Gambling Machine Regulation

Original Language Title: Glücksspielautomatenverordnung

Read the untranslated law here: https://www.global-regulation.com/law/austria/2997658/glcksspielautomatenverordnung.html

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
69. Regulation of the Minister of Finance on the technical characteristics of slot machines, their connection to a data processing center, as well as the capture and retention obligations (gambling machine Regulation)

According to the § 2 paragraph 3, 5 and 59 (3) of the Federal Act of 28 November 1989 to regulate the gambling industry (Gambling Act – GSpG), Federal Law Gazette No 620/1989, as last amended by Federal Law Gazette I no. 76/2011 as well as on the basis of § 131 of the federal tax code (BAO), Federal Law Gazette No. 194/1961, I no. 112/2011, is amended by the Federal Act Federal Law Gazette enacted:

Table of contents



1 part

General section







§ 1.





Scope of application







§ 2.





Personal names







§ 3.





Abbreviations and definitions







2 part

Technical regulations







1. General requirements for the electronic link main piece







§ 4.





General regulations







§ 5.





Time of the electronic connection







§ 6.





Data transfers







2. main piece construction and technical characteristics of slot machines







1. hardware requirements section







§ 7.





General technical requirements







§ 8.





Housing requirements







§ 9.





Requirements for modifiable storage media







§ 10.





Device identification







§ 11.





Electromechanical Totalizers







§ 12.





USB port







2. software requirements section







§ 13.





Game size and history







§ 14.





Game results analysis







§ 15.





Withdrawal and odds on the basis of a random number generator







§ 16.





Internal diagnostic system







3 section storage requirements







§ 17.





Program memory







§ 18.





Mutable memory (RAM)







§ 19.





Electronic meters (meters)







4. cut off ads at the slot machines







§ 20.





Display the last games







§ 21.





Display connection interruption







section 22.





Display of player protection-related information during the cooling phase







3. main units access to slot machines







section 23.





Communication with the central control system







§ 24.





Identification/verification







§ 25.





Service level for the connection to the central control system







4. main piece of minimum standards of electronic connection







1. section Netzwerktechnische conditions







section 26.





Network with coordinated IPv4 addresses according to RFC 1918







§ 27.





Cable connection to the central control system







2. section standards for data transfer







section 28.





Confidentiality, authenticity and integrity







section 29.





The data transfer protocol







5. main piece of technical advice on compliance with the gambling legislation







section 30.





Reports of types of







§ 31.





Testing companies







§ 32.





Content of the opinion of of types of







§ 33.





Display of types of







6 main piece measures in case of malfunction







§ 34.





Measures in case of malfunction of slot machines







section 35.





Measures in case of malfunction of a gambling machine type







3. part of recording and archiving requirements for gaming machines







section 36.





Record-keeping obligations







section 37.





Logbook







section 38.





Retention obligations







4 part final provisions







§ 39.





Date of application of regulation of gambling machine





 

 

1 part

General section

Scope of application

§ 1. The gambling machine regulation lays down the technical and construction characteristics of slot machines in the sense of § 5 GSpG, whose electronic access to the data processing centre of Federal Data Center GmbH, the records to be transmitted, the access of the authorities for regulatory and tax legal purposes on the individual gaming machines in the holder of the authorization, the kind of technical opinion on compliance with the gambling legislation, as well as recording and retention obligations.

Personal names

§ 2. All personal names used in this Regulation apply equally to persons of both male and female sex.

Abbreviations and definitions

§ 3. The meaning of this regulation is or are:

 





1.





API





Application programming interface (application programming interface in computer science)







2.





Connection node





Physical communications interface from the network of the holder of the authorization to the respective site of Federal Data Center GmbH







3.





Auditmeters





Special counters to the persistence of a current 24-hour valid image of all counters to the end of the day of a Matchday (according to "auditMeters class" of the G2S Protocol)







4.





User





A designated by the holder of the authorization and legitimate person who perceives a task in order to participate in the automated data transfer (E.g. administrator)







5.





Authorisation holder





Holder of a upright authorization to land draws with slot machines in the sense of § 5 GSpG







6.





Credit meter





Display on the gaming device to represent the available to the participants in the game available, usable amounts in credit or cash







7.





Diagnostic system





Gambling machine internal inspection system to monitor the proper functionality of the slot machines







8.





EGM





Electronic gaming machine (gaming machines)







9.





Software signing





Data related to electronic information, which can identify the signatory and signature manufacturer and check the integrity of the signed electronic information







10.





Gewinnausschüt tungsquote





Ratio of total WINS (total amount) and turnover (total usage amount) of a game program, represented in parts of one hundred (E.g. 95%)







11.





Gambling machine type





Describes the design of slot machines in the hard - and software components, their possible combinations and interaction







12.





Gambling vignette





Clear, shows a number identification for approved slot machines in the sense of § 5 GSpG







13.





Hardwareidentifi cation feature





Unchanging, stored in the memory of the system board of the gaming machines string that uniquely identifies the specific composition of the present hardware







14.





