Title 820 | Chapter 001 | Regulation 050
820 KAR 1:050.Raffles.
Section 1.
Definitions.(1)
"Access control" means the restriction of access to a place or other resource. Locks and login credentials are two (2) mechanisms of access control.(2)
"Address Resolution Protocol (ARP)" is the protocol used to translate IP addresses into MAC addresses to support communication on a LAN (Local Area Network). The Address Resolution Protocol is a request and reply protocol and it is communicated within the boundaries of a single network, never routed across internetwork nodes (connection points, either a redistribution point or an end point for data transmissions).(3)
"Algorithm" means a finite set of unambiguous instructions performed in a prescribed sequence to achieve a goal, especially a mathematical rule or procedure used to compute a desired result. Algorithms are the basis for most computer programming.(4)
"Authentication" means a security measure designed to protect a communications system against acceptance of a fraudulent transmission or simulation by establishing the validity of a transmission, message, or originator.(5)
"Bearer ticket" means an electronic or paper ticket that contains one (1) or more draw numbers purchased.(6)
"Bi-Directional" means the ability to move, transfer, or transmit in both directions.(7)
"Counterfoil" means an electronic record or paper ticket stub, also known as a barrel ticket, which shall be drawn to determine a winner and contains a player's draw number matching the bearer ticket purchased and may, depending on the type of raffle, contain the name, address, or telephone number of the player.(8)
Critical memory means memory that is used to store all data that is considered vital to the continued operation of the RSU.(9)
"Crypto-analytic" means an attack against the encryption key (refer to definition of encryption key).(10)
"Cryptographic" means anything written in a secret code or cipher.(11)
"Distributed Denial of Service (DDoS)" means a type of Denial of Service (DoS) attack where multiple compromised systems, usually infected with a destructive software program, are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.(12)
"Domain" is a term used to identify one (1) or more IP addresses. A domain name is used in a Uniform Resource Locator (URL) to identify particular Web pages.(13)
"Draw number" means a uniquely identifiable number that is provided to the purchaser for each chance purchased and may be selected as the winning number for the raffle.(14)
"Electronic raffle system" means computer software and related equipment used by raffle licensees to sell tickets, account for sales, and facilitate the drawing of tickets to determine the winners.(15)
"Encryption" means the reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the cipher text) as a mechanism for protecting its confidentiality, integrity, or its authenticity.(16)
"Encryption key" means a sequence of numbers used to encrypt or decrypt (to decode/decipher) data.(17)
"Firewall" means any number of security schemes that prevent unauthorized users from gaining access to a computer network or that monitor transfers of information to and from the network.(18)
"Geolocation" means identifying the real-world geographic location of an Internet connected computer, mobile device, or Web site visitor.(19)
"Host" means a computer system that is accessed by a user working at a remote location. Typically, the term is used when there are two (2) computer systems connected by modems and telephone lines. The system that contains the data is called the host, while the computer at which the user sits is called the remote terminal. A computer that is connected to a TCP/IP network, including the Internet. Each host has a unique IP address.(20)
"Hypertext Transfer Protocol (HTTP)" means the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers shall take in response to various commands.(21)
"Internet" means an interconnected system of networks that connects computers around the world via the TCP/IP protocol. TCP/IP protocol is short for Transmission Control Protocol/Internet Protocol, the suite of communications protocols used to connect hosts on the Internet.(22)
"Intrusion Detection System (IDS)" or "Intrusion Prevention System (IPS)" means a system that inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. Used in computer security, intrusion detection refers to the process of monitoring computer and network activities and analyzing those events to look for signs of intrusion in a system.(23)
"Internet Protocol (IP)" means an identifier for a computer or device on a TCP/IP network.(24)
"Media Access Control (MAC)" means a hardware address that uniquely identifies each node, such as the computer or printer, of a network.(25)
"Man-in-the-Middle (MITM)" means an active Internet attack where the person attacking attempts to intercept, read, or alter information moving between two (2) computers.(26)
"Message authentication" means a security measure designed to establish the authenticity of a message by means of an authenticator within the transmission derived from certain predetermined elements of the message itself.(27)
"Online" means being connected to the Internet.(28)
"Online Purchasing Platform" means the raffle system hardware and software that drives the features common to all raffles offered, and which forms the primary interface to the Raffle System for both the patron and the operator. The online purchasing platform provides the patron with the means to register an account, log in to or out of their account, modify their account information, make ticket purchases, request account activity statement or reports, and close their account. In addition, any web pages displayed to the patron that relate to ticket purchasing offered on the raffle system. The online purchasing platform provides the operator with the means to review patron accounts, enable or disable raffles, generate various financial transaction and account reports, input raffle outcomes, enable or disable patron accounts, and set any configurable parameters.(29)
"Protocol" means a set of formal rules describing how to transmit or exchange data, especially across a network. TCP/IP is the standard communications protocol of the Internet and most internal networks.(30)
"Raffle sales unit (RSU)" means a portable or wireless device, a remote hardwired connected device, or a standalone cashier station that is used as a point of sale for bearer tickets.(31)
"Remote access" means any access from outside the system or system network including any access from other networks within the same establishment.(32)
"Shellcode" means a small piece of code used as the payload (cargo of data transmission) in the exploitation of computer security. Shellcode exploits a vulnerability and allows an attacker the ability to reduce a computer system's information assurance.(33)
"Security certificate" means information, often stored as a text file, which is used by the Secure Socket Layers (SSL) protocol to establish a secure connection. A security certificate contains information about whom it belongs to, who it was issued by, valid dates, and a unique serial number or other unique identification that may be used to verify the contents of the certificate. In order for an SSL connection to be created, both sides are required to have a valid security certificate, which is also called a digital ID.(34)
"Stateful firewall" means a firewall that keeps track of the state of network connections traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection shall be allowed by the firewall; others shall be rejected. Stateful inspection, also referred to as Dynamic Packet Filtering, is a security feature often included in business networks,(35)
"Stateless" means a communications protocol that treats each request as an independent transaction that is unrelated to any previous request so that the communication consists of independent pairs of requests and responses. A stateless protocol does not require the server to retain session information or status about each communications partner for the duration of multiple requests. In contrast, a protocol that requires the keeping of internal state is known as a stateful protocol. Examples of stateless protocols include Internet Protocol (IP) and the Hypertext Transfer Protocol (HTTP).(36)
"Validation number" means a unique number that may represent one (1) or more draw numbers that shall be used to validate the winning number for the raffle.Section 2.
Raffle Ticket Construction.(1)
Raffle tickets shall have a detachable section or duplicate ticket and shall be consecutively numbered. If raffle tickets are sold electronically, the charitable organization selling the tickets shall provide all purchasers with a physical ticket or electronic communication that contains the information required by subsection (2) of this section.(2)
The detachable section or duplicate of the ticket shall bear a duplicate number corresponding to the number on the ticket and shall provide space for the purchaser's name, complete address, and telephone number.(3)
The following information shall be on each ticket:(a)
The date and time for each drawing;(b)
The location of each drawing;(c)
The name of the charitable organization conducting the raffle;(d)
The charitable organization's license number or exemption number;(e)
The price of the ticket; and(f)
Each prize to be awarded with a fair market value over $500.(4)
The requirements of subsections (2) and (3) of this section shall be waived if:(a)
The raffle tickets sell for five (5) dollars or less, or(b)
The raffle sales are initiated and concluded and all winners are selected at a licensed charity fundraising event or a licensed special limited charity fundraising event.Section 3.
Raffle Prizes.(1)
A charitable organization conducting a raffle in which real or personal property prizes are to be awarded shall be responsible for the transfer and delivery of the prize without lien or interest of others.(2)
All raffle prizes shall be awarded as indicated on the raffle ticket unless the event at which the raffle was to be conducted is postponed. If the raffle is postponed, all reasonable efforts shall be made to notify ticket holders of the new drawing date.(3)
If the prize to be awarded is the jackpot of a progressive raffle board, the charitable organization's charitable gaming session records shall report in the gross receipts total all startup cash, monies derived from raffle ticket sales, and any other contribution to the jackpot.Section 4.
Conduct of Raffles.(1)
Any person holding a raffle ticket shall be permitted to observe the raffle drawing. A charitable organization may broadcast a raffle drawing via a verifiable online live streaming service to provide ticket holders an opportunity to view the drawing if the charitable organization provides purchasers with instructions for viewing the drawing at the time tickets are purchased.(2)
A person shall not be required to be present at a raffle drawing in order to be eligible for the prize drawing.(3)
For raffles using paper tickets, each ticket seller shall return to the charitable organization the stubs or other detachable sections or duplicates of all tickets sold prior to the drawing.(4)
For raffles using paper tickets, before drawing, the charitable organization shall place the seller's portion of each ticket sold into a receptacle from which the winning tickets are to be drawn. The receptacle shall be designed so that each ticket placed in it has an equal chance to be drawn.(5)
If a charitable organization uses electronic raffle software to conduct a raffle, the charitable organization shall ensure that the electronic raffle software has been:(a)
Purchased, leased, or otherwise obtained from a distributor licensed by the department;(b)
Manufactured by a manufacturer licensed by the department;(c)
Certified by an independent testing lab; and(d)
Approved by the department for use in the Commonwealth.(6)
A charitable organization shall conduct a raffle entirely with traditional paper tickets or entirely with an electronic or online raffle system; a charitable organization shall not use both paper and electronic tickets in the same raffle, except for paper receipts or bearer tickets generated by an electronic or online raffle system in compliance with this regulation.Section 5.
Claiming Raffle Prizes.(1)
If the winner is not present at the drawing, the charitable organization shall notify the winner within seven (7) days of the drawing that the winner shall claim the prize within thirty (30) days.(2)
If a winner does not wish to claim the prize but wishes to donate it to the charitable organization, the charitable organization shall obtain a written statement of the winner's intention within the thirty (30) day period. A charitable organization shall not accept the donation to the charitable organization of a prize won if doing so would violate KRS 238.540.(3)
If a raffle winner does not claim the prize or donate it to the charitable organization within thirty (30) days after having been contacted by certified mail, or if the raffle winner is ineligible by law to claim the prize, the charitable organization shall notify the department and draw another ticket in the presence of department personnel.(4)
The requirements of subsections (1), (2), and (3) of this section shall be waived, and the charitable organization shall be allowed to draw tickets until a winner is present if:(a)
The raffle tickets sell for five (5) dollars or less;(b)
The raffle sales are initiated and concluded and all winners are selected at a licensed charity fundraising event; or(c)
The raffle sales are initiated and concluded and all winners are selected at a licensed special limited charity fundraising event.Section 6.
