Technology Forum

An IGI Show & Tell

PLAYER ID, AGE VERIFICATION AND BORDER CONTROL TECHNOLOGY FORUM
held
February 13, 2002

Hosted by:
· IGI, Interactive Gaming Institute of Nevada
· William F. Harrah College of Hotel Administration,
University of Nevada, Las Vegas
· IGTF, Interactive Gaming Task Force

Panelists:
· Dr. Pearl Brewer -- Chair of the Hotel Management Department
· Bill Geoghegan - Lodging & Gaming Technology Consulting Inc.
· Tony Fontaine - Vice President, Complex Business Solutions, Station Casinos
· Leslie Ruthe - Vice President of Information Support, Stratosphere Hotel

It has been consistently stated by regulatory agencies and the associations representing gaming operators that Interactive Gaming cannot be implemented until technology is capable of identifying an individual and geographic location. The technology vendors have welcomed the challenge.

Through the efforts of the Interactive Gaming Institute of Nevada, the William F. Harrah College of Hotel Administration at the University of Nevada, Las Vegas and the Interactive Gaming Task Force, technology vendors were given the opportunity to present their proposed solutions to this technological challenge.

Vendors presented a variety of technologies designed to address some or all of the components needed to identify an individual (therefore ensuring age requirements are met) and verify that the individual is located within a legal jurisdiction. These solutions fall within the following categories:

1. A bio indicator capable of identifying a known individual
2. A positive geographical locator
3. Filtering mechanisms capable of identifying transactions originating within an excluded jurisdiction or outside of an included jurisdiction.

BIO INDICATORS

Bio Indicators solutions were presented in a number of areas including fingerprint identification, facial recognition, retinal scan, and cadence recognition. It was clear that each bio-metric represented a highly accurate mechanism for identifying a known user of a system, although none are 100% accurate. A combination of more than one bio metric increases the identification level to that of a reasonable assurance that the individual is present at the workstation.

Use of bio-metric indicators require the positive identification of an individual by a trusted third party. The bio-metric data can be stored in a central database or on a data capable device such as a smart card, or stored in combination. Bio-metrics, especially fingerprints, are beginning to see widespread acceptance as a positive means of identifying an individual logging into a computer or seeking access to secure locations. Many proponents have suggested storing bio-metric data on a smart card that an individual would carry. Airport security, a national identification card, and other situations that require a high degree of certainty generally suggest the biometric stored on a smart card as a solution. Splitting part of the data from the smart card into a centralized database increases security enormously, but requires full time access to that database. Smart cards have also been suggested for use in player loyalty systems within the brick and mortar environment.

GEOGRAPHICAL INDICATOR

Mechanisms for identifying the geographical location of an individual were varied.
1. Global Positioning Systems (GPS) integrated into a device.
2. Closed loop systems that use the same technology that is used to identify the location of a 911 emergency caller.

Both GPS based locations and closed loop systems are extremely accurate in their ability to identify the location from which a transaction is taking place. GPS is accurate within fifteen feet where three or more satellites can be seen by an antenna. While today's systems require line of sight access from the antenna to the sky, systems currently under development will acquire satellite signals indoors, although initially it will take longer to capture accurate data. Extended antennas permit use of GPS signals where a window is within a reasonable distance of a PC. The GPS system is extremely secure, would be expensive to spoof and is maintained by the U.S. government.

Closed loop systems have already been accepted by gaming regulators as having sufficient accuracy to assure the geographic location of an individual, and are now in use within Nevada. These systems cannot be implemented without dialup access to a server.

FILTERING MECHANISMS

IP filtering was a third mechanism presented as a method of inhibiting those individuals who are connecting from restricted locations. These systems use a database of geographical locations associated with Internet Service Providers (ISP).

Where direct broadband connections such as cable modem, DSL, or T1 services are used, this mechanism is virtually foolproof. Where dialup to the ISP is used, these filtering systems lack an ability to accurately identify location. These systems can be used to allow connections through known ISP's where the final hop is hard wired. In general where this cannot be ascertained admittance is denied. As a result this is a coarse selection mechanism that will deny many users who are in fact geographically acceptable, but assures that anyone permitted within the filter is within the jurisdiction.

PRESENTERS
1. GAMET
Panel Comments:
GAMET has integrated GPS based geographical indicator and biometric based/smart card identification device that attaches to a personal computer via the USB port. It is designed to be self recognized and installed by the operating system. The same smart card biometric identification can be used in a brick and mortar player loyalty system. This device is fully prototyped and can be produced within 90 days.

2. CONAX AS
Presenter Information:
Conax AS is one of the world's leading suppliers of conditional access technology for digital-TV and IP-streaming. Conax are a well-positioned provider of security systems and associated services for interactive gaming and e-payment. Conax systems are well proven and have been in operations for years. With PKI technology combined with conditional access we will have millions of transactions through our payment server this year from PCs, TVs and mobile phones, most of these being micro payments conducted from the users electronic wallet. Please visit our home page for more details: www.conax.com

Panel Comments:
CONAX has a scalable conditional access system for IP networks currently in use in Europe that identify an individual within a closed known environment such as cable TV, etc. These systems use varying identification mechanisms from passwords to biometrics depending upon the level of security required. Their capabilities include processing of payments from smart cards and other credit instruments.

