Commercial-In-Confidence. NMi Metrology & Gaming Ltd Parc Menai Bangor Gwynedd LL57 4EZ United Kingdom Tel: +44 (0)

Similar documents
Commercial-In-Confidence. NMi Metrology & Gaming Ltd Parc Menai Bangor Gwynedd LL57 4EZ United Kingdom Tel: +44 (0)

Issuing Laboratory: Evaluating Laboratory: Jurisdiction: Submitting Party: Product Tested: File Number:

INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD

General Accreditation Criteria Equipment assurance, in-house calibration and equipment verification

CMI Guidance Document

INTERNATIONAL STANDARD

INTERNATIONAL STANDARD

ISO/TS TECHNICAL SPECIFICATION

EMVCo Type Approval. Terminal ESD Evaluation Administrative Process. Version 2.3. July 2014

ISO/TS TECHNICAL SPECIFICATION. Medical laboratories Reduction of error through risk management and continual improvement

ISO/TS TECHNICAL SPECIFICATION. Financial services UNIversal Financial Industry message scheme Part 3: ISO modelling guidelines

Optimization of infill drilling locations

ISO/IEC INTERNATIONAL STANDARD. Software engineering COSMIC: a functional size measurement method

TANZANIA BUREAU OF STANDARDS Pre-Export Verification of Conformity to Standards

This is a preview - click here to buy the full publication TECHNICAL REPORT

In the matter of Gambling (Gambling Harm Reduction) Amendment Bill

IBM Maximo Asset Health Insights Version 7 Release 6. Installation Guide IBM

ISO INTERNATIONAL STANDARD

should include the allocation of responsibilities and not appoint or instruct an independent surveyor to

Specification for Quality Programs for the Petroleum, Petrochemical and Natural Gas Industry

ISO INTERNATIONAL STANDARD. Welding coordination Tasks and responsibilities. Coordination en soudage Tâches et responsabilités

ISO/IEC INTERNATIONAL STANDARD. Systems and software engineering Measurement process. Ingénierie des systèmes et du logiciel Processus de mesure

Quinel M. MDI rev.3 Report ID: J _R001_RNG_3.5.0_rev. 1 Page1 of 14

ISO INTERNATIONAL STANDARD. Specification for security management systems for the supply chain

Guidance on the Application. of ISO / IEC Accreditation International Association for Certifying Bodies

QUALITY MANUAL 1.0 INTRODUCTION POLICY AND OBJECTIVES DEFINITIONS SCOPE QUALITY SYSTEM... 3

ISO INTERNATIONAL STANDARD. Small craft Deck safety harness and safety line Safety requirements and test methods

Terms and conditions for laboratories appointed to undertake the testing of compost under the Compost Certification Scheme aligned to PAS 100 and the

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. This is a free 6 page sample. Access the full version online.

SADCAS POLICY ISO/IEC 17020:2012 TRANSITION

ISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes

TABLE OF CONTENTS ABBREVIATIONS 1.0 DEFINITIONS PURPOSE AND SCOPE GUIDELINES FOR PRACTICE REFERENCES AND RELATED DOCUMENTS 12

PRODUCT DESCRIPTIONS AND METRICS

TURBINE FAILURE LITERATURE REVIEW AND THE WIND TURBINE CERTIFICATION PROCESS

Odoo Enterprise Subscription Agreement

ISO/IEC INTERNATIONAL STANDARD

Supplier Quality Manual

INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD

Percival Aviation Limited 15 Barnes Wallis Road, Segensworth, Hampshire, PO15 5TT, UK Tel: + 44 (0)

Process validation in medical devices

Process validation in medical devices

Systems and software engineering Life cycle management. Part 5: Software development planning

PRODUCT CERTIFICATION REQUIREMENTS

IBM TRIRIGA Version 10 Release 5. Facility Assessment User Guide IBM

ISO/IEC/ IEEE INTERNATIONAL STANDARD. Systems and software engineering Life cycle processes Project management

Standard Practices for Measurement Traceability in Forensic Toxicology

ISO INTERNATIONAL STANDARD. Space systems Programme management Non-conformance control system

ISO/IEC INTERNATIONAL STANDARD. Conformity assessment General requirements for accreditation bodies accrediting conformity assessment bodies

Electromagnetic Compatibility Test Report. For. Calorique Ltd.