Hardware token with crypto processor





Hardware device, in which a cryptographic key copy protected stored is







15.





Hash function





Any picture that produces output of a typically smaller target set to input from a lot of the source, the so-called hash code (or hash)







16.





G2s Protocol





Game to system log







17.





GAT





Game authentication terminal







18.





GSA





Gaming Standards Association







19.





GSpG





Gambling law







20.





HTTP





Hypertext Transfer Protocol







21.





HTTPS





Hypertext Transfer Protocol Secure







22.





Meter





Counter; non-volatile variable for storing of gambling slot machine information (in particular events and accounting data)







23.





Multimedia player device






A self-contained unit where the game decision in several gambling machines linked by a common housing is based on a common result of the same random number generator







24.





PKCS #11





Specifies an API called Cryptoki for devices that contain cryptographic information or perform cryptographic functions as a cryptographic token interface standard







25.





Program memory





Storage of binary forms of execution of programs, routines and subroutines of the slot machines







26.





RAM





Random access memory (electronic component used as memory and to store operational data and electronic counter of the slot machines)







27.





Salt





Input parameter in conjunction with a hash function







28.





Reference programs





Run game programs (binaries) and all software components and utilities that are necessary for the creation of game programs from the source code (in particular make files, batch files, build outputs, map files, assembler, linker)







29.





SHA-256





Secure hash algorithm (encryption algorithm)







30.





Game event





Observable events of the game (E.g. triggered by any game features or any additional games), as well as the input of the player (E.g. in poker games selection of cards you want to keep after the first draw)







31.





Game result





Final result of the game







32.





Game mode





State of gaming machines, in which he is playable







33.





Game program





For a player distinct software application on a slot machines, for paid assignments odds offers







34.





SSL





Secure Socket Layer







35.





System hardware





Clearly identified by the hardware identification feature combination of all hardware components of gaming machines (E.g., System Board, electromechanical meters, devices for the handling of money movements and printer)







36.





System Board





Central hardware component of the gaming machines with all essential for the operation of the gaming machines components (in particular CPU, RAM); called also the motherboard or motherboard







37.





End of day





Which for all slot machines of a site of game day ends







38.





TLS





Transport layer security







39.





Total WINS





Total amount of the winning game amounts from all games, regardless of whether you were directly paid the winnings or credited the credit meter







40.





Turnover





Total of all credits game wagered, regardless, as the amount (especially coins, hardware tokens, banknotes, documents, vouchers, debiting the credit meter)







41.





Verification





Integrity check to determine whether the inserted in the slot machines and used components unchanged, complete and unscathed were examined in the advice of types of and shared components comply with







42.





Central control system





All systems of data data center of Federal Data Center GmbH according to § 2 para 3 GSpG





 

2 part

Technical regulations

1. main piece

General requirements for the electronic link

General regulations

4. (1) computer-assisted data transfer is compulsory functions that are provided the holder of the authorization and the Federal Data Center GmbH via the central control system users nominated by him, making.

(2) further mandatory to be respected Detailspezifikationen and organisational framework conditions are shown in the annex of this regulation.

Time of the electronic connection

5. (1) the time of mandatory electronic connectivity of all gambling machines is set for holders of valid permits for land draws with slot machines with 1.7.2013.

(2) for the testing of the central control system, the structure of the network pursuant to sections 26, 27 and the transfer of all existing gaming machines in the electronic link must be provided a period of six months before the date of the mandatory electronic connectivity. During this period is to allow for each gambling machine type intended to use the opportunity to test connectivity with regard to the functioning of the automated data transfer.

(3) permit holders that are added, is after the date of section 1 to provide opportunity for the test connection with regard to the functioning of the automated data transfer following the granting of the authorisation on the part of the Federal Data Center GmbH.

(4) the holder of the authorization obtained a permit holder identification with access data that is to be kept carefully and to protect against unauthorized access by the Federal Data Center GmbH. A data transfer conducted under a specific authorisation holder identification applies regardless of who actually carried out the data transfer or causes transfer of the person which issued this permit holder identification.

Data transfers

6. (1) data transfers on the data of the Federal Data Center GmbH Datacenter must be done exclusively in the form laid down in this regulation. They apply only as submitted, when they have arrived in the form appropriate for the full electronic processing of Federal Data Center GmbH.

(2) automated data transfers between gambling machine and central control system must have the point to point transport protocol in the by the Federal Minister for given finance version transport and Security specification be the GSA Point to point SOAP/HTTPS. The version given by the Federal Minister for Finance of the "GSA Point to Point SOAP/https transport and security specification" and the "G2S Message Protocol" is defined in the Appendix (detailed specification of 1).

(3) the Federal Data Center GmbH in an appropriate manner to confirm has data that were technically successfully committed. Confirmation and error handling must be done in accordance with G2S protocol standard.

