Enewsletteradvantechacgq22014

eNews Letter Q2 2014

Advantech Applied Computing

Technology Communications

- Security Column

- Gaming Column

Issue: June 2014

By Applied Computing

Group

Advantech www.advantech.com.tw/dms

About the eNews Letter

We at Advantech Applied Computing Group (ACG, formerly AC-

DMS), are glad to share with you, our premier customers, our

latest technology focus and industry highlights.

Advantech has been delivering ePlatform and eAutomation

products for over 30 years. To best serve its outsourcing

customers, ACG was built to focus on customer-oriented

services & cost-effective solutions, with domain market know-

how, innovative technology, and solid expertise.

Embracing the company value of “Altruism”, ACG sees itself as a

long-term partner to help our customers continue to build

lasting prosperity. Not only do we offer collaborative design,

flexible manufacturing and global services, but we also strive to

go beyond customer expectations. The eNews is part of our

commitment toward Enabling customers’ success.

Technology Highlights 4 Secure Boot Introduction 8 Secure Boot Implementation

Vertical Market Focus – Gaming 10 Gaming Market Snapshot 11 Gaming Jurisdiction: GLI-11 12 Security Solutions for Gaming Applications

ACG Gaming DMS Core Competency 16 Mechatronics Capability 19 Focused Gaming Features 20 One-stop Shopping Services & Longevity Support

22 Contacts at Advantech Applied Computing Group

Table of Contents

Secure Boot is a security standard designed by members in the PC industry to make sure that a PC boots using only firmware that is trusted by the PC manufacturer.

Secure Boot is a firmware validation process defined in UEFI; it requires a PC that meets the UEFI Specifications Ver. 2.3.1, Errata C or higher.

The next generation firmware interface (vs. Legacy BIOS) managed through the UEFI forum, a collection of chipset, hardware, system, firmware, and operating system vendors. Since UEFI 2.2 specification, the Secure Boot

protocol has been added.

Technology Highlights

UEFI: Unified Extensible Firmware Interface

When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system.

If the signatures are valid, the PC boots, and the firmware gives control to the operating system.

In this way, Secure Boot protects the PC from low-level exploits and rootkits and bootloaders, making the attempt to compromise the start up sequence much harder for attackers.

Secure Boot : Gatekeeper Before the Operating System

Without Secure Boot

vs. UEFI Secure Boot Flow

Native UEFI Verified OS

Loader (e.g. Win 8)

OS Start

BIOS Any OS Loader (Malware/Fake

included) OS Start

Secure Boot : Gatekeeper Before the Operating System Technology Highlights I 05

Secure Boot is a security standard designed by members in the PC industry to make sure that a PC boots using only firmware that is trusted by the PC manufacturer.

Secure Boot is a firmware validation process defined in UEFI; it requires a PC that meets the UEFI Specifications Ver. 2.3.1, Errata C or higher.

When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system.

If the signatures are valid, the PC boots, and the firmware gives control to the operating system.

In this way, Secure Boot protects the PC from low-level exploits and rootkits and bootloaders, making the attempt to compromise the start up sequence much harder for attackers.

The Security Keys and How They Work

Platform

Key

Key Exchange

Key

Signature

Database

Forbidden

Database

Protection

Protection

A series of keys and databases are used to manage and protect the signatures needed to verify code before it is executed. As shown in the figure, from top, each key is used to protect the next key from uncontrolled modification.

UEFI spec focuses on the mechanisms for signing code images and managing keys and signatures. The way it is managed, enabled or disabled is a decision of the platform manufacturer and the system owner.

Platform Key (PK)

One PK in each system

Typically set by the platform manufacturer when a system is built in the factory

May be replaceable by an end user or enterprise IT services

Database (db)

Two lists of signatures are maintained: signatures of code that is authorized to run on the platform and signatures of code that is forbidden

Key Exchange Key (KEK)

There can be multiple KEKs provided by the operating system and other trusted third party application vendors

No changes can be made to the signature database without the private portion of this key.

Technology Highlights I 07

Secure Boot Implementation

TPM

Solution SDK to protect software from copying or cloning, to validate downloadable contents and authenticate users and clients.

iButton

Simple one-wire or two-wire device connected by GPIO to authenticate computer system, available for a number of different functions and supplied drivers and SDK.

How These Features Function in Secure Boot

Option

ROM

Designate a piece of binary code intended to be run under the control of the BIOS in order to provide services to the BIOS to help the system boot from add-in hardware devices.

Technology Highlights I 09

Gaming

Military

Finance

Public

Safety

Retail

Network/

Telecom

Any time a PC needs protection to resist attacks and malware infection during the booting process, Secure Boot can serve as gatekeeper.

The Worldwide Casino Business is Booming

Vertical Market Focus

From:

Segasammy 2013 Annual Report

Bloomberg news 2013-0909

Bloomberg news 2013-1205

Casino Market Size is expected to be USD182.8B in 2015. Main growing market is Asia-Pacific region.

