What is a technical security system (TSS).

KassenSichV.net: In the course of the German KassenSichV, the term TSS or TSS POS is being mentioned. Can you explain in more detail what this means exactly?

Simon Tragatschnig: The TSS is a so-called technical security system (TSS). This is responsible for recording the individual records in such a way that no tampering is possible afterward . It is virtually a secure container and all data that ends up in this container can no longer be changed.

KassenSichV.net: How is the TSS related to the POS?

With the introduction of the German KassenSichV, manufacturers and users of cash registers or similar recording systems are obliged to think about how data is stored without it being subsequently altered. In the case of the KassenSichV, the legislator stipulates that cash registers must be equipped with a technical security system. The TSS takes care of this protection against tampering. And the POS itself continues to do what it does best, namely be a cash register.

KassenSichV.net: What does the technical security system consist of? How can you imagine it?

Simply put, the TSS can be thought of as a large box with 2 other smaller boxes inside: The SMA (Secure Module Application) and the CSP (Crypto Service Provider). The POS sends the data to the TSS. It is the gatekeeper, so to speak, and decides what data is allowed in, who gets access. The TSS then forwards the data to the SMA. It has the task of ensuring that nothing can go wrong during the security process and that nothing can be falsified during the communication process. Finally, the CSP generates the signature and returns it to the SMA. The SMA reunites the signature with the original data. When the process is complete, the whole thing is saved in memory.

KassenSichV.net: Does the TSS have to be implemented with hardware or is a cloud-based solution also possible?

According to the Federal Ministry of Finance, a physical identity of security module and storage medium is not required. This means that TSS can be fulfilled with a conventional data carrier, such as a memory card, as well as with cloud storage. I recommend the contemporary and future-proof variant of storage in the cloud. On the one hand, this minimizes potential problems (e.g. memory card is destroyed, gets lost) and on the other hand, the implementation is less complicated and also more cost-effective, because no additional hardware investments are necessary. By the way, we at fiskaly are already making our cloud-based TSS available for testing.

KassenSichV.net: In any case, the implementation of the regulation sounds very complex. What can I do now as a company or cash register provider to take the necessary steps and be prepared for the KassenSichV?

The subject matter surrounding the German KassenSichV and the functioning of the technical security system is indeed very complex. Nevertheless, the motto is: Don't despair. The best thing to do is to get in touch as soon as possible with experts who have been working on the subject for some time, or who have already implemented the issue of tamper protection in other European countries. We at fiskaly are of course are happy to help you!