ISO/TS TECHNICAL SPECIFICATION

ISO INTERNATIONAL STANDARD. Enterprise integration Framework for enterprise modelling. Entreprise intégrée Cadre de modélisation d'entreprise

ILAC P10 TRACEABILITY

ISO INTERNATIONAL STANDARD. Quality requirements for fusion welding of metallic materials Part 3: Standard quality requirements

Equipment In-house Calibration Requirements and use of Non-Accredited Calibration Service Providers

Addressing Predictive Maintenance with SAP Predictive Analytics

ADVERTISING TERMS AND CONDITIONS

ISO INTERNATIONAL STANDARD

ISO INTERNATIONAL STANDARD. Small craft Inflatable liferafts Part 2: Type II. Petits navires Radeaux de survie gonflables Partie 2: Type II

Best practices. Deploying Your Service Package. IBM Platform Symphony

ISO INTERNATIONAL STANDARD

Form Fit & Function Engineering, LLC 350 Seminole Drive Spartanburg, SC Supplementary Quality Assurance Clauses

[Type text] BACKGROUND:

Thorough examination and testing of lifts

Supplier Quality Manual

INTERNATIONAL STANDARD

ISO/IEC TR Software engineering Product quality Part 3: Internal metrics. Génie du logiciel Qualité des produits Partie 3: Métrologie interne

Quality management Guidelines for quality plans

ISO INTERNATIONAL STANDARD

ISO9001:2008 SYSTEM KARAN ADVISER & INFORMATION CENTER QUALITY MANAGEMENT SYSTEM SYSTEM KARAN ADVISER & INFORMATION CENTER

RGS EVALUATION TESTING REPORT. Jaguar Temple HTML5 (Desktop & Mobile) Client Revision: Engine Version: RNG Version: 3.5.

A guide to Health and Safety for Lone Workers

INVITATION TO TENDER for Consulting Services

Guidelines for the assessment of the appropriateness of small interlaboratory comparisons within the process of laboratory accreditation

ISO 185 INTERNATIONAL STANDARD. Grey cast irons Classification. Fontes à graphite lamellaire Classification. Second edition

ISO/TS TECHNICAL SPECIFICATION

ISO INTERNATIONAL STANDARD. Quality requirements for fusion welding of metallic materials Part 2: Comprehensive quality requirements

ISO INTERNATIONAL STANDARD

Specification for Quality Programs for the Petroleum, Petrochemical and Natural Gas Industry

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management Measurement

Standards for Investment Reporting

ISO/IEC INTERNATIONAL STANDARD. Conformity assessment General requirements for proficiency testing

ISO/IEC INTERNATIONAL STANDARD. Conformity assessment General requirements for third-party marks of conformity

Guidelines for the monitoring and reporting of the operation of quality systems by RMOs

Best practices. Troubleshooting your own application. IBM Platform Symphony

Guidelines for auditing management systems

IBM TRIRIGA Version 10 Release 5.2. Document Management User Guide IBM

IBM Kenexa Lead Manager. IBM Kenexa Lead Manager Release Notes. January 2017 IBM

Intel NUC Change the Game Sweepstakes Official Rules

AEROSPACE STANDARD. Quality Systems - Aerospace - Model for Quality Assurance in Design, Development, Production, Installation and Servicing

A2LA. P113a Policy on Reference Material Traceability for Life Sciences Testing Laboratories

This document is a preview generated by EVS

KENYA BUREAU OF STANDARDS Pre-Export Verification of Conformity to Standards

Making the Confidence Connection: Conformity Assessment System Design

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide

Terms and conditions for laboratories appointed to undertake the testing of compost under the Compost Certification Scheme aligned to PAS 100 and the

Section 7. Update on the implementation of recommendations from: Keeping the Decks Clean: Managing Gaming Integrity Risks in Casinos July 2005

Systems and software engineering Measurement process

1025 E. King Street Revision: C Winona, MN PURCHASE ORDER TERMS AND CONDITIONS

Transcription:

