1 / 14

STS, Key Management and Revenue Protection

STS, Key Management and Revenue Protection. Don Taylor STS Association. www.sts.org.za. What’s it all about ?. Standard Transfer Specification (STS) Meter Keys Vending Keys and Supply Group Codes (SGC) Encryption / Decryption Key Change Tokens Key Load Files Secure Modules (SM)

sandovall
Download Presentation

STS, Key Management and Revenue Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. STS, Key Management and Revenue Protection Don Taylor STS Association www.sts.org.za

  2. What’s it all about ? • Standard Transfer Specification (STS) • Meter Keys • Vending Keys and Supply Group Codes (SGC) • