Virginia Law

A. All program storage devices (writable/nonwritable), including erasable programmable read only memory (EPROM), DVD, CD-ROM, compact flash, and any other type of program storage device shall be clearly marked with sufficient information to identify the software and revision level of the information stored in the devices.

B. Program storage devices shall meet the following requirements:

1. Program storage, including CD-ROM, shall meet the following rules:

a. The control program shall authenticate all critical files by employing a hashing algorithm that produces a "message digest" output of at least 128 bits at minimum, as certified by the recognized independent test laboratory and agreed upon by the department. Any message digest shall be stored on a read-only memory device within the electronic gaming device. Any message digest that resides on any other medium shall be encrypted using a public/private key algorithm with a minimum of a 512-bit key or an equivalent encryption algorithm with similar security certified by the independent test laboratory and agreed upon by the department.

b. The electronic gaming device shall authenticate all critical files against the stored message digests. In the event of a failed authentication, the electronic gaming device should immediately enter an error condition with the appropriate indication, such as an audible signal, on-screen display, or both. This error shall require operator intervention to clear. The electronic gaming device shall display specific error information and shall not clear until the file authenticates properly or the electronic gaming device's memory is cleared, the game is restarted, and all files authenticate correctly.

2. CD-ROM specific based program storage shall:

a. Not be a rewritable disk; and

b. The "write session" shall be closed to prevent any further writing to the storage device.

C. Electronic gaming devices where the control program is capable of being erased and reprogrammed without being removed from the electronic gaming device or other equipment or related peripheral devices shall meet the following requirements:

1. Reprogrammable program storage shall only write to alterable storage media containing data, files, and programs that are not critical to the basic operation of the game.

2. Notwithstanding subdivision 1 of this subsection, data may be written to media containing critical data, files, and programs provided that:

a. A log of all information that is added, deleted, and modified be stored on the media;

b. The control program verifies the validity of all data, files, and programs that reside on the media using the methods required herein;

c. The electronic gaming device's program contains appropriate security to prevent unauthorized modifications; and

d. The electronic gaming device's program does not allow game play while the media containing the critical data, files, and programs is being modified.

D. The control program shall ensure the integrity of all critical program components during the execution of said components and the first time the files are loaded for use even if only partially loaded. Space that is not critical to machine security (e.g., video or sound) is not required to be validated, although the department recommends a method be in place for the files to be tested for corruption. If any of the video or sound files contain payout amounts or other information needed by the player, the files are to be considered critical.