Gambling Commission approved Test House Accredited to ISO/IEC 17025:2005 NMi Metrology & Gaming Ltd Parc Menai Bangor Gwynedd LL57 4EZ United Kingdom Tel: +44 (0)1248 660550 http://www.nmi.uk.com 4403 Report to NEKTAN NEKTAN RNG Report Reference ID Jurisdiction Issue Date NMI/128/015/UK/RTS/01 United Kingdom 29/04/2015 Executive Summary This report summarises the testing of NEKTAN's 'SecureRandom' Random Number Generator (RNG). The software RNG (identified as v1.10) is currently deployed into the following platform baseline: Platform Supplier: NEKTAN Platform Version: 5.25 The scope of the testing was the RNG algorithm only. NEKTAN provided source code and a test harness for empirical testing. The containing platform was not supplied. Our assessment methods included statistical analysis of the RNG outputs and source code review. The RNG has been assessed for compliance with section 7A of the Remote gambling and software technical standards (August 2009, updated October 2014) and our methodology complies with Level 1 as defined in the Testing strategy for compliance with remote gambling and software technical standards (first published August 2009, updated October 2014). In order to assess the suitability of the RNG for the purpose of supplying data to games, data for the following representative ranges were drawn: 0-36 (for Roulette games) 0-51 (for single card deck outcomes) 0-127 (for slot game outcomes) The RNG outputs were determined to be acceptably random, unpredictable (even with full knowledge of the system) and not reproducible. No issues are raised in respect of the applicable requirements assessed. Aled Hughes Laboratory Manager Disclaimer This report and any accompanying documents are provided as is with no warranties. All systems may contain defects and nothing in this document is intended to represent or warrant that any items assessed are complete and free from errors. The operator remains solely responsible for the design, functionality and provision of their product(s) and service(s), including any liability arising from legal infringement, technical non-compliance or product warranty. This document remains the property of NMi Metrology & Gaming Ltd and, apart from supply to the intended regulator, is not to be copied, shared or distributed in any way without the express consent of NMi Metrology & Gaming Ltd. Page 1 of 9

Table of Contents Introduction... 3 Scope of ISO/IEC 17025:2005...3 Caveats...3 Quality Control...3 References... 3 Test Item Details...4 Critical Components...4 Testing Overview... 5 Customer Contacts...5 Dates... 5 Locations... 5 Applicable Standards... 5 Methods... 5 RNG Analysis...6 Source code & dependencies... 6 Empirical testing results...6 Appendix A: Requirements Met... 8 Appendix B: Requirements Not Applicable... 9 NMi Metrology & Gaming Ltd Page 2 of 9 29/04/2015

Introduction NMi Metrology & Gaming Ltd (NMi UK) is fully approved by the UK Gambling Commission and accredited to ISO/IEC 17025:2005 (by the United Kingdom Accreditation Service, UKAS) to undertake compliance testing of all categories of modern gaming systems and related equipment at their own and their customer's premises. NMi UK's ISO 17025 accreditation schedule is downloadable from the UKAS website. The Gambling Commission's list of approved Test Houses is published on their website. Scope of ISO/IEC 17025:2005 NMi UK's ISO/IEC 17025:2005 accreditation includes the testing of terrestrial and remote gaming systems for compliance with the Gambling Commission's applicable Technical Standards and the Gaming Machine (Circumstances of Use) Regulations 2007 (Statutory Instrument No. 2319) of the Gaming Act (commonly known as the Section 240 regulations). All assessments in the following sections of this report are provided under ISO/IEC 17025:2005 except (as in the case of interpretations, opinions and suggestions) where otherwise stated. Caveats The results presented in this document are a summary of the testing work undertaken, and this report is subject to a number of caveats, including: All items provided for inspection and/or testing are declared by the customer to be configured identically to those in commercial use, with the exception of operator-configurable aspects that will not have a bearing on game fairness or player returns. Game software and/or source code provided for simulation, empirical testing, analysis and/or review is declared by the customer to behave identically to the software and/or code in commercial use. The decisions taken by the supplied simulator(s) are declared by the customer to be accurate emulations of those that would be expected to be taken by real players. All efforts have been taken to ensure that the testing undertaken has been as exhaustive as necessary to demonstrate compliance or non-compliance. NMi UK takes on trust that all submissions (including all hardware, software and documentation) and all communications are accurate, truthful, and that there is no intention to deceive or subvert the assessment of compliance. Quality Control The monitoring of this testing project was the responsibility of the management of NMi UK and every effort has been made to ensure the accuracy of the information contained in this report. If errors or omissions are discovered, please contact us with details as soon as possible. NMi UK reserves the right to revise and reissue this report if additional information is presented or discovered. References 1. Our accreditation schedule is available via the 'View Full Schedule (PDF)' links on the following web pages: http://www.ukas.org/testing/lab_detail.asp?lab_id=2749 and http://www.ukas.org/testing/lab_detail.asp? lab_id=2750 2. The list of Gambling Commission approved Test Houses is available via the 'Test Houses approved' link on the following web page: http://www.gamblingcommission.gov.uk/shared_content_areas/test_houses.aspx NMi Metrology & Gaming Ltd Page 3 of 9 29/04/2015

