with any desired frequency and distribution for any game of chance: lotto, keno, numbers, wheel, cards, etc. It can hold hundreds of draws per second.

In recent years more and more lotteries have introduced on-line games with high draw frequency - with tens or hundreds of draws per day. With draws taking place every few minutes, the drawing process has to be very fast. Traditional drawing machines, with mechanical ball drawing, cannot reasonably be used in such games since they require extensive space, personnel, and physical security. Consequently some new types of drawing machines have been introduced, where computer software rather then 'ball machines' is used to generate winners. The security of these types of drawing machines is mainly based on physical security, which is not sufficient.

Trusted Draw™ solves that problem. Trusted Draw™ provides methods to ensure the integrity of draw software and standard ways to audit the draw software outcome - the generated random draw numbers. Any attempt by an insider to modify draw generation software to generate different results would be exposed in the audit. Only the proper draw numbers would be the accepted outcome of the Trusted Draw™ system. This method of verification is foolproof because it audits the draw results themselves, not just the generation process.

What are security risks of computerized draws?

Current security approaches to computerized draws have drawbacks: physical security is difficult to maintain and is expensive, as are frequent process audits and code inspections. This is not sufficient in today's world. With enough access to a system, a skilled insider could circumvent virtually any current computerized draw process. For example the insider could exchange the valid software with malicious software to produce some specific winning combinations. An intelligent insider, with sufficient access, could do this so that current process audit or statistical analysis of the generated numbers would not detect fraud.

What is needed is a way to prove that the draw numbers themselves were properly generated, thus providing the ultimate protection against fraud. Trusted Draw™ solves this by its ability to detect any tampering with the drawing.

How does Trusted Draw™ work?

Trusted Draw™, like Trusted Play™, uses an innovative method of combining strong cryptographic techniques and digital signatures. Our patent-pending method assures that:

. There can be only one set of valid winning numbers at a given time
. Winning numbers can not be predicted ahead of time
. Winning numbers have any desired random distribution
. The winning number selection can be audited.

The ability to audit the data is the key element that proves the integrity of the system. There is no other product on the market that offers draw security nearly as strong.

Trusted Draw™ can be implemented to work with your existing system and can provide random results for all types of games. Trusted Draw™ system includes a random number server that communicates with your client application, a digital signature server and a verification device.

Trusted Draw™ works with LYNKS Privacy Card - a plug-in digital signature device by SPYRUS used by many government and private organizations.

The LYNKS Privacy card is a tamper evident device. It keeps its private key in non volatile memory not accessible externally and provides a public key for signature verification. This allows any client, with access to the public key, to audit the draw data.

S2S

1