The ARJEL-compliant Trusted Solution For Online Gambling And Betting Operators
-
date post
20-Oct-2014 -
Category
Documents
-
view
2.347 -
download
3
description
Transcript of The ARJEL-compliant Trusted Solution For Online Gambling And Betting Operators
DICTAO
152 avenue de Malakoff
75116 PARIS, France
Tel.: +33 (0)1 73 00 26 00
www.dictao.com
White PaperWhite PaperWhite PaperWhite Paper
The trusted solution
for online gambling
operators in France
152 avenue de Malakoff
75116 PARIS, France
Tel.: +33 (0)1 73 00 26 00
www.dictao.com – [email protected]
White PaperWhite PaperWhite PaperWhite Paper
The trusted solution
for online gambling
operators in France
The trusted solution
for online gambling
operators in France
CONTENTS
1111 THE REGULATORY FRAMETHE REGULATORY FRAMETHE REGULATORY FRAMETHE REGULATORY FRAMEWORKWORKWORKWORK .................................................................................................................................................................................................................................................................................................................................................................................................................... 4444
1.1 The principles behind introducing competition .................................................................................................................. 4
1.2 Creation of a regulatory authority and definition of operator regulations ........................................................................... 5
The future regulatory authority's missions ............................................................................................................................... 5
Regulations concerning gambling platforms, organization and services .................................................................................. 5
1.3 The ARJEL licensing procedure ........................................................................................................................................... 6
Estimated schedule .................................................................................................................................................................. 6
Licensing application content .................................................................................................................................................. 6
Transition period ..................................................................................................................................................................... 7
2222 THE NEED FOR TRUSTTHE NEED FOR TRUSTTHE NEED FOR TRUSTTHE NEED FOR TRUST ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 8888
2.1 Gamblers ........................................................................................................................................................................... 8
2.2 Operators .......................................................................................................................................................................... 8
2.3 Authorities ......................................................................................................................................................................... 8
3333 THE TECHNICAL SOLUTITHE TECHNICAL SOLUTITHE TECHNICAL SOLUTITHE TECHNICAL SOLUTIONONONON ............................................................................................................................................................................................................................................................................................................................................................................................................................................ 9999
3.1 Architecture with a front-end in French territory ................................................................................................................ 9
3.2 The front-end retrieves and secures traces of transactions ................................................................................................ 9
Front-end interface ............................................................................................................................................................... 10
Capteur ................................................................................................................................................................................. 10
Back-end relay ...................................................................................................................................................................... 10
Vault (upper part of front-end) .............................................................................................................................................. 10
3.3 Vault function (upper part of front-end)........................................................................................................................... 11
A key part of supervisory and monitoring activities ............................................................................................................... 11
Mandatory FNISA certification ................................................................................................................................................ 11
Initialized by the future regulatory authority .......................................................................................................................... 11
Hosted under the responsibility of the operator..................................................................................................................... 11
4444 ARJEL SPECIFICATIONSARJEL SPECIFICATIONSARJEL SPECIFICATIONSARJEL SPECIFICATIONS ................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 12121212
4.1 Front-end requirements ................................................................................................................................................... 12
General requirements ............................................................................................................................................................ 12
The capteur ........................................................................................................................................................................... 12
The vault ............................................................................................................................................................................... 12
4.2 Gambling application requirements.................................................................................................................................. 13
4.3 Gambling platform requirements ..................................................................................................................................... 13
4.4 Information system maturity requirements ...................................................................................................................... 13
5555 DICTAO'S OFFER: DICTAO'S OFFER: DICTAO'S OFFER: DICTAO'S OFFER: A SOLUTION COMPLIANTA SOLUTION COMPLIANTA SOLUTION COMPLIANTA SOLUTION COMPLIANT WITH THE FUTURE AUTHWITH THE FUTURE AUTHWITH THE FUTURE AUTHWITH THE FUTURE AUTHORITY'S REGULATIONS ORITY'S REGULATIONS ORITY'S REGULATIONS ORITY'S REGULATIONS AS AS AS AS
OF THE INTRODUCTION OF THE INTRODUCTION OF THE INTRODUCTION OF THE INTRODUCTION OF COMPETITIONOF COMPETITIONOF COMPETITIONOF COMPETITION ................................................................................................................................................................................................................................................................................................................................................................ 15151515
5.1 An offer technically based on our D3S solution ................................................................................................................ 15
Overview of D3S solution ....................................................................................................................................................... 15
Archiving for legal purposes .................................................................................................................................................. 16
Digital vault room layout ....................................................................................................................................................... 16
5.2 Packaging adapted for online gambling operators............................................................................................................ 17
D3S compliance with ARJEL requirements
Managing multiple brands and licenses
User management adapted for online gambling
5.3 Three versions to meet the specific needs of each operator
Publisher offering ................................
Hosted service offering ................................
Turnkey offering with support for integration and obtaining ARJEL licensing
The trusted solution for online gambling operators in France
D3S compliance with ARJEL requirements ................................................................................................
Managing multiple brands and licenses ................................................................................................
User management adapted for online gambling ................................................................................................
Three versions to meet the specific needs of each operator ................................................................
................................................................................................................................
................................................................................................................................
Turnkey offering with support for integration and obtaining ARJEL licensing ................................
The trusted solution for online gambling operators in France
1
.............................................................. 18
................................................................. 18
.................................................... 19
............................................................. 20
.................................................................. 20
.......................................................... 21
......................................................................... 21
A MESSAGE FROM
JACQUES PANTIN
CEO and Founder of Dictao CEO and Founder of Dictao CEO and Founder of Dictao CEO and Founder of Dictao
In 2010, the French online gambling market will open up to competition
with, in particular, the creation of a regulatory authority, the ARJEL.
To enter the French market, online g
many types of requirements, which means that their market plans will have to take into account
regulatory, marketing and technical constraints.
Dictao, a security software publisher, would like to offer these operators a
solution that enables them to easily meet the traceability requirements for gambling data that are
currently being finalized by the future authority.
Security and trust make up our core area of business. To meet the needs of our clients
public (e.g. ministry for the economy, defense segment) and banking sectors (e.g.
France), and more generally of all stakeholders, we have developed an electronic vault solution,
Dictao Secure Storage Server (D3S), based on the Dictao sig
that have been qualified and certified at the EAL3+ level of the international Common Criteria
standard. We are currently the only company in Europe to have achieved this level.
Consequently, we believe that the D3S
specifications recently published by the authority's pre
working to have this product qualified according to a CSPN (
Niveau) security target, which will allow us to quickly supply a compliant product.
Dictao's offering, based on the D3S solution, will allow online gambling operators to abide by
Article 22 of the French bill on introducing competition to this market, whic
technical device, located in metropolitan France, for traceability purposes:
"Operators shall be required to archive, in real time and on a physical medium located in
France, all data mentioned...All data exchanged between the gamble
shall pass through this medium." (Unofficial translation)
We are already prepared to meet your needs by providing, independently or with our partners, a
high-quality solution that we are committed to bringing into line with the specific
future requirements issued by the regulatory authority, and that can meet the highest objectives in
terms of performance and availability.
The trusted solution for online gambling operators in France
A MESSAGE FROM
JACQUES PANTIN
In 2010, the French online gambling market will open up to competition
with, in particular, the creation of a regulatory authority, the ARJEL.
To enter the French market, online gambling operators will have to meet
many types of requirements, which means that their market plans will have to take into account
regulatory, marketing and technical constraints.
Dictao, a security software publisher, would like to offer these operators a
solution that enables them to easily meet the traceability requirements for gambling data that are
currently being finalized by the future authority.
Security and trust make up our core area of business. To meet the needs of our clients
ministry for the economy, defense segment) and banking sectors (e.g.
France), and more generally of all stakeholders, we have developed an electronic vault solution,
Dictao Secure Storage Server (D3S), based on the Dictao signature and signature verification tools
that have been qualified and certified at the EAL3+ level of the international Common Criteria
standard. We are currently the only company in Europe to have achieved this level.
Consequently, we believe that the D3S solution will easily fulfill the requirements defined in the
specifications recently published by the authority's pre-configuration mission. We are currently
working to have this product qualified according to a CSPN (Certification de Sécurité de Premier
) security target, which will allow us to quickly supply a compliant product.
Dictao's offering, based on the D3S solution, will allow online gambling operators to abide by
Article 22 of the French bill on introducing competition to this market, which imposes the use of a
technical device, located in metropolitan France, for traceability purposes:
"Operators shall be required to archive, in real time and on a physical medium located in
France, all data mentioned...All data exchanged between the gambler and the operator
shall pass through this medium." (Unofficial translation)
We are already prepared to meet your needs by providing, independently or with our partners, a
quality solution that we are committed to bringing into line with the specific
future requirements issued by the regulatory authority, and that can meet the highest objectives in
terms of performance and availability.
The trusted solution for online gambling operators in France
2
many types of requirements, which means that their market plans will have to take into account
Dictao, a security software publisher, would like to offer these operators a turnkey technical
solution that enables them to easily meet the traceability requirements for gambling data that are
Security and trust make up our core area of business. To meet the needs of our clients in the
ministry for the economy, defense segment) and banking sectors (e.g. Banque de
France), and more generally of all stakeholders, we have developed an electronic vault solution,
nature and signature verification tools
that have been qualified and certified at the EAL3+ level of the international Common Criteria
standard. We are currently the only company in Europe to have achieved this level.
solution will easily fulfill the requirements defined in the
configuration mission. We are currently
Certification de Sécurité de Premier
) security target, which will allow us to quickly supply a compliant product.
Dictao's offering, based on the D3S solution, will allow online gambling operators to abide by
h imposes the use of a
"Operators shall be required to archive, in real time and on a physical medium located in
r and the operator
We are already prepared to meet your needs by providing, independently or with our partners, a
quality solution that we are committed to bringing into line with the specifications and any
future requirements issued by the regulatory authority, and that can meet the highest objectives in
As a software solution publisher, we offer Dictao's D3S solution under a paid
agreement based solely on the number of processors chosen for implementation, not on the
number of transactions.
At the same time, we have developed partnerships with a view to offering operators a hosted
turnkey solution that will enable them to directly meet the fu
fixed annual cost based on the levels of performance and availability requested by the operators.
We can also offer an integration service to develop the
"gambler/operator" data streams, and support in compiling the technical documentation that must
be included in the licensing application submitted to the future authority.