Electronic Raffle System Standards.(1)
Each electronic raffle system shall have a device or facility that provides for the sale of bearer tickets and the collection and accounting tools needed to track all sales initiated through the raffle system. The system shall have the ability to support all RSUs, whether they are hard-wired or connected wirelessly, to ensure that each RSU sends or transmits all ticket sales to the system. The system shall have the ability to facilitate winner selection by either manual or electronic means.(2)
Time Limits. The electronic raffle system software shall be capable of setting time limits for when tickets may be purchased for a raffle drawing.(3)
Configuration Changes. After the commencement of a raffle, the electronic raffle system software shall not allow changes to parameters that may affect the integrity of the raffle.(4)
Bearer Tickets. After the payment of a fee, participants shall receive a bearer ticket for one (1) or more chances to win a raffle drawing. The bearer ticket shall be printed with the information required by Section (2)(2) of this administrative regulation and shall include:(a)
The date and time (in twenty-four (24) hour format showing hours and minutes) that the ticket was purchased;(b)
All unique draw numbers purchased for the raffle;(c)
The RSU identifier from which the ticket was generated; and(d)
A unique validation number or barcode.(5)
Validation Numbers. The algorithm or method used by the electronic raffle system to generate the bearer ticket validation number shall be unpredictable and ensure against duplicate validation numbers for the raffle currently in progress.(6)
Voiding a Ticket. The electronic raffle system shall be designed to flag or otherwise identify a voided bearer ticket and its corresponding draw number. The system shall record at a minimum the draw numbers and the validation number from the voided bearer ticket. Voided draw numbers shall not be able to be resold or reissued for that raffle.(7)
Counterfoils. If a manual draw is used to determine a winner, all counterfoils used in a raffle drawing shall be the same size, shape, and weight. A counterfoil shall be printed or stored electronically for each purchased draw number. If an electronic random number generator is used to determine the winner of the raffle drawing, a printed counterfoil is not required. A counterfoil shall only contain one (1) draw number and shall contain the following information, which matches the bearer ticket issued to the player:(a)
Event Identifier or Location;(b)
The draw number;(c)
Issued date and time (in twenty-four (24) hour format showing hours and minutes);(d)
Value or cost of the bearer ticket; and(e)
Unique validation number or barcode.(8)
Reprinting of Counterfoils. If the system supports the reprinting of counterfoil tickets, the facility shall require additional supervised access controls, and the draw numbers for all reprinted counterfoils shall be flagged in the system as reprints.(9)
Raffle Prize Displays. An electronic raffle system may include a raffle prize display that may be viewed by participants of the raffle that displays the raffle prize and the current progression of the prize. The electronic raffle system may have multiple raffle awards displayed in an alternating fashion.(10)
Electronic Raffle Drawing Requirements. A raffle drawing shall be held at a date, time, place stated on the charitable organization's license or certificate of exemption. The drawing shall be administered by an officer or chairperson of the charitable organization. A raffle drawing shall only be conducted after:(a)
The close of the raffle; and(b)
All sales and voided sales for the particular raffle purchase period have been reconciled.(11)
Closing the Raffle Purchase Period. The system shall be capable of closing off the sale of bearer tickets at a time determined by the operator. Tickets shall not be sold after the raffle purchase period has closed. The system shall be capable of displaying to the operator by way of the RSU device display that all sales from a particular device have been uploaded, transferred, or otherwise communicated to the electronic raffle system.(a)
On verification of the sales data transfer, the RSU device shall be capable of being reset or closed; and(b)
The RSU shall not be enabled for any further sales for the current raffle.(12)
Voided Tickets. Voided tickets shall not be qualified toward any prize. The system shall be capable of reconciling voided sales for the raffle purchase to identify all voided tickets that may be committed to the draw. The system shall record an acknowledgement from the event manager that voided tickets have been reconciled before permitting a winning number to be entered into the system for validation.(13)
Winner Determination. The operator shall conduct an electronic or other approved draw procedure that ensures a randomly selected draw number as a winner from all tickets sold. Each drawn counterfoil shall be verified as a sold and valid ticket. This process shall be repeated for each advertised prize.(14)
Official Drawing Results. Results of the drawing become official and final after the drawn number is verified as a winning bearer ticket for the respective drawing, and is presented to the participants of the raffle. The system shall display the winning draw on all capable display devices intended to be viewed by participants.(15)
Winner Verification. Winning tickets shall be verified prior to payout. Participants shall present the bearer ticket to an authorized agent for validation with the system. The system shall be capable of verifying the winning draw numbers and shall allow for the validation of draw numbers either manually or through the use of a bar code scanner or equivalent.(16)
System Reporting Requirements. The system shall be capable of producing general accounting reports to include the following information for each draw conducted:(a)
Raffle Drawing Report. A report that includes the following for each raffle drawing:1.
Date and time of the event;2.
Organization running the event;3.
Sales information;4.
Prize value awarded to participant;5.
Prize distribution (total raffle sales vs. prize value awarded to participant);6.
Refund totals by event;7.
Draw numbers-in-play count;8.
Winning number(s) drawn (including draw order, call time, and claim status); and9.
All other information required by 820 KAR 1:057.(b)
Exception Report. A report that includes system exception information, including changes to system parameters, corrections, overrides, and voids;(c)
Bearer Tickets Report. A report that includes a list of all bearer tickets sold including all associated draw numbers, selling price, and RSU identifier;(d)
Sales by RSU. A report that includes a breakdown of each RSU's total sales (including draw numbers sold) and any voided or misprinted tickets;(e)
Voided Draw Number Report. A report that includes a list of all draw numbers that have been voided including corresponding validation numbers;(f)
Raffle Sales Unit Event Log. A report that lists all events recorded for each RSU, including the date and time and a brief text description of the event or identifying code;(g)
Raffle Sales Unit Corruption Log. A report that lists all RSUs unable to be reconciled to the system, including the RSU identifier, RSU operator, and the money collected; and(h)
All information required by 820 KAR 1:057.Section 7.
Raffle Sales Unit Standards.(1)
After the payment of a fee, participants shall receive a chance to win a raffle drawing. A chance to win a raffle drawing shall be purchased from an attendant-operated Raffle Sales Unit (RSU).(a)
Attendant-Operated Raffle Sales Unit. A participant may purchase a bearer ticket from an attendant-operated RSU by providing payment for the ticket(s) to the attendant. Upon receiving payment, the attendant shall provide the participant the bearer ticket(s) purchased by the participant.(b)
Player-Operated Raffle Sales Unit. A participant may purchase a bearer ticket from a player-operated RSU by following the instructions appearing on the screen of the RSU and providing payment for the ticket(s). Upon payment for the ticket(s), the RSU shall issue the corresponding bearer ticket(s) purchased by the participant.(2)
An RSU shall be capable of generating and printing a bearer ticket with one (1) or more uniquely identifiable draw numbers.(a)
The system shall not generate duplicate draw numbers within the same event.(b)
For each draw number generated, there shall be only one (1) corresponding counterfoil with the same draw number.(c)
The RSU shall be capable of providing a transaction receipt in the form of a bearer ticket to a purchaser.(3)
Access Controls. Access to raffle sales software shall be controlled by a secure logon procedure. It shall not be possible to modify the configuration settings of an RSU without an authorized secure logon.(4)
Touch Screens. Touch screens shall be accurate once calibrated and shall maintain that accuracy for at least the manufacturer's recommended maintenance period.(5)
RSU Interface. The functions of all buttons, touch or click points represented on the RSU interface shall be clearly indicated within the area of the button, touch or click point or within the help menu. There shall be no functionality available through any buttons or touch or click points on the RSU that are undocumented.(6)
Communications. A Raffle Sales Unit shall be designed or programmed to only communicate with authorized electronic raffle systems components. The electronic raffle system shall have the capability to uniquely identify and authorize each RSU used to sell tickets for a raffle.(7)
Wireless Raffle Sales Units. Communication shall only occur between the RSU and the electronic raffle system via authorized access points.(8)
Printing Bearer Tickets. If the RSU connects to a printer that is used to produce bearer tickets, the bearer ticket shall include information as indicated in Section 2 (2) of this administrative regulation. This information, or some of this information, may be contained on the ticket stock itself.(a)
The RSU shall control the transfer of ticket data sent to the printer, and only transfer ticket data to the printer when sufficient space is available in the printer memory to receive the ticket information.(b)
If a barcode forms part of the validation number printed on the bearer ticket, the printer shall support the barcode format and print with sufficient resolution to permit validation by a barcode reader.(9)
Printer Error Conditions. The bearer ticket printer shall be able to detect and indicate to the operator the following error conditions:(a)
Low battery;(b)
Out of paper or paper low;(c)
Printer disconnected (It is permissible for the system to detect this error condition when it tries to print).(d)
If the unit is capable of reprinting a ticket, the reprinted ticket shall clearly indicate that it is a reprint of the original ticket.(10)
Critical Memory Requirements. Critical memory shall be maintained for the purpose of storing and preserving critical data including:(a)
If not communicating with the system, recall of all tickets sold including, at minimum, draw numbers and validation numbers; and(b)
RSU configuration data.(11)
Maintenance of Critical Memory. Critical memory storage shall be maintained by a methodology that enables errors to be identified. This methodology may involve signatures, checksums, partial checksums, multiple copies, time stamps or effective use of validity codes.(12)
Comprehensive Checks. Comprehensive checks of critical memory shall be made on startup and shall detect failures with an extremely high level of accuracy.(13)
Unrecoverable Critical Memory. An unrecoverable corruption of critical memory shall result in an error. Upon detection, the raffle sales unit shall cease to function.(14)
Backup Requirements. The RSU shall have a backup or archive capability, which allows the recovery of critical data if a failure occurs.(15)
RSU Program Identification. All programs shall contain sufficient information to identify the software and revision level of the information stored on the RSU, which may be displayed via a display screen.(16)
Detection of Program Corruption. RSU programs shall be capable of detecting program corruption and cause the RSU to cease operations until corrected.(17)
Verification of Program Updates. Prior to execution of the updated software, the software shall be successfully authenticated on the RSU.(18)
Independent Control Program Verification. The RSU shall have the ability to allow for an independent integrity check of the RSU's software from an outside source and is required for all software that may affect the integrity of the raffle. This shall be accomplished by being authenticated by a third-party device or by allowing for removal of the media so that it may be verified externally. This integrity check shall provide a means for field verification of the software to identify and validate the program. The test laboratory, prior to device approval, shall evaluate the integrity check method.Section 8.
Random Number Generator Requirements.(1)
A random number generator shall reside on a program storage device secured in the logic board of the system. The numbers selected by the random number generator for each drawing shall be stored in the system's memory and be capable of being output to produce a winning number. The use of an RNG results in the selection of raffle outcomes in which the selection shall:(a)
Be statistically independent;(b)
Conform to the desired random distribution;(c)
Pass industry-standard recognized statistical tests, as chosen by the independent testing laboratory; and(d)
Be unpredictable.(2)
Applied Tests. The test laboratory may employ the use of various recognized tests to determine whether or not the random values produced by the random number generator pass the desired confidence level of ninety-nine (99) percent. The independent test lab shall choose the appropriate tests on a case by case basis depending on the RNG under review. These tests may include:(a)
Chi-square test;(b)
Equi-distribution (frequency) test;(c)
Gap test;(d)
Overlaps test;(e)
Poker test;(f)
Coupon collector's test;(g)
Permutation test;(h)
Kolmogorov-Smimov test;(i)
Adjacency criterion tests;(j)
Order statistic test;(k)
Runs tests (patterns of occurrences shall not be recurrent);(l)
Interplay correlation test;(m)
Serial correlation test potency and degree of serial correlation (outcomes shall be independent of the previous game);(n)
Tests on subsequences; and(o)
Poisson distribution.(3)
Period. The period of the RNG, in conjunction with the methods of implementing the RNG outcomes, shall be sufficiently large to ensure that all valid, sold numbers are available for random selection.(4)
Range. The range of raw values produced by the RNG shall be sufficiently large to provide adequate precision and flexibility when scaling and mapping.(5)
Background RNG Cycling or Activity Requirement. To ensure that RNG outcomes cannot be predicted, adequate background cycling or activity shall be implemented between each drawing at a speed that cannot be timed. The rate of background cycling or activity shall be sufficiently random in and of itself to prevent prediction.(6)
RNG Seeding or Re-Seeding. The methods of seeding or re-seeding implemented in the RNG shall ensure that all seed values are determined securely and that the resultant sequence of outcomes is not predictable.(a)
The first seed shall be randomly determined by an uncontrolled event. After every bearer ticket draw, there shall be a random change in the RNG process (new seed, random timer, or delay, ). This shall verify the RNG does not start at the same value, every time. It is permissible not to use a random seed, except the manufacturer shall ensure that the selection process will not synchronize.(b)
Unless proven to have no adverse effect on the randomness of the RNG outcomes or actually improve the randomness of the RNG outcomes, seeding and re-seeding shall be kept to an absolute minimum. If the background cycling or activity of the RNG is interrupted, the next seed value for the RNG shall be a function of the value produced by the RNG immediately prior to the interruption.(7)
Scaling Algorithms. The methods of scaling ( converting raw RNG outcomes of a greater range into scaled RNG outcomes of a lesser range) shall be linear, and shall not introduce any bias, pattern, or predictability. The scaled RNG outcomes shall be proven to pass various recognized statistical tests as chosen by the independent testing laboratory.(a)
If a random number with a range shorter than that provided by the RNG is required for some purpose within the raffle system, the method of re-scaling, ( converting the number to the lower range), shall be designed in a way that all numbers within the lower range are equally probable.(b)
If a particular random number selected is outside the range of equal distribution of rescaling values, it is permissible to discard that random number and select the next in sequence for the purpose of re-scaling.(8)
Winning Number Draw. The winning number selection shall only be produced from sold bearer ticket numbers from the current drawing to be available for selection.(a)
Each valid, sold raffle number shall be available for random selection at the initiation of each drawing; and(b)
For raffles that offer multiple awards or drawings with separate buy-ins for each, the winning number selection shall only be produced from sold bearer ticket numbers corresponding with each applicable award or drawing. As winning numbers are drawn, they shall be immediately used as governed by the rules of the raffle ( the bearer tickets shall not be discarded due to adaptive behavior).(9)
No Corruption from Associated Equipment. An electronic raffle system shall use appropriate protocols to protect the random number generator and random selection process from influence by associated equipment, which may be communicating with the electronic raffle system.Section 9.