(4) for the implementation of the abgaben - and gambling-legal supervisory measures in accordance with § 5 par. 7 Z 1 and Z are 5 GSpG by the Federal Minister for finance, State Governments, district administrative authorities, Federal Police Directorate and the public security service to process personal data in the central control system to the holder of the authorization (detailed specification of 7). While the Federal Minister of finance acts 2000 Z 5 DSG as privacy contracting authority and the Federal Data Center GmbH as a privacy service provider within the meaning of § 4.

2. main piece

Construction and technical characteristics of slot machines

1 section

Hardware requirements

General technical requirements

Section 7 (1) slot machines must



1. exhibit precautions against unauthorized access from the outside, 2 against data loss due to power failure and against caused by radio waves, electromagnetic and electrostatic effects 3 after power interruptions or other operational failures in the location be secured, to resume operation without loss of data and clearly a certified gambling machine type be assigned to 4.

(2) gaming machines must



1. no other functions have as those which are listed and described in the documents after para 3 to 6, 2.
enable not connect devices outside of the slot machines, that affect the functionality of the slot machines or the outcome can - excluding devices that are needed for the initial start-up or diagnostic purposes outside the game mode by persons authorized by the holder of the authorization allow 3 in game mode no influence by devices and systems outside of the slot machines on the decision on the outcome of the slot machines, no devices contain 4. , which through electronic transactions money can be inserted in the slot machines (E.g. ATM card), 5.
at the same time allow only a game in accordance with § 13 and 6 for the purpose of protection of the player have the possibility of installing a card reader.

(3) a technical manual in German language in the form of paper, consisting of a player-oriented and authority-oriented part to each slot machines.


(4) the player-oriented section of the technical manual must be attached to the housing outside easily accessible. This has in addition to the unique name of the gaming machines in accordance with (§ 10 para 1) a description of the functions of slot machines for the player to contain. The functional descriptions of the games must be easy to understand and graphically represented.

(5) the authority-oriented part of the technical manual has § per gambling machine type next to the name of the gambling machine type such as to contain a description of each feature of the slot machines and a schematic drawing of the slot machines, as well as a technical drawing of the content of the logic housing (in particular the location of USB interface in accordance with § 12) 32 para 2.

(6) If a change of gambling slot machine type (E.g. as part of a software or hardware updates), to describe the changes in the same form and document.

(7) several slot machines in the form of a multimedia player device be operated according to the legal provisions is to ensure for every individual gaming machines.

Housing requirements

§ 8 slot machines must be so designed that



1 only by the holder of the authorization authorized persons (E.g. through use of mechanical or electronic locking devices) have access to the inside of the appliance 2. all hardware and software components that are important for the execution of the programme and the operation of gaming machines, such as in particular the random number generation and storing the settings and data against unauthorized access, protected in a separate logic housing are housed within the gaming machines with separate lockable door , 3. all interfaces (plug-ins) of the electronic communications in separate logic package inside of the slot machines are installed and not accessible without opening the logic enclosure door, 4 all appliance doors via suitable sensors are monitored (logic case doors also with the power switched off) and when opening immediately a) a service interruption, b) preventing the adoption of money and c) an error raised and stored, be used back 5 immediately after an interruption in the State before the interruption and 6 it from connecting to the data the Federal Data Center Data Center GmbH, report the opening of one or more device doors immediately the central control system. The opening in appliance or off State, the messages must be transferred immediately after change to play mode.

Requirements for modifiable storage media

§ 9 slot machines need the data of electronic meters in Appendix (detailed specification 2) under § 16 par. 1 Z 3 information of the last 20 games, Z 4 information of the last 50 units and the data relevant to the continuation of the operation in the form of storing under article 16, paragraph 1, that these data for at least 30 days even with continuous power cuts remain stored.

Device identification

§ 10 (1) in every slot machines must be a readable manufacturers badge visible, which has at least the following information:



1. name of the manufacturer, 2. device serial number, 3. model and 4. manufacture date, (2) a gambling machine has as a fitting during the commissioning of special gambling Vignette to have unique identification that is clearly visible and easily readable from the outside.

Electromechanical Totalizers

§ 11 (1) in addition to the electronic meters indicated in article 19 a gambling machine has three at least 6-digit electromechanical counters to capture



1. of the total amount of the credits game wagered all played games in euro (turnover), 2 of the total amount of the gained amounts of game all played games in euro (total WINS), and 3. the total number of games played is of all the slot machines to the application have run game programs.

(2) the electromechanical Totalizers must correspond to the State of the art and be designed so that the counter can not be manipulated. After reaching the maximum meter indication, the counters have to start again at zero.

(3) the gambling machine may be not playable, if one of the electromechanical Totalizers is turned off or not connected to the electronics of the slot machines.

(4) if any necessary exchange of one or more electromechanical Totalizers, note: the meter readings of the to be exchanged and the new electromechanical Totalizers in the logbook of the slot machines.