By building on our competencies
expertise in electronic vault functions in particular, we are pleased to offer, independently or with
our partners, the technical solution best suited to your needs. We look forward to developing a
long-term partnership with you.
This latest version of our white paper has b
published by the future authority.
Jacques Pantin, CEO and Founder of Dictao
1
The trusted solution for online gambling operators in France
As a software solution publisher, we offer Dictao's D3S solution under a paid
sed solely on the number of processors chosen for implementation, not on the
At the same time, we have developed partnerships with a view to offering operators a hosted
turnkey solution that will enable them to directly meet the future authority's requirements at a
fixed annual cost based on the levels of performance and availability requested by the operators.
We can also offer an integration service to develop the capteur function required for tracing
ams, and support in compiling the technical documentation that must
be included in the licensing application submitted to the future authority.
By building on our competencies –which we consider unique in the security industry
onic vault functions in particular, we are pleased to offer, independently or with
our partners, the technical solution best suited to your needs. We look forward to developing a
This latest version of our white paper has been updated to reflect the specifications recently
published by the future authority.
Jacques Pantin, CEO and Founder of Dictao
The trusted solution for online gambling operators in France
3
As a software solution publisher, we offer Dictao's D3S solution under a paid-up license
sed solely on the number of processors chosen for implementation, not on the
At the same time, we have developed partnerships with a view to offering operators a hosted
ture authority's requirements at a
fixed annual cost based on the levels of performance and availability requested by the operators.
function required for tracing
ams, and support in compiling the technical documentation that must
which we consider unique in the security industry– and our
onic vault functions in particular, we are pleased to offer, independently or with
our partners, the technical solution best suited to your needs. We look forward to developing a
een updated to reflect the specifications recently
1. THE REGULATORY FRAME
1 . 11 . 11 . 11 . 1 T H E P R I N C I P L E S B E H I NT H E P R I N C I P L E S B E H I NT H E P R I N C I P L E S B E H I NT H E P R I N C I P L E S B E H I N
Faced with the risks involved in gambling and
France made the choice to carefully open the online gambling market to competition by limiting
the supply side, at least initially, and by aiming to monitor operations as necessary. Online
gambling operators wishing to enter the French market must obtain a license from the online
gambling regulatory authority (the ARJEL).
Under the bill on introducing competition into the online gambling market, the French government
will only grant operating licenses to com
main objectives of these conditions are to ensure the:
• Protection of gamblers (preventing both addiction and access of minors to the gambling
sites);
• Integrity, security, reliability and transparency
• Prevention of fraud and money laundering;
• Preservation of tax resources.
The bill specifies the following operating conditions as part of the strategy to carefully open the
French online gambling market:
• A licensing system must be
• A regulatory authority, the ARJEL, must be established; its activities shall include:
� Processing license applications;
� Supervising and monitoring the gambling operations;
• Three types of gambling will be open to competition: pari
pools and non-banking games (poker);
• Licensed operators must have a .fr site for gamblers based in French territory;
• Operators must provide data to the authority for supervisory and monitoring purposes;
• A certain subset of these data must b
metropolitan France.
The trusted solution for online gambling operators in France
THE REGULATORY FRAME
T H E P R I N C I P L E S B E H I NT H E P R I N C I P L E S B E H I NT H E P R I N C I P L E S B E H I NT H E P R I N C I P L E S B E H I N D I N T R O D U C I N G C O M P E TD I N T R O D U C I N G C O M P E TD I N T R O D U C I N G C O M P E TD I N T R O D U C I N G C O M P E T I T I O NI T I O NI T I O NI T I O N
Faced with the risks involved in gambling and games of chance for both citizens and society,
France made the choice to carefully open the online gambling market to competition by limiting
the supply side, at least initially, and by aiming to monitor operations as necessary. Online
wishing to enter the French market must obtain a license from the online
gambling regulatory authority (the ARJEL).
Under the bill on introducing competition into the online gambling market, the French government
will only grant operating licenses to companies who meet the conditions set out by the law. The
main objectives of these conditions are to ensure the:
Protection of gamblers (preventing both addiction and access of minors to the gambling
Integrity, security, reliability and transparency of gambling activities;
Prevention of fraud and money laundering;
Preservation of tax resources.
The bill specifies the following operating conditions as part of the strategy to carefully open the
A licensing system must be in place;
A regulatory authority, the ARJEL, must be established; its activities shall include:
Processing license applications;
Supervising and monitoring the gambling operations;
Three types of gambling will be open to competition: pari-mutuel betting on
banking games (poker);
Licensed operators must have a .fr site for gamblers based in French territory;
Operators must provide data to the authority for supervisory and monitoring purposes;
A certain subset of these data must be archived on a secure medium located in
The trusted solution for online gambling operators in France
4
THE REGULATORY FRAMEWORK
I T I O NI T I O NI T I O NI T I O N
games of chance for both citizens and society,
France made the choice to carefully open the online gambling market to competition by limiting
the supply side, at least initially, and by aiming to monitor operations as necessary. Online
wishing to enter the French market must obtain a license from the online
Under the bill on introducing competition into the online gambling market, the French government
panies who meet the conditions set out by the law. The
Protection of gamblers (preventing both addiction and access of minors to the gambling
The bill specifies the following operating conditions as part of the strategy to carefully open the
A regulatory authority, the ARJEL, must be established; its activities shall include:
mutuel betting on horses, sports
Licensed operators must have a .fr site for gamblers based in French territory;
Operators must provide data to the authority for supervisory and monitoring purposes;
e archived on a secure medium located in
1 . 21 . 21 . 21 . 2 C R E A T I O N O F A R E G U L AC R E A T I O N O F A R E G U L AC R E A T I O N O F A R E G U L AC R E A T I O N O F A R E G U L A
O P E R A T O R R E G U L A T I O N SO P E R A T O R R E G U L A T I O N SO P E R A T O R R E G U L A T I O N SO P E R A T O R R E G U L A T I O N S
The future regulatory authority's missions The future regulatory authority's missions The future regulatory authority's missions The future regulatory authority's missions
Initially, the main roles of the future authority will be examining the l
whether candidates meet all the requirements and issuing licenses.
The ARJEL will be organized such that it can effectively carry out other roles:
• Defining the technical specifications for gambling platforms and software, whi
also approve;
• Verifying the certification eligibility of licensed companies over time;
• Supervising online gambling and betting operations;
• Contributing to the prevention of fraud and unauthorized sites.
Regulations concerning gambling platforms,Regulations concerning gambling platforms,Regulations concerning gambling platforms,Regulations concerning gambling platforms,
Authorized gambling services will be limited to:
• Sports pools for competitions included in a catalog compiled by the authority; bets can
only concern the outcome of these sporting events;
• Betting on horse races included in a cata
bets will be authorized;
• Non-banking games; at first only Texas Hold'em poker will be allowed.
The future regulatory authority will establish rules for licensed operators based on the following
principles:
• The obligation to generate a profit;
• A maximum player rate of return;
• The prohibition of underage gambling;
• Taxation on bets;
• The respect of gambling bans;
• The mandatory presence of moderators;
• Transparency with regard to partners and sub
• Advertising guidelines;
• Guidelines regarding the marketing actions that operators may use to attract and retain
clients;
• Regular reporting on responsible gambling, and prevention of fraud and money laundering.
Once it is created, the future regulatory authorit
gambling platforms (a draft version is currently available) with which operators must comply. Such
specifications include:
• A site dedicated to the French market, with an address ending in ".fr";
The trusted solution for online gambling operators in France
C R E A T I O N O F A R E G U L AC R E A T I O N O F A R E G U L AC R E A T I O N O F A R E G U L AC R E A T I O N O F A R E G U L A T O R Y A U T H O R I T Y A N D DT O R Y A U T H O R I T Y A N D DT O R Y A U T H O R I T Y A N D DT O R Y A U T H O R I T Y A N D D E F I N I T I O N O F E F I N I T I O N O F E F I N I T I O N O F E F I N I T I O N O F
O P E R A T O R R E G U L A T I O N SO P E R A T O R R E G U L A T I O N SO P E R A T O R R E G U L A T I O N SO P E R A T O R R E G U L A T I O N S
The future regulatory authority's missions The future regulatory authority's missions The future regulatory authority's missions The future regulatory authority's missions
Initially, the main roles of the future authority will be examining the license applications, checking
whether candidates meet all the requirements and issuing licenses.
The ARJEL will be organized such that it can effectively carry out other roles:
Defining the technical specifications for gambling platforms and software, whi
Verifying the certification eligibility of licensed companies over time;
Supervising online gambling and betting operations;
Contributing to the prevention of fraud and unauthorized sites.
Regulations concerning gambling platforms,Regulations concerning gambling platforms,Regulations concerning gambling platforms,Regulations concerning gambling platforms, organization and servicesorganization and servicesorganization and servicesorganization and services
Authorized gambling services will be limited to:
Sports pools for competitions included in a catalog compiled by the authority; bets can
only concern the outcome of these sporting events;
Betting on horse races included in a catalog compiled by the authority; only pari
banking games; at first only Texas Hold'em poker will be allowed.
The future regulatory authority will establish rules for licensed operators based on the following
he obligation to generate a profit;
A maximum player rate of return;
The prohibition of underage gambling;
The respect of gambling bans;
The mandatory presence of moderators;
Transparency with regard to partners and sub-contractors;
Guidelines regarding the marketing actions that operators may use to attract and retain
Regular reporting on responsible gambling, and prevention of fraud and money laundering.
Once it is created, the future regulatory authority will formalize technical specifications for
gambling platforms (a draft version is currently available) with which operators must comply. Such
A site dedicated to the French market, with an address ending in ".fr";
The trusted solution for online gambling operators in France
5
E F I N I T I O N O F E F I N I T I O N O F E F I N I T I O N O F E F I N I T I O N O F
icense applications, checking
Defining the technical specifications for gambling platforms and software, which it must
organization and servicesorganization and servicesorganization and servicesorganization and services
Sports pools for competitions included in a catalog compiled by the authority; bets can
log compiled by the authority; only pari-mutuel
banking games; at first only Texas Hold'em poker will be allowed.