Electronic Raffle System Server Requirements.(1)
The Electronic Raffle System Server(s) may be located locally, within a single facility or may be remotely located outside of the facility through a Wide Area Network (WAN).(2)
Physical Security. The servers shall be housed in a secure location that has sufficient physical protection against alteration, tampering, or unauthorized access.(3)
Logical Access Control. The electronic raffle system shall be logically secured through the use of passwords, biometrics, or other means certified as secure by the independent testing lab. The storage of passwords, PINs, biometrics, and other authentication credentials shall be secure. The system shall have multiple security access levels to control and restrict different classes of access to the electronic raffle system.(4)
Security from Alteration, Tampering, or Unauthorized Access. The electronic raffle system shall provide a logical means for securing the raffle data against alteration, tampering, or unauthorized access. The following rules also apply to the raffle data within the Electronic Raffle System:(a)
Equipment shall not have a mechanism whereby an error will cause the raffle data to automatically clear. Data shall be maintained at all times regardless of whether the server is being supplied with power.(b)
Data shall be stored in a way as to prevent the loss of the data when replacing parts or modules during normal maintenance.(5)
Data Alteration. The electronic raffle system shall not permit the alteration of any accounting, reporting, or significant event data without supervised access controls. In the event any data is changed, the following information shall be documented or logged:(a)
Data element altered;(b)
Data element value prior to alteration;(c)
Data element value after alteration;(d)
Time and date of alteration; and(e)
User login to identify the personnel that performed the alteration.(6)
Server Programming. There shall be no means available for an operator to conduct programming on the server in any configuration (the operator shall not be able to perform SQL statements to modify the database). Network administrators may perform authorized network infrastructure maintenance with sufficient access rights, which include the use of SQL statements that were already resident on the system.(7)
Copy Protection. Copy protection to prevent unauthorized duplication or modification of software, for servers or RSUs, may be implemented if:(a)
The method of copy protection is fully documented and provided to the Test Laboratory, which shall verify that the protection works as described; or(b)
The program or component involved in enforcing the copy protection may be individually verified by the methodology described in subsection (17).(8)
Uninterruptible Power Supply Support. If the server is a stand-alone application, it shall have an uninterruptible power supply (UPS) connected and of sufficient capacity to permit a graceful shut-down and that retains all electronic raffle system data during a power loss. The electronic raffle system server may be a component of a network that is supported by a network-wide UPS if the server is included as a device protected by the UPS.(9)
System Clock Requirements. An Electronic Raffle System shall maintain an internal clock that reflects the current date and time (in twenty-four (24) hour format showing hours and minutes) that shall be used to provide for the following:(a)
Time stamping of significant events;(b)
Reference clock for reporting; and(c)
Time stamping of all sales and draw events.(10)
System Clock Synchronization Feature. If multiple clocks are supported the system shall have a facility to synchronize clocks within all system components.(11)
RSU Management Functionality. An electronic raffle system shall have a master list of each authorized RSU in operation, including at minimum the following information for each entry:(a)
A unique RSU identification number or corresponding hardware identifier ( MAC);(b)
Operator identification; and(c)
Tickets issued for sale, if applicable.(12)
RSU Validation. It is recommended that RSUs be validated at least once per year with at least one (1) method of authentication. The system shall have the ability to remotely disable the RSU after the threshold of unsuccessful validation attempts has been reached.(13)
Counterfoil Printers. If printed counterfoils are in use, the printer mechanism shall be able to detect and indicate the following error conditions:(a)
Out of paper;(b)
Paper low;(c)
Memory Error;(d)
Printer failure; and(e)
Printer disconnected.(14)
Printer Disable. At any time during an active draw, the operator shall have the ability to manually disable a printer and remove the printer from the configuration without affecting the remaining printers or any outstanding print requests.(15)
Significant Event Logging. Significant events shall be communicated and logged on the electronic raffle system, which shall include:(a)
Connection or Disconnection of an RSU or any component of the system;(b)
Critical memory corruption of any component of the system;(c)
Counterfoil Printer errors:1.
Out of paper or paper low;2.
Printer disconnect or failure; and3.
Printer memory error;(d)
Establishment and failure of communications between sensitive electronic raffle system components;(e)
Significant event buffer full;(f)
Program error or authentication mismatch;(g)
Firewall audit log full, if supported; and(h)
Remote access, if supported.(16)
Significant Event Surveillance or Security Functionality. Each significant event conveyed to the electronic raffle system shall be stored. An electronic raffle system shall provide an interrogation program that enables on-line comprehensive searching of the significant events through recorded data. The interrogation program shall have the ability to perform a search based at least on the following:(a)
Date and time range;(b)
Unique component identification number; and(c)
Significant event identifier.(17)
Storage Medium Backup. The electronic raffle system shall have sufficient redundancy and modularity so that if any single component or part of a component fails, the raffle may continue. Redundant copies of critical data shall be kept on the electronic raffle system with open support for backups and restoration.(a)
All storage shall be through an error checking, nonvolatile physical medium, or an equivalent architectural implementation, so if the primary storage medium fail, the functions of the electronic raffle system and the process of auditing those functions may continue with no critical data loss.(b)
The database shall be stored on redundant media so that no single failure of any portion of the system would cause the loss or corruption of data.(18)
Recovery Requirements. In the event of a catastrophic failure, and if the electronic raffle system cannot be restarted in any other way, it shall be possible to reload the electronic raffle system from the last viable backup point and fully recover the contents of that backup, including:(a)
Significant Events;(b)
Accounting information;(c)
Reporting information; and(d)
Specific site information such as employee files or raffle set-up(19)
Verification of System Software. System software components and modules shall be verifiable by a secure means at the system level denoting the program identification and version. The system shall have the ability to allow for an independent integrity check of the components and modules from an outside source and is required for all software that may affect the integrity of the system. This shall be accomplished by being authenticated by a third-party device, or by allowing for removal of the media so that it may be verified externally. This integrity check shall provide a means for field verification of the system components and modules to identify and validate the programs or files. The independent testing laboratory, prior to system approval, shall approve the integrity check method.Section 10.
Electronic Raffle System Communication Requirements.(1)
Communication Protocol. Each component of an electronic raffle system shall function as indicated by the communication protocol implemented. An electronic raffle system shall provide for the following:(a)
Communication between all system components and shall provide mutual authentication between the component and the server;(b)
All protocols shall use communication techniques that have proper error detection and recovery mechanisms, which are designed to prevent eavesdropping and tampering. Any alternative implementations shall be reviewed on a case-by-case basis, with regulatory approval; and(c)
All data communications critical to the raffle shall employ encryption. The encryption algorithm shall employ variable keys, or similar methodology to preserve secure communication.(2)
Connectivity. Only authorized devices shall be permitted to establish communications between any system components. Electronic raffle systems shall provide a method to:(a)
Verify that the system component is being operated by an authorized user;(b)
Enroll and un-enroll system components;(c)
Enable and disable specific system components;(d)
Ensure that only enrolled and enabled system components participate in the raffle; and(e)
Ensure that the default condition for components shall be un-enrolled and disabled.(3)
Loss of Communications. Raffle sales units (RSUs) may continue to sell tickets when not in communication with the system. Sales taking place on the RSU during a loss of communication with the system shall be logged on the device. The RSU shall deactivate upon detecting the limit of its buffer overflow. Upon the re-establishment of communication, the system shall require the RSU to re-authenticate with the server(s). All tickets sold during communication loss shall be transmitted to the system. Loss of communications shall not affect the integrity of critical memory.(4)
System Security. All communications, including remote access, shall pass through at least one (1) approved application-level firewall and shall not have a facility that allows for an alternate network path. Any alternate network path existing for redundancy purposes shall also pass through at least one (1) application-level firewall.(5)
Firewall Audit Logs. The firewall application shall maintain an audit log and shall disable all communications and generate a significant event that meets the requirements as specified in Section 9(13) if the audit log becomes full. The audit log shall contain:(a)
All changes to configuration of the firewall;(b)
All successful and unsuccessful connection attempts through the firewall; and(c)
The source and destination IP Addresses, Port Numbers, and MAC Addresses.(6)
Remote Access. The electronic raffle system shall have the option to disable remote access. Remote access shall accept only the remote connections permissible by the firewall application and electronic raffle system settings. In addition, there shall be:(a)
No unauthorized remote user administration functionality, such as adding users, or changing permissions;(b)
No unauthorized access to any database other than information retrieval using existing functions;(c)
No unauthorized access to the operating system; and(d)
For systems using an electronic random number generator, the electronic raffle system shall immediately detect remote access.(7)
The system manufacturer may, as needed, remotely access the electronic raffle system and its associated components for the purpose of product and user support.(8)
Remote Access Auditing. The electronic raffle system shall maintain an activity log that updates automatically depicting all remote access information, to include:(a)
Log on name;(b)
Time and date the connection was made;(c)
Duration of connection; and(d)
Activity while logged in, including the specific areas accessed and changes that were made.(9)
Wide Area Network Communications. Wide Area Network (WAN) communications are permitted as allowed by the regulatory body and shall meet the following requirements:(a)
The communications over the WAN are secured from intrusion, interference, and eavesdropping via techniques such as use of a Virtual Private Network (VPN) or encryption; and(b)
Only functions documented in the communications protocol shall be used over the WAN. The protocol specification shall be provided to the Testing Laboratory.(10)
Wireless Network Communications. If a wireless communication solution is utilized, it shall adhere to the following requirements:(a)
Segregation of Networks. Networks used by the electronic raffle systems shall be separate and not include other devices that are not part of the electronic raffle system.(b)
Service Set Identifier (SSID). The wireless network name (SSID) used to identify the wireless network shall be hidden and not broadcast.(c)
Media Access Control (MAC) Address Filtering. The wireless network should use MAC address filtering to validate whether or not a device may connect to the wireless network.(d)
Device Registration. The electronic raffle system shall use a device registration method to validate whether or not a device is an authorized device on the electronic raffle system.Section 11.
Online Raffle Ticket Sales.(1)
All systems used for the sale of raffle tickets through the Internet shall meet the requirements contained within this administrative regulation and the terms and conditions set forth by this administrative regulation for the sale of raffle tickets through the Internet.(2)
All online raffle ticket sales systems, software, and database requirements shall be tested and certified by an independent testing laboratory to meet the applicable requirements set forth in this administrative regulation and approved by the department.(3)
Operation manuals and service manuals shall be expressed in broad terms that are directly relevant to the system used to sell raffle ticket(s) through the Internet and shall be provided at the request of the department.(4)
Geolocation. The raffle system, online purchasing platform or the patron device shall be able to reasonably detect the physical location of an authorized patron attempting to access the service. Third parties may be used to verify the location of patrons.(5)
Inventory. If issued a charitable gaming license to conduct a raffle, the charitable organization shall provide the number of raffle tickets available for sale through the Internet. The raffle system software shall have the ability to set time limits for which tickets may be purchased. Upon completion of the sale of the final raffle ticket for a charitable organization raffle, the raffle shall close.(6)
Systems used by the purchaser to obtain raffle ticket(s) through the Internet shall be designed to be reasonably impervious to communication errors. Personally identifiable information, sensitive account data, and financial information shall be protected over a public network.(7)
Asset Management. All assets housing, processing of communication controlled information, including those comprising the operating environment of the Raffle system or its components, shall be accounted for and have a designated owner responsible for ensuring that information and assets are appropriately classified, and defining and periodically reviewing access restrictions and classifications.(8)
Raffle Equipment Security. Raffle system servers shall be located in server rooms that restrict unauthorized access. Raffle system servers shall be housed in racks located within a secure area.(9)
Network Security Management. To ensure purchasers are not exposed to unnecessary security risks by choosing to participate in raffles, these security requirements shall apply to the following critical components of the raffle system:(a)
Raffle system components that record, store, process, share, transmit, or retrieve sensitive purchaser information, such as credit card or debit card details, authentication information, or patron account balances;(b)
Raffle system components that store results of the current state of a purchaser's purchase order;(c)
Points of entry to and exit from the above systems (other systems that are able to communicate directly with the core critical systems); and(d)
Communication networks that transmit sensitive patron information.(10)
Networks should be logically separated so that there shall be no network traffic on a network link that cannot be serviced by hosts on that link.(a)
The failure of any single item shall not result in denial of service;(b)
An Intrusion Detection System or Intrusion Prevention System shall be installed on the network and shall:1.
Listen to both internal and external communications;2.
Detect or prevent Distributed Denial of Services (DDoS) attacks;3.
Detect or prevent shellcode from traversing the network;4.
Detect or prevent Address Resolution Protocol (ARP) spoofing; and5.
Detect other Man-in-the-Middle indicators and server communications immediately if detected.(c)
Stateless protocols shall not be used for sensitive data without stateful transport (HTTP is allowed if it runs on TCP);(d)
All changes to network infrastructure shall be logged;(e)
Virus scanners or detection programs shall be installed on all pertinent information systems. These programs shall be updated regularly to scan for new strains of viruses;(f)
Network security shall be tested by a qualified and experienced individual at least once per year;(g)
Testing shall include testing of the external (public) interfaces and the internal network; and(h)
Testing of each security domain on the internal network shall be undertaken separately.(11)
Communication Protocol. Online raffle tickets offered for sale by a charitable organization shall support a defined communication protocol that ensures purchasers are not exposed to unnecessary security risks when using the Internet for this purpose. Each component of a raffle system shall function as indicated by the communication protocol implemented. The system shall provide for the following:(a)
All critical data communication shall be protocol based or incorporate an error detection and correction scheme to ensure accuracy of messages received;(b)
All critical data communication shall employ encryption. The encryption algorithm shall employ variable keys or similar methodology to preserve secure communication;(c)
Communication between all system components shall provide mutual authentication between the component and the server;(d)
All protocols shall use communication techniques that have proper error detection and recovery mechanisms, which are designed to prevent eavesdropping and tampering;(e)
All data communications critical to raffle ticket sales through the Internet shall employ encryption. The encryption algorithm shall employ variable keys, or similar methodology to preserve secure communication.(12)
Remote Access. Remote access shall only be allowed with prior written approval of the department and shall have the option to be disabled. If allowed, remote access shall accept only the remote connections permissible by the firewall application and online raffle ticket sales settings. In addition, there shall be:(a)
No authorized remote user administration functionality;(b)
No authorized access to any database other than information retrieval using existing functions;(c)
No authorized access to the operating system; and(d)
The raffle system shall maintain an activity log that updates automatically depicting all remote access information.(13)
Error Recovery. The system used by a licensed charitable organization to offer the sale of raffle ticket(s) through the Internet shall be able to recover messages when they are received in error. This would include inaccurately inputting personal or banking information that would result in the purchaser being notified that the information is invalid and shall require review and corrective measures. In the event of a catastrophic failure, if the system cannot be restarted in any other way, it shall be possible to reload the system information from the last viable backup point and fully recover the contents of that backup, including:(a)
Significant events;(b)
Accounting information;(c)
Reporting information; and(d)
Specific site information, including employees file and the raffle set-up.(14)
Bi-Directional Requirements. Any system used to sell raffle ticket(s) through the Internet shall be tested by an independent testing laboratory, which shall certify that:(a)
The physical network is designed to provide exceptional stability and limited communication errors;(b)
The system is stable and capable of overcoming and adjusting for communication errors in a thorough, secure, and precise manner; and(c)
Information is duly protected with the most secure forms of protection via encryption, segregation of information, firewalls, passwords, and personal identification numbers.(15)
Encryption. Security messages that traverse data communications lines shall be encrypted using an encryption key or keys to ensure that communications are demonstrably secure against crypto-analytic attacks. The encryption keys or keys used to provide security to the system that provide for the sale of raffle tickets through the Internet shall be monitored and maintained. Additionally, there shall be a documented process for:(a)
Obtaining or generating encryption keys;(b)
Managing the expiry of encryption keys;(c)
Revoking encryption keys;(d)
Securely changing the current encryption keyset;(e)
The storage of any encryption keys; and(f)
To recover data encrypted with a revoked or expired encryption key for a defined period of time after the encryption key becomes valid.(16)
Cryptographic Controls. Cryptographic controls shall be implemented for the protection of the following information:(a)
Any sensitive or personally identifiable information shall be encrypted if it traverses a network with a lower level of trust;(b)
Data that is not required to be hidden and has to be authenticated shall use some form of message authentication technique;(c)
Authentication shall use a security certificate approved by the independent testing laboratory;(d)
The grade of encryption used shall be appropriate to the sensitivity of the data;(e)
The use of encryption algorithms shall be reviewed periodically by qualified management staff to verify that the current encryption algorithms are secure;(f)
Changes to encryption algorithms to correct weaknesses shall be implemented as soon as practical. If no changes are available, the algorithm shall be replaced; and(g)
Encryption keys shall not be stored without being encrypted themselves through a different encryption method or by using a different encryption key.(17)
Firewalls. All online raffle systems shall utilize firewalls that comply with the following provisions:(a)
A firewall shall be located at the boundary of any two (2) dissimilar security domains.(b)
All connections to hosts used for the sale of raffle tickets through the Internet shall be housed in a secure data center and shall pass through at least one (1) application-level firewall. This includes connections to and from any non-related hosts used by the operator.(c)
The firewall shall be a separate hardware device with the following characteristics:1.
Only firewall-related applications may reside on the firewall; and2.
Only a limited number of accounts may be present on the firewall.(d)
The firewall shall reject all connections except those that have been specifically approved.(e)
The firewall shall reject all connections from destinations that cannot reside on the network from which the message originated.(f)
The firewall shall maintain an audit log of all changes to parameters that control the connections permitted through the firewall.(g)
The firewall shall maintain an audit log of all successful and unsuccessful connection attempts. Logs shall be kept for ninety (90) days and a sample reviewed monthly for unexpected traffic.(h)
The firewall shall disable all communication if the audit log becomes full.(18)
Firewall Audit Logs. The audit log shall contain:(a)
All changes to the configuration of the firewall;(b)
All successful and unsuccessful attempts through the firewall; and(c)
The source and destination IP addresses, port numbers, and MAC addresses.(19)
System Clock. The system used for the sale of raffle tickets through the Internet shall maintain an internal clock that reflects the current date and time that shall be used for the following:(a)
Time stamping of significant events;(b)
Reference clock for reporting; and(c)
Time stamping of all sales.(20)
Purchase Session. A purchase session consists of all activities and communications performed by a purchaser during the time the purchaser accesses the raffle system or online purchasing platform. Tickets sold online shall only be purchased during a purchase session.(21)
Purchasing Tickets. A participant may purchase a raffle ticket from the Web site by following the instructions appearing on the screen and providing payment for the tickets. Each raffle ticket shall be sold individually for the price indicated. Multiple discounted prices shall only be allowed if a way of ensuring financial accountability is possible by the online purchasing platform or raffle system:(a)
A ticket purchase via a credit card transaction or other methods that may produce a sufficient audit trail shall not be processed until the funds are received from the issuer or the issuer provides an authorization number indicating that the purchase has been authorized;(b)
There shall be a clear notification that the purchase has been accepted by the system and the details of the actual purchase accepted shall be provided to the patron once the purchase is accepted; and(c)
Purchase confirmation shall include the amount of the purchase accepted by the raffle system or online purchasing platform.(22)
Disputes. The raffle system or online purchasing platform shall conspicuously provide a mechanism to advise the patron of the right to make a complaint against the operator and to enable the patron to notify the department of a complaint.(23)
Bearer Ticket Issuance. After the payment of a fee, the purchaser shall receive a receipt through the Internet that the purchase of a raffle ticket or tickets is complete. Upon receiving the receipt acknowledging the purchase through the Internet, the purchaser may receive the raffle ticket via e-mail. The receipt acknowledging purchase and the issuance of the raffle tickets through the Internet shall be processed as two (2) separate transactions.(24)
Validation Numbers. The method used by the raffle system to generate the bearer ticket validation number shall be unpredictable and ensure against duplicate validation numbers for the raffle currently in progress.(25)
Voiding a Ticket. If a ticket is voided, the appropriate information shall be recorded, which includes the draw numbers and the validation number pertaining to the voided ticket. Voided draw numbers shall not be able to be resold or reissued.(26)
Raffle Drawing Requirements.(a)
A raffle drawing shall be held the date, time, and place stated on the organization's license or certificate of exemption.(b)
The operator shall conduct a manual or electronic draw procedure that ensures a randomly selected draw number as a winner from all the tickets sold. Each drawn counterfoil shall be verified as a sold and valid ticket. Voided tickets shall not be qualified toward any prize. This process shall be repeated for each advertised prize.(c)
Results of the drawing become official and final after the drawn number is verified as a winning raffle ticket for the respective drawing and is presented to the participants for the raffle. The winning draw number shall be made available on the raffle Web site for the participants to review. Operators may utilize any additional methods in presenting the winning draw number(s) to the participants.(27)
Accounting Requirements. Any system used for the sale of raffle tickets through the Internet shall have the capability to log sales and to print reports detailing sales and accounting information for specific dates and time periods that shall be available. This information shall include the price of each raffle ticket, number of raffle tickets sold, and total sales. The system or other equipment shall be capable of producing accounting reports to include the following information:(a)
Data required to be maintained for each raffle drawing, including:1.
Date and time of event;2.
Organization running the event;3.
Sales information;4.
Value of prize(s) awarded;5.
Prize distribution;6.
Refund totals of event;7.
Draw numbers-in-play;8.
Winning number(s) drawn (including draw order, call time, and claim status); and9.
Any other information required by 820 KAR 1:057.(b)
Exception Report. A report that includes system exception information, including changes to system parameters, corrections, overrides, and voids.(c)
Bearer Tickets Reports. A report that includes a list of all bearer tickets sold including all associated draw numbers and selling price.(d)
Sales Report. A report that includes a breakdown of sales of raffle ticket(s) through the Internet, including draw numbers sold and any voided and misprinted tickets.(e)
Voided Draw Number Report. A report that includes a list of all draw numbers that have been voided including corresponding validation numbers.(f)
Event Log. A report that lists all events recorded specific to the sales of raffle ticket(s) through the Internet. This shall include the date and time of the transaction and a brief description of the transaction or identifying code.(g)
Corruption Log. A report that lists all Internet transactions that were unable to be reconciled to the system.(28)
Sales and Accounting Report Requirements. Any raffle ticket sold shall be included in the sales and accounting reports and be detailed in all financial transactions on the system. In addition, a log relating to accounting and raffle ticket sales shall be maintained on the system. The charitable organization conducting the raffle shall be given the option of printing this log on demand.(29)
Backup Requirements. Any system used for the sale of raffle ticket(s) through the Internet shall have a backup and archive utility to allow the licensed charitable organization, conducting the raffle, the ability to save critical data if a system failure occurs. This backup may be automatically run by the charitable organization.(30)
Data Alteration. The alteration of any accounting, reporting or significant event data related to the sale of raffle tickets through the Internet shall include supervised access controls. In the event any data is changed, the following information shall be logged, documented, stored, and available upon request for review:(a)
Data element altered;(b)
Data element value prior to alteration;(c)
Data element value after alteration;(d)
Time and date of alteration; and(e)
User login of the personnel that performed the alteration.(31)
Access Controls. The allocation of access privileges shall be restricted and controlled on business requirements and the principle of least privilege.(a)
A formal user registration and de-registration procedure shall be in place for granting and revoking access to all information systems and services.(b)
All users shall have a unique identifier (user ID) for their personal use only, and a suitable authentication technique shall be chosen to substantiate the claimed identity of a user.(c)
The use of generic accounts shall be limited, and if used the reasons for their use shall be formally documented.(d)
Password provision shall be controlled through a formal management process.(e)
Passwords shall meet business requirements for length, complexity, and lifespan.(f)
Access to system applications shall be controlled by a secure log-on procedure.(g)
Appropriate authentication methods, in addition to passwords, shall be used to control access by remote users(h)
Any physical access to areas housing components used for the sale of raffle ticket(s) through the Internet application and any logical access to these applications shall be recorded.(i)
The use of automated equipment identification to authenticate connections from specific locations and equipment shall be formally documented and shall be included in the regular review of access by management.(j)
Restrictions on connection times shall be used to provide additional security for high-risk applications.(k)
The use of utility programs that might be capable of overriding system application controls shall be restricted and tightly controlled.(l)
A formal policy shall be in place and appropriate security measures shall be adopted to protect against the risks of using mobile computing and communication facilities.(32)
Purchaser Account Registration. The raffle system or online purchasing platform shall employ a mechanism to collect purchaser information prior to registration of a purchaser account. The purchaser shall be fully registered, and the purchaser's account shall be activated prior to permitting ticket purchases. Once the identity verification is successfully complete, and the purchaser has acknowledged all of the necessary privacy policies and the terms and conditions, the purchaser account registration is complete and the patron account shall become active.(33)
Third-Party Services. Any third-party service providers contracted to provide service involving accessing, processing, communicating, or managing the sale of raffle tickets through the Internet shall adhere to information contained in this administrative regulation. The security roles and responsibilities of third-party service providers shall be defined and documented as it relates to the security of information.(a)
Agreements with third-party service providers involving accessing, processing, communicating, or managing the purchase of on-line raffle tickets through the Internetor its components, or adding products or services to the system used or its components shall cover all relevant security requirements.(b)
The services, reports, and records provided by the third-party shall be monitored and reviewed by the department upon request.(c)
Changes to the provision of services, including maintaining and improving existing information security policies, procedures and controls, shall be managed, taking account of the criticality of business systems and processes involved and re-assessment of risks.(d)
The access rights of third-party service providers to the system or its components shall be removed upon termination of their contract or agreement, or adjusted upon change.HISTORY: (22 Ky.R. 441; eff. 10-13-1995; Recodified from 500 KAR 11:050, 2-23-1999; 32 Ky.R. 771; 1291; 1653; eff. 3-31-2006; 33 Ky.R. 3525; 34 Ky.R. 69; 264; eff. 8-31-2007; 42 Ky.R. 944; eff. 1-4-2016; 44 Ky.R. 2670; 45 Ky.R. 715, 1599; eff. 1-4-2019; 47 Ky.R. 190, 1029, 1219; eff. 3-2-2021.)