“Sands to MGM Scout Casino Sites in Japan as Tokyo Gets Games.”

“Japan’s LDP Lawmakers Submit Parliament Bill to Legalize Casinos.”

To name some important sections in GLI-11 Control Program Verification (Section 2.17)

This regulation requires that any programs running on gaming machines are verified before execution especially if the program could affect the game outcomes

Physical Access Control (Section 2.10/2.11/2.12/2.16) Access to the interior of the gaming machine has to be controlled, monitored, event/error logged, including devices such as CPU electronic boards, gaming storage devices and money handling devices

The Worldwide Casino Business is Booming, and GLI-11 Plays a Critical Role in it

Casino Market Size is expected to be USD182.8B in 2015. Main growing market is Asia-Pacific region.

“Sands to MGM Scout Casino Sites in Japan as Tokyo Gets Games.”

“Japan’s LDP Lawmakers Submit Parliament Bill to Legalize Casinos.”

Vertical Market Focus I 11

To name some important sections in GLI-11 Control Program Verification (Section 2.17)

This regulation requires that any programs running on gaming machines are verified before execution especially if the program could affect the game outcomes

Physical Access Control (Section 2.10/2.11/2.12/2.16) Access to the interior of the gaming machine has to be controlled, monitored, event/error logged, including devices such as CPU electronic boards, gaming storage devices and money handling devices

• GLI-11 is a regulation released by Gaming Laboratories International.

• The main purpose is to create a standard that ensures gaming devices in casinos are fair, secure, and able to be audited and operated correctly.

Advantech Offers the Most Up-to-date SW Package

Board Support Security Firmware/BIOS Utility/Development

Drivers & Utilities

DirectPCI SDK & Run-Time

Embedded OS Support

Custom Embedded Linux

Secure Boot

TPM Suite

Custom Logo & Settings

TCG CRTM BIOS (TPM)

Custom BIOS Code

DirectPCI API

Custom Utility/ Development Kits

The Emphasis on Security:

Secure Boot

Vertical Market Focus I 13

The Emphasis on Security:

TPM Suite

Board Support Security Firmware/BIOS Utility/Development

Drivers & Utilities

DirectPCI SDK & Run-Time

Embedded OS Support

Custom Embedded Linux

Secure Boot

TPM Suite

Custom Logo & Settings

TCG CRTM BIOS (TPM)

Custom BIOS Code

DirectPCI API

Custom Utility/ Development Kits

Advantech Offers the Most Up-to-date SW Package

Advantech Hardware Security Features

Monitoring

Firmware

Security ID

Proprietary format, highly integrated SBC

Intrusion Detection Logging Processor(IDLP)

Non-volatile RAM (battery back-up SRAM)

Power Fail Detect

System Health Monitoring

Meter Cut Detect

Security (“Jurisdiction”) ROM sockets

Write Protect BIOS, custom BIOS

IDROM, EEPROM

iButton®

Trusted Platform Module

Digital Inputs/Outputs

Vertical Market Focus I 15

Proprietary format, highly integrated SBC

Intrusion Detection Logging Processor(IDLP)

Non-volatile RAM (battery back-up SRAM)

Power Fail Detect

System Health Monitoring

Meter Cut Detect

Security (“Jurisdiction”) ROM sockets

Write Protect BIOS, custom BIOS

IDROM, EEPROM

iButton®

Trusted Platform Module

Digital Inputs/Outputs

The Emphasis on Security:

IDLP and Digital I/O

Gaming DMS Core Competency I 17

Gaming DMS Core Competency

Gaming DMS Core Competency I 19

Gaming DMS Core Competency

Gaming DMS Core Competency I 21

Contacts at Advantech Applied Computing Group

Jason.Lu

@advantech.com.tw

• Embedded Computing KA Services

• Mobile POS • Vehicle &

Transportation Applications

Jimmy.Hsu @advantech.com.tw

• Gaming KA Services • Gaming Portable &

Server Applications • Arcade, AWP, Casino,

Pachislot & Recreation Applications

Gaming

Pablo.Lin

@advantech.com.tw

• Medical KA Services • Medical Tablet &

Portable • Ultrasound, Patient

Monitor • Medical Server

Applications • Fitness Console

Hawaii.Tseng @advantech.com.tw

• China DMS KA Services • Point of Sales Solutions • Self Services

Applications

Medical

Retail/ China

Alexyc.Chen @advantech.com.tw

• Portable & Tablet KA

Services • Rugged, Warehousing &

Field Services • Mobile Resources

Management (In-Vehicle)

Mobile Embedded Systems

ACG BU Head [email protected]

Jason.Kuo

@advantech.com.tw

+886 2 2792 7818 ext.8002

Business Development

Selena.Wang

@advantech.com.tw

+886 2 2792 7818 ext.8013

Business Development