Test Item Details Critical Components SHA-1 checksum 2217639a347a5d72004a732abd093bff3a0f944e File name RNGDistribution.class NMi Metrology & Gaming Ltd Page 4 of 9 29/04/2015

Testing Overview Customer Contacts The customer liaisons were Jane Ryan, James Bloom and Matthew Mitchell. Dates Testing was undertaken during the following periods: 22/04/2015-28/04/2015 Locations Testing was undertaken at the following locations: NMi UK, 1-3 Llys Helyg, Parc Menai, Bangor LL57 4EZ, UK. NMi, 530-4445 Lougheed Highway, Burnaby, British Columbia, V5C 0E4, Canada Applicable Standards Conformance with the following standards has been assessed, under the terms of NMi UK's ISO/IEC 17025:2005 accreditation: Document Remote Gambling and Software Technical Standards (August 2009, Updated October 2014) Abbreviation Used UK_RTS Methods Our assessment methods included statistical analysis of the RNG outputs and source code review. NMi Metrology & Gaming Ltd Page 5 of 9 29/04/2015

RNG Analysis Source code & dependencies The RNG submission consisted of a virtual machine (VM) and a single Java file containing an implementation of Java's SecureRandom class (java.security.securerandom), running under Java 1.8.0_11 (JDK 8). SecureRandom is generally-accepted to be cryptographically-secure provided (a) it is configured correctly, and (b) sufficient system entropy is available for its operation. In this implementation it opens channels to /dev/ random/ and /dev/urandom; the former blocks if insufficient system entropy is available, the latter does not. Under normal operating conditions in which sufficient system entropy is available, the outputs will be unpredictable without complete knowledge of the algorithm, its implementation, and the underlying system state. Empirical testing results Degrees of freedom The following samples were generated: 3 sets of 3 million raw number between 0 and 2^32-1 (inclusive) 1 set of 60 million raw number between 0 and 2^32-1 (inclusive) 1 set of 60 million integers between 0 and 36 (inclusive) 1 set of 60 million integers between 0 and 51 (inclusive) 1 set of 60 million integers between 0 and 127 (inclusive) Tests under high load, with insufficient system entropy Under high load, with limited system entropy available, failure patterns were detected. Tests under high load, with sufficient system entropy Under high load, with sufficient system entropy available, no failures were detected. The results can be summarised as follows: Analysis of 3 sets of 3 million unscaled 32-bit raw numbers The numbers passed the Diehard Battery of tests, confirming that the software RNG is functioning correctly from a bitwise randomness perspective. Analysis of 1 set of 60 million unscaled 32-bit raw number The numbers passed the NIST Battery of tests, confirming that the software RNG is functioning correctly from a bitwise randomness perspective. Analysis of 60 million scaled integers between 0 and 36 (inclusive) The frequency of occurrences of the possible outcomes was as expected for a random distribution. The outcomes covered the full range of possibilities. No pairwise correlations were observed outside of the expectations for a random sample. No regular patterns or groupings were observed. The gaps between repetitions of outcomes were observed to be random. Analysis of 60 million scaled integers between 0 and 51 (inclusive) The frequency of occurrences of the possible outcomes was as expected for a random distribution. The outcomes covered the full range of possibilities. No pairwise correlations were observed outside of the expectations for a random sample. No regular patterns or groupings were observed. The gaps between repetitions of outcomes were observed to be random. Analysis of 60 million scaled integers between 0 and 127 (inclusive) The frequency of occurrences of the possible outcomes was as expected for a random distribution. The outcomes covered the full range of possibilities. No pairwise correlations were observed outside of the expectations for a NMi Metrology & Gaming Ltd Page 6 of 9 29/04/2015

random sample. No regular patterns or groupings were observed. The gaps between repetitions of outcomes were observed to be random. Conclusions Under high load, with limited system entropy available, failure patterns were detected, and therefore we recommend that the entropy of the containing system be monitored as a preventative measure. Under normal operating conditions in which sufficient system entropy was available, the RNG outputs were determined to be acceptably random, unpredictable (even with full knowledge of the system and initial system state) and not reproducible. NMi Metrology & Gaming Ltd Page 7 of 9 29/04/2015

