The Swissbit Cloud TSE essentially consists of two components:
- SMAERS (Security Module Application for Electronic Record Keeping Systems).
- CSP (Cryptographic Service Provider)
The SMAERS components of the TSE (Technical Security Device) is responsible for processing the data to be secured and communicates directly with the CSP. The SMAERS component is also referred to as the "swissbit fiscal cloud connector - SFCC".
Operational environment protection
Important in connection with SMAERS, is the protection of the operational envirnoment: the SMAERS component is obliged to run "near the recording system". Put simply: the SMAERS must run where the actual cash register runs. This could be the cash register computer or, for example, the branch/store server. The connection between the cash register and the SMAERS must not exceed LAN.
The protection concept of the operational environment is intended to prevent any manipulation of the SFCC by the cash register operator and is required by the BSI.
Three elements are important for protection of the operational environment when using local POSes in stores:
- The operating system used - see below
- Hard disk encryption - except for the boot sector, the hard disks on which the SMAERS component runs must be encrypted. Communication takes place via TPM 2.0
- Access protection - the administration rights must not lie with the taxpayer company (=user).
The provider of the TSE is essentially responsible for the environmental protection.
You will find more information on the topic in the article Operational environment protection.
The CSP component signs the data transmitted by the SMAERS component.
The Swissbit Cloud TSE can currently be used under the following operating systems.
|RHEL||6||x86/x64||n.s. / n.c.|
|Oracle Linux||6||x86/x64||certified / eso|
|Oracle Linux||7||x64||in cert.|
|Ubuntu||LTS 14.04||x86/x64||n.s. / eol|
|Ubuntu||LTS 16.04||x86/x64||n.s. / n.c.|
|Ubuntu||LTS 20.04||aarch32hf/aarch64||in cert.|
|Debian||8||x86/x64||n.s. / eol|
|Linux (other distributions, like ARM)||glibc v2.5+||x86/x64 ARM 64-bit ARM 32-bit SF&HF ARMv5/v6/v7/v8||c.soon|
|SLES||11SP3+LTSS||x86/x64||n.s. / eol|
|Windows||7||x86/x64||n.s. / eol|
|Windows Server||2008 R2||x86/x64||n.s. / eol|
|Windows Server||2012 R2||x64||certified|
certified ... Cloud TSE certified successfully on the respective OS
in cert. ... certification of Cloud TSE on the respective OS in progress, test successfull
c.soon ... coming soon / certification planned
eso ... extended support only
eol ... end of life - usage of Cloud TSE in combination with the respective OS forbidden by BSI
n.c. ... not certifiable acc. to BSI regulations
n.s. ... not supported
In principle, the Swissbit Cloud TSE supports all operating systems on which JAVA can be executed.