The future regulatory authority will establish rules for licensed operators based on the following
Guidelines regarding the marketing actions that operators may use to attract and retain
Regular reporting on responsible gambling, and prevention of fraud and money laundering.
y will formalize technical specifications for
gambling platforms (a draft version is currently available) with which operators must comply. Such
A site dedicated to the French market, with an address ending in ".fr";
• A "front-end" for archiving gambling traces in France in real time;
• The conditions for guaranteeing secure hosting and operation.
The ARJEL's pre-configuration mission published this first version of the specifications on March 1,
2010.
Companies that obtain licenses w
meeting the requirements defined in the specifications.
1 . 31 . 31 . 31 . 3 T H E A R J E L L I C E N S I N G T H E A R J E L L I C E N S I N G T H E A R J E L L I C E N S I N G T H E A R J E L L I C E N S I N G
Estimated scheduleEstimated scheduleEstimated scheduleEstimated schedule
This schedule should enable the first operators to legally provide gambling services
market by the 2010 FIFA World Cup.
Licensing application contentLicensing application contentLicensing application contentLicensing application content
The specifications list all the elements that an operator applying for licensing must provide:
• Personal information (e.g. identity, address, legal sanctions, business names);
• Economic, financial and accounting information (e.g. balance sheet, fiscal representative);
• Gambling site (e.g. description of .fr site, advertising, affiliations);
• Gambling operations offered (e.g. types of gambling, general terms of business);
• Gambler accounts (e.g. registration, provisional accounts, funding to and withdrawal from
accounts);
• Prevention of fraud and money laundering;
• Prevention of addiction;
• Prevention of conflicts of interest (e.g. sponsoring a team or competition);
• Information system (IS)
applications, audit reports, maturity, compliance with specifications).
According to the licensing procedure announced by the ARJEL, it will respond to licensing
applications within four months
turnaround time for processing applications, we presume that the first batch of applications will
October
13, 2009
•Vote at first
reading
(Assemblée
Nationale)
February
24, 2010
•Vote at first
reading
(Sénat)
March 30,
•Adoption at
second
reading
(Assemblée
Nationale)
The trusted solution for online gambling operators in France
or archiving gambling traces in France in real time;
The conditions for guaranteeing secure hosting and operation.
configuration mission published this first version of the specifications on March 1,
Companies that obtain licenses will have one year to be certified by a recognized audit firm as
meeting the requirements defined in the specifications.
T H E A R J E L L I C E N S I N G T H E A R J E L L I C E N S I N G T H E A R J E L L I C E N S I N G T H E A R J E L L I C E N S I N G P R O C E D U R EP R O C E D U R EP R O C E D U R EP R O C E D U R E
This schedule should enable the first operators to legally provide gambling services
Cup.
The specifications list all the elements that an operator applying for licensing must provide:
Personal information (e.g. identity, address, legal sanctions, business names);
onomic, financial and accounting information (e.g. balance sheet, fiscal representative);
Gambling site (e.g. description of .fr site, advertising, affiliations);
Gambling operations offered (e.g. types of gambling, general terms of business);
unts (e.g. registration, provisional accounts, funding to and withdrawal from
Prevention of fraud and money laundering;
Prevention of conflicts of interest (e.g. sponsoring a team or competition);
architecture (e.g. front-end and vault, approval of software
applications, audit reports, maturity, compliance with specifications).
According to the licensing procedure announced by the ARJEL, it will respond to licensing
applications within four months of submission. If the ARJEL expects this to be the normal
turnaround time for processing applications, we presume that the first batch of applications will
March 30,
2010
Adoption at
second
reading
(Assemblée
Nationale)
Early April
2010
•Promulgation
of the law
•Creation of
the ARJEL
Mid-April
2010
•Publication of
orders
respecting the
application of
the law
Early May
2010
•Submission of
licensing
applications
The trusted solution for online gambling operators in France
6
configuration mission published this first version of the specifications on March 1,
ill have one year to be certified by a recognized audit firm as
This schedule should enable the first operators to legally provide gambling services on the French
The specifications list all the elements that an operator applying for licensing must provide:
Personal information (e.g. identity, address, legal sanctions, business names);
onomic, financial and accounting information (e.g. balance sheet, fiscal representative);
Gambling operations offered (e.g. types of gambling, general terms of business);
unts (e.g. registration, provisional accounts, funding to and withdrawal from
Prevention of conflicts of interest (e.g. sponsoring a team or competition);
end and vault, approval of software
According to the licensing procedure announced by the ARJEL, it will respond to licensing
of submission. If the ARJEL expects this to be the normal
turnaround time for processing applications, we presume that the first batch of applications will
Early May
2010
Submission of
applications
Early June
2010
•Licensing of
first batch of
operators by
the ARJEL
•Actual
introduction
of competition
into the
market
be processed in a shorter period of time to allow a limited number of operators to provide legal
online gambling services for the 2010 FIFA World Cup.
Transition periodTransition periodTransition periodTransition period
The specifications allow for a transition period during which some of the front
may not be met.
During this period, which may last a maximum of six months following lic
authority may exceptionally agree to allow operators to trace only the following in the front
• Gambler account data; and
• Either (to be chosen by the operator):
o Betting/game data (placing of bets, sequence of actions in a poker
o Financial data.
In all cases, data that the operator chooses to not trace directly on the front
the ARJEL by some other means for the duration of the transition period.
The trusted solution for online gambling operators in France
be processed in a shorter period of time to allow a limited number of operators to provide legal
ine gambling services for the 2010 FIFA World Cup.
The specifications allow for a transition period during which some of the front
During this period, which may last a maximum of six months following licensing by the ARJEL, the
authority may exceptionally agree to allow operators to trace only the following in the front
Gambler account data; and
Either (to be chosen by the operator):
Betting/game data (placing of bets, sequence of actions in a poker
In all cases, data that the operator chooses to not trace directly on the front
the ARJEL by some other means for the duration of the transition period.
The trusted solution for online gambling operators in France
7
be processed in a shorter period of time to allow a limited number of operators to provide legal
The specifications allow for a transition period during which some of the front-end specifications
ensing by the ARJEL, the
authority may exceptionally agree to allow operators to trace only the following in the front-end:
Betting/game data (placing of bets, sequence of actions in a poker game); or
In all cases, data that the operator chooses to not trace directly on the front-end must be sent to
2 . THE NEED FOR TRUST
2 . 12 . 12 . 12 . 1 G A M B L E R SG A M B L E R SG A M B L E R SG A M B L E R S
Gamblers open gambling accounts with operators, entrust them with money, make bets in the
hopes of winning with certain odds, and play against other gamblers. They must be able to trust
the operator with whom they gamble to be sure they can:
• Recover any amounts initially paid
• Recover their winnings, whether from a bookmaker or other players (pari
and poker).
To facilitate the establishment of trusted relationships between multiple gamblers and between
gamblers and operators, gamblers must be able to call on a third party in the event of a dispute to
provide evidence of their transactions. This role of trusted third party will be played by the future
regulatory authority.
2 . 22 . 22 . 22 . 2 O P E R A T O R SO P E R A T O R SO P E R A T O R SO P E R A T O R S
The data handled by operators are extremely sens
regarding their clients, which must be protected, and in part because these data could be of
strategic interest to their competitors. Operators cannot share these data with a third party unless
they are sure that the third party is completely trustworthy.
2 . 32 . 32 . 32 . 3 A U T H O R I T I E SA U T H O R I T I E SA U T H O R I T I E SA U T H O R I T I E S
The authorities ensure that the activities undertaken by online gambling operators do not
jeopardize social or public order. They must be able to draw on reliable control data to monitor for
money laundering and fraudulent or criminal activity, and to ensure the protection of minors and
persons at risk. Furthermore, authorities use these reliable data to check the tax bases of French
operators.
Consequently, the future authority must be able to
and gamblers in such a way that it can, if necessary, re
The trusted solution for online gambling operators in France
THE NEED FOR TRUST
accounts with operators, entrust them with money, make bets in the
hopes of winning with certain odds, and play against other gamblers. They must be able to trust
the operator with whom they gamble to be sure they can:
Recover any amounts initially paid that do not end up being wagered;
Recover their winnings, whether from a bookmaker or other players (pari
To facilitate the establishment of trusted relationships between multiple gamblers and between
blers must be able to call on a third party in the event of a dispute to
provide evidence of their transactions. This role of trusted third party will be played by the future
The data handled by operators are extremely sensitive, in part because they contain personal data
regarding their clients, which must be protected, and in part because these data could be of
strategic interest to their competitors. Operators cannot share these data with a third party unless
e that the third party is completely trustworthy.
The authorities ensure that the activities undertaken by online gambling operators do not
jeopardize social or public order. They must be able to draw on reliable control data to monitor for
ney laundering and fraudulent or criminal activity, and to ensure the protection of minors and
persons at risk. Furthermore, authorities use these reliable data to check the tax bases of French
Consequently, the future authority must be able to track all relevant operations between operators
and gamblers in such a way that it can, if necessary, re-create them.
The trusted solution for online gambling operators in France
8
accounts with operators, entrust them with money, make bets in the
hopes of winning with certain odds, and play against other gamblers. They must be able to trust
that do not end up being wagered;
Recover their winnings, whether from a bookmaker or other players (pari-mutuel betting
To facilitate the establishment of trusted relationships between multiple gamblers and between
blers must be able to call on a third party in the event of a dispute to
provide evidence of their transactions. This role of trusted third party will be played by the future
itive, in part because they contain personal data
regarding their clients, which must be protected, and in part because these data could be of
strategic interest to their competitors. Operators cannot share these data with a third party unless
The authorities ensure that the activities undertaken by online gambling operators do not
jeopardize social or public order. They must be able to draw on reliable control data to monitor for
ney laundering and fraudulent or criminal activity, and to ensure the protection of minors and
persons at risk. Furthermore, authorities use these reliable data to check the tax bases of French
track all relevant operations between operators
3 . THE TECHNICAL SOLUTI
3 . 13 . 13 . 13 . 1 A R C H I T E C T U R E W I T H A A R C H I T E C T U R E W I T H A A R C H I T E C T U R E W I T H A A R C H I T E C T U R E W I T H A
Article 22 of the French bill on introducing competition to t
use of a technical device located in metropolitan France:
"Operators shall be required to archive, in real time and on a physical medium located in
France, all data mentioned...All data exchanged between the gambler a
shall pass through this medium." (Unofficial translation)
In practice, this article translates into the use of a "front
front-end is a server that can be accessed
data exchanged between gamblers and operators must flow through this server and be recorded
so that the regulatory authority can, if necessary, examine it. The architecture can be represented
as follows:
The .fr front-end server is the technical representation of the trusted third party required for
online gambling in France.
3 . 23 . 23 . 23 . 2 T H E F R O N TT H E F R O N TT H E F R O N TT H E F R O N T ---- E N D R E T R I E V E S A N D S EE N D R E T R I E V E S A N D S EE N D R E T R I E V E S A N D S EE N D R E T R I E V E S A N D S E
T R A N S A C T I O N ST R A N S A C T I O N ST R A N S A C T I O N ST R A N S A C T I O N S
The front-end intervenes without interrupting the data stream. It must a
to manage a French interface for gamblers, manage the various regulatory displays, execute the
traceability functions required by the bill, and efficiently manage relations with their "back offices".
As shown in the diagram below,
the front-end interface, the capteur
make up the lower part of the front
The trusted solution for online gambling operators in France
THE TECHNICAL SOLUTION
A R C H I T E C T U R E W I T H A A R C H I T E C T U R E W I T H A A R C H I T E C T U R E W I T H A A R C H I T E C T U R E W I T H A F R O N TF R O N TF R O N TF R O N T ---- E N D I N F R E N C H T E R R I TE N D I N F R E N C H T E R R I TE N D I N F R E N C H T E R R I TE N D I N F R E N C H T E R R I T
Article 22 of the French bill on introducing competition to the online gambling market imposes the
use of a technical device located in metropolitan France:
"Operators shall be required to archive, in real time and on a physical medium located in
France, all data mentioned...All data exchanged between the gambler a
shall pass through this medium." (Unofficial translation)
In practice, this article translates into the use of a "front-end" that must be hosted in France. The
end is a server that can be accessed at an address ending in “.fr”. The b
data exchanged between gamblers and operators must flow through this server and be recorded
so that the regulatory authority can, if necessary, examine it. The architecture can be represented
Simplified architecture
end server is the technical representation of the trusted third party required for
E N D R E T R I E V E S A N D S EE N D R E T R I E V E S A N D S EE N D R E T R I E V E S A N D S EE N D R E T R I E V E S A N D S E C U R E S T R A C E S O F C U R E S T R A C E S O F C U R E S T R A C E S O F C U R E S T R A C E S O F
end intervenes without interrupting the data stream. It must allow gambling operators
to manage a French interface for gamblers, manage the various regulatory displays, execute the
traceability functions required by the bill, and efficiently manage relations with their "back offices".
As shown in the diagram below, there are four main modules within the operator's .fr front
capteur, the back-end relay and the electronic vault. The first three
make up the lower part of the front-end.
The trusted solution for online gambling operators in France
9
ON
E N D I N F R E N C H T E R R I TE N D I N F R E N C H T E R R I TE N D I N F R E N C H T E R R I TE N D I N F R E N C H T E R R I T O R YO R YO R YO R Y
he online gambling market imposes the
"Operators shall be required to archive, in real time and on a physical medium located in
France, all data mentioned...All data exchanged between the gambler and the operator
end" that must be hosted in France. The
. The bill stipulates that
data exchanged between gamblers and operators must flow through this server and be recorded
so that the regulatory authority can, if necessary, examine it. The architecture can be represented
end server is the technical representation of the trusted third party required for
C U R E S T R A C E S O F C U R E S T R A C E S O F C U R E S T R A C E S O F C U R E S T R A C E S O F
llow gambling operators
to manage a French interface for gamblers, manage the various regulatory displays, execute the
traceability functions required by the bill, and efficiently manage relations with their "back offices".
there are four main modules within the operator's .fr front-end:
end relay and the electronic vault. The first three
The electronic vault function is run independently
to protect traces over a long period of time. This is the upper part of the front
The electronic vault stores and protects traces from the information collected by the capteur
FrontFrontFrontFront----end interface end interface end interface end interface
In standard web architecture, this is the presentation layer. This module implements the gambling
site interface in French, including all the moderators required by the future authority (e.g. pop
ups, warnings).
CapteurCapteurCapteurCapteur
This module is required by the bill
and supervisory activities from the requests sent by gamblers to the presentation layer. The nature
and format of the data traced (XML) is imposed by the future authority. This means that th
capteur module will also have to format the retrieved data according to the specifications.
BackBackBackBack----end relayend relayend relayend relay
This module transfers the transactions initiated by gamblers to the operator's back
engines. It establishes the secure link between th
may be located outside of France. As with the front
module not be the weak link in terms of performance and availability.
Vault (upper part of frontVault (upper part of frontVault (upper part of frontVault (upper part of front----end)end)end)end)
The vault module collects the traces produced by the
manner. This module is essential for the purposes of the bill. If required, the future authority must
be able to access the electronic vault either on site or remotely.
The trusted solution for online gambling operators in France
The electronic vault function is run independently of the gambling operator's business, and is used
to protect traces over a long period of time. This is the upper part of the front
The electronic vault stores and protects traces from the information collected by the capteur
In standard web architecture, this is the presentation layer. This module implements the gambling
site interface in French, including all the moderators required by the future authority (e.g. pop
This module is required by the bill. It must allow operators to retrieve data relevant to monitoring
and supervisory activities from the requests sent by gamblers to the presentation layer. The nature
and format of the data traced (XML) is imposed by the future authority. This means that th
module will also have to format the retrieved data according to the specifications.
This module transfers the transactions initiated by gamblers to the operator's back
engines. It establishes the secure link between the front-end in France and the operator's IS, which
may be located outside of France. As with the front-end interface, it is very important that this
module not be the weak link in terms of performance and availability.
end)end)end)end)
ault module collects the traces produced by the capteur to preserve them in a secure
manner. This module is essential for the purposes of the bill. If required, the future authority must
be able to access the electronic vault either on site or remotely.
The trusted solution for online gambling operators in France
10
of the gambling operator's business, and is used
to protect traces over a long period of time. This is the upper part of the front-end.
The electronic vault stores and protects traces from the information collected by the capteur
In standard web architecture, this is the presentation layer. This module implements the gambling
site interface in French, including all the moderators required by the future authority (e.g. pop-
. It must allow operators to retrieve data relevant to monitoring
and supervisory activities from the requests sent by gamblers to the presentation layer. The nature
and format of the data traced (XML) is imposed by the future authority. This means that the
module will also have to format the retrieved data according to the specifications.
This module transfers the transactions initiated by gamblers to the operator's back-end gambling
end in France and the operator's IS, which
end interface, it is very important that this
to preserve them in a secure
manner. This module is essential for the purposes of the bill. If required, the future authority must
3 . 33 . 33 . 33 . 3 V A U L T F U N C T I O N ( U P P EV A U L T F U N C T I O N ( U P P EV A U L T F U N C T I O N ( U P P EV A U L T F U N C T I O N ( U P P E
A key part of supervisory and monitoring activitiesA key part of supervisory and monitoring activitiesA key part of supervisory and monitoring activitiesA key part of supervisory and monitoring activities
The future regulatory authority will supervise and monitor operators' activities, a role that relies on
the transaction traces preserved in the electronic vault. S
operator and the regulatory authority, disagree on some point, these data shall be regarded as
official. They must therefore be completely reliable and admissible in a court of law.
Mandatory FNISA certificationMandatory FNISA certificationMandatory FNISA certificationMandatory FNISA certification
The French Network and Information Security Agency (FNISA), is the national reference body for IT
security. The future regulatory authority will impose a security target for the electronic vault,
which the FNISA will use as criteria in the CSPN first level secu
approving the vault application used.
Initialized by the future regulatory authorityInitialized by the future regulatory authorityInitialized by the future regulatory authorityInitialized by the future regulatory authority
The electronic vault must be initialized by the future regulatory authority. The authority will certify
the generation of the secrets, befor
operation is what makes it possible to guarantee the security of data preserved in the vault.
Hosted under the responsibility of the operatorHosted under the responsibility of the operatorHosted under the responsibility of the operatorHosted under the responsibility of the operator
The electronic vault constitutes part of the ope
responsible for hosting it, or finding a host for it, under satisfactory perimeter security conditions.
The operator is responsible for ensuring that the electronic vault functions correctly.
The trusted solution for online gambling operators in France
V A U L T F U N C T I O N ( U P P EV A U L T F U N C T I O N ( U P P EV A U L T F U N C T I O N ( U P P EV A U L T F U N C T I O N ( U P P E R P A R T O F F R O N TR P A R T O F F R O N TR P A R T O F F R O N TR P A R T O F F R O N T ---- E N D )E N D )E N D )E N D )
A key part of supervisory and monitoring activitiesA key part of supervisory and monitoring activitiesA key part of supervisory and monitoring activitiesA key part of supervisory and monitoring activities
The future regulatory authority will supervise and monitor operators' activities, a role that relies on
the transaction traces preserved in the electronic vault. Should an operator and a gambler, or an
operator and the regulatory authority, disagree on some point, these data shall be regarded as
official. They must therefore be completely reliable and admissible in a court of law.
rench Network and Information Security Agency (FNISA), is the national reference body for IT
security. The future regulatory authority will impose a security target for the electronic vault,
which the FNISA will use as criteria in the CSPN first level security certification process for
approving the vault application used.
Initialized by the future regulatory authorityInitialized by the future regulatory authorityInitialized by the future regulatory authorityInitialized by the future regulatory authority
The electronic vault must be initialized by the future regulatory authority. The authority will certify
the generation of the secrets, before logically and physically sealing the vault. This initialization
operation is what makes it possible to guarantee the security of data preserved in the vault.
Hosted under the responsibility of the operatorHosted under the responsibility of the operatorHosted under the responsibility of the operatorHosted under the responsibility of the operator
The electronic vault constitutes part of the operator's infrastructure. Consequently, the operator is
responsible for hosting it, or finding a host for it, under satisfactory perimeter security conditions.
The operator is responsible for ensuring that the electronic vault functions correctly.
The trusted solution for online gambling operators in France
11
The future regulatory authority will supervise and monitor operators' activities, a role that relies on
hould an operator and a gambler, or an
operator and the regulatory authority, disagree on some point, these data shall be regarded as
official. They must therefore be completely reliable and admissible in a court of law.
rench Network and Information Security Agency (FNISA), is the national reference body for IT
security. The future regulatory authority will impose a security target for the electronic vault,
rity certification process for
The electronic vault must be initialized by the future regulatory authority. The authority will certify
e logically and physically sealing the vault. This initialization
operation is what makes it possible to guarantee the security of data preserved in the vault.
rator's infrastructure. Consequently, the operator is
responsible for hosting it, or finding a host for it, under satisfactory perimeter security conditions.
The operator is responsible for ensuring that the electronic vault functions correctly.
4 . ARJEL SPECIFICATIONS
On March 1, 2010, the ARJEL's pre
specifications with which the IS of operators licensed in France must comply.
4 . 14 . 14 . 14 . 1 F R O N TF R O N TF R O N TF R O N T ---- E N D R E Q U I R E M E N T SE N D R E Q U I R E M E N T SE N D R E Q U I R E M E N T SE N D R E Q U I R E M E N T S
General requirementsGeneral requirementsGeneral requirementsGeneral requirements
• The front-end shall be located in metropolitan France;
• The front-end shall rely on a highly available architecture;
• Only data transmitted from the gambler to the operator may be traced, such that the data
correspond to the gambler's perception of how the bet was placed or how
played out;
• The front-end shall operate without interrupting the data stream;
• Data streaming from French IP addresses or gamblers registered as French citizens shall be
redirected towards this front
The The The The capteurcapteurcapteurcapteur
• The capteur shall retrieve data corresponding to gambling or betting actions to create
traces in the vault;
• The annex to the specifications provides a detailed definition of the XML format expected
for each type of poker, horse
• Only data related to gambling events shall be traced. Consequently, most presentation
data, such as images, shall not be traced;
• The capteur shall prepare the data to be traced and submit them to the vault after receiving
acknowledgment of correct proce
The vaultThe vaultThe vaultThe vault
• The vault shall guarantee the integrity and completeness of archived data;
• Access to the vault part of the front
mechanisms;
• Data stored in the vault shall be e
• The vault shall have CSPN certification covering:
o Submission or injection of recorded data;
o Modification of recorded data;
o Theft of data;
o Denial of service;
o Strong authentication of users and administrators;
o Event chaining;
o Event encryption;
o Signature of events;
The trusted solution for online gambling operators in France
SPECIFICATIONS
On March 1, 2010, the ARJEL's pre-configuration mission published a first version of the detailed
specifications with which the IS of operators licensed in France must comply.
E N D R E Q U I R E M E N T SE N D R E Q U I R E M E N T SE N D R E Q U I R E M E N T SE N D R E Q U I R E M E N T S
be located in metropolitan France;
end shall rely on a highly available architecture;
Only data transmitted from the gambler to the operator may be traced, such that the data
correspond to the gambler's perception of how the bet was placed or how
end shall operate without interrupting the data stream;
Data streaming from French IP addresses or gamblers registered as French citizens shall be
redirected towards this front-end.
ve data corresponding to gambling or betting actions to create
The annex to the specifications provides a detailed definition of the XML format expected
for each type of poker, horse-racing and sports betting events that shall be trace
Only data related to gambling events shall be traced. Consequently, most presentation
data, such as images, shall not be traced;
shall prepare the data to be traced and submit them to the vault after receiving
acknowledgment of correct processing from the gambling platform.
The vault shall guarantee the integrity and completeness of archived data;
Access to the vault part of the front-end shall be controlled using strong authentication
Data stored in the vault shall be encrypted such that only the ARJEL can read them;
The vault shall have CSPN certification covering:
Submission or injection of recorded data;
Modification of recorded data;
Strong authentication of users and administrators;
Signature of events;
The trusted solution for online gambling operators in France
12
configuration mission published a first version of the detailed
Only data transmitted from the gambler to the operator may be traced, such that the data
correspond to the gambler's perception of how the bet was placed or how the poker game
Data streaming from French IP addresses or gamblers registered as French citizens shall be
ve data corresponding to gambling or betting actions to create
The annex to the specifications provides a detailed definition of the XML format expected
racing and sports betting events that shall be traced;
Only data related to gambling events shall be traced. Consequently, most presentation
shall prepare the data to be traced and submit them to the vault after receiving
The vault shall guarantee the integrity and completeness of archived data;
end shall be controlled using strong authentication
ncrypted such that only the ARJEL can read them;
• Only the ARJEL shall be able to manage profiles and users for this vault. ARJEL
representatives acting on behalf of the authority shall define this configuration during a
Key Ceremony to initialize th
• Storage spaces shall be compartmentalized to separate:
o Configuration data from stored gambling data;
o Data related to the different ARJEL licenses;
• The cryptographic functions shall respect the general security framework (RGS)
recommendations;
• The electronic signature shall, by a certain time, meet the XAdES
• The ARJEL shall be able to remotely access the vault to:
o Consult traces based on a specific time frame;
o Synchronize with data stored in the vault;
• On site, the ARJEL shall be able to
• For performance purposes, the vault shall be able to cryptographically process recorded
data in batches.
4 . 24 . 24 . 24 . 2 G A M B L I N G A P P L I C A T I O NG A M B L I N G A P P L I C A T I O NG A M B L I N G A P P L I C A T I O NG A M B L I N G A P P L I C A T I O N
• Gambling applications shall be approved by the ARJEL;
• ARJEL approval includes:
o Supplying the application's source code;
o Supplying the source code for the random
o A security vulnerability audit;
o An audit validating the quality of the random
o An audit certifying that the application co
4 . 34 . 34 . 34 . 3 G A M B L I N G P L A T F O R M R EG A M B L I N G P L A T F O R M R EG A M B L I N G P L A T F O R M R EG A M B L I N G P L A T F O R M R E
• The platform shall be located in a country or territory that is not considered a tax haven by
international organizations;
• The platform shall allow the operator to generate activity reports containin
indicators for the ARJEL;
• The platform shall, by a certain time, interface with the ARJEL's database of banned
gamblers;
• The platform shall have undergone a security audit.
4 . 44 . 44 . 44 . 4 I N F O R M A T I O N S Y S T E M MI N F O R M A T I O N S Y S T E M MI N F O R M A T I O N S Y S T E M MI N F O R M A T I O N S Y S T E M M
The operator must prove the maturity of its IS, especially of those aspects related to security. To
do this, the operator's licensing application shall include documentation proving that:
• Administration and operation procedures have been implemented;
• Technical architecture specificatio
• Denial of service protection is implemented;
The trusted solution for online gambling operators in France
Only the ARJEL shall be able to manage profiles and users for this vault. ARJEL
representatives acting on behalf of the authority shall define this configuration during a
Key Ceremony to initialize the vault;
Storage spaces shall be compartmentalized to separate:
Configuration data from stored gambling data;
Data related to the different ARJEL licenses;
The cryptographic functions shall respect the general security framework (RGS)
electronic signature shall, by a certain time, meet the XAdES-T standard;
The ARJEL shall be able to remotely access the vault to:
Consult traces based on a specific time frame;
Synchronize with data stored in the vault;
On site, the ARJEL shall be able to copy all data from the vault onto a removable medium;
For performance purposes, the vault shall be able to cryptographically process recorded
G A M B L I N G A P P L I C A T I O NG A M B L I N G A P P L I C A T I O NG A M B L I N G A P P L I C A T I O NG A M B L I N G A P P L I C A T I O N R E Q U I R E M E N T SR E Q U I R E M E N T SR E Q U I R E M E N T SR E Q U I R E M E N T S
Gambling applications shall be approved by the ARJEL;
Supplying the application's source code;
Supplying the source code for the random-number generator;
A security vulnerability audit;
An audit validating the quality of the random-number generator;
An audit certifying that the application conforms to gambling rules.
G A M B L I N G P L A T F O R M R EG A M B L I N G P L A T F O R M R EG A M B L I N G P L A T F O R M R EG A M B L I N G P L A T F O R M R E Q U I R E M E N T SQ U I R E M E N T SQ U I R E M E N T SQ U I R E M E N T S
The platform shall be located in a country or territory that is not considered a tax haven by
international organizations;
The platform shall allow the operator to generate activity reports containin
The platform shall, by a certain time, interface with the ARJEL's database of banned
The platform shall have undergone a security audit.
I N F O R M A T I O N S Y S T E M MI N F O R M A T I O N S Y S T E M MI N F O R M A T I O N S Y S T E M MI N F O R M A T I O N S Y S T E M M A T U R I T Y R E Q U I R E M E N T SA T U R I T Y R E Q U I R E M E N T SA T U R I T Y R E Q U I R E M E N T SA T U R I T Y R E Q U I R E M E N T S
turity of its IS, especially of those aspects related to security. To
do this, the operator's licensing application shall include documentation proving that:
Administration and operation procedures have been implemented;
Technical architecture specifications (hardware and software) are met;
Denial of service protection is implemented;
The trusted solution for online gambling operators in France
13
Only the ARJEL shall be able to manage profiles and users for this vault. ARJEL
representatives acting on behalf of the authority shall define this configuration during a
The cryptographic functions shall respect the general security framework (RGS)
T standard;
copy all data from the vault onto a removable medium;
For performance purposes, the vault shall be able to cryptographically process recorded
number generator;
gambling rules.
The platform shall be located in a country or territory that is not considered a tax haven by
The platform shall allow the operator to generate activity reports containing aggregate
The platform shall, by a certain time, interface with the ARJEL's database of banned
A T U R I T Y R E Q U I R E M E N T SA T U R I T Y R E Q U I R E M E N T SA T U R I T Y R E Q U I R E M E N T SA T U R I T Y R E Q U I R E M E N T S
turity of its IS, especially of those aspects related to security. To
do this, the operator's licensing application shall include documentation proving that:
ns (hardware and software) are met;
• CERTA (Centre d'Expertise Gouvernemental de Réponse et de Traitement des Attaques
informatiques, the French IT attack response and processing governmental expertise
center) alerts are monitored and recommendations are observed;
• Administrator access to equipment and applications is controlled;
• Configuration files are updated and their integrity guaranteed;
• Gambling application source codes are provided;
• Data is archived for five years after a gambler account is closed;
• The clock is precise to within 1 sec of UTC time;
• Logs of technical traces are kept;
• User interventions are traceable;
• Physical access to technical locations is secured.