3. DIGITAL ENVOY
Presenter Information:
Digital Envoy is the leading provider of geographic intelligence solutions. Our NetAcuity(tm) IP-based geo-targeting technology instantly identifies the location of online visitors down to the city level worldwide, allowing you to provide the most relevant content with the highest level of accuracy. Patent-pending NetAcuity(tm) was designed with user privacy in mind - no cookies, personally identifiable information or third party databases are used. For the online gambling industry, our technologies allow you to permit or restrict access to content based on user location; authenticate user location; and upsell the ability to provide targeted advertising to your online audience.

Panel Comments:
Digital Envoy has a system that can identify the location of a web user based upon IP filtering. This is subject to the previously mentioned limitations of IP filtering, but is already in use by companies such as VirtGame, Boss Media, and Play Tech. Their current technology primarily excludes interaction from identified locations based upon an ever enhanced database of ISP locations.

4. VIRTGAME
Presenter Information:
VirtGame is a premier provider of Next Generation Software to the gaming and lottery industries that has built a comprehensive, scalable and customizable platform (VirtGame SPa) for e-gaming within any legal jurisdiction. It leverages most of the varied forms of gaming products ... back-office to front-office ... with the resulting product capable of total integration. It is a New Economy product permitting clients to service their customers with the most innovative technology available. This one source application is a powerful tool that offers gaming and lottery clients exactly what they need to succeed in not only today's, but, more importantly, tomorrow's environment. VirtGame has two products that have been approved by the Nevada Gaming Control Board -- 1) PrimeLinea Sports Book is one of only two sports book systems approved as an over-the-counter ("Brick and Mortar") sports book and is the only one which is both web and kiosk enabled and 2) VirtBorderControl is the first TCP/IP ("Closed Loop") approved system to allow sports wagering from a home PC.

Panel Comments:
VirtGame using proprietary browser and a combination of geo-location and biometric identification using fingerprint identifier. They have been successful in implementing Internet Gaming and excluding all US attempts to gain access.

5. AUTHENTIFY
Presenter Information:
Authentify offers a rapidly deployable identity and location verification system for Internet users. Authentify's process enables a Web site to automatically phone a user during their Internet session. Even users with a single phone line. During the synchronized call, Authentify employs data matching and telephone provisioning information to determine who owns the phone and its location. A voice recording and voice biometric is captured to ensure acceptance of a transaction and limit use of an account. Country code, area code, and local exchange information can be matched to IP address providing strong location assurance. Authentify offers the only way to verify user identity and location, in a real time, without installing hardware or software on the end users computer.

Panel Comments:
Authentify utilizes a synchronized phone call with a web session to positively identify the location from which someone is attempting to gain access. A log in process initiates a phone call to a known telephone exchange and requires that the individual key in an access code that has been displayed on the computer. Their database establishes the location of an exchange and could restrict phone exchanges outside of an identified area. The same database could exclude cell phone exchanges and inhibit forwarded calls.

6. BIOPASSWORD-NET NANNY
Presenter Information:
BioPassword(r) is a software-only biometric technology that adds a significant layer of security to your player identification system, whether on internal networks or the Internet. BioPassword's patented "keystroke dynamics" verifies each visitor's unique typing cadence upon log in. BioPassword is the only product to offer biometric user authentication without requiring additional hardware.
With BioPassword you can:
* Significantly increase your ability to verify that your remote customers are really who they claim to be
* Strengthen your ability to meet gaming regulatory agency requirements
-- All while minimizing your overall costs, by eliminating the purchase, deployment, and maintenance costs associated with additional hardware.
Panel Comments:
Net Nanny is a biometric mechanism that uses the cadence of a persons typing their login and password as a mechanism for verification?. This biometric has proven to be accurate to a level similar to fingerprint and facial recognition. As with any biometric, it is subject to verification of the individual. This is a software only service that requires no hardware or installation to implement.

7. SSP/GET
Panel Comments:
SSP presented as a partner with GET. SSP has developed some significant defense department level identification systems, including a credit card sized GPS device, as well as software that can combine the Geo Location and Biometrics. They stated that it would take less than 90 days to begin production of a product when the market demanded it. The presented solution appears to be a highly accurate integrated system capable of identifying a know person's location.

8. QUOVA
Presenter Information:
Quova is the leading provider of IP Geolocation services. IP Geolocation provides information about where an internet user is connecting from without requiring any action by the user. Quova's GeoPoint service provides wide coverage with high country level accuracy for most online gaming visitors. Even higher levels of accuracy and assurance can be obtained by combining Quova's GeoPoint Service with other user location technologies and information. To this end, Quova provides additional value added services specifically designed to support border control for the online gaming industry. Quova's GeoPoint Service is also useful for fraud detection and marketing applications and has been selected by industry leading companies including Amazon, Ladbrokes, Rank Group, MicroGaming, Sports.com, Visa and ClearCommerce

Panel Comments:
QUOVA utilizes an ever expanding database of IP addresses to accurately identify the location of a server. They maintain their own data, using their Precision Mapping Technology, and can match a high percentage of IP addresses to specific geographical locations. Their solution allows know addresses through their filter, and inhibits any questionable sources. It is widely used by other types of business for location identification.