820 KAR 1:050.Raffles.
Section 1.
Definitions.(1)
"Access control" means the restriction of access to a place or other resource. Locks and login credentials are two (2) mechanisms of access control.(2)
"Address Resolution Protocol (ARP)" is the protocol used to translate IP addresses into MAC addresses to support communication on a LAN (Local Area Network). The Address Resolution Protocol is a request and reply protocol and it is communicated within the boundaries of a single network, never routed across internetwork nodes (connection points, either a redistribution point or an end point for data transmissions).(3)
"Algorithm" means a finite set of unambiguous instructions performed in a prescribed sequence to achieve a goal, especially a mathematical rule or procedure used to compute a desired result. Algorithms are the basis for most computer programming.(4)
"Authentication" means a security measure designed to protect a communications system against acceptance of a fraudulent transmission or simulation by establishing the validity of a transmission, message, or originator.(5)
"Bearer ticket" means an electronic or paper ticket that contains one (1) or more draw numbers purchased.(6)
"Bi-Directional" means the ability to move, transfer, or transmit in both directions.(7)
"Counterfoil" means an electronic record or paper ticket stub, also known as a barrel ticket, which shall be drawn to determine a winner and contains a player's draw number matching the bearer ticket purchased and may, depending on the type of raffle, contain the name, address, or telephone number of the player.(8)
Critical memory means memory that is used to store all data that is considered vital to the continued operation of the RSU.(9)
"Crypto-analytic" means an attack against the encryption key (refer to definition of encryption key).(10)
"Cryptographic" means anything written in a secret code or cipher.(11)
"Distributed Denial of Service (DDoS)" means a type of Denial of Service (DoS) attack where multiple compromised systems, usually infected with a destructive software program, are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.(12)
"Domain" is a term used to identify one (1) or more IP addresses. A domain name is used in a Uniform Resource Locator (URL) to identify particular Web pages.(13)
"Draw number" means a uniquely identifiable number that is provided to the purchaser for each chance purchased and may be selected as the winning number for the raffle.(14)
"Electronic raffle system" means computer software and related equipment used by raffle licensees to sell tickets, account for sales, and facilitate the drawing of tickets to determine the winners.(15)
"Encryption" means the reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the cipher text) as a mechanism for protecting its confidentiality, integrity, or its authenticity.(16)
"Encryption key" means a sequence of numbers used to encrypt or decrypt (to decode/decipher) data.(17)
"Firewall" means any number of security schemes that prevent unauthorized users from gaining access to a computer network or that monitor transfers of information to and from the network.(18)
"Geolocation" means identifying the real-world geographic location of an Internet connected computer, mobile device, or Web site visitor.(19)
"Host" means a computer system that is accessed by a user working at a remote location. Typically, the term is used when there are two (2) computer systems connected by modems and telephone lines. The system that contains the data is called the host, while the computer at which the user sits is called the remote terminal. A computer that is connected to a TCP/IP network, including the Internet. Each host has a unique IP address.(20)
"Hypertext Transfer Protocol (HTTP)" means the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers shall take in response to various commands.(21)
"Internet" means an interconnected system of networks that connects computers around the world via the TCP/IP protocol. TCP/IP protocol is short for Transmission Control Protocol/Internet Protocol, the suite of communications protocols used to connect hosts on the Internet.(22)
"Intrusion Detection System (IDS)" or "Intrusion Prevention System (IPS)" means a system that inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. Used in computer security, intrusion detection refers to the process of monitoring computer and network activities and analyzing those events to look for signs of intrusion in a system.(23)
"Internet Protocol (IP)" means an identifier for a computer or device on a TCP/IP network.(24)
"Media Access Control (MAC)" means a hardware address that uniquely identifies each node, such as the computer or printer, of a network.(25)
"Man-in-the-Middle (MITM)" means an active Internet attack where the person attacking attempts to intercept, read, or alter information moving between two (2) computers.(26)
"Message authentication" means a security measure designed to establish the authenticity of a message by means of an authenticator within the transmission derived from certain predetermined elements of the message itself.(27)
"Online" means being connected to the Internet.(28)
"Online Purchasing Platform" means the raffle system hardware and software that drives the features common to all raffles offered, and which forms the primary interface to the Raffle System for both the patron and the operator. The online purchasing platform provides the patron with the means to register an account, log in to or out of their account, modify their account information, make ticket purchases, request account activity statement or reports, and close their account. In addition, any web pages displayed to the patron that relate to ticket purchasing offered on the raffle system. The online purchasing platform provides the operator with the means to review patron accounts, enable or disable raffles, generate various financial transaction and account reports, input raffle outcomes, enable or disable patron accounts, and set any configurable parameters.(29)
"Protocol" means a set of formal rules describing how to transmit or exchange data, especially across a network. TCP/IP is the standard communications protocol of the Internet and most internal networks.(30)
"Raffle sales unit (RSU)" means a portable or wireless device, a remote hardwired connected device, or a standalone cashier station that is used as a point of sale for bearer tickets.(31)
"Remote access" means any access from outside the system or system network including any access from other networks within the same establishment.(32)
"Shellcode" means a small piece of code used as the payload (cargo of data transmission) in the exploitation of computer security. Shellcode exploits a vulnerability and allows an attacker the ability to reduce a computer system's information assurance.(33)
"Security certificate" means information, often stored as a text file, which is used by the Secure Socket Layers (SSL) protocol to establish a secure connection. A security certificate contains information about whom it belongs to, who it was issued by, valid dates, and a unique serial number or other unique identification that may be used to verify the contents of the certificate. In order for an SSL connection to be created, both sides are required to have a valid security certificate, which is also called a digital ID.(34)
"Stateful firewall" means a firewall that keeps track of the state of network connections traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection shall be allowed by the firewall; others shall be rejected. Stateful inspection, also referred to as Dynamic Packet Filtering, is a security feature often included in business networks,(35)
"Stateless" means a communications protocol that treats each request as an independent transaction that is unrelated to any previous request so that the communication consists of independent pairs of requests and responses. A stateless protocol does not require the server to retain session information or status about each communications partner for the duration of multiple requests. In contrast, a protocol that requires the keeping of internal state is known as a stateful protocol. Examples of stateless protocols include Internet Protocol (IP) and the Hypertext Transfer Protocol (HTTP).(36)
"Validation number" means a unique number that may represent one (1) or more draw numbers that shall be used to validate the winning number for the raffle.Section 2.
Raffle Ticket Construction.(1)
Raffle tickets shall have a detachable section or duplicate ticket and shall be consecutively numbered. If raffle tickets are sold electronically, the charitable organization selling the tickets shall provide all purchasers with a physical ticket or electronic communication that contains the information required by subsection (2) of this section.(2)
The detachable section or duplicate of the ticket shall bear a duplicate number corresponding to the number on the ticket and shall provide space for the purchaser's name, complete address, and telephone number.(3)
The following information shall be on each ticket:(a)
The date and time for each drawing;(b)
The location of each drawing;(c)
The name of the charitable organization conducting the raffle;(d)
The charitable organization's license number or exemption number;(e)
The price of the ticket; and(f)
Each prize to be awarded with a fair market value over $500.(4)
The requirements of subsections (2) and (3) of this section shall be waived if:(a)
The raffle tickets sell for five (5) dollars or less, or(b)
The raffle sales are initiated and concluded and all winners are selected at a licensed charity fundraising event or a licensed special limited charity fundraising event.Section 3.
Raffle Prizes.(1)
A charitable organization conducting a raffle in which real or personal property prizes are to be awarded shall be responsible for the transfer and delivery of the prize without lien or interest of others.(2)
All raffle prizes shall be awarded as indicated on the raffle ticket unless the event at which the raffle was to be conducted is postponed. If the raffle is postponed, all reasonable efforts shall be made to notify ticket holders of the new drawing date.(3)
If the prize to be awarded is the jackpot of a progressive raffle board, the charitable organization's charitable gaming session records shall report in the gross receipts total all startup cash, monies derived from raffle ticket sales, and any other contribution to the jackpot.Section 4.
Conduct of Raffles.(1)
Any person holding a raffle ticket shall be permitted to observe the raffle drawing. A charitable organization may broadcast a raffle drawing via a verifiable online live streaming service to provide ticket holders an opportunity to view the drawing if the charitable organization provides purchasers with instructions for viewing the drawing at the time tickets are purchased.(2)
A person shall not be required to be present at a raffle drawing in order to be eligible for the prize drawing.(3)
For raffles using paper tickets, each ticket seller shall return to the charitable organization the stubs or other detachable sections or duplicates of all tickets sold prior to the drawing.(4)
For raffles using paper tickets, before drawing, the charitable organization shall place the seller's portion of each ticket sold into a receptacle from which the winning tickets are to be drawn. The receptacle shall be designed so that each ticket placed in it has an equal chance to be drawn.(5)
If a charitable organization uses electronic raffle software to conduct a raffle, the charitable organization shall ensure that the electronic raffle software has been:(a)
Purchased, leased, or otherwise obtained from a distributor licensed by the department;(b)
Manufactured by a manufacturer licensed by the department;(c)
Certified by an independent testing lab; and(d)
Approved by the department for use in the Commonwealth.(6)
A charitable organization shall conduct a raffle entirely with traditional paper tickets or entirely with an electronic or online raffle system; a charitable organization shall not use both paper and electronic tickets in the same raffle, except for paper receipts or bearer tickets generated by an electronic or online raffle system in compliance with this regulation.Section 5.
Claiming Raffle Prizes.(1)
If the winner is not present at the drawing, the charitable organization shall notify the winner within seven (7) days of the drawing that the winner shall claim the prize within thirty (30) days.(2)
If a winner does not wish to claim the prize but wishes to donate it to the charitable organization, the charitable organization shall obtain a written statement of the winner's intention within the thirty (30) day period. A charitable organization shall not accept the donation to the charitable organization of a prize won if doing so would violate KRS 238.540.(3)
If a raffle winner does not claim the prize or donate it to the charitable organization within thirty (30) days after having been contacted by certified mail, or if the raffle winner is ineligible by law to claim the prize, the charitable organization shall notify the department and draw another ticket in the presence of department personnel.(4)
The requirements of subsections (1), (2), and (3) of this section shall be waived, and the charitable organization shall be allowed to draw tickets until a winner is present if:(a)
The raffle tickets sell for five (5) dollars or less;(b)
The raffle sales are initiated and concluded and all winners are selected at a licensed charity fundraising event; or(c)
The raffle sales are initiated and concluded and all winners are selected at a licensed special limited charity fundraising event.Section 6.