The trusted solution for online gambling operators in France
CERTA (Centre d'Expertise Gouvernemental de Réponse et de Traitement des Attaques
informatiques, the French IT attack response and processing governmental expertise
erts are monitored and recommendations are observed;
Administrator access to equipment and applications is controlled;
Configuration files are updated and their integrity guaranteed;
Gambling application source codes are provided;
years after a gambler account is closed;
The clock is precise to within 1 sec of UTC time;
Logs of technical traces are kept;
User interventions are traceable;
Physical access to technical locations is secured.
The trusted solution for online gambling operators in France
14
CERTA (Centre d'Expertise Gouvernemental de Réponse et de Traitement des Attaques
informatiques, the French IT attack response and processing governmental expertise
5 . DICTAO'S OFFER
A SOLUTION COMPLIANT
FUTURE AUTHORITY'S
REGULATIONS AS OF TH
INTRODUCTION OF COMP
5 . 15 . 15 . 15 . 1 A N O F F E R T E C H N I C A L L YA N O F F E R T E C H N I C A L L YA N O F F E R T E C H N I C A L L YA N O F F E R T E C H N I C A L L Y
Overview of D3S solutionOverview of D3S solutionOverview of D3S solutionOverview of D3S solution
For organizations looking to protect and archive their digital data such that they retain legal value,
Dictao Secure Storage Server, or D3S, is an infrastructure solution that makes it possible to:
• Protect archived electronic dataProtect archived electronic dataProtect archived electronic dataProtect archived electronic data
(only authorized persons may access the data);
• Archive data with legal valArchive data with legal valArchive data with legal valArchive data with legal val
any moment, such that they can be used as evidence in the event of a dispute. To
accomplish this, D3S ensures the authenticity, integrity, traceability and availability of
archived information over the long term.
An industrial solution, D3S has been proven in various contexts, for example at the
French Ministry of DefenseMinistry of DefenseMinistry of DefenseMinistry of Defense, the French
the INPIINPIINPIINPI (French National Institute for Intellectual Property),
D3S is the only solution on the market to be built on components whose quality, security and
regulatory compliance are regularly validated by the FNISA through audits, certifica
recertification at the Common Criteria EAL3+ level.
Dictao is currently working to obtain CSPN certification for D3S early in 2010 so that it meets the
requirements of the future online gambling regulatory authority.
D3S guarantees the following:
• Long-term preservation of archived documents;
• Intact retrieval of certified copies of archives;
• Access control for archived documents;
• Legal value of archives;
• Traceability of actions carried out.
The trusted solution for online gambling operators in France
DICTAO'S OFFER :
A SOLUTION COMPLIANT WITH THE
FUTURE AUTHORITY'S
REGULATIONS AS OF THE
INTRODUCTION OF COMPETITION
A N O F F E R T E C H N I C A L L YA N O F F E R T E C H N I C A L L YA N O F F E R T E C H N I C A L L YA N O F F E R T E C H N I C A L L Y B A S E D O N O U R D 3 S S O LB A S E D O N O U R D 3 S S O LB A S E D O N O U R D 3 S S O LB A S E D O N O U R D 3 S S O L U T I O NU T I O NU T I O NU T I O N
For organizations looking to protect and archive their digital data such that they retain legal value,
tao Secure Storage Server, or D3S, is an infrastructure solution that makes it possible to:
Protect archived electronic dataProtect archived electronic dataProtect archived electronic dataProtect archived electronic data: D3S guarantees data confidentiality and access control
(only authorized persons may access the data);
Archive data with legal valArchive data with legal valArchive data with legal valArchive data with legal valueueueue: D3S guarantees the continuity and intact retrieval of data at
any moment, such that they can be used as evidence in the event of a dispute. To
accomplish this, D3S ensures the authenticity, integrity, traceability and availability of
on over the long term.
An industrial solution, D3S has been proven in various contexts, for example at the
, the French Ministry for the Economy, Industry and EmploymentMinistry for the Economy, Industry and EmploymentMinistry for the Economy, Industry and EmploymentMinistry for the Economy, Industry and Employment
titute for Intellectual Property), CegedimCegedimCegedimCegedim, and the Paris chamber of notariesParis chamber of notariesParis chamber of notariesParis chamber of notaries
D3S is the only solution on the market to be built on components whose quality, security and
regulatory compliance are regularly validated by the FNISA through audits, certifica
recertification at the Common Criteria EAL3+ level.
Dictao is currently working to obtain CSPN certification for D3S early in 2010 so that it meets the
requirements of the future online gambling regulatory authority.
term preservation of archived documents;
Intact retrieval of certified copies of archives;
Access control for archived documents;
Traceability of actions carried out.
The trusted solution for online gambling operators in France
15
WITH THE
ETITION
U T I O NU T I O NU T I O NU T I O N
For organizations looking to protect and archive their digital data such that they retain legal value,
tao Secure Storage Server, or D3S, is an infrastructure solution that makes it possible to:
: D3S guarantees data confidentiality and access control
: D3S guarantees the continuity and intact retrieval of data at
any moment, such that they can be used as evidence in the event of a dispute. To
accomplish this, D3S ensures the authenticity, integrity, traceability and availability of
An industrial solution, D3S has been proven in various contexts, for example at the Banque de FranceBanque de FranceBanque de FranceBanque de France, the
Ministry for the Economy, Industry and EmploymentMinistry for the Economy, Industry and EmploymentMinistry for the Economy, Industry and EmploymentMinistry for the Economy, Industry and Employment (MINEI),
Paris chamber of notariesParis chamber of notariesParis chamber of notariesParis chamber of notaries.
D3S is the only solution on the market to be built on components whose quality, security and
regulatory compliance are regularly validated by the FNISA through audits, certification and
Dictao is currently working to obtain CSPN certification for D3S early in 2010 so that it meets the
Archiving for legal purposes Archiving for legal purposes Archiving for legal purposes Archiving for legal purposes
Archiving for legal purposes differs from regular storage in that it guarantees the quality and
reliability of the information.
To preserve the legal value of born
readability and durability must be ensured.
Dictao's security and trust functions guarantee the:
• Integrity of archived documents, through electronic signature;
• Confidentiality of these documents, through data encryption and access control;
• Traceability of actions performed (e.g. filing, retrieval, re
• Durability of data (e.g. evidence, documents), through periodic re
possible to preserve archives for a longer period of time.
Documents archived using this solution have legal value most notably because D3S's k
components are certified at the Common Criteria EAL3+ level. The information retrieved after
archiving can therefore be used as evidence in the event of a dispute.
D3S provides archiving for legal purposes
Digital vault room layout Digital vault room layout Digital vault room layout Digital vault room layout
D3S is organized according to a digital vault room layout, with master electronic vaults that each
contain one or more smaller vaults.
Each of these vaults may be empty or may contain one or more digital items.
The trusted solution for online gambling operators in France
poses differs from regular storage in that it guarantees the quality and
To preserve the legal value of born-digital documents, their authenticity, integrity, accessibility,
readability and durability must be ensured.
ao's security and trust functions guarantee the:
Integrity of archived documents, through electronic signature;
Confidentiality of these documents, through data encryption and access control;
Traceability of actions performed (e.g. filing, retrieval, requests for copies);
Durability of data (e.g. evidence, documents), through periodic re-signing, which makes it
possible to preserve archives for a longer period of time.
Documents archived using this solution have legal value most notably because D3S's k
components are certified at the Common Criteria EAL3+ level. The information retrieved after
archiving can therefore be used as evidence in the event of a dispute.
D3S provides archiving for legal purposes
according to a digital vault room layout, with master electronic vaults that each
contain one or more smaller vaults.
Each of these vaults may be empty or may contain one or more digital items.
The trusted solution for online gambling operators in France
16
poses differs from regular storage in that it guarantees the quality and
digital documents, their authenticity, integrity, accessibility,
Confidentiality of these documents, through data encryption and access control;
quests for copies);
signing, which makes it
Documents archived using this solution have legal value most notably because D3S's key
components are certified at the Common Criteria EAL3+ level. The information retrieved after
according to a digital vault room layout, with master electronic vaults that each
Each of these vaults may be empty or may contain one or more digital items.
The diagram below illustrates how D3S is organized.
D3S is organized according to the following principles:
• Divided into master vaults, each containing several smaller vaults;
• Vaults allocated to a single group of users or shared between multiple groups;
• Request for access to a va
• Integrity, confidentiality, access control, traceability ensured by each vault;
• Notification of document availability.
5 . 25 . 25 . 25 . 2 P A C K A G I N G A D A P T E D F OP A C K A G I N G A D A P T E D F OP A C K A G I N G A D A P T E D F OP A C K A G I N G A D A P T E D F O
D3S was designed to be configurable
implementations. To simplify and speed up integration of D3S into online gambling operator
platforms, we offer a pre-configured version that complies with requirements of both the future
authority and operators.
The trusted solution for online gambling operators in France
The diagram below illustrates how D3S is organized.
Digital vault room layout
D3S is organized according to the following principles:
Divided into master vaults, each containing several smaller vaults;
Vaults allocated to a single group of users or shared between multiple groups;
Request for access to a vault approved by a group of approving officers;
Integrity, confidentiality, access control, traceability ensured by each vault;
Notification of document availability.
P A C K A G I N G A D A P T E D F OP A C K A G I N G A D A P T E D F OP A C K A G I N G A D A P T E D F OP A C K A G I N G A D A P T E D F O R O N L I N E G A M B L I N G O PR O N L I N E G A M B L I N G O PR O N L I N E G A M B L I N G O PR O N L I N E G A M B L I N G O P E R A T O R S E R A T O R S E R A T O R S E R A T O R S
D3S was designed to be configurable so that it could be adapted specifically to various client
implementations. To simplify and speed up integration of D3S into online gambling operator
configured version that complies with requirements of both the future
The trusted solution for online gambling operators in France
17
Vaults allocated to a single group of users or shared between multiple groups;
ult approved by a group of approving officers;
Integrity, confidentiality, access control, traceability ensured by each vault;
E R A T O R S E R A T O R S E R A T O R S E R A T O R S
so that it could be adapted specifically to various client
implementations. To simplify and speed up integration of D3S into online gambling operator
configured version that complies with requirements of both the future
D3S compliance with ARJEL requirementsD3S compliance with ARJEL requirementsD3S compliance with ARJEL requirementsD3S compliance with ARJEL requirements
D3S meets all the ARJEL's requirements, including the main ones presented in the table below.
