Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Secure Online Second Chance Drawing System Presented by: Patrick Maroney, Director of Security & Investigations, Colorado Lottery Ken Sabey, Director.

Published byBrett Fletcher Modified over 9 years ago

Similar presentations

Presentation on theme: "A Secure Online Second Chance Drawing System Presented by: Patrick Maroney, Director of Security & Investigations, Colorado Lottery Ken Sabey, Director."— Presentation transcript:

1 A Secure Online Second Chance Drawing System Presented by: Patrick Maroney, Director of Security & Investigations, Colorado Lottery Ken Sabey, Director of Sales, HostWorks, Inc. Dan Baughman, Developer, HostWorks, Inc. 2009 Fall NASPL Security Subcommittee Meeting Colorado Springs, Colorado

2 Reason for Security Integrity of any drawing Integrity of any drawing No longer just a promotional tool No longer just a promotional tool Now in the prize structure…. Now in the prize structure…. Is additional security needed?? Is additional security needed??

3 Overview Overview Data Center Security Server Security Receiving HASH Data Testing Entry Process Drawing Process

4 Secure Environment Data center security Manned 24/7 Manned 24/7 SAS70 Controlled Security Procedures SAS70 Controlled Security Procedures Locked cabinets Locked cabinets Security cameras Security cameras Colorado Department of Revenue personnel background checks Colorado Department of Revenue personnel background checks Yearly security audits Yearly security audits

5 Secure Environment (cont.) Server security Follow the manufacturer’s security standards for the operating system and development platform Follow the manufacturer’s security standards for the operating system and development platform Dedicated firewall Dedicated firewall Server and database access via VPN tunnels only Server and database access via VPN tunnels only Access controlled at user level Access controlled at user level Secure Socket Layers (SSL) used to encrypt data Secure Socket Layers (SSL) used to encrypt data Robust suite of anti-virus tools Robust suite of anti-virus tools Pro-active monitoring of the servers Pro-active monitoring of the servers

6 Drawing Setup Receiving the HASH data Data is transmitted via an encrypted SFTP protocol (must have key to connect) Data is transmitted via an encrypted SFTP protocol (must have key to connect) Access limited to authorized personnel Access limited to authorized personnel Encrypted files uploaded to web server, then unencrypted with the key Encrypted files uploaded to web server, then unencrypted with the key HASH data uploaded into database for specific game over encrypted connection HASH data uploaded into database for specific game over encrypted connection HASH = plug a string into it, outputs a 32 HASH = plug a string into it, outputs a 32 character string back character string back

7 Drawing Setup (cont.) Testing Developer does initial test with non-active VIRN numbers to verify it works Developer does initial test with non-active VIRN numbers to verify it works Lottery personnel conduct second level of testing prior to sign-off on the game Lottery personnel conduct second level of testing prior to sign-off on the game Test entries are tracked and stored separately from actual entries Test entries are tracked and stored separately from actual entries

8 Entry Process Entering the Ticket Number Player enters 2CD section of Lottery’s web site Player enters 2CD section of Lottery’s web site2CD section 2CD section Enters VIRN number from non-winning scratch ticket Enters VIRN number from non-winning scratch ticket System does one-way encryption to HASH algorithm to determine validity System does one-way encryption to HASH algorithm to determine validity If non-valid, user is presented with immediate feedback on reason If non-valid, user is presented with immediate feedback on reason If valid, entry is stored in entry table If valid, entry is stored in entry table Numerous failed attempts result in entry form access being temporarily disabled for player Numerous failed attempts result in entry form access being temporarily disabled for player

9 Entry Process (cont.) Entry Submission Upon successful submission, player is provided option to enter another ticket number Upon successful submission, player is provided option to enter another ticket number MyLottery player has option to review their 2CD history when logged in or to opt-in to a weekly email summary MyLottery player has option to review their 2CD history when logged in or to opt-in to a weekly email summary All drawing entrants will receive an email notification revealing the winner of the drawing. All drawing entrants will receive an email notification revealing the winner of the drawing.