Electronic Raffle System Standards.(1)
Each electronic raffle system shall have a device or facility that provides for the sale of bearer tickets and the collection and accounting tools needed to track all sales initiated through the raffle system. The system shall have the ability to support all RSUs, whether they are hard-wired or connected wirelessly, to ensure that each RSU sends or transmits all ticket sales to the system. The system shall have the ability to facilitate winner selection by either manual or electronic means.(2)
Time Limits. The electronic raffle system software shall be capable of setting time limits for when tickets may be purchased for a raffle drawing.(3)
Configuration Changes. After the commencement of a raffle, the electronic raffle system software shall not allow changes to parameters that may affect the integrity of the raffle.(4)
Bearer Tickets. After the payment of a fee, participants shall receive a bearer ticket for one (1) or more chances to win a raffle drawing. The bearer ticket shall be printed with the information required by Section (2)(2) of this administrative regulation and shall include:(a)
The date and time (in twenty-four (24) hour format showing hours and minutes) that the ticket was purchased;(b)
All unique draw numbers purchased for the raffle;(c)
The RSU identifier from which the ticket was generated; and(d)
A unique validation number or barcode.(5)
Validation Numbers. The algorithm or method used by the electronic raffle system to generate the bearer ticket validation number shall be unpredictable and ensure against duplicate validation numbers for the raffle currently in progress.(6)
Voiding a Ticket. The electronic raffle system shall be designed to flag or otherwise identify a voided bearer ticket and its corresponding draw number. The system shall record at a minimum the draw numbers and the validation number from the voided bearer ticket. Voided draw numbers shall not be able to be resold or reissued for that raffle.(7)
Counterfoils. If a manual draw is used to determine a winner, all counterfoils used in a raffle drawing shall be the same size, shape, and weight. A counterfoil shall be printed or stored electronically for each purchased draw number. If an electronic random number generator is used to determine the winner of the raffle drawing, a printed counterfoil is not required. A counterfoil shall only contain one (1) draw number and shall contain the following information, which matches the bearer ticket issued to the player:(a)
Event Identifier or Location;(b)
The draw number;(c)
Issued date and time (in twenty-four (24) hour format showing hours and minutes);(d)
Value or cost of the bearer ticket; and(e)
Unique validation number or barcode.(8)
Reprinting of Counterfoils. If the system supports the reprinting of counterfoil tickets, the facility shall require additional supervised access controls, and the draw numbers for all reprinted counterfoils shall be flagged in the system as reprints.(9)
Raffle Prize Displays. An electronic raffle system may include a raffle prize display that may be viewed by participants of the raffle that displays the raffle prize and the current progression of the prize. The electronic raffle system may have multiple raffle awards displayed in an alternating fashion.(10)
Electronic Raffle Drawing Requirements. A raffle drawing shall be held at a date, time, place stated on the charitable organization's license or certificate of exemption. The drawing shall be administered by an officer or chairperson of the charitable organization. A raffle drawing shall only be conducted after:(a)
The close of the raffle; and(b)
All sales and voided sales for the particular raffle purchase period have been reconciled.(11)
Closing the Raffle Purchase Period. The system shall be capable of closing off the sale of bearer tickets at a time determined by the operator. Tickets shall not be sold after the raffle purchase period has closed. The system shall be capable of displaying to the operator by way of the RSU device display that all sales from a particular device have been uploaded, transferred, or otherwise communicated to the electronic raffle system.(a)
On verification of the sales data transfer, the RSU device shall be capable of being reset or closed; and(b)
The RSU shall not be enabled for any further sales for the current raffle.(12)
Voided Tickets. Voided tickets shall not be qualified toward any prize. The system shall be capable of reconciling voided sales for the raffle purchase to identify all voided tickets that may be committed to the draw. The system shall record an acknowledgement from the event manager that voided tickets have been reconciled before permitting a winning number to be entered into the system for validation.(13)
Winner Determination. The operator shall conduct an electronic or other approved draw procedure that ensures a randomly selected draw number as a winner from all tickets sold. Each drawn counterfoil shall be verified as a sold and valid ticket. This process shall be repeated for each advertised prize.(14)
Official Drawing Results. Results of the drawing become official and final after the drawn number is verified as a winning bearer ticket for the respective drawing, and is presented to the participants of the raffle. The system shall display the winning draw on all capable display devices intended to be viewed by participants.(15)
Winner Verification. Winning tickets shall be verified prior to payout. Participants shall present the bearer ticket to an authorized agent for validation with the system. The system shall be capable of verifying the winning draw numbers and shall allow for the validation of draw numbers either manually or through the use of a bar code scanner or equivalent.(16)
System Reporting Requirements. The system shall be capable of producing general accounting reports to include the following information for each draw conducted:(a)
Raffle Drawing Report. A report that includes the following for each raffle drawing:1.
Date and time of the event;2.
Organization running the event;3.
Sales information;4.
Prize value awarded to participant;5.
Prize distribution (total raffle sales vs. prize value awarded to participant);6.
Refund totals by event;7.
Draw numbers-in-play count;8.
Winning number(s) drawn (including draw order, call time, and claim status); and9.
All other information required by 820 KAR 1:057.(b)
Exception Report. A report that includes system exception information, including changes to system parameters, corrections, overrides, and voids;(c)
Bearer Tickets Report. A report that includes a list of all bearer tickets sold including all associated draw numbers, selling price, and RSU identifier;(d)
Sales by RSU. A report that includes a breakdown of each RSU's total sales (including draw numbers sold) and any voided or misprinted tickets;(e)
Voided Draw Number Report. A report that includes a list of all draw numbers that have been voided including corresponding validation numbers;(f)
Raffle Sales Unit Event Log. A report that lists all events recorded for each RSU, including the date and time and a brief text description of the event or identifying code;(g)
Raffle Sales Unit Corruption Log. A report that lists all RSUs unable to be reconciled to the system, including the RSU identifier, RSU operator, and the money collected; and(h)
All information required by 820 KAR 1:057.Section 7.
Raffle Sales Unit Standards.(1)
After the payment of a fee, participants shall receive a chance to win a raffle drawing. A chance to win a raffle drawing shall be purchased from an attendant-operated Raffle Sales Unit (RSU).(a)
Attendant-Operated Raffle Sales Unit. A participant may purchase a bearer ticket from an attendant-operated RSU by providing payment for the ticket(s) to the attendant. Upon receiving payment, the attendant shall provide the participant the bearer ticket(s) purchased by the participant.(b)
Player-Operated Raffle Sales Unit. A participant may purchase a bearer ticket from a player-operated RSU by following the instructions appearing on the screen of the RSU and providing payment for the ticket(s). Upon payment for the ticket(s), the RSU shall issue the corresponding bearer ticket(s) purchased by the participant.(2)
An RSU shall be capable of generating and printing a bearer ticket with one (1) or more uniquely identifiable draw numbers.(a)
The system shall not generate duplicate draw numbers within the same event.(b)
For each draw number generated, there shall be only one (1) corresponding counterfoil with the same draw number.(c)
The RSU shall be capable of providing a transaction receipt in the form of a bearer ticket to a purchaser.(3)
Access Controls. Access to raffle sales software shall be controlled by a secure logon procedure. It shall not be possible to modify the configuration settings of an RSU without an authorized secure logon.(4)
Touch Screens. Touch screens shall be accurate once calibrated and shall maintain that accuracy for at least the manufacturer's recommended maintenance period.(5)
RSU Interface. The functions of all buttons, touch or click points represented on the RSU interface shall be clearly indicated within the area of the button, touch or click point or within the help menu. There shall be no functionality available through any buttons or touch or click points on the RSU that are undocumented.(6)
Communications. A Raffle Sales Unit shall be designed or programmed to only communicate with authorized electronic raffle systems components. The electronic raffle system shall have the capability to uniquely identify and authorize each RSU used to sell tickets for a raffle.(7)
Wireless Raffle Sales Units. Communication shall only occur between the RSU and the electronic raffle system via authorized access points.(8)
Printing Bearer Tickets. If the RSU connects to a printer that is used to produce bearer tickets, the bearer ticket shall include information as indicated in Section 2 (2) of this administrative regulation. This information, or some of this information, may be contained on the ticket stock itself.(a)
The RSU shall control the transfer of ticket data sent to the printer, and only transfer ticket data to the printer when sufficient space is available in the printer memory to receive the ticket information.(b)
If a barcode forms part of the validation number printed on the bearer ticket, the printer shall support the barcode format and print with sufficient resolution to permit validation by a barcode reader.(9)
Printer Error Conditions. The bearer ticket printer shall be able to detect and indicate to the operator the following error conditions:(a)
Low battery;(b)
Out of paper or paper low;(c)
Printer disconnected (It is permissible for the system to detect this error condition when it tries to print).(d)
If the unit is capable of reprinting a ticket, the reprinted ticket shall clearly indicate that it is a reprint of the original ticket.(10)
Critical Memory Requirements. Critical memory shall be maintained for the purpose of storing and preserving critical data including:(a)
If not communicating with the system, recall of all tickets sold including, at minimum, draw numbers and validation numbers; and(b)
RSU configuration data.(11)
Maintenance of Critical Memory. Critical memory storage shall be maintained by a methodology that enables errors to be identified. This methodology may involve signatures, checksums, partial checksums, multiple copies, time stamps or effective use of validity codes.(12)
Comprehensive Checks. Comprehensive checks of critical memory shall be made on startup and shall detect failures with an extremely high level of accuracy.(13)
Unrecoverable Critical Memory. An unrecoverable corruption of critical memory shall result in an error. Upon detection, the raffle sales unit shall cease to function.(14)
Backup Requirements. The RSU shall have a backup or archive capability, which allows the recovery of critical data if a failure occurs.(15)
RSU Program Identification. All programs shall contain sufficient information to identify the software and revision level of the information stored on the RSU, which may be displayed via a display screen.(16)
Detection of Program Corruption. RSU programs shall be capable of detecting program corruption and cause the RSU to cease operations until corrected.(17)
Verification of Program Updates. Prior to execution of the updated software, the software shall be successfully authenticated on the RSU.(18)
Independent Control Program Verification. The RSU shall have the ability to allow for an independent integrity check of the RSU's software from an outside source and is required for all software that may affect the integrity of the raffle. This shall be accomplished by being authenticated by a third-party device or by allowing for removal of the media so that it may be verified externally. This integrity check shall provide a means for field verification of the software to identify and validate the program. The test laboratory, prior to device approval, shall evaluate the integrity check method.Section 8.
Random Number Generator Requirements.(1)
A random number generator shall reside on a program storage device secured in the logic board of the system. The numbers selected by the random number generator for each drawing shall be stored in the system's memory and be capable of being output to produce a winning number. The use of an RNG results in the selection of raffle outcomes in which the selection shall:(a)
Be statistically independent;(b)
Conform to the desired random distribution;(c)
Pass industry-standard recognized statistical tests, as chosen by the independent testing laboratory; and(d)
Be unpredictable.(2)
Applied Tests. The test laboratory may employ the use of various recognized tests to determine whether or not the random values produced by the random number generator pass the desired confidence level of ninety-nine (99) percent. The independent test lab shall choose the appropriate tests on a case by case basis depending on the RNG under review. These tests may include:(a)
Chi-square test;(b)
Equi-distribution (frequency) test;(c)
Gap test;(d)
Overlaps test;(e)
Poker test;(f)
Coupon collector's test;(g)
Permutation test;(h)
Kolmogorov-Smimov test;(i)
Adjacency criterion tests;(j)
Order statistic test;(k)
Runs tests (patterns of occurrences shall not be recurrent);(l)
Interplay correlation test;(m)
Serial correlation test potency and degree of serial correlation (outcomes shall be independent of the previous game);(n)
Tests on subsequences; and(o)
Poisson distribution.(3)
Period. The period of the RNG, in conjunction with the methods of implementing the RNG outcomes, shall be sufficiently large to ensure that all valid, sold numbers are available for random selection.(4)
Range. The range of raw values produced by the RNG shall be sufficiently large to provide adequate precision and flexibility when scaling and mapping.(5)
Background RNG Cycling or Activity Requirement. To ensure that RNG outcomes cannot be predicted, adequate background cycling or activity shall be implemented between each drawing at a speed that cannot be timed. The rate of background cycling or activity shall be sufficiently random in and of itself to prevent prediction.(6)
RNG Seeding or Re-Seeding. The methods of seeding or re-seeding implemented in the RNG shall ensure that all seed values are determined securely and that the resultant sequence of outcomes is not predictable.(a)
The first seed shall be randomly determined by an uncontrolled event. After every bearer ticket draw, there shall be a random change in the RNG process (new seed, random timer, or delay, ). This shall verify the RNG does not start at the same value, every time. It is permissible not to use a random seed, except the manufacturer shall ensure that the selection process will not synchronize.(b)
Unless proven to have no adverse effect on the randomness of the RNG outcomes or actually improve the randomness of the RNG outcomes, seeding and re-seeding shall be kept to an absolute minimum. If the background cycling or activity of the RNG is interrupted, the next seed value for the RNG shall be a function of the value produced by the RNG immediately prior to the interruption.(7)
Scaling Algorithms. The methods of scaling ( converting raw RNG outcomes of a greater range into scaled RNG outcomes of a lesser range) shall be linear, and shall not introduce any bias, pattern, or predictability. The scaled RNG outcomes shall be proven to pass various recognized statistical tests as chosen by the independent testing laboratory.(a)
If a random number with a range shorter than that provided by the RNG is required for some purpose within the raffle system, the method of re-scaling, ( converting the number to the lower range), shall be designed in a way that all numbers within the lower range are equally probable.(b)
If a particular random number selected is outside the range of equal distribution of rescaling values, it is permissible to discard that random number and select the next in sequence for the purpose of re-scaling.(8)
Winning Number Draw. The winning number selection shall only be produced from sold bearer ticket numbers from the current drawing to be available for selection.(a)
Each valid, sold raffle number shall be available for random selection at the initiation of each drawing; and(b)
For raffles that offer multiple awards or drawings with separate buy-ins for each, the winning number selection shall only be produced from sold bearer ticket numbers corresponding with each applicable award or drawing. As winning numbers are drawn, they shall be immediately used as governed by the rules of the raffle ( the bearer tickets shall not be discarded due to adaptive behavior).(9)
No Corruption from Associated Equipment. An electronic raffle system shall use appropriate protocols to protect the random number generator and random selection process from influence by associated equipment, which may be communicating with the electronic raffle system.Section 9.