RequirementRequirementRequirementRequirement
1 The vault shall guarantee the integrity and
completeness of archived data.
2 Access to the vault part of the front
controlled using strong authentication mechanisms;
3 Data stored in the vault shall be encrypted such
that only the ARJEL can read them;
4 The vault shall have CSPN certification.
5 Only the ARJEL shall be able to manage profiles and
users. ARJEL representatives acting on behalf of the
authority shall define this configuration during a
Key Ceremony to initialize the vault.
6 Storage spaces must be compartmentalized to
separate:
• Configuration data from stored gambling
data;
• Data related to the different ARJEL licenses.
7 Cryptography shall respect the RGS rules.
8 The electronic signature shall, by a certain time,
meet the XAdES-T standard.
9 The ARJEL shall be able to remotely access the vault
to:
• Consult traces based on a specific time
frame;
• Synchronize with data stored in the vault.
10 On site, the ARJEL shall be able to copy all data
from the vault onto a removable me
11 For performance purposes, the vault shall be able
to cryptographically process recorded data in
batches.
Managing multiple brands and licenses Managing multiple brands and licenses Managing multiple brands and licenses Managing multiple brands and licenses
The bill stipulates that online gambling operators will have to obtain different licenses for
type of gambling they plan to offer: sports pools, horse racing betting and poker. To technically
compartmentalize these licenses, which may be obtained and revoked independently, we can
The trusted solution for online gambling operators in France
D3S compliance with ARJEL requirementsD3S compliance with ARJEL requirementsD3S compliance with ARJEL requirementsD3S compliance with ARJEL requirements
D3S meets all the ARJEL's requirements, including the main ones presented in the table below.
RequirementRequirementRequirementRequirement Native supportNative supportNative supportNative support
The vault shall guarantee the integrity and
eness of archived data.
Access to the vault part of the front-end shall be
controlled using strong authentication mechanisms;
Data stored in the vault shall be encrypted such
that only the ARJEL can read them;
ertification.
Only the ARJEL shall be able to manage profiles and
users. ARJEL representatives acting on behalf of the
authority shall define this configuration during a
Key Ceremony to initialize the vault.
ces must be compartmentalized to
Configuration data from stored gambling
Data related to the different ARJEL licenses.
Cryptography shall respect the RGS rules.
The electronic signature shall, by a certain time,
T standard.
The ARJEL shall be able to remotely access the vault
Consult traces based on a specific time
Synchronize with data stored in the vault.
On site, the ARJEL shall be able to copy all data
from the vault onto a removable medium.
For performance purposes, the vault shall be able
to cryptographically process recorded data in
Managing multiple brands and licenses Managing multiple brands and licenses Managing multiple brands and licenses Managing multiple brands and licenses
The bill stipulates that online gambling operators will have to obtain different licenses for
type of gambling they plan to offer: sports pools, horse racing betting and poker. To technically
compartmentalize these licenses, which may be obtained and revoked independently, we can
The trusted solution for online gambling operators in France
18
D3S meets all the ARJEL's requirements, including the main ones presented in the table below.
ARJEL ARJEL ARJEL ARJEL
configurationconfigurationconfigurationconfiguration
CSPN certification
pending
The bill stipulates that online gambling operators will have to obtain different licenses for each
type of gambling they plan to offer: sports pools, horse racing betting and poker. To technically
compartmentalize these licenses, which may be obtained and revoked independently, we can
configure D3S to contain three distinct logical vaults. The tech
perfectly adapted to the operator's license situation.
Some operators may want to market their online gambling platform under multiple brands, or
make their platform available to other operators as a white label product.
brand will be associated with a master vault.
The diagram below shows how D3S can be configured to accommodate multiple brands, by
assigning one master vault to each brand. Each master vault will in turn be configured to contain
smaller vaults corresponding to each type of license obtained.
Example D3S configuration for online gambling
User management adapted for online gambling User management adapted for online gambling User management adapted for online gambling User management adapted for online gambling
D3S user management supports the definition of profiles with restricted rights tailored for each
use scenario. In the online gambling context, the ARJEL's specifications identify different types of
"users" with whom we associate the following profiles in D3S:
• The The The The capteurcapteurcapteurcapteur, the technical component responsible for collecting the data to be traced, is
authenticated to the electronic vault using a "depositor" profile to file information in the
vault. The depositor profile is only authorized to write data to the vault;
• Technical personnelTechnical personnelTechnical personnelTechnical personnel in charge of the daily operation of the electronic vault are
authenticated using an "operational administrator" profile. These people are employed by
the operator or, if the service is hosted, by the hosting service provider. The operational
administrator profile only allows these users to start and stop the electronic vault, add
storage media and query the operation indicators;
The trusted solution for online gambling operators in France
configure D3S to contain three distinct logical vaults. The technical configuration would then be
perfectly adapted to the operator's license situation.
Some operators may want to market their online gambling platform under multiple brands, or
make their platform available to other operators as a white label product. In our approach, each
brand will be associated with a master vault.
The diagram below shows how D3S can be configured to accommodate multiple brands, by
assigning one master vault to each brand. Each master vault will in turn be configured to contain
ler vaults corresponding to each type of license obtained.
Example D3S configuration for online gambling
User management adapted for online gambling User management adapted for online gambling User management adapted for online gambling User management adapted for online gambling
D3S user management supports the definition of profiles with restricted rights tailored for each
cenario. In the online gambling context, the ARJEL's specifications identify different types of
"users" with whom we associate the following profiles in D3S:
, the technical component responsible for collecting the data to be traced, is
cated to the electronic vault using a "depositor" profile to file information in the
vault. The depositor profile is only authorized to write data to the vault;
in charge of the daily operation of the electronic vault are
using an "operational administrator" profile. These people are employed by
the operator or, if the service is hosted, by the hosting service provider. The operational
administrator profile only allows these users to start and stop the electronic vault, add
storage media and query the operation indicators;
The trusted solution for online gambling operators in France
19
nical configuration would then be
Some operators may want to market their online gambling platform under multiple brands, or
In our approach, each
The diagram below shows how D3S can be configured to accommodate multiple brands, by
assigning one master vault to each brand. Each master vault will in turn be configured to contain
D3S user management supports the definition of profiles with restricted rights tailored for each
cenario. In the online gambling context, the ARJEL's specifications identify different types of
, the technical component responsible for collecting the data to be traced, is
cated to the electronic vault using a "depositor" profile to file information in the
vault. The depositor profile is only authorized to write data to the vault;
in charge of the daily operation of the electronic vault are
using an "operational administrator" profile. These people are employed by
the operator or, if the service is hosted, by the hosting service provider. The operational
administrator profile only allows these users to start and stop the electronic vault, add
• Representatives of the future authorityRepresentatives of the future authorityRepresentatives of the future authorityRepresentatives of the future authority
authenticated using a "reader" profile. This profile only authorizes the retrieval of data and
proofs of submission associated with the electronic vault;
• Representatives of the future authorityRepresentatives of the future authorityRepresentatives of the future authorityRepresentatives of the future authority
authenticated using an "administrator" profile. This profile only allows these
representatives to configure profiles and attribute them to us
User management adapted for online gambling
5 . 35 . 35 . 35 . 3 T H R E E V E R S I O N S T O M ET H R E E V E R S I O N S T O M ET H R E E V E R S I O N S T O M ET H R E E V E R S I O N S T O M E
O P E R A T O RO P E R A T O RO P E R A T O RO P E R A T O R
Building on D3S, and in cooperation with our partners, Dictao proposes three offerings for online
gambling operators:
• A publisher offering (vaulA publisher offering (vaulA publisher offering (vaulA publisher offering (vault application)t application)t application)t application)
operators can purchase the product (paid
transactions);
• A hosted service offeringA hosted service offeringA hosted service offeringA hosted service offering, provided jointly with our partners, which allows operators to quick
meet the technical and organizational front
• A turnkey offeringA turnkey offeringA turnkey offeringA turnkey offering where we provide, with our partners, all the services needed to implement
and operate a .fr site, along with a commitment to comply with all recommendations issued by
the ARJEL's pre-configuration mission.
Publisher offeringPublisher offeringPublisher offeringPublisher offering
Dictao offers operators an electronic vault solution compliant with the future authority's
expectations.
D3S can be purchased in license mode, for unlimited use (regardless of the number of
transactions) under a paid-up license with an annual support and maintenance fee.
The trusted solution for online gambling operators in France
Representatives of the future authorityRepresentatives of the future authorityRepresentatives of the future authorityRepresentatives of the future authority with monitoring and audit responsibilities are
authenticated using a "reader" profile. This profile only authorizes the retrieval of data and
sociated with the electronic vault;
Representatives of the future authorityRepresentatives of the future authorityRepresentatives of the future authorityRepresentatives of the future authority in charge of managing the profiles are
authenticated using an "administrator" profile. This profile only allows these
representatives to configure profiles and attribute them to users.
User management adapted for online gambling
T H R E E V E R S I O N S T O M ET H R E E V E R S I O N S T O M ET H R E E V E R S I O N S T O M ET H R E E V E R S I O N S T O M E E T T H E S P E C I F I C N E E DE T T H E S P E C I F I C N E E DE T T H E S P E C I F I C N E E DE T T H E S P E C I F I C N E E D S O F E A C H S O F E A C H S O F E A C H S O F E A C H
Building on D3S, and in cooperation with our partners, Dictao proposes three offerings for online
t application)t application)t application)t application), from Dictao's core business area, through which
operators can purchase the product (paid-up license, irrespective of the number of
, provided jointly with our partners, which allows operators to quick
meet the technical and organizational front-end requirements;
where we provide, with our partners, all the services needed to implement
and operate a .fr site, along with a commitment to comply with all recommendations issued by
configuration mission.
Dictao offers operators an electronic vault solution compliant with the future authority's
D3S can be purchased in license mode, for unlimited use (regardless of the number of
up license with an annual support and maintenance fee.
The trusted solution for online gambling operators in France
20
with monitoring and audit responsibilities are
authenticated using a "reader" profile. This profile only authorizes the retrieval of data and
in charge of managing the profiles are
authenticated using an "administrator" profile. This profile only allows these
S O F E A C H S O F E A C H S O F E A C H S O F E A C H
Building on D3S, and in cooperation with our partners, Dictao proposes three offerings for online
, from Dictao's core business area, through which
up license, irrespective of the number of
, provided jointly with our partners, which allows operators to quickly
where we provide, with our partners, all the services needed to implement
and operate a .fr site, along with a commitment to comply with all recommendations issued by
Dictao offers operators an electronic vault solution compliant with the future authority's
D3S can be purchased in license mode, for unlimited use (regardless of the number of
up license with an annual support and maintenance fee.
