PRISM STS6 PRODUCT SUITE
Overview
From 1993 to 2018, the applicable IEC specification for the first generation of Standard Transfer Specification (STS), which is known as STS edition 1, was IEC60255-41 Edition 1 and later Edition 2 which included currency tokens for smart metering and time of use tariffs.
In 2016, STS Association (STSA) released a new Key Management Specification, STS600-8, (developed by Prism) which incorporated a host of new security and functional features based on lessons learned from the first 25 years of STS operations.
IEC62055-41 Edition 3 specification captured the enhancements as specified in STS600-8 and was published in 2018. The STS Association refers to this generation as STS Edition 2 as it is the second major release of STS standards and associated technology upgrades since the standard was launched.
The STSA deployed a new Key Management Centre in May 2016 which supports all the new features as defined in STS Edition 2.
Prism has prefixed their STS Edition 2 security module firmware with “STS6”, named after the key management specification. The STS6 security modules have been certified to the highest international level possible with no compromises, namely PCI-HSM version 3, to protect our customers and their vending keys. Prism is the first HSM manufacturer globally to achieve this level of security, which emphasizes the company’s commitment to providing the best security that money can buy.
The security modules not only provide secure key storage, encryption and decryption but they also enforce the security attributes listed below:
New Security Features and Benefits
Frequently Asked Questions
Q: How do I upgrade to an STS6 vending system?
A: The simplest method is to buy an already certified Prism STS6 Vending system.
- PrismVend is a low cost but comprehensive vending system. PrismVend
- The Utility Vending System (UVS) is an enterprise vending system, typically for hosting and integration with sales and distribution platforms. (Link to UVS)
- The next easiest method is to use PrismToken, which is an STS certified vending engine designed specifically for integration into customised vending systems. PrismToken
- Prism also hosts PrismToken as a Saas (Software as a Service) solution for foreign utilities that do not want to be bothered with the logistics and costs of owning, supporting, transporting and maintaining Hardware security modules. PrismToken
Q: After upgrading the vending system, can the upgraded vending system vend to the old meters that are still on the old key, i.e. before a key change token is put into the meter?
A: Yes it can.
Q: Can you query the transaction license balance via the API?
A: Yes, the API supports this feature.
- It is recommended that the feature is built into vending systems.
- If there are remaining transactions at the end of the period, you will not lose them. They will be reissued when you renew the license with at least a minimum order.
- If you run out before the period, then you can top up with a new license.
- If you eventually do a lot of transactions, then you can consider the unlimited annual transaction license.
- Note: your warranty extends automatically when you renew the license.
Q: Where do I get the forms for my Supply Group Code?
A: For all general STS related questions and STS documentation, visit the STS website, www.sts.org.za
Q: Is a Hardware Security Module Necessary?
A: Absolutely “Yes”.
- These may either be purchased, leased or run as a Hosted Service.
- Hosting of HSM’s with STS vending software support occurs at Prism’s secure Data Centre.
- Enquire info@prism.co.za with the subject Hosted Vending System.
Q: Why are there licenses for the STS6 firmware?
Q: Why are there licenses for the STS6 firmware?
A: You expect your meters and investment in STS technology to provide returns for many years, and we plan to be operational for many years to support the technology and continue improving security as the industry requires.
- The licensing model provides an extended warranty of your security modules and ensures that the industry is self-sustained.
- STS is the only open standard prepaid technology where the core architecture is designed around a secure Key Management Centre and security modules in the vending systems and manufacturing facilities.
- Security should not be tacked on as an afterthought. The progressive advancement of security modules and STS security requires constant development to maintain the desired and ever-increasing security levels in the industry.
Q: Can I Upgrade my existing Prism Security Modules, and how do I go about it?
A: “Yes” – please refer to the procedure to see which STS legacy (Edition 1) security modules can be upgraded to STS6 below. We review Prism HSMs that are upgradeable, tips to make Licensing Administration simpler and the HSMs that cannot be upgraded.
Firstly, Prism HSMs that are Upgradeable:
TSM500i NSS
- Return these devices to the Prism Westville office in South Africa for a firmware upgrade to STS64V13 and personalisation (keyloading). Applicable to all PCI certified HSM’s that are marked/labelled TSM500i on the front panel. The ‘i’ indicates the newer series.
- The firmware version confirms the HSM upgrade. Preceding the Edition 2 firmware is “STS6”, e.g. STS64V10.
- The TSM500i’s are field upgradeable after this first phase; therefore it is not practical to have physical labels. Inspecting the firmware version from TSMweb, or you can contact us (info@prism.co.za) with the HSM serial number, e.g. 89xxxxxx.
- Our factory lead time for upgrading is two business days, (one day in our lab and another day for KMC response).
- The cost for this upgrade is keyloading plus the annual licensing cost.
Secondly, tips to make licensing Administration simpler:
- Prism can pro-rata annually based licenses so that they renew in the same month each year.
- For transaction-based licenses, the API has a call for monitoring the usage. Prism vending software uses a configurable ‘low level’ threshold alarm advising the operator in advance to order a top-up license.
- The license is a .txt certificate emailed to the client. The file data is copied into a command (identified in the API spec) and loaded into the HSM. Prism vending software provides a window where the operator simply copies and pastes the file content (license string).
- The following commands manage the licenses: Refer to the API specification STS600-8-6 for details.
- 3.1 SM?CI-Transaction Counter Increment……………
- 3.2 SM?CQ-Transaction Counter Query………………..
Thirdly, Prism HSMs that cannot be upgraded:
- TSM250 USB (with Legacy Vending Firmware STS05Vxx and Meter Manufacturing Firmware STS05Mxx)
- TSM210 USB (discontinued product)
- TSM200 USB (discontinued product)
- TSM410 (discontinued product)
- TSM500 (discontinued product)
STS Prepayment Solutions/
Payment (EFT) HSM Solutions
+27 31 267 5500
6 Sookhai Place, Westville,
Kwazulu-Natal,
South Africa
info@prism.co.za
STS Prepayment Solutions/
Payment (EFT) HSM Solutions
+27 31 267 5500
6 Sookai Place, Westville,
Kwazulu Natal,
South Africa
info@prism.co.za