PROCESS OVERVIEW

UPDATE KEY MANAGEMENT CENTRE (KMC)

The KMC has been updated to support the upgraded security levels in compliance with STS 600-4-2 and also to support the updated security modules (see below). The KMC still supports the legacy key management protocols.

UPDATE SECURITY MODULE

Vending and manufacturing security modules have been upgraded to support the upgraded security levels and the generation of TID rollover key change tokens. The upgraded security modules have a new API, that requires additional vending and manufacturing software changes (see below).

The upgrade path of the various security module models is given in the table below.

TSM210 - Replace with TSM250
TSM220 - Replace with TSM250
TSM250 - Send to Prism for firmware STS Edition 2
TSM410 - Replace with TSM500
TSM500 - Send to Prism for firmware STS Edition 2

Prism’s contact details are as follows: 

Att: Shawn O’Neil 
Email: shawno@lesakatech.com
Email: info@prism.co.za
Tel: +27 (0)31 267 5500 

UPDATE VENDING SYSTEMS

Vending systems to be updated to cater for multiple base date functionality in the security module.

This will include the handling of a new key-load file specification as defined in STS600-4-2, and conformance to the STS600-8-6 HSM protocol All vending systems are to be re-certified to ensure compliance with these new requirements.

Note that after June 2019, all vending systems must be compliant to the new requirements of the STS Edition 2 suite of standards.

UPDATE METER MANUFACTURING PROCESS

Meters are manufactured with a new base date of 2014 by selecting a vending key with a base date of 2014 - no further changes are required to manufactured meters. This will require updating of manufacturing security modules, software and processes to cater for dual base dates for the duration of the changeover period.

Note that utilities can only utilise meters manufactured on base date 2014 after their vending software has been updated and should only do so upon specific request from the utilities.

The meter certification test facility could not test for TID rollover functionality prior to 2014, so there is a small risk that some of those meters may not correctly support the TID rollover key change. Utilities and meter manufacturers must select samples of these meters and resubmit them for testing. The STS Association will do the test free of charge. Those meters that do not comply must then be replaced in the field. A list of meters/suppliers falling into this category is available from the STS Association.

STSA TEST FACILITIES

Accredited STSA test facilities are now able to certify all updated vending systems and security modules. These will be issued with new certificates and all prior compliance certificates will be revoked after June 2019.

METER KEY-CHANGE PROGRAM

Utilities and sub-vendors must develop a program to manage the TID rollover key changes to all installed meters operating on base date 1993. Those meters already operating on base date 2014 do not need their meter keys changed.

In certain cases this program will be a huge undertaking and utilities are thus advised to start as soon as possible.

There are two possible options to follow:
1. The end-customer may be issued with the key change token pair at the time when he next purchases credit at a vending station. He then enters the token pair into his meter himself before he enters his newly purchased credit token.
2. A dedicated field-service team may be used to visit each meter and then enter the key change token pair.
The STS Association is available to assist and advise utilities and sub-vendors on the appropriate approach to take.