USB port

§ 12 (1) slot machines have the logic inside an active USB interface connected to the system board fix (at least V2. 0) and have enough space for the installation of a hardware token with crypto processor with at least 3 cm wide, 2 cm height and 7 cm in length. The interface, which serves only the recording of the hardware token with crypto-processor, which is used for the authentication of the device, must be visible after opening the logic case and easily accessible.

(2) the hardware token with crypto processor itself a vignette of gambling must have and be secured by mounting a further gambling vignette with the dimensions of approx. 1 cm wide and 6 cm in length to pull off and remove. The number of these vignettes of gambling must match the number of gambling vignette according to § 10 para 2.

2. section

Software requirements

Game size and history

§ 13. A game at a gambling machine starts with the separate release of a game program the game participant to performance a bit and ends with the decision on the result of the game and its update in the electronic meters (meters). In the context of the game can be played on more than one payline and accompanying games, if this total does not exceed the statutory maximum permissible amounts of use and gain of a game.

Game results analysis

Section 14 (1) the decision of the outcome of the game must exclusively or predominantly chance depend and must be based on a random number generator. This must be mechanical, electromechanical, or electronically via mathematical algorithms. The reliability of the random number generator and the randomness of the generated number must be proved by recognized probability calculations and other recognised methods in the tests for the advice of types of. The initial seed (seed) a random number generator based on mathematical algorithms must be chosen randomly.

(2) all decisions on scores may be determined only from fixed targets on the basis of the input of the player. Each different control mechanism is prohibited. In particular, the decision of the outcome of a game may have no effect on future decisions about match results and be influenced not by previous match results.

(3) the game information provided may be misleading at any time.

Payout ratio

§ 15. The payout ratio per usage size using recognized probability is to calculate an infinite series of individual games. Are different chances of winning to the selection offered the game participant in a game program, so none of these chances of winning for themselves may alone considered, on the basis of an infinite series of individual games, exceed the specified payout ratio of the game program.

Internal diagnostic system

Section 16 (1) slot machines must have an internal diagnostic system, the independent



1 at system startup and periodically, at least however once every 24 hours, performs automatic self-test of the slot machines, 2. monitors the permanent connection with the central control system and data transmission, at least the last 3 20 games and within this the last 50 game events and results to the display at the slot machines (article 20), and 4 for each device, in the slot machines makes the money or game credits or pays off , stores the value and the loans for the last 50 units (E.g. banknotes, coins, tickets) to the display at the slot machines (article 20).

(2) the internal diagnostic system has to store detected malfunctions in the sense of paragraph 1 Nos. 1 and 2 and immediately trigger the further treatment within the meaning of § 34.

3. section

Storage requirements

Program memory

§ 17 (1) the program storage media of the software components that affect the gameplay, the operating system software gambling machines and the sound and graphics data must be such, that no change of program code is possible.

(2) an update or replacement of the software shall be possible only after opening the logic enclosure door of the unit and physical exchange of program storage medium.

Mutable memory (RAM)


§ 18 slot machines must have an internal inspection system for memory error detection for mutable memory (RAM). In the case of unexpected irregularity of the data indicated in particular under section 9 or data structures, to cancel the current game and prevent the start of another game and the adoption of money are.

Electronic meters (meters)

The slots must have section 19 (1) in addition to the electro-mechanical counters listed under § 11 at least the electronic meters in Appendix (detailed specification of 2). The meter readings are prompt to display the monitoring organs of the authorities at the slot machines in the game program name used for the game participant and from the date of connection to access the central control system.

(2) all electronic meter must be at least 10-stellig and allowed outside their intended functioning only at



1. the exchange of software, 2. maintenance after malfunction, which do not allow correct operation of the gaming machines without reset and 3 changes in settings of the slot machines, requiring a reset, be changed.

(3) if the lucky slot machine offers different game programs, he must also be equipped with additional meters, which collect the data according to the detail Specification 2 separately for each offered game program.

(4) the electronic counter must start again after reaching the maximum count at zero.

(5) from the connection to the data the Federal Data Center GmbH Datacenter, all electronic counter must be appropriately executed the G2S standard prescribed by the Federal Minister for Finance of gaming standard Association (according to the detail specification 1).

4 section

Display at the slot machines

Display the last games and units

§ 20 gaming machines must request the information stored in the internal diagnostic system of the last 20 games (§ 16 para 1 No. 3) and the last 50 accepted units (article 16, paragraph 1 Z 4) display in real time sequence on the slot machines.

Display connection interruption

Section 21 gaming machines must monitor the permanent connection with the central control system (article 16, paragraph 1 Z 2). If the connection is lost, a legible for the player, clear note on this issue at the slot machines is to display immediately for the duration of the connection interruption. The game operation can be continued. The provisions of articles 23, paragraph 3, and 25 are to be observed.