9. INNOVATIVE CONFIGURATION
Presenter Information:
Innovative Configuration, Inc. (ICI) is a high performance real-time computer systems integration entity with a strong track record in advanced product research and development (R&D) for US Government labs and Fortune 500 companies. This R&D work, over the last decade, includes both hardware and software design and proof-of-concept prototyping. ICI has recently designed and prototyped a novel family of Interactive Gaming products that can operate with the same graphical-player-interface (GPI) to enable seamless transition of the Next-Generation Remote Gaming Stations from the Casino floor, to the Intranet, and then to the Internet, thereby providing an end-to-end cost-effective regulatable gaming solution.

Panel Comments:
Innovative Configuration suggested a facial recognition biometric used with a web cam that would constantly monitor the player sitting at a PC. The constant visual recognition would ensure that only the player who has signed up continues to play, and that the system is not turned over to another, i.e. a minor.

10. IT GLOBALSECURE
Panel Comments:
IT GlobalSecure has developed algorithms that permit Legal and Regulatory agencies to monitor and judge the fairness of games. It includes the ability to ensure a fair shuffle, and mechanisms to enforce the digital contract between gamer and operator. Their methods are already in use on highly restricted government sites. They are only recently entering the gaming industry, and have not yet developed a business model, but feel that their algorithms can be of use in positive player identification.

11. CYBER LOCATOR
Panel Comments:
CyberLocator explained a product known as Global Cyber Licensing. The company holds a patent on a secure mechanism for identifying the location of a user based on a GPS device connected to a USB port on a PC. The GPS device sends information to the central server and that data is synchronized and compared to data that CyberLocator calculates based on the current position of GPS satellites. They claim 100% authentication of location. The system is currently in use for other applications, but their current domain is only within the U.S. They would require additional receiving stations and servers to cover other geographical areas. They also claim a process that ensures an active user is at the PC, making it impossible for remote usage to bypass the Geo Location process.

12. RSA SECURITY
Presenter Information:
RSA Security is a provider of products that ensure the authenticity of people, devices and transactions in both the wired and wireless worlds. This concept of "authenticity" does not exist in a vacuum or consist of any single product solution. In order to achieve the above mission statement, different applications, running on different platforms must all communicate and co-exist effectively in a secure manner. RSA Security has developed a suite of products that act as a secure infrastructure for web based E-Business requirements. Our Public Key Infrastructure products act as the foundation to the architecture by ensuring the authenticity of the users and transactions through the use of Digital Certificates. Our BSAFE toolkits give our customers the flexibility to build certificate technology into existing applications, encrypt data in transit, and build authenticity into wireless devices and transactions. So what does this mean to the online gaming industry? It means that once the various technologies are evaluated and standards are set, there is a real-world, standards based architecture to tie all of the components together.

Panel Comments:
RSA Security explained established mechanisms that are already part of many identification and security system, and that can be combined with other mechanisms to increase security. These include a time synchronous smart card that requires a PIN entry that constantly changes, but can be calculated by a central server based on the time. Additionally, their ClearTrust software centrally manages user access to Web-based resources, and the Public Key Infrastructure manages digital certifications. Their products are currently in wide use.

CONCLUSION

The presentations of the day clearly showed a variety of technologies that permit the verification of an individual and the geographical location from which a transaction is originated. Two of the presenters, GAMET and SSP, had solutions that integrated devices capable of both biometric and geographical location. These solutions most likely meet the requirements of player identification and border control, but have some significant implementation cost and distribution barriers. Where the operator can justify the expense, these solutions are technologically feasible.

The other technologies presented each represented some portion of the solution to player identification and geographical location. The combination of two or more of these technologies into a single system would likely meet the threshold necessary to meet any proposed regulations. For example, though the IP Filtering technology is less than 100% accurate, it could be used to positively identify some percentage of the transaction locations. Those that can be validated are permitted access, those that can be positively located as being outside the permitted jurisdiction are denied, and those that do not fall into either category would be subjected to some other (perhaps more expensive) filter. An operator could use this type of location detection to allow perhaps 75% of the possible players. For those who cannot entry based on the passive IP Filtering, the operator could decide whether the more expensive Geo/Bio Indicator would be worthwhile, based on the potential of the player. In this way, the average cost of acquisition of a player could be greatly reduced.

In the case of Player Identification, some of the technologies required Biometric detection hardware to be added to a players' PC, while others were purely software or operations. The Net Nanny biometrics certainly represented a non-intrusive alternative, with no hardware or software requirements.

In general, the panel agreed that strategic mergers of the technologies presented at the Forum without doubt could meet the proposed regulations for Player Identification and Border Control with a degree of accuracy that would meet any reasonable reliability requirements.