this section will be revised and adapted for the certified version 2 of the the fiskaly Cloud-TSS!
The TSS consists of three modules: a security module, a storage medium, and a uniform digital interface. The detailed requirements for these modules were developed by the BSI and published in technical guidelines. These requirements meet the ISO/IEC 15408 (Common Criteria, CC) specifications. The TSS is certified by the BSI, to ensure security and compliance.
Basic structure of the technical safety device [Source: BSI TR-03153]
The security module logs cash register transactions and ensures that they cannot be changed later.
It is comprised of the following components:
- SMA (SMAERS) - Security Module Application This module prepares the data recorded during a transaction. It communicates with the CSP (Cryptographic Service Provider) to sign the data to be secured. The certified SMA component is provided by fiskaly.
- CSP - Cryptographic Service Provider This is a CC-certified component that generates the signatures of the data to be secured. It is the cryptographic heart of the TSS security.
The records of each transaction are stored for the duration of the legal retention period.
The fiskaly cloud uses distributed databases for storage. The databases are operated synchronously and backed up regularly. The secure and highly available operation of the database infrastructure is guaranteed by our partner Google Cloud. The data storage is encrypted (AES256) at rest. External access to the data is only possible via our APIs. Authorisation to our APIs is carried out via JWT (RedHat Keycloak). All external communication is encrypted via TLS 1.2 or higher.
The digital interface guarantees smooth data transfer for verification purposes.
The fiskaly TSS has a unified digital interface, according to the TR-03153 specifications. The fiskaly cloud dashboard can be used to manage multiple organisations, TSSs, reporting necessities. It supports multi-user authorization on an organisation level.
Third-party service providers, such as archiving services, can also access the TSS export data via this authorization system.