What is a tech­ni­cal secu­ri­ty system (TSS)?

Simon Tra­gatsch­nig exp­lains in an inter­view what the so-called tech­ni­cal secu­ri­ty system is all about and what role it plays in the Kas­sen­SichV.

Simon Tragatschnig

Simon Tra­gatsch­nig

Unter­neh­mer, Finanz & Tech­nik-Exper­te

KassenSichV.net: In the con­text of Kas­sen­si­che­rungs­ver­ord­nung haunts the term TSS or even TSS cash regis­ter. Could you tell us more what this is all about?

The TSS is a so-called tech­ni­cal secu­ri­ty system. This is respon­si­ble for record­ing the indi­vi­du­al record­ings in such a way that no mani­pu­la­ti­on is pos­si­ble after­wards. It is almost a safe con­tai­ner and all data that ends up in this con­tai­ner cannot be chan­ged any­mo­re.

KassenSichV.net: How is the TSS con­nec­ted to the cash regis­ter?

S. Tra­gatsch­nig: By intro­du­cing the Kas­sen­SichV, manu­fac­tu­rers, and users of cash regis­ters or simi­lar record­ing sys­tems are obli­ged to con­si­der how the data is stored wit­hout being modi­fied later.

In the con­text of Kas­sen­SichV, the legis­la­tor sti­pu­la­tes that cash regis­ters must be equip­ped with a tech­ni­cal safety system. The TSS is in charge of ensu­ring pro­tec­tion against data mani­pu­la­ti­on. And the POS itself con­ti­nues to do what it does best, namely to be a cash regis­ter.

KassenSichV.net: What is the tech­ni­cal secu­ri­ty system made of? How can one ima­gi­ne it?

Simply put, one can think of the TSS as a large box with two other smal­ler boxes inside it: the SMA (Secure Module App­li­ca­ti­on) and the CSP (Crypto Ser­vice Pro­vi­der).

A graphic showing the components of the technical security system
  • The cash regis­ter sends the data to the TSS. It is, so to speak, the gate­kee­per that deci­des what data is allo­wed in, who gets access.
  • The TSS then for­wards the data to the SMA. Its task is to ensure that not­hing can go wrong during the secu­ri­ty ope­ra­ti­on and that not­hing can be mani­pu­la­ted during the com­mu­ni­ca­ti­on ope­ra­ti­on.
  • In the end, the CSP gene­ra­tes the signa­tu­re and sends it back to the SMA. The SMA merges the signa­tu­re with the ori­gi­nal data. When the pro­cess is com­ple­te, all of it is stored in memory.

KassenSichV.net: Does the TSS have to be imple­men­ted with hard­ware or is a cloud-based solu­ti­on also pos­si­ble?

Accord­ing to the Federal Minis­try of Finan­ce (BMF), a phy­si­cal iden­ti­ty of the secu­ri­ty module and of the sto­rage medium is not requi­red. This means that the TSS-requi­re­ments can be ful­fil­led with both a tra­di­tio­nal disk, such as a memory card and cloud sto­rage.

I recom­mend the modern and future-proof ver­si­on of sto­rage in the cloud. On the one hand, poten­ti­al pro­blems can be mini­mi­zed (for examp­le, a memory card could be des­troy­ed or lost), and on the other hand, imple­men­ta­ti­on is less com­pli­ca­ted and more cost-effec­tive becau­se no addi­tio­nal hard­ware invest­ment is necessa­ry.

Inci­dent­al­ly, we at fis­ka­ly are alrea­dy making our cloud-based TSS avail­ab­le for tes­ting.

KassenSichV.net: The imple­men­ta­ti­on of this regu­la­ti­on seems to be really com­plex. What can I do now as a com­pa­ny or cash regis­ter pro­vi­der to get pre­pa­red for the Kas­sen­SichV?

The topic on the Kas­sen­SichV and the func­tio­n­ing of the tech­ni­cal secu­ri­ty system are actual­ly very com­plex. Nevertheless, the motto is: do not des­pair! It’s best to get in touch with experts as quick­ly as pos­si­ble. Experts who have been working on the issue for some time, or who have alrea­dy imple­men­ted the topic of tamper pro­tec­tion in other European coun­tries.

Of course, we at fis­ka­ly are here for you!

You might also be inte­rested in this:

Copyright fiskaly GmbH 2019

Facebook Linkedin