Display of player protection-related information

§ 22 (1) slot machines slot machine salons must not another game let upon reaching the maximum legally permitted length of the game a game participant after the expiry of the current game (cooling off period) and must pay off the current credit balance of the player. The cooling-off period must last at least 5 minutes. The recorded length of the game may then be reset to zero when no game was carried out for the duration of the statutory cooling-off period. Slot machines may show only player-protection-related information during the period of the cooling-off period. The entrance of the cooling-off period is to announce on the screen of the slot machines in a timely manner.

(2) gaming machines in single site may show only player-protection-related information when reaching the maximum length of the day game a player for a period of at least 5 minutes. Attainment of the maximum day game time for individual statements are to announce on the screen of the slot machines in a timely manner.

(3) the payout ratio mathematically determined for the respective game program and the selected usage size in accordance with § 15 unequivocally and clearly legible on the slot machines must be displayed the game participant. It must be visible to the players that it is not his current winning percentage in the next game.

3. main piece

Access to slot machines

Communication with the central control system

Section 23 (1) the slot machines need to using G2S Message Protocol in which the Minister for Finanzenvorgegebenen (detailed specification of 1) version of the gaming standards Association (GSA) about a G2S network can use a persistent connection to multiple systems (hosts). A link of which is to provide for the central control system.

(2) all slot machines to their local system time with the time of the global positioning system (GPS) or Central time server, which is provided by the Federal Data Center GmbH, synchronize.

(3) in the case of loss of connection is to ensure that Auditmeters is stored and that all the events planned for the central control system in the "eventHandler log" of the G2S Protocol are persisted. In the "eventHandler log" at least the last 500 events can be stored up to the successful delivery.

Identification and verification

24. (1) before of the first connection of a slot machines the ambiguity of the hardware token to the slot machines and the installation of the hardware token with crypto processor via the USB interface as described in § 12 must be made in the central control system.

(2) in order to ensure the integrity of the software used, is a signing of software used on each type of gambling machine. The software signature is to calculate for each request. A clear physical separation between program memory and data memory must be provided to ensure the reproducibility of the signature values. Software changes represent a change of the gambling machine type (§ 32) and require a rebuilding of the software signatures.

(3) the software signatures are by mathematical hash function secure hash algorithm (SHA-256). The SHA-256 procedure is applied each software component in the slot machines. To sign the entire memory of the program memory. The seed (salt) for the hash function has a length of 16 bytes.

(4) in order to ensure a clear identification of the system hardware (combination of all hardware components), is to ensure that a hardware identification (256 bits, represented as a hexadecimal value with 64 characters) invariably is stored in RAM. Change the hardware of the system, a new hardware ID feature is required.

(5) from commissioning all slot machines must after switching to a special mode to the local query of the software signature values (para. 2) provide the necessary input option of the start value and calculate the software signature values of the components and the type identification (§ 33) and display. Moreover, the hardware identification (para. 4) and all other necessary for the verification of information for system software, system hardware and game programs on the screen of the gaming machines must appear.

(6) from the date of connection to the central control system, all gambling machines on request of the central control system software signature values (para. 2) and the hardware identification (para. 4), and all other for verification must submit information needed for system software, system hardware and game programs on the central control system. Matching with the information stored in the central control system type displaying is to enable. The aforementioned information must be deployed accordingly the G2S standard prescribed by the Minister of Finance (detailed specification of 1). The request is made by means of the "getComponentList" and "doVerification" of the G2S protocol commands.

Service level for the connection to the central control system

§ 25. On the part of the holder of the authorization to deploy network connectivity between the individual slots and the connection node of Federal Data Center GmbH has to meet the following requirements:



1. availability: a) maximum duration of interruption in the area of responsibility of the holder of the authorization per calendar month and gambling machine: 7 hours b) maximum single break time in the area of responsibility of the holder of the authorization per calendar month and gambling machine: 4 hours c) the network connection and that the data transmission between the network of the holder of the authorization and the connection node of Federal Data Center GmbH is interrupted, this interruption time is considered disruption to any individual slots of the holder of the authorization.

(d) the allowable break times refer to the individual slot machines. Is the maximum duration of interruption at a slot machine is not reached, the remaining period may be beaten to maximum other gaming machines of duration of interruption of not the.

(e) planned maintenance on the part of the holder of the authorization are allowed and are at least 10 working days before the start of the Federal Data Center GmbH, stating the time to display the duration and type of maintenance activity. The break not as an interruption within the meaning of the availability is assessed only after timely notification. A game mode is not allowed during the maintenance-related interruption.

f)

Maintenance work by the Federal Data Center GmbH are allowed and not be considered an interruption within the meaning of the availability. This maintenance are indicated by the Federal Data Center GmbH, stating the date, time and type of maintenance activity at least 10 working days before the start. Game operation is allowed during this maintenance-related suspension.

2. performance / response time: a) when transferring data between the slot machines and the connection node of Federal Data Center GmbH must ensure on the part of the holder of the authorization, that the maximum delivery time does not exceed 7 seconds. Measurement criterion, single game data is to be used. The start of measurement must be carried out as of the date of termination of the game on the slot machines and end with the full receipt of the defined data to a single game at the connection node of Federal Data Center GmbH.