Electronic Raffle System Server Requirements.(1)
The Electronic Raffle System Server(s) may be located locally, within a single facility or may be remotely located outside of the facility through a Wide Area Network (WAN).(2)
Physical Security. The servers shall be housed in a secure location that has sufficient physical protection against alteration, tampering, or unauthorized access.(3)
Logical Access Control. The electronic raffle system shall be logically secured through the use of passwords, biometrics, or other means certified as secure by the independent testing lab. The storage of passwords, PINs, biometrics, and other authentication credentials shall be secure. The system shall have multiple security access levels to control and restrict different classes of access to the electronic raffle system.(4)
Security from Alteration, Tampering, or Unauthorized Access. The electronic raffle system shall provide a logical means for securing the raffle data against alteration, tampering, or unauthorized access. The following rules also apply to the raffle data within the Electronic Raffle System:(a)
Equipment shall not have a mechanism whereby an error will cause the raffle data to automatically clear. Data shall be maintained at all times regardless of whether the server is being supplied with power.(b)
Data shall be stored in a way as to prevent the loss of the data when replacing parts or modules during normal maintenance.(5)
Data Alteration. The electronic raffle system shall not permit the alteration of any accounting, reporting, or significant event data without supervised access controls. In the event any data is changed, the following information shall be documented or logged:(a)
Data element altered;(b)
Data element value prior to alteration;(c)
Data element value after alteration;(d)
Time and date of alteration; and(e)
User login to identify the personnel that performed the alteration.(6)
Server Programming. There shall be no means available for an operator to conduct programming on the server in any configuration (the operator shall not be able to perform SQL statements to modify the database). Network administrators may perform authorized network infrastructure maintenance with sufficient access rights, which include the use of SQL statements that were already resident on the system.(7)
Copy Protection. Copy protection to prevent unauthorized duplication or modification of software, for servers or RSUs, may be implemented if:(a)
The method of copy protection is fully documented and provided to the Test Laboratory, which shall verify that the protection works as described; or(b)
The program or component involved in enforcing the copy protection may be individually verified by the methodology described in subsection (17).(8)
Uninterruptible Power Supply Support. If the server is a stand-alone application, it shall have an uninterruptible power supply (UPS) connected and of sufficient capacity to permit a graceful shut-down and that retains all electronic raffle system data during a power loss. The electronic raffle system server may be a component of a network that is supported by a network-wide UPS if the server is included as a device protected by the UPS.(9)
System Clock Requirements. An Electronic Raffle System shall maintain an internal clock that reflects the current date and time (in twenty-four (24) hour format showing hours and minutes) that shall be used to provide for the following:(a)
Time stamping of significant events;(b)
Reference clock for reporting; and(c)
Time stamping of all sales and draw events.(10)
System Clock Synchronization Feature. If multiple clocks are supported the system shall have a facility to synchronize clocks within all system components.(11)
RSU Management Functionality. An electronic raffle system shall have a master list of each authorized RSU in operation, including at minimum the following information for each entry:(a)
A unique RSU identification number or corresponding hardware identifier ( MAC);(b)
Operator identification; and(c)
Tickets issued for sale, if applicable.(12)
RSU Validation. It is recommended that RSUs be validated at least once per year with at least one (1) method of authentication. The system shall have the ability to remotely disable the RSU after the threshold of unsuccessful validation attempts has been reached.(13)
Counterfoil Printers. If printed counterfoils are in use, the printer mechanism shall be able to detect and indicate the following error conditions:(a)
Out of paper;(b)
Paper low;(c)
Memory Error;(d)
Printer failure; and(e)
Printer disconnected.(14)
Printer Disable. At any time during an active draw, the operator shall have the ability to manually disable a printer and remove the printer from the configuration without affecting the remaining printers or any outstanding print requests.(15)
Significant Event Logging. Significant events shall be communicated and logged on the electronic raffle system, which shall include:(a)
Connection or Disconnection of an RSU or any component of the system;(b)
Critical memory corruption of any component of the system;(c)
Counterfoil Printer errors:1.
Out of paper or paper low;2.
Printer disconnect or failure; and3.
Printer memory error;(d)
Establishment and failure of communications between sensitive electronic raffle system components;(e)
Significant event buffer full;(f)
Program error or authentication mismatch;(g)
Firewall audit log full, if supported; and(h)
Remote access, if supported.(16)
Significant Event Surveillance or Security Functionality. Each significant event conveyed to the electronic raffle system shall be stored. An electronic raffle system shall provide an interrogation program that enables on-line comprehensive searching of the significant events through recorded data. The interrogation program shall have the ability to perform a search based at least on the following:(a)
Date and time range;(b)
Unique component identification number; and(c)
Significant event identifier.(17)
Storage Medium Backup. The electronic raffle system shall have sufficient redundancy and modularity so that if any single component or part of a component fails, the raffle may continue. Redundant copies of critical data shall be kept on the electronic raffle system with open support for backups and restoration.(a)
All storage shall be through an error checking, nonvolatile physical medium, or an equivalent architectural implementation, so if the primary storage medium fail, the functions of the electronic raffle system and the process of auditing those functions may continue with no critical data loss.(b)
The database shall be stored on redundant media so that no single failure of any portion of the system would cause the loss or corruption of data.(18)
Recovery Requirements. In the event of a catastrophic failure, and if the electronic raffle system cannot be restarted in any other way, it shall be possible to reload the electronic raffle system from the last viable backup point and fully recover the contents of that backup, including:(a)
Significant Events;(b)
Accounting information;(c)
Reporting information; and(d)
Specific site information such as employee files or raffle set-up(19)
Verification of System Software. System software components and modules shall be verifiable by a secure means at the system level denoting the program identification and version. The system shall have the ability to allow for an independent integrity check of the components and modules from an outside source and is required for all software that may affect the integrity of the system. This shall be accomplished by being authenticated by a third-party device, or by allowing for removal of the media so that it may be verified externally. This integrity check shall provide a means for field verification of the system components and modules to identify and validate the programs or files. The independent testing laboratory, prior to system approval, shall approve the integrity check method.Section 10.
Electronic Raffle System Communication Requirements.(1)
Communication Protocol. Each component of an electronic raffle system shall function as indicated by the communication protocol implemented. An electronic raffle system shall provide for the following:(a)
Communication between all system components and shall provide mutual authentication between the component and the server;(b)
All protocols shall use communication techniques that have proper error detection and recovery mechanisms, which are designed to prevent eavesdropping and tampering. Any alternative implementations shall be reviewed on a case-by-case basis, with regulatory approval; and(c)
All data communications critical to the raffle shall employ encryption. The encryption algorithm shall employ variable keys, or similar methodology to preserve secure communication.(2)
Connectivity. Only authorized devices shall be permitted to establish communications between any system components. Electronic raffle systems shall provide a method to:(a)
Verify that the system component is being operated by an authorized user;(b)
Enroll and un-enroll system components;(c)
Enable and disable specific system components;(d)
Ensure that only enrolled and enabled system components participate in the raffle; and(e)
Ensure that the default condition for components shall be un-enrolled and disabled.(3)
Loss of Communications. Raffle sales units (RSUs) may continue to sell tickets when not in communication with the system. Sales taking place on the RSU during a loss of communication with the system shall be logged on the device. The RSU shall deactivate upon detecting the limit of its buffer overflow. Upon the re-establishment of communication, the system shall require the RSU to re-authenticate with the server(s). All tickets sold during communication loss shall be transmitted to the system. Loss of communications shall not affect the integrity of critical memory.(4)
System Security. All communications, including remote access, shall pass through at least one (1) approved application-level firewall and shall not have a facility that allows for an alternate network path. Any alternate network path existing for redundancy purposes shall also pass through at least one (1) application-level firewall.(5)
Firewall Audit Logs. The firewall application shall maintain an audit log and shall disable all communications and generate a significant event that meets the requirements as specified in Section 9(13) if the audit log becomes full. The audit log shall contain:(a)
All changes to configuration of the firewall;(b)
All successful and unsuccessful connection attempts through the firewall; and(c)
The source and destination IP Addresses, Port Numbers, and MAC Addresses.(6)
Remote Access. The electronic raffle system shall have the option to disable remote access. Remote access shall accept only the remote connections permissible by the firewall application and electronic raffle system settings. In addition, there shall be:(a)
No unauthorized remote user administration functionality, such as adding users, or changing permissions;(b)
No unauthorized access to any database other than information retrieval using existing functions;(c)
No unauthorized access to the operating system; and(d)
For systems using an electronic random number generator, the electronic raffle system shall immediately detect remote access.(7)
The system manufacturer may, as needed, remotely access the electronic raffle system and its associated components for the purpose of product and user support.(8)
Remote Access Auditing. The electronic raffle system shall maintain an activity log that updates automatically depicting all remote access information, to include:(a)
Log on name;(b)
Time and date the connection was made;(c)
Duration of connection; and(d)
Activity while logged in, including the specific areas accessed and changes that were made.(9)
Wide Area Network Communications. Wide Area Network (WAN) communications are permitted as allowed by the regulatory body and shall meet the following requirements:(a)
The communications over the WAN are secured from intrusion, interference, and eavesdropping via techniques such as use of a Virtual Private Network (VPN) or encryption; and(b)
Only functions documented in the communications protocol shall be used over the WAN. The protocol specification shall be provided to the Testing Laboratory.(10)
Wireless Network Communications. If a wireless communication solution is utilized, it shall adhere to the following requirements:(a)
Segregation of Networks. Networks used by the electronic raffle systems shall be separate and not include other devices that are not part of the electronic raffle system.(b)
Service Set Identifier (SSID). The wireless network name (SSID) used to identify the wireless network shall be hidden and not broadcast.(c)
Media Access Control (MAC) Address Filtering. The wireless network should use MAC address filtering to validate whether or not a device may connect to the wireless network.(d)
Device Registration. The electronic raffle system shall use a device registration method to validate whether or not a device is an authorized device on the electronic raffle system.Section 11.
Online Raffle Ticket Sales.(1)
All systems used for the sale of raffle tickets through the Internet shall meet the requirements contained within this administrative regulation and the terms and conditions set forth by this administrative regulation for the sale of raffle tickets through the Internet.(2)
All online raffle ticket sales systems, software, and database requirements shall be tested and certified by an independent testing laboratory to meet the applicable requirements set forth in this administrative regulation and approved by the department.(3)
Operation manuals and service manuals shall be expressed in broad terms that are directly relevant to the system used to sell raffle ticket(s) through the Internet and shall be provided at the request of the department.(4)
Geolocation. The raffle system, online purchasing platform or the patron device shall be able to reasonably detect the physical location of an authorized patron attempting to access the service. Third parties may be used to verify the location of patrons.(5)
Inventory. If issued a charitable gaming license to conduct a raffle, the charitable organization shall provide the number of raffle tickets available for sale through the Internet. The raffle system software shall have the ability to set time limits for which tickets may be purchased. Upon completion of the sale of the final raffle ticket for a charitable organization raffle, the raffle shall close.(6)
Systems used by the purchaser to obtain raffle ticket(s) through the Internet shall be designed to be reasonably impervious to communication errors. Personally identifiable information, sensitive account data, and financial information shall be protected over a public network.(7)
Asset Management. All assets housing, processing of communication controlled information, including those comprising the operating environment of the Raffle system or its components, shall be accounted for and have a designated owner responsible for ensuring that information and assets are appropriately classified, and defining and periodically reviewing access restrictions and classifications.(8)
Raffle Equipment Security. Raffle system servers shall be located in server rooms that restrict unauthorized access. Raffle system servers shall be housed in racks located within a secure area.(9)
Network Security Management. To ensure purchasers are not exposed to unnecessary security risks by choosing to participate in raffles, these security requirements shall apply to the following critical components of the raffle system:(a)
Raffle system components that record, store, process, share, transmit, or retrieve sensitive purchaser information, such as credit card or debit card details, authentication information, or patron account balances;(b)
Raffle system components that store results of the current state of a purchaser's purchase order;(c)
Points of entry to and exit from the above systems (other systems that are able to communicate directly with the core critical systems); and(d)
Communication networks that transmit sensitive patron information.(10)
Networks should be logically separated so that there shall be no network traffic on a network link that cannot be serviced by hosts on that link.(a)
The failure of any single item shall not result in denial of service;(b)
An Intrusion Detection System or Intrusion Prevention System shall be installed on the network and shall:1.
Listen to both internal and external communications;2.
Detect or prevent Distributed Denial of Services (DDoS) attacks;3.
Detect or prevent shellcode from traversing the network;4.
Detect or prevent Address Resolution Protocol (ARP) spoofing; and5.