Appendix A: Requirements Met UK_RTS / RTS - 7 Generation of random outcomes (7, 7A.1) To ensure that games and other virtual events operate fairly. Random number generation and game results must be acceptably random. Acceptably random here means that it is possible to demonstrate to a high degree of confidence that the output of the RNG, game, lottery and virtual event outcomes are random, through, for example, statistical analysis using generally accepted tests and methods of analysis. Adaptive behaviour (i.e. a compensated game) is not permitted. The RNG was determined to be acceptably random, unpredictable, and not reproducible for all of the ranges assessed. No evidence of compensatory or adaptive behaviour was observed in the RNG source code supplied. UK_RTS / RTS - 7 Generation of random outcomes (7A.3, 7A.4, 7A.5, 7A.6, 7A.7, 7A.8) a. RNG s should be capable of demonstrating the following qualities: i. the output from the RNG is uniformly distributed over the entire output range and game, lottery, or virtual event outcomes are distributed in accordance with the expected/theoretical probabilities ii. the output of the RNG, game, lottery, and virtual event outcomes should be unpredictable, for example, for a software RNG it should be computationally infeasible to predict what the next number will be without complete knowledge of the algorithm and seed value iii. random number generation does not reproduce the same output stream (cycle), and that two instances of a RNG do not produce the same stream as each other (synchronise) iv. any forms of seeding and re-seeding used do not introduce predictability v. any scaling applied to the output of the random number generator maintains the qualities above. The RNG was determined to be acceptably random, unpredictable, and not reproducible for all of the ranges assessed. No evidence of compensatory or adaptive behaviour was observed in the RNG source code supplied. NMi Metrology & Gaming Ltd Page 8 of 9 29/04/2015

Appendix B: Requirements Not Applicable UK_RTS / RTS - 7 Generation of random outcomes (7, 7A.2) To ensure that games and other virtual events operate fairly. Where lotteries use the outcome of other events external to the lottery, to determine the result of the lottery (for example, using numbers from the National Lottery) the outcome must be unpredictable and externally verifiable. This was a test of the software RNG only. The submission does not constitute a lottery game. UK_RTS / RTS - 7 Generation of random outcomes (7A.9, 7A.10, 7A.11, 7A.12) b. For lotteries using external events - where it is not practical to demonstrate 7a. - the events outcomes should be: i. unpredictable, that is, events should be selected only where they may reasonably be assumed to be random events ii. unable to be influenced by the lottery operator (or external lottery manager) iii. publicly available and externally verifiable, for example, events that are published in local or national press would be acceptable. This was a test of the software RNG only. The submission does not constitute a lottery game. UK_RTS / RTS - 7 Generation of random outcomes (7A.13, 7A.14, 7A.15, 7A.16) c. For games or virtual events that use the laws of physics to generate the outcome of the game (mechanical RNGs), the mechanical RNG used should be capable of meeting the requirements in a. where applicable and in addition: i. the mechanical pieces should be constructed of materials to prevent decomposition of any component over time (e.g. a ball shall not disintegrate) ii. the properties of physical items used to choose the selection should not be altered iii. players should not have the ability to interact with, come into physical contact with, or manipulate the mechanics of the game. This was a test of the software RNG only. UK_RTS / RTS - 7 Generation of random outcomes (7A.13, 7A.17) c. For games or virtual events that use the laws of physics to generate the outcome of the game (mechanical RNGs), the mechanical RNG used should be capable of meeting the requirements in a. where applicable and in addition: d. Restricting adaptive behaviour prohibits automatic or manual interventions that change the probabilities of game outcomes occurring during play. Restricting adaptive behaviour is not intended to prevent games from offering bonus or special features that implement a different set of rules, if they are based on the occurrence of random events. This was a test of a random outcome generator, and the submission did not include any specific game code or customer interfaces. END OF REPORT NMi Metrology & Gaming Ltd Page 9 of 9 29/04/2015

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback