In its technical guidelines for the "Technical Security Device - TSE", the Federal Office for Information Security stipulates that the so-called operating environment of the SMAERS component (= software) of the TSE must be protected against administrative access by the user (cash register operator).
Operating environment
For all TSE variants, the SMAERS components of the TSE must be operated in the same physical operating environment as the electronic recording system ("POS system").
This means that the SMAERS component must be installed at the physical location where the electronic recording takes place.
Examples:
Cash register architecture | physical operating environment |
Stand-Alone Cash Register (PC) | The respective branch / store |
Store POS (offline-capable) - POS terminal with connection to store server, POS terminal is offline-capable (can create receipts without connection to store server) | The respective branch / store |
Store POS (non-offline capable) - Cash register terminal with connection to store server, cash register terminal is non-offline capable (cannot create receipts without connection to store server) | The respective branch / store |
Central POS (offline-capable) - POS terminal with connection to company server (data centre operation), POS terminal is offline-capable (can create receipts without connection to POS server) | The respective branch / store |
Central POS (non-offline capable) - POS terminal with connection to company server (computer centre operation), POS terminal is non-offline capable (cannot create receipts without connection to POS server) | The respecitve data centre |
Cloud POS system (offline-capable) - POS application (on e.g. mobile device) is offline-capable (can create receipts without connection to the cloud system) | The respective branch / store |
Cloud POS system (non-offline capable) - POS application is non-offline capable (cannot create receipts without connection to the cloud system) | Cloud system (same region!) |
Hardware TSE
For hardware TSEs, protection of the operating environment is ensured by design. SMAERS and CSP are integrated in one physical unit; access to the SMAERS component is not possible beyond the intended functions of the uniform digital interface.
With the exception of cloud operation, the hardware TSE can be used without restriction in all the above-mentioned operating environments.
Cloud TSE
For Cloud TSEs, the SMAERS component is installed in the same physical deployment environment as the electronic recording system, according to the requirements.
Operating environment protection concept
Cloud TSE providers provide different concepts to protect the operating environment for different deployment environments. These describe how the SMAERS component is to be protected in the respective deployment environment.
swissbit Cloud TSE
Swissbit currently provides three different operating environment protection concepts. The SMAERS component is also called "Swissbit Fiscal Cloud Connector - SFCC" for the swissbit Cloud TSE.
- "Desktop" - installation of the SFCC on a separate computer in the respective store / branch
- "Cloud" - Installation of the SFCC in a data centre or in a cloud infrastructure
- "android" - Provision / installation of the SFCC app on the same Android device as the offline-capable (!) cash register app.
The operating environment protection concepts "Desktop" and "Cloud" can be used for the deployment environments listed below:
Operating environment protection concept | Cash register architecture | physical operating environment |
"Desktop" | Stand-Alone Cash Register | branch / store |
"Desktop" | Store POS (offline-capable) | branch / store |
"Desktop" | Store cash register (non-offline capable) | branch / store |
"Desktop" | Central POS (offline-capable) | branch / store |
"Cloud" | Central POS (non-offline capable) | data centre |
"Desktop" / "android" | Cloud POS system (offline-capable) | branch / store |
"Cloud" | Cloud POS system (non-offline capable) | Cloud system (same region!) |
Further information: System architecture incl. TSE
Comments
0 comments
Please sign in to leave a comment.