Detect other Man-in-the-Middle indicators and server communications immediately if detected.(c)
Stateless protocols shall not be used for sensitive data without stateful transport (HTTP is allowed if it runs on TCP);(d)
All changes to network infrastructure shall be logged;(e)
Virus scanners or detection programs shall be installed on all pertinent information systems. These programs shall be updated regularly to scan for new strains of viruses;(f)
Network security shall be tested by a qualified and experienced individual at least once per year;(g)
Testing shall include testing of the external (public) interfaces and the internal network; and(h)
Testing of each security domain on the internal network shall be undertaken separately.(11)
Communication Protocol. Online raffle tickets offered for sale by a charitable organization shall support a defined communication protocol that ensures purchasers are not exposed to unnecessary security risks when using the Internet for this purpose. Each component of a raffle system shall function as indicated by the communication protocol implemented. The system shall provide for the following:(a)
All critical data communication shall be protocol based or incorporate an error detection and correction scheme to ensure accuracy of messages received;(b)
All critical data communication shall employ encryption. The encryption algorithm shall employ variable keys or similar methodology to preserve secure communication;(c)
Communication between all system components shall provide mutual authentication between the component and the server;(d)
All protocols shall use communication techniques that have proper error detection and recovery mechanisms, which are designed to prevent eavesdropping and tampering;(e)
All data communications critical to raffle ticket sales through the Internet shall employ encryption. The encryption algorithm shall employ variable keys, or similar methodology to preserve secure communication.(12)
Remote Access. Remote access shall only be allowed with prior written approval of the department and shall have the option to be disabled. If allowed, remote access shall accept only the remote connections permissible by the firewall application and online raffle ticket sales settings. In addition, there shall be:(a)
No authorized remote user administration functionality;(b)
No authorized access to any database other than information retrieval using existing functions;(c)
No authorized access to the operating system; and(d)
The raffle system shall maintain an activity log that updates automatically depicting all remote access information.(13)
Error Recovery. The system used by a licensed charitable organization to offer the sale of raffle ticket(s) through the Internet shall be able to recover messages when they are received in error. This would include inaccurately inputting personal or banking information that would result in the purchaser being notified that the information is invalid and shall require review and corrective measures. In the event of a catastrophic failure, if the system cannot be restarted in any other way, it shall be possible to reload the system information from the last viable backup point and fully recover the contents of that backup, including:(a)
Significant events;(b)
Accounting information;(c)
Reporting information; and(d)
Specific site information, including employees file and the raffle set-up.(14)
Bi-Directional Requirements. Any system used to sell raffle ticket(s) through the Internet shall be tested by an independent testing laboratory, which shall certify that:(a)
The physical network is designed to provide exceptional stability and limited communication errors;(b)
The system is stable and capable of overcoming and adjusting for communication errors in a thorough, secure, and precise manner; and(c)
Information is duly protected with the most secure forms of protection via encryption, segregation of information, firewalls, passwords, and personal identification numbers.(15)
Encryption. Security messages that traverse data communications lines shall be encrypted using an encryption key or keys to ensure that communications are demonstrably secure against crypto-analytic attacks. The encryption keys or keys used to provide security to the system that provide for the sale of raffle tickets through the Internet shall be monitored and maintained. Additionally, there shall be a documented process for:(a)
Obtaining or generating encryption keys;(b)
Managing the expiry of encryption keys;(c)
Revoking encryption keys;(d)
Securely changing the current encryption keyset;(e)
The storage of any encryption keys; and(f)
To recover data encrypted with a revoked or expired encryption key for a defined period of time after the encryption key becomes valid.(16)
Cryptographic Controls. Cryptographic controls shall be implemented for the protection of the following information:(a)
Any sensitive or personally identifiable information shall be encrypted if it traverses a network with a lower level of trust;(b)
Data that is not required to be hidden and has to be authenticated shall use some form of message authentication technique;(c)
Authentication shall use a security certificate approved by the independent testing laboratory;(d)
The grade of encryption used shall be appropriate to the sensitivity of the data;(e)
The use of encryption algorithms shall be reviewed periodically by qualified management staff to verify that the current encryption algorithms are secure;(f)
Changes to encryption algorithms to correct weaknesses shall be implemented as soon as practical. If no changes are available, the algorithm shall be replaced; and(g)
Encryption keys shall not be stored without being encrypted themselves through a different encryption method or by using a different encryption key.(17)
Firewalls. All online raffle systems shall utilize firewalls that comply with the following provisions:(a)
A firewall shall be located at the boundary of any two (2) dissimilar security domains.(b)
All connections to hosts used for the sale of raffle tickets through the Internet shall be housed in a secure data center and shall pass through at least one (1) application-level firewall. This includes connections to and from any non-related hosts used by the operator.(c)
The firewall shall be a separate hardware device with the following characteristics:1.
Only firewall-related applications may reside on the firewall; and2.
Only a limited number of accounts may be present on the firewall.(d)
The firewall shall reject all connections except those that have been specifically approved.(e)
The firewall shall reject all connections from destinations that cannot reside on the network from which the message originated.(f)
The firewall shall maintain an audit log of all changes to parameters that control the connections permitted through the firewall.(g)
The firewall shall maintain an audit log of all successful and unsuccessful connection attempts. Logs shall be kept for ninety (90) days and a sample reviewed monthly for unexpected traffic.(h)
The firewall shall disable all communication if the audit log becomes full.(18)
Firewall Audit Logs. The audit log shall contain:(a)
All changes to the configuration of the firewall;(b)
All successful and unsuccessful attempts through the firewall; and(c)
The source and destination IP addresses, port numbers, and MAC addresses.(19)
System Clock. The system used for the sale of raffle tickets through the Internet shall maintain an internal clock that reflects the current date and time that shall be used for the following:(a)
Time stamping of significant events;(b)
Reference clock for reporting; and(c)
Time stamping of all sales.(20)
Purchase Session. A purchase session consists of all activities and communications performed by a purchaser during the time the purchaser accesses the raffle system or online purchasing platform. Tickets sold online shall only be purchased during a purchase session.(21)
Purchasing Tickets. A participant may purchase a raffle ticket from the Web site by following the instructions appearing on the screen and providing payment for the tickets. Each raffle ticket shall be sold individually for the price indicated. Multiple discounted prices shall only be allowed if a way of ensuring financial accountability is possible by the online purchasing platform or raffle system:(a)
A ticket purchase via a credit card transaction or other methods that may produce a sufficient audit trail shall not be processed until the funds are received from the issuer or the issuer provides an authorization number indicating that the purchase has been authorized;(b)
There shall be a clear notification that the purchase has been accepted by the system and the details of the actual purchase accepted shall be provided to the patron once the purchase is accepted; and(c)
Purchase confirmation shall include the amount of the purchase accepted by the raffle system or online purchasing platform.(22)
Disputes. The raffle system or online purchasing platform shall conspicuously provide a mechanism to advise the patron of the right to make a complaint against the operator and to enable the patron to notify the department of a complaint.(23)
Bearer Ticket Issuance. After the payment of a fee, the purchaser shall receive a receipt through the Internet that the purchase of a raffle ticket or tickets is complete. Upon receiving the receipt acknowledging the purchase through the Internet, the purchaser may receive the raffle ticket via e-mail. The receipt acknowledging purchase and the issuance of the raffle tickets through the Internet shall be processed as two (2) separate transactions.(24)
Validation Numbers. The method used by the raffle system to generate the bearer ticket validation number shall be unpredictable and ensure against duplicate validation numbers for the raffle currently in progress.(25)
Voiding a Ticket. If a ticket is voided, the appropriate information shall be recorded, which includes the draw numbers and the validation number pertaining to the voided ticket. Voided draw numbers shall not be able to be resold or reissued.(26)
Raffle Drawing Requirements.(a)
A raffle drawing shall be held the date, time, and place stated on the organization's license or certificate of exemption.(b)
The operator shall conduct a manual or electronic draw procedure that ensures a randomly selected draw number as a winner from all the tickets sold. Each drawn counterfoil shall be verified as a sold and valid ticket. Voided tickets shall not be qualified toward any prize. This process shall be repeated for each advertised prize.(c)
Results of the drawing become official and final after the drawn number is verified as a winning raffle ticket for the respective drawing and is presented to the participants for the raffle. The winning draw number shall be made available on the raffle Web site for the participants to review. Operators may utilize any additional methods in presenting the winning draw number(s) to the participants.(27)
Accounting Requirements. Any system used for the sale of raffle tickets through the Internet shall have the capability to log sales and to print reports detailing sales and accounting information for specific dates and time periods that shall be available. This information shall include the price of each raffle ticket, number of raffle tickets sold, and total sales. The system or other equipment shall be capable of producing accounting reports to include the following information:(a)
Data required to be maintained for each raffle drawing, including:1.
Date and time of event;2.
Organization running the event;3.
Sales information;4.
Value of prize(s) awarded;5.
Prize distribution;6.
Refund totals of event;7.
Draw numbers-in-play;8.
Winning number(s) drawn (including draw order, call time, and claim status); and9.
Any other information required by 820 KAR 1:057.(b)
Exception Report. A report that includes system exception information, including changes to system parameters, corrections, overrides, and voids.(c)
Bearer Tickets Reports. A report that includes a list of all bearer tickets sold including all associated draw numbers and selling price.(d)
Sales Report. A report that includes a breakdown of sales of raffle ticket(s) through the Internet, including draw numbers sold and any voided and misprinted tickets.(e)
Voided Draw Number Report. A report that includes a list of all draw numbers that have been voided including corresponding validation numbers.(f)
Event Log. A report that lists all events recorded specific to the sales of raffle ticket(s) through the Internet. This shall include the date and time of the transaction and a brief description of the transaction or identifying code.(g)
Corruption Log. A report that lists all Internet transactions that were unable to be reconciled to the system.(28)
Sales and Accounting Report Requirements. Any raffle ticket sold shall be included in the sales and accounting reports and be detailed in all financial transactions on the system. In addition, a log relating to accounting and raffle ticket sales shall be maintained on the system. The charitable organization conducting the raffle shall be given the option of printing this log on demand.(29)
Backup Requirements. Any system used for the sale of raffle ticket(s) through the Internet shall have a backup and archive utility to allow the licensed charitable organization, conducting the raffle, the ability to save critical data if a system failure occurs. This backup may be automatically run by the charitable organization.(30)
Data Alteration. The alteration of any accounting, reporting or significant event data related to the sale of raffle tickets through the Internet shall include supervised access controls. In the event any data is changed, the following information shall be logged, documented, stored, and available upon request for review:(a)
Data element altered;(b)
Data element value prior to alteration;(c)
Data element value after alteration;(d)
Time and date of alteration; and(e)
User login of the personnel that performed the alteration.(31)
Access Controls. The allocation of access privileges shall be restricted and controlled on business requirements and the principle of least privilege.(a)
A formal user registration and de-registration procedure shall be in place for granting and revoking access to all information systems and services.(b)
All users shall have a unique identifier (user ID) for their personal use only, and a suitable authentication technique shall be chosen to substantiate the claimed identity of a user.(c)
The use of generic accounts shall be limited, and if used the reasons for their use shall be formally documented.(d)
Password provision shall be controlled through a formal management process.(e)
Passwords shall meet business requirements for length, complexity, and lifespan.(f)
Access to system applications shall be controlled by a secure log-on procedure.(g)
Appropriate authentication methods, in addition to passwords, shall be used to control access by remote users(h)
Any physical access to areas housing components used for the sale of raffle ticket(s) through the Internet application and any logical access to these applications shall be recorded.(i)
The use of automated equipment identification to authenticate connections from specific locations and equipment shall be formally documented and shall be included in the regular review of access by management.(j)
Restrictions on connection times shall be used to provide additional security for high-risk applications.(k)
The use of utility programs that might be capable of overriding system application controls shall be restricted and tightly controlled.(l)
A formal policy shall be in place and appropriate security measures shall be adopted to protect against the risks of using mobile computing and communication facilities.(32)
Purchaser Account Registration. The raffle system or online purchasing platform shall employ a mechanism to collect purchaser information prior to registration of a purchaser account. The purchaser shall be fully registered, and the purchaser's account shall be activated prior to permitting ticket purchases. Once the identity verification is successfully complete, and the purchaser has acknowledged all of the necessary privacy policies and the terms and conditions, the purchaser account registration is complete and the patron account shall become active.(33)
Third-Party Services. Any third-party service providers contracted to provide service involving accessing, processing, communicating, or managing the sale of raffle tickets through the Internet shall adhere to information contained in this administrative regulation. The security roles and responsibilities of third-party service providers shall be defined and documented as it relates to the security of information.(a)
Agreements with third-party service providers involving accessing, processing, communicating, or managing the purchase of on-line raffle tickets through the Internetor its components, or adding products or services to the system used or its components shall cover all relevant security requirements.(b)
The services, reports, and records provided by the third-party shall be monitored and reviewed by the department upon request.(c)
Changes to the provision of services, including maintaining and improving existing information security policies, procedures and controls, shall be managed, taking account of the criticality of business systems and processes involved and re-assessment of risks.(d)
The access rights of third-party service providers to the system or its components shall be removed upon termination of their contract or agreement, or adjusted upon change.HISTORY: (22 Ky.R. 441; eff. 10-13-1995; Recodified from 500 KAR 11:050, 2-23-1999; 32 Ky.R. 771; 1291; 1653; eff. 3-31-2006; 33 Ky.R. 3525; 34 Ky.R. 69; 264; eff. 8-31-2007; 42 Ky.R. 944; eff. 1-4-2016; 44 Ky.R. 2670; 45 Ky.R. 715, 1599; eff. 1-4-2019; 47 Ky.R. 190, 1029, 1219; eff. 3-2-2021.)