Our fee structure is based on the number of processors used, which is determined by the levels of
performance and service quality required by the operator.
Hosted service offeringHosted service offeringHosted service offeringHosted service offering
We have developed a partnership program to offer operators a hosted solution for the .fr website
(complete front-end with capteur
The cost is related to the capacity installed, but independent of the number of transactions carried
out.
Turnkey offeriTurnkey offeriTurnkey offeriTurnkey offering with support for integration and obtaining ARJEL licensingng with support for integration and obtaining ARJEL licensingng with support for integration and obtaining ARJEL licensingng with support for integration and obtaining ARJEL licensing
We can also offer, with our partners, complete support for complying with French regulations.
• The vaultThe vaultThe vaultThe vault: Dictao's D3S meets all the vault functional and security requirements described
in the ARJEL's technical specifications document. We offer full support including integration
of the application into the operator's IS, whether as a "hosted service" or under a paid
software license;
• The The The The capteurcapteurcapteurcapteur: we propose helping the operator define the front
development work for the
• HostingHostingHostingHosting: the gambling platform must be hosted under perimeter security conditions
including following strict procedures. With our partner, we propose a hosting
meets these requirements; we can host either the vault only, the entire front
capteur and the vault, or the entire platform including the gambling engines and back
management servers;
• Gambler registrationGambler registrationGambler registrationGambler registration: we work with a partn
process gambler registration on behalf of the operator to ensure that registration complies
with French regulations;
• Payment toolsPayment toolsPayment toolsPayment tools: we can suggest a banking partner that can facilitate the process of setting
up payment tools and a bank account in France;
• IIIISSSS maturitymaturitymaturitymaturity: the licensing application must include documentation on the entire IS and
associated management procedures. Documentation on the front
detailed. We can help operators compil
prove the maturity of their IS;
• Corpus of economic, legal and financial documentsCorpus of economic, legal and financial documentsCorpus of economic, legal and financial documentsCorpus of economic, legal and financial documents
documentation, the licensing application must prove that the company exists and is
represented in France. We work with a law firm that can guide operators through these
steps of the ARJEL licensing application;
• Audit reportsAudit reportsAudit reportsAudit reports: the licensing application must include security audits on the gambling
applications, random-number generator and entire
firm recognized by the FNISA that can certify the quality of operators' solutions.
The trusted solution for online gambling operators in France
Our fee structure is based on the number of processors used, which is determined by the levels of
performance and service quality required by the operator.
developed a partnership program to offer operators a hosted solution for the .fr website
capteur and vault).
The cost is related to the capacity installed, but independent of the number of transactions carried
ng with support for integration and obtaining ARJEL licensingng with support for integration and obtaining ARJEL licensingng with support for integration and obtaining ARJEL licensingng with support for integration and obtaining ARJEL licensing
We can also offer, with our partners, complete support for complying with French regulations.
: Dictao's D3S meets all the vault functional and security requirements described
JEL's technical specifications document. We offer full support including integration
of the application into the operator's IS, whether as a "hosted service" or under a paid
: we propose helping the operator define the front-end architecture, carry out
development work for the capteur module and integrate it with D3S;
: the gambling platform must be hosted under perimeter security conditions
including following strict procedures. With our partner, we propose a hosting
meets these requirements; we can host either the vault only, the entire front
and the vault, or the entire platform including the gambling engines and back
: we work with a partner specialized in registering gamblers that can
process gambler registration on behalf of the operator to ensure that registration complies
: we can suggest a banking partner that can facilitate the process of setting
up payment tools and a bank account in France;
the licensing application must include documentation on the entire IS and
associated management procedures. Documentation on the front-end must be especially
detailed. We can help operators compile and write all the technical documents required to
prove the maturity of their IS;
Corpus of economic, legal and financial documentsCorpus of economic, legal and financial documentsCorpus of economic, legal and financial documentsCorpus of economic, legal and financial documents: as well as providing technical
documentation, the licensing application must prove that the company exists and is
nted in France. We work with a law firm that can guide operators through these
steps of the ARJEL licensing application;
the licensing application must include security audits on the gambling
number generator and entire platform. We work closely with an audit
firm recognized by the FNISA that can certify the quality of operators' solutions.
The trusted solution for online gambling operators in France
21
Our fee structure is based on the number of processors used, which is determined by the levels of
developed a partnership program to offer operators a hosted solution for the .fr website
The cost is related to the capacity installed, but independent of the number of transactions carried
ng with support for integration and obtaining ARJEL licensingng with support for integration and obtaining ARJEL licensingng with support for integration and obtaining ARJEL licensingng with support for integration and obtaining ARJEL licensing
We can also offer, with our partners, complete support for complying with French regulations.
: Dictao's D3S meets all the vault functional and security requirements described
JEL's technical specifications document. We offer full support including integration
of the application into the operator's IS, whether as a "hosted service" or under a paid-up
end architecture, carry out
: the gambling platform must be hosted under perimeter security conditions
including following strict procedures. With our partner, we propose a hosting service that
meets these requirements; we can host either the vault only, the entire front-end with the
and the vault, or the entire platform including the gambling engines and back-end
er specialized in registering gamblers that can
process gambler registration on behalf of the operator to ensure that registration complies
: we can suggest a banking partner that can facilitate the process of setting
the licensing application must include documentation on the entire IS and
end must be especially
e and write all the technical documents required to
as well as providing technical
documentation, the licensing application must prove that the company exists and is
nted in France. We work with a law firm that can guide operators through these
the licensing application must include security audits on the gambling
platform. We work closely with an audit
firm recognized by the FNISA that can certify the quality of operators' solutions.
DICTAO
Dictao is the benchmark publisher of software solutions for strong authentication and electronic
signatures.
We develop and market solutions that provide the functions required to establish security and
trust in an electronic world: client and user authentication, binding electronic signatures and
creation of legally-binding proofs of transaction.
We assist our clients in securing sensitive applications, meeting regulatory constraints and
innovating to increase efficiency and growth.
The tangible results obtained by our clients attest to the value of our products, industry solutions
and expertise.
We support the banking sector in securing online transactions for corporate and individual
banking clients, the public sector in modernizing its administrative procedures (e.g. electronic
procedures), and the industrial world in building extended enterprises (e.g. electronic orde
invoices).
Dictao is the only publisher whose solution suite is proven in various contexts (e.g. transfer
orders, online contracting, electronic invoicing, online VAT declarations) and certified at the EAL3+
level of the international Common Criteria s
Security Agency (FNISA).
They trust us:They trust us:They trust us:They trust us:
600 financial and lending institutions, including the Banque de France, BPCE (Banque Populaire
Caisse d’Epargne) Group, BNP Paribas, La Banque Postale, LCL and Société G
industrial companies such as PSA Peugeot Citroën, Total, Alcatel and CMA CGM; French
government bodies such as the Public Finances General Directorate (DGFiP), the Ministry of
Defense, the Direction des Journaux Officiels (DJO), the Agence
(ANTS; national agency for secured vehicle registration documents and passports) and the INPI
(National Institute for Intellectual Property).
The trusted solution for online gambling operators in France
Dictao is the benchmark publisher of software solutions for strong authentication and electronic
and market solutions that provide the functions required to establish security and
trust in an electronic world: client and user authentication, binding electronic signatures and
binding proofs of transaction.
securing sensitive applications, meeting regulatory constraints and
innovating to increase efficiency and growth.
The tangible results obtained by our clients attest to the value of our products, industry solutions
ector in securing online transactions for corporate and individual
banking clients, the public sector in modernizing its administrative procedures (e.g. electronic
procedures), and the industrial world in building extended enterprises (e.g. electronic orde
Dictao is the only publisher whose solution suite is proven in various contexts (e.g. transfer
orders, online contracting, electronic invoicing, online VAT declarations) and certified at the EAL3+
level of the international Common Criteria standard by the French Network and Information
600 financial and lending institutions, including the Banque de France, BPCE (Banque Populaire
Caisse d’Epargne) Group, BNP Paribas, La Banque Postale, LCL and Société G
industrial companies such as PSA Peugeot Citroën, Total, Alcatel and CMA CGM; French
government bodies such as the Public Finances General Directorate (DGFiP), the Ministry of
Defense, the Direction des Journaux Officiels (DJO), the Agence Nationale des Titres Sécurisés
(ANTS; national agency for secured vehicle registration documents and passports) and the INPI
(National Institute for Intellectual Property).
The trusted solution for online gambling operators in France
22
Dictao is the benchmark publisher of software solutions for strong authentication and electronic
and market solutions that provide the functions required to establish security and
trust in an electronic world: client and user authentication, binding electronic signatures and
securing sensitive applications, meeting regulatory constraints and
The tangible results obtained by our clients attest to the value of our products, industry solutions
ector in securing online transactions for corporate and individual
banking clients, the public sector in modernizing its administrative procedures (e.g. electronic
procedures), and the industrial world in building extended enterprises (e.g. electronic orders,
Dictao is the only publisher whose solution suite is proven in various contexts (e.g. transfer
orders, online contracting, electronic invoicing, online VAT declarations) and certified at the EAL3+
tandard by the French Network and Information
600 financial and lending institutions, including the Banque de France, BPCE (Banque Populaire
Caisse d’Epargne) Group, BNP Paribas, La Banque Postale, LCL and Société Générale; large
industrial companies such as PSA Peugeot Citroën, Total, Alcatel and CMA CGM; French
government bodies such as the Public Finances General Directorate (DGFiP), the Ministry of
Nationale des Titres Sécurisés
(ANTS; national agency for secured vehicle registration documents and passports) and the INPI
Dictao's Online Gambling team is available
to provide any additiona
The trusted solution for online gambling operators in France
Dictao's Online Gambling team is available
to provide any additional information required.
DICTAO
152 avenue de Malakoff
75116 PARIS, France
+33 (0)1 73 00 26 00
www.dictao.comwww.dictao.comwww.dictao.comwww.dictao.com
The trusted solution for online gambling operators in France
23