Passa al contenuto principale

Technical Details of the TSS

The TSS consists of three modules: a security module, a storage medium, and a uniform digital interface. The detailed requirements for these modules were developed by the BSI and published in technical guidelines. These requirements meet the ISO/IEC 15408 (Common Criteria, CC) specifications. The TSS is certified by the BSI, to ensure security and compliance.

Functional requirements

Functional Requirements

Basic structure of the technical safety device [Source: BSI TR-03153]

Security module

The security module logs cash register transactions and ensures that they cannot be changed later.

It is comprised of the following components:

  • SMA (SMAERS) - Security Module Application This module prepares the data recorded during a transaction. It communicates with the CSP (Cryptographic Service Provider) to sign the data to be secured. The certified SMA component is provided by fiskaly.
  • CSP - Cryptographic Service Provider This is a CC-certified component that generates the signatures of the data to be secured. It is the cryptographic heart of the TSS security.

Storage media

The records of each transaction are stored for the duration of the legal retention period.

The fiskaly cloud uses distributed databases for storage. The databases are operated synchronously and backed up regularly. The secure and highly available operation of the database infrastructure is guaranteed by our partner Google Cloud. The data storage is encrypted (AES256) at rest. External access to the data is only possible via our APIs. Authorisation to our APIs is carried out via JWT (RedHat Keycloak). All external communication is encrypted via TLS 1.2 or higher.

Standard digital interface

The digital interface guarantees smooth data transfer for verification purposes.

The fiskaly TSS has a unified digital interface, according to the TR-03153 specifications. The fiskaly cloud dashboard can be used to manage multiple organisations, TSSs, reporting necessities. It supports multi-user authorization on an organisation level.

Third-party service providers, such as archiving services, can also access the TSS export data via this authorization system.