(b) it must be ensured that the performance requirements while individual game data transmission by at least 20% of a site, by at least 3 slot machines, gaming machines are respected.

(c) the review of performance behaviour has to be carried out for the first time to the date of commissioning of the network connection between the Federal Data Center GmbH and the holder of the authorization, and then periodically during normal operation.

4. main piece

Minimum standards of electronic connection

1 section

Network technical conditions

Network with coordinated IPv4 addresses according to RFC 1918

26. (1) as the basis for bi-directional communication between the central control system, which is fail-proof established by the Federal Data Center GmbH in their data centers, and the slot machines, which are switched on in the private network of the respective holder of the authorization, an Ethernet (IEEE 802.3) based IPv4 network (RFC 791) provided. The holder of the authorization must such a network to network his slot machines at their own expense - if not available - establish, adjust the requirements of the Gambling Act and operate trouble-free. The permit holder is responsible for the operation of its network - the transfer point is a defined network access to system areas of the Federal Data Center GmbH. The network must meet the requirements laid down in article 25. Consequences that result from a failure of this network go exclusively at the expense of the holder of the authorization.

(2) the Federal Data Center GmbH is 1918 to provide a corresponding to the number of its operated slot machines, reasonable number (including a reserve about the extension) of private IPv4 addresses according to RFC the holder of the authorization to the mandatory use of available. Every gambling machine is with its private IP address provided by the Federal Data Center GmbH according to RFC 1918 required the network to connect to and has to allow a two-way communication path between the individual slot machines and the central control system. All necessary conversion work (mandatory use of IPv4 addresses specified by the Federal Data Center GmbH, network settings, etc.) in the network of the holder of the authorization shall be borne by the holder of the authorization and are carried out on schedule before connection.

(3) as an alternative to the use of IPv4 addresses allocated by the Federal Data Center GmbH can be communicated official IPv4 addresses with the central control system, whereby the holder of the authorization for the deployment of its IP addresses, which are necessary for the communication of his slot machines with the central control system, is responsible. The Federal Data Center GmbH has the corresponding official IP addresses for the central control system to provide. All other requirements remain unchanged. The Federal Minister of finance may order a conversion to IPv6 addresses in uptake of IPv6 in the GSA protocol standards within a reasonable period of transition.

(4) any holder of the authorization must provide for the protection of its private network to attacks from outside as well as to other permit holders to a sufficient extent. The Federal Data Center GmbH has the appropriate security measures for the central control system to provide.

Cable connection to the central control system

27. (1) the Federal Data Center GmbH has to provide two power nodes in two different locations, where each permit holder maximum a primary connection is possible. The establishment and the operation of the redundant connection is carried out under the same requirements as the primary connection. The holder of the authorization is to build each a corresponding data line between his private network and these two power nodes of the data processing centre of Federal Data Center GmbH at its own expense and to operate. The choice of the provider concerned as well as the type of connection (ADSL, etc.) are the responsibility of the holder of the authorization and are not regulated by the Federal Ministry of finance.

(2) the central control system is to operate through the Federal Data Center GmbH. The holder of the authorization is the required rack space in the system of Federal Data Center GmbH to accommodate its transmission equipment (E.g. network components) (including the power supply [~ 230V] two different circuits and air conditioned) to leave. The permit holder is not entitled to own 19 ' network closet and may also not be supplied. The network cabinets are to provide through the Federal Data Center GmbH and remain their property.

(3) in a case concerning the holder of the authorization network, only the holder of the authorization is competent and responsible for the troubleshooting. Access to the facilities in its responsibilities and in the Federal Data Center GmbH is after signing a non-disclosure agreement (NDA, detail specification 4) to enable the holder of the authorization. The initial installation as well as all other activities that require the use of a subdivision in the system of Federal Data Center GmbH, are to vote with this terminology. Access to system areas of the Federal Data Center GmbH is accompanied by access-authorized employees of Federal Data Center GmbH to enable the staff of the holder of the authorization. As a transfer point for coupling to the central control system RJ45 is (100 Base TX) or even RJ45 (1000 BaseT) the holder of the authorization by the Federal Data Center GmbH per connection according to the required bandwidth even included a given coupling network with 16 x IPv4 addresses (netmask = 255.255.255.240) to provide. This transfer point represents the strict separation between the individual networks and defined the limits of the powers at the same time.

(4) the holder of the authorization must ensure the necessary for transfer of the gambling network adapter of its slot machines against tampering in the way that neither a UN-still an intended pull off the network cabling without force (E.g. by mechanical protection), nor a repurposing (E.g. plugging the other end unit) this cabling by third parties (E.g. by port security MAC-address based) can take place. The holder of the authorization shall be liable for damage occurring through such manipulation in the central control system or other permit holders. The holder of the authorization is required to make an attack (E.g. denial of service (DoS) - attacks) all necessary precautions for its part of the network on the Agency Network and the networks of the other holder of authorization prevent. In addition, the holder of the authorization arrangements has that any kind of malicious software (malware) - eg, viruses, Trojan horses - in his private network cannot be introduced or spread in this. For damages resulting from such attacks, causing holder of the authorization to the German GmbH and the other permit holders shall be liable, unless the relevant influence and control are not only at the Federal Data Center GmbH.

