RF Platform Security Protocol
October 31, 2022
At RF Labs, we have always recognized the importance of security and integrity in gaming. Over the last few years, we have developed an automated system that ensures high accuracy of stat tracking and live streaming without the need of human intervention. This naturally provides a highly secure system. Beyond this, there are many protocols in hardware, software, network, and cloud technologies that have been implemented to ensure a highly secure gaming and streaming platform. It is important to note, the security protocols mentioned here are ones that we can make publicly available. There are many steps we are taking beyond what is mentioned to ensure that bad actors cannot take advantage of understanding our system architecture. Both our automated and manually tracked systems take advantage of these security protocols to ensure the strongest security measures for all customers.
The main hardware vulnerability in an RFID system is the tags itself. By using proper standards and storing data securely, having access to information stored on RFID tags can be useless. The main security concern for players will always be the RFID cards. We store the serial numbers for these cards with read / write protection enabled. We also store the card information in our database so only the RF Table's onboard computer has direct access. To go a step further, we do not allow card rooms to register the cards themselves, we register the decks for them. This ensures two things: 1. The cards stored in the system are accurately and securely stored without any way for third parties to write to this database. 2. We strongly believe that security and performance of live streams should be in the hands of the manufacturers and not the card rooms. We rewrite tag IDs before every game when the dealers wash and scan the deck. Maliciously using the tag ID to card association is rendered useless in subsequent games.
Another benefit of providing a completely automated onboard computer is that it houses all of our software. This computer is enabled with firewalls and proper security measures to ensure that no one can have direct access to the software. By taking away the need for cardrooms to install software themselves on a remote computer, the probability of social engineering and man-in-the-middle attacks becomes very unlikely. We also hide all card data in our manually tracked software until the end of the hand so no one has real time access, while ensuring the ability to maintain accuracy and manually operate the system. We have developed a lot of our technology by learning from state-of-the-art standards of IoT smart devices. This includes the ability for us to be notified when any unknown device joins the network of the table, when any suspicious activity takes place on an action tracking computer, or if any errors occur when attempting to stream delayed information. This ensures that we can investigate and pinpoint the cause of any issues or vulnerabilities in real-time. Along with using the latest standards for security key and code storage, we are performing Static and Dynamic application security testing (SAST & DAST) for our entire code base with every software update.
We have worked with third-party cyber security experts to test and ensure we are using the latest versions of TLS, HTTPS, and WebSocket protocols for communication. We have Multi TLS (mTLS) certification on our software engine, as well as the RF Cloud tools used by card rooms (action tracker, stream overlays, game assistance screens, etc). Using our fully automated system with RF Chips, no data is transmitted over the network during the hand. We are also directly working with card rooms to verify their own network security. The standard is for card rooms to have a separate network line and modem for their production room with all devices hard wired. We will be conducting bounty programs ourselves moving forward and will be working with a third-party organization to verify card room security.
Players have found our data analytics and tracking system to be one of the greatest benefits playing on an RF Table. We want to continue to improve this experience by providing insights that allow players to focus on enjoying and improving their game without having to worry about data security. We store all data on Amazon Web Services (AWS) servers hosted with the help of DigitalOcean. These are the leading companies in cloud storage and computing, and provide the latest security measures used by thousands of software services worldwide. We have built our own private API to read and write data from our onboard computer and mobile devices. This ensures that we have security keys that are updated frequently and no one can make public requests. Every time a hand is played on an RF Table, the data is transmitted to the Cloud for analysis only after the hand is complete. Each hand is tagged with that player's authentication token which only they can access using their phone number verification in the RF Mobile app. The same applies for card rooms through RF Cloud where only the admins have access to card room session data. All endpoints use static IP addresses and connection pools so no third-parties can gain access to the database.
We have plans ahead to improve security even further. We plan to constantly provide industry standard certifications to validate that our security procedures are moving in the right direction. We are implementing Web Access Firewalls in all card rooms so manually tracked data cannot be prone to physical attacks in real-time. We are running monthly bounty programs with third-party experts where they are paid to take advantage of our system in any way possible (including penetration testing, DDOS attacks, SQL injections, hardware taps, etc). We will report the findings here on a regular basis. We are applying for FIPS 140-2 certification to ensure that we are meeting the government standards of computer security and cryptography. Our end goal is to build a cloud system with end-to-end encryption for all hand data. We believe that we can also get to a table base where the onboard computers can become a decentralized storage network and we will not have to rely on cloud storage from third party companies.
We are currently in the early stages of building and growing the RF Poker platform. With a growing player base and increasing number of card rooms investing in our technology, we believe that improving security and providing players with comfort is a necessity. We value the comfort and support of our customers over any usage of the data, which is why we ensure that all info is not available to any human other than the players intended. We will continue to maintain our product security to align with our goal of complete end-to-end encryption and decentralization. If you have any questions or concerns, please feel free to email us at firstname.lastname@example.org