In 2016, Germany has passed a law to protect against manipulation of records in electronic recording systems. According to the regulation, the Kassensicherungsverordnung must be implemented in Germany by December 31st, 2019 at the latest and by January 1st, 2020 all recording systems must meet the requirements of the KassenSichV. This includes the integration of a so-called TSS (technical security device) in an electronic recording system.
The TSS records each operation in the recording system and the recorded data are cryptographically signed. Thanks to these signatures, it is possible to determine at any time whether the existing data has been manipulated. The TSS is thus the central technical component for securing the basic data records against subsequent manipulation. It consists of three modules / sub-components: a security module, a storage medium and a uniform digital interface. The detailed requirements for these modules were developed by the BSI and published in technical guidelines and protection profiles.
The requirements for the safety module are defined in a technology-independent protection profile according to ISO / IEC 15408 (Common Criteria, CC). In order to meet these requirements, the manufacturers - the TSS, not the cash registers - must have their technical devices certified by the BSI. The aim of certification is to ensure a uniform minimum level of trust and security from all TSSs and compliance with the necessary interoperability requirements.
Basic structure of the technical safety device [Source: BSI TR-03153]
The security module ensures that cash register entries are logged at the beginning of the recording process and cannot be changed unrecognized later
A TSS provides the interfaces for recording transactions and exporting the secured data. A TSS consists of the following components, which are used to process the data to be protected against subsequent manipulation
- SMA (SMAERS) - Security Module Application - a CC-certified component that prepares the data to be secured within a transaction The SMA communicates directly with the CSP (Crypto Service Provider) to sign the data to be secured. The certified SMA component is provided by fiskaly.
- CSP - Crypto Service Provider: a CC-certified component that generates the signatures of the data to be secured. In the fiskaly cloud, the CSP is protected by a HSM specially adapted for KassenSichV, which is developed and certified by our partner Utimaco.
- SMA (SMAERS) - Security Module Application - eine nach CC-zertifizierte Komponente, welche die abzusichernden Daten innerhalb einer Transaktion aufbereitet. Die SMA kommuniziert direkt mit dem CSP (Crypto Service Provider), umdie abzusichernden Daten zu signieren. Die zertifizierte SMA Komponente wird von fiskaly zur Verfügung gestellt.
- CSP - Crypto Service Provider: eine nach CC-zertifizierte Komponente, welche die Signaturen der abzusichernden Daten erzeugt. In der fiskaly cloud ist die CSP durch eine speziell für die KassenSichV adaptierte HSM, welche durch unseren Partner Utimaco entwickelt und zertifiziert wird.
The individual records are stored on the storage medium for the duration of the legal retention period.
The fiskaly cloud uses distributed databases for storage. The databases are operated synchronously and backed up regularly. The secure and highly available operation of the database infrastructure is guaranteed by our partner Google Cloud. The data storage is encrypted (encryption at rest (AES256)). External access to the data is only possible via our APIs. Authorisation is carried out via RedHat Keycloak. All external communication is encrypted via TLS 1.2 or higher.
Standard digital interface
The digital interface should guarantee a smooth data transfer for verification purposes.
Our TSS has the unified digital interface according to TR-03153 and the fiskaly cloud dashboard allows a central management of multiple TSS (see also section Management). The dashboard can be used to manage exports of selected TSS. On the other hand, individual permissions could also be assigned to a single TSS, for example to grant an auditor temporary access to a defined set of multiple TSS.
Third party service providers, such as archiving services, can also access the TSS export data via this authorization system.