2. section

Standards for data transfer

Confidentiality, authenticity and integrity

section 28. To ensure confidentiality, authenticity and integrity, data is encrypted to provide. For the use of encryption and cryptographic signature have to meet the following requirements:



1. each gambling slot machine has at least a cryptographic asymmetric key pair (E.g. RSA 2048 bits, etc.) to have. This gets the lucky slot machine on a hardware token with crypto processor that is connected via the USB interface as described in § 12.

2.

Data transmitted from the slots on the Federal Data Center GmbH are cryptographic keys that are derived from the above mentioned keys to encrypt from the slot machines. Setting up the connection (HTTP) between the gambling machine and the central control system (in both directions), according to the SSL/TLS Protocol agreed this derived cryptographic key between the slot machines and the central control system and so all subsequent data packets encrypted using SSL/TLS (HTTPS).

3. the lucky slot machine has become with the private key of the key pair by creating a digital signature safe Federal Data Center GmbH to authenticate. This has to be done in establishing the connection between the slot machines and the central control system (in both directions) at the level of the communication channel according to the SSL/TLS protocol.

4. the possible versions of SSL and TLS are in the version given by the Federal Minister for finance "GSA Point to Point SOAP/https transport and security specification" defined (detailed specification of 1).

5. the lucky slot machine has to access the cryptographic keys and certificates to the hardware tokens via PKCS #11.

6. the permit holder has to take care, that the hardware tokens is supported by the hardware and software of the gaming machines.

The data transfer protocol

Section 29 (1) all required for the operation of slot machines devices (E.g. devices for the handling of money movements and printer) have fully to support the corresponding classes of the G2S Protocol in the gambling machine.

(2) the classes of the G2S standard protocol defined in the following table are fully to implement and support. These classes are in particular for the delivery of



1 special events of the slot machines (cabinet and eventHandler class), 2 single game data according to requirements by the central control system (gameplay class), counter according to requirements by the central control system (meter class and auditMeters class), and 4. 3 (gat class) used control information about the slot machines. The classes to be implemented can be extended by the Federal Minister of finance E.g. for reasons of player protection or altered. The implementation of additional G2S classes on the part of the holder of the authorization is permitted, provided their functionality does not violate legal regulations (E.g. download class).

 







G2s classes









Description









communication class





Monitor & control communication between EGM and host system







class Cabinet





physical housing & security of EGM; enable, disable, lock from gameplay







eventHandler class





manages event subscriptions for EGM







meter class





meter information to collect from EGM







gamePlay class





game availability on EGM







GAT class





authentication required by regulators







auditMeters class





identify support for audit meter subscription and which host can set it





 

(3) the permit holder has been known in the central control system of the data data center of Federal Data Center GmbH for each site to give the end of the day of a Matchday. This end of day applies to all slot machines of a site.

(4) for the storage and the message of the meter readings to the end of the day at the central control system are to provide "Auditmeters" in the slot machines.

(5) for every gambling machine, save the current status of all counters (System, detail Specification 2) to the end of the day of a game day in the "Auditmeters" of the slot machines persist for at least 24 hours.

(6) the holder of the permit has to ensure that these "Auditmeters" by the central control system of Federal Data Center GmbH are can be read at any time.

5. main piece

Technical opinions on gambling-legal compliance

Reports of types of

section 30. The holder of the authorization is to ensure that a technical opinion on compliance with the gambling regulations by the appropriate and authorized inspection company (opinion of types of) exists for each employed type of gambling machine before commissioning.

Testing companies

§ 31. Each testing companies must meet each of the following requirements at the time of the exhibition of the opinion of of types of:



1. in the EU / EEA or Switzerland accredited as a testing and calibration laboratory for the range of gambling machines 2. each auditor of the audit firm entrusted with the preparation of the opinion of of types of has a degree of study electrical engineering, Mechatronics or engineering or an equivalent training or has no economic dependency to the manufacturer of the approved slot machines or the holder of the authorization at least five-year experience in the creation of technical expertise in the field of gambling machine technology 3..

The requirements of Z 1 to 3 are to be confirmed by the inspection company according to the system (detailed specification of 3) and to demonstrate prompt.

Content of the opinion of of types of

The following components and all combinations of these components to be used are § 32. (1) for the types of reports to be drawn up in the framework of the audit of of types of to verify:



1. the hardware and software components of the slot machines, and 2. the game software of all individual game programs and all software components relevant to the game.

(2) the opinion of types of has in addition to the unique name of the gambling machine type and all gambling legal compliance to confirm to include reports for each component, as well as an audit report for each combination of these components intended for use. For all hardware and software components of a gambling machine type, the test reports must include all information required for a subsequent verification. The reports of types of and the reports have the templates of the system (Detailspezifikationen 5 and 6) to match.