10 Drawing Process Acquiring Entrants Authorized Lottery personnel login into Admin section of web site Authorized Lottery personnel login into Admin section of web siteAdmin section Admin section Second level of dual logins required to access Drawing system Second level of dual logins required to access Drawing system Drawing team chooses a 2CD game from list of available games, system provides output of total number of entrants Drawing team chooses a 2CD game from list of available games, system provides output of total number of entrants Automated security audit performed on data to scrub for possible duplicate entries Automated security audit performed on data to scrub for possible duplicate entries Lottery security performs data integrity check Lottery security performs data integrity check

11 Drawing Process (cont.) Winner Selection Drawing team runs the drawing on a separate stand alone automatic draw machine Drawing team runs the drawing on a separate stand alone automatic draw machine Drawing team logs back into drawing system and inputs the winning entrant’s number; system outputs that entrant’s contact information Drawing team logs back into drawing system and inputs the winning entrant’s number; system outputs that entrant’s contact information Drawing team now downloads copy of the entrants database Drawing team now downloads copy of the entrants database Winner is contacted by Lottery personnel Winner is contacted by Lottery personnel Winner has to physically present the scratch game ticket Winner has to physically present the scratch game ticket

12 Summary Multiple solutions: secure your current environment, outsource the 2CD system to a secure third party, hybrid. Multiple solutions: secure your current environment, outsource the 2CD system to a secure third party, hybrid. Test, Test, Test Test, Test, Test Continually audit and evaluate options Continually audit and evaluate options Listen to your players Listen to your players

Download ppt "A Secure Online Second Chance Drawing System Presented by: Patrick Maroney, Director of Security & Investigations, Colorado Lottery Ken Sabey, Director."

Similar presentations

Accel Computerized Maintenance Management System.

Accel Computerized Maintenance Management System.
Test test Please press the F5 key to begin. (Then, press the Page Up or Page Down keys to move through the following 3 slides.)

Test test Please press the F5 key to begin. (Then, press the Page Up or Page Down keys to move through the following 3 slides.)
Ensuring Quality Support by Measuring Quality of Responses Mike Myers Director – Help Desk Operations Robin Rea Process Services Project Manager CompuCom.

Ensuring Quality Support by Measuring Quality of Responses Mike Myers Director – Help Desk Operations Robin Rea Process Services Project Manager CompuCom.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014

New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014
LeadManager™- Internet Marketing Lead Management Solution May, 2009.

LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.

Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.
Use Mobile Guidebook to Evaluate this Session – M1.5 Allowing Students to Update Their Program of Study Online.

Use Mobile Guidebook to Evaluate this Session – M1.5 Allowing Students to Update Their Program of Study Online.
OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.

OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.
CUONG NGUYEN PRIYA PAKHANAVAR RUSSELL ROBINSON RPC Hotels.

CUONG NGUYEN PRIYA PAKHANAVAR RUSSELL ROBINSON RPC Hotels.
Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.

Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.
Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,

Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as email address Email address will.

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
DePaul Bears Try Your Luck!. Why buy this product? Approximately 1,000,000 cell phone users Approximately 2,000,000 or more people play the lottery New.

DePaul Bears Try Your Luck!. Why buy this product? Approximately 1,000,000 cell phone users Approximately 2,000,000 or more people play the lottery New.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
1 Electronic Filing System United States Patent and Trademark Office.

1 Electronic Filing System United States Patent and Trademark Office.
8/9/2015 1:47 AM SurveyCentralOverview.ppt CSC ©Copyright 2012 Online Survey Application: CSC Survey Central System Overview November 26, 2012 Supported.

8/9/2015 1:47 AM SurveyCentralOverview.ppt CSC ©Copyright 2012 Online Survey Application: CSC Survey Central System Overview November 26, 2012 Supported.
PEMSolutions Technology Training The New Early Warning System.

PEMSolutions Technology Training The New Early Warning System.
A Second Chance How to Enhance your Scratch Product Through Second-Chance Drawings Presented By: Todd Greco – Colorado Lottery Scratch Product Manager.

A Second Chance How to Enhance your Scratch Product Through Second-Chance Drawings Presented By: Todd Greco – Colorado Lottery Scratch Product Manager.

Similar presentations

Ads by Google