What does the TSS CSP component do?
The central security component of the TSS (technical security device) is the CSP (Cryptographic Service Provider). This is the signature unit which processes the data to be secured accordingly using cryptographic procedures. This prevents undetected manipulation. In the signature process, SMAERS (Security Module Application for Electronic Record Keeping System) and CSP talk to each other via secure channels.
Definition of CSP-L according to BSI
A CSP-L "ensures the integrity and authenticity as well as the completeness of the electronic record by applying cryptographic procedures." (The CSP-L Protection Profile BSI-CC-PP-0111-2019.) Greatly simplified: a CSP-L is responsible for creating the signature via a document.
fiskaly TSS CSP certified
The fiskaly TSE CSP-L is the high-performance signature unit that uses cryptographic methods to process the data to be secured accordingly. This prevents undetected manipulation. The specialised server systems are operated by fiskaly in highly secure data centers in Germany.
CSP and CSP-L
High-performance signature units are defined via the CSP-L protection profile. These are specialised server systems in highly secure data centers.
In contrast to the CSP-L, a CSP is usually a chip that cannot be operated efficiently in a network. A CSP chip is mainly suitable for single-user installations or "legacy" cash registers.
The network-capable variant of the CSP-L was developed with a special focus on scalability and efficiency, enabling, among other things, a higher data throughput and ensuring greater reliability.
Both variants are defined by protection profiles of the BSI (Federal Office for Information Security).
Protection Profile Cryptographic Service Provider Light (CSPL) — BSI-CC-PP-0111–2019 Protection Profile Cryptographic Service Provider Light — Time Stamp Service and Audit Protection Profile Cryptographic Service Provider Light Time Stamp Service and Audit — Clustering