According to BSI's (Germany's Federal Office for Information Security) technical guideline BSI TR-03153, a certified technical security device (TSE - Technische Sicherheitseinrichtung - also "TSS") needs to fulfill the following functions:
- arbitrary data can be provided with
- a numbering
- time information as well as
- an electroic signature,
- saved within the TSE unit and
- exported in a summarized way upon request.
Requirements and components of a TSE
Detailed requirements of TSEs can be found in various publications by the BMF (German Ministry of Finance: https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr03153/tr-03153.html)
The BSI (Federal Office for Information Security) has determined minimum requirements for certified TSEs in their technical guidelines. Technical specifications were dispensed with as far as possible. The use of cloud-based TSEs as well as physical variants of a TSE are permitted (for example in form of memory cards, USB-sticks, etc.).
TSE consists of:
- Security module: is obliged to guarantee the secure logging of operations / transactions. The following data must be generated: Time of start and end of transaction, unique and consecutive transaction number, verification value, serial number of the TSE, signature counter.
- Storage medium: is used to file the data stored within the TSE and shall allow its export.
- Digital interface: The BSI has defined the following three elements of the uniform digital interface of a certified TSE: integration interface (Einbindungsschnittstelle), export interface (Exportschnittstelle) and the digital interface of the tax authorities for cash register systems (the so called DSFinV-K, Digitale Schnittstelle der Finanzverwaltung für Kassensysteme)
The cash register system addresses the TSE via the integration interface (Einbindungsschnittstelle). The BSI holds out the prospect of a technology-open and implementation-independent encapsulation of the security functionality of the TSE. However, only TSEs for which the respective provider has implemented the interface can be used in a given POS system.
The export function in the export interface creates the output files in a defined form. The TSE must provide the stored data in an archive file.
Digital interface of the tax authorities for cash register systems (DSFinV-K): The individual records of the cash register system are made available via this data interface. It contains the necessary information generated by the TSE to check the data - it can be determined from whom it originates (authenticity), whether essential data has been changed (integrity) or removed (completeness). Technically, it is several interlinked tables to be provided in a specific CSV format.
Each TSE contains a certificate, i.e. a data record in which cryptographic keys are stored to secure the data. This certificate has an expiry date (usually 5 years). If the expiry date is exceeded, the TSE can no longer secure any further processes data.
In principle, the following TSE types are possible:
- Simple TSE: for use by one or a few cash registers. Can be implemented as a storage medium enhanced with a security chip (e.g. as micro SD cards, USB sticks).
- Multi-user TSE: for use for a larger number of tills (e.g. TSE in the branch or in a user's data centre). These, as well as the Cloud TSE, require the use of a hardware security module.
- Cloud TSE: for use by several different users with a connection via the internet. Here, a certified software componente in the cash registers system or elsewhere in the local area network (LAN) is required additionally to establish a secure connection between the local (certified software) and the Cloud component of the TSE.
Logging by the certified TSE
In the course of logging, the application and log data of a transaction are protected by the TSE against subsequent, undetected changes and the existence and origin of the record are confirmed at a specific point in time.
The secured data consists of the following information:
- Application data (serial number of the electronic recording system, type of transaction, data of the transaction)
- Log data (serial number of the certified TSE, time of protection, unique and consecutive transaction number, signature counter, optional log data)
- Check value
Logging is done in three steps:
- Start of logging: the recording system must start logging in the TSE immediately at the start of a transaction to be recorded. In this course, it is mandatory that the TSE assigns a unique and consecutive transaction number, increments the signature counter and generates a check value.
- Logging update: The TSE is required to update the transaction no later than 45 seconds after a change in the transaction data. The generation of a check value by the TSE is optional. The transaction number is retained and the signature counter is incremented by the value 1 for each update with check value generation.
- Termination of logging: When the process is terminated, the transaction must be terminated within the TSE. In doing so, the generation of a check value by the TSE is mandatory. The transaction number is retained and the signature counter is incremented by the value 1. Only at this logging step is the time of termination of the transaction recorded in the log data.
The log data required for creating the receipt is then being transmitted to the electronic recording system.
The TSE basic principle according to DSFinV-K is shown below. You can find more on this in the DSFinV-K documentation.
For illustrations on the topic of "long-lasting ordering processes", such as in the catering industry, see: "Characteristics in gastronomy"
Failure of the certified TSE
In the event of a TSE failure, work can continue with the cash register in use. The time and reason for the failure of the TSE must be documented. The obligation to issue receipts remains in force and a notification regarding the failure must be made visible on the receipt issued for the consumer. The failure must be remedied immediately by the entrepreneur and appropriate measures must be taken.