(3) for the used component combination is to calculate a type identification and to identify the opinion of types of. The type identification is from the signature values of all software components with a to be the opinion of types of starting value (section 24 para 2 and 3) and the hardware (section 24 para 4) identification by the XOR operation (mathematical "exclusive or") to determine. The type identification feature is to specify in the representation of the hardware identification characteristic.

(4) changes to hardware or software components of slot machines (para 1) are made for which there is no type of opinion, a new type of report is required.

Display of types of

§ 33 (1) with the display of types of explains the completeness of audit evidence of all under § 32 custom components for each type of gambling slot machine by the holder of the authorization and the types of opinion including the test reports, as well as the confirmation referred to in article 31 in the central control system of the data processing centre of Federal Data Center GmbH transferred.

(2) with the display of types of are to provide the Minister of finance for each gambling slot machine type reference programs of the game programs and the system software on a change-safe device (E.g. DVD) in a sealed and labeled envelope.

(3) the Federal Minister for finance may at any time order a technical review of conformity of reference programs provided must be demonstrated with the software installed at the slot machines. The holder of the authorization to retain the source code and the infrastructure for the duration of the deployment of tested software in a slot machines and at least three years after that, to make the creation of reference programs from the source code comprehensible and verifiable.

6 main piece

Measures in case of malfunction

Measures in case of malfunction of slot machines

34. (1) provides a malfunction to the diagnostic system of slot machines (section 16), to have an effect



1. the transfer of data to the central control system in the field of gambling machines, 2. gameplay, the counters or internal data storage, or 3. the functioning of the diagnostic system itself has are so immediately to stop adopting money this slot machines and to allow no further play. The kind and the Elimination of the malfunction must be documented in the logbook (§ 37).

(2) from the connection, all failure detected by the diagnostic system of the central control system according to the specifications of the G2S Protocol must be reported.

Measures in case of malfunction of a gambling machine type


section 35. All slot machines of this type are slot machines or their components malfunction detected, that prevent legally-compliant operation of gambling slot machine type, immediately after the announcement of the malfunctions out of operation to take. After the malfunction has been rectified, the holder of the authorization must make an examination in accordance with § 32 and perform a new display of types of.

3 part

Recording and archiving requirements for gaming machines

Record-keeping obligations

Section 36 (1) the holder of the authorization is to record the individual games of slot machines in the sense of article 13 as business transactions, as well as all up and withdrawals from in-game credits Abgabepflichtiger. Per gambling machine (section 10), following amounts are assigned to record completely, correctly and immediately, stating the respective time (date, time) the timetable set for:



1 usage per game, 2. profit or loss per game, 3. extending a game credit and 4. debit or payment a credit amount.

(2) the recording obligations of paragraph 1 can be accommodated by logging the individual movements of the corresponding accounting counter of system (detailed specification of 2).

(3) events outside of the slot machines, which are tax law of importance, such as withdrawal of money, bare payouts, settlements with paying people, are to record and store the documents.

Logbook

section 37. For every slot machines a log in paper form is at his site to put on, to grant that access is monitoring organs of the authorities on request. Are recorded in the logbook



1. the type identification, commissioning, decommissioning, each opening of the logic housing door and all business interruptions due to malfunction of the gaming machines with respective State of electromechanical Totalizers, date and time of the suspension period as well as a justification to document device serial number and model name, and 2. Each entry in the log book also must include the name and signature of the person responsible on the part of the holder of the authorization. A business interruption due to the change of the gambling machine type, is to capture the new type identification in the logbook.

Retention obligations

38. (1) the records referred to in section 36 should be Deletable nor changeable subsequently. They are to be kept for a period of seven years and to submit at the request of the tax authority. Data carriers can be used for the purpose of recording.

(2) the total storage of all relevant data in the slot machines is provided, an immutable storage on an external disk or in a computer system of the holder of the authorization shall be made.

(3) has the raked to provide those tools which are necessary to make the documents read, at his own cost maximum 3 days and, if necessary, without to teach tools, permanent reproductions. Permanent representations are in the form of disks or as "export or print files" available.

4 part

Final provisions

Date of application of regulation of gambling machine

39. (1) this regulation at the end of the day of the announcement in the Federal Law Gazette enter into force. Its rules and obligations are to comply with the respective gambling machine.

(2) by way of derogation from paragraph 1 the provisions shall enter the



1. § 5 ABS. 4, 6, 8 Z 5, 12, 16 para 1 Z 2, 19 para of 5, 21, 23, 24 paragraph of 1, 24 paragraph 6, 25-33, 34 para 1 Z 1 and 34 para 2 and 2. paragraphs 7 to 9 and 11 to 35 for land grants issued before the date of application of this regulation within the meaning of § 5 GSpG only with 1.7.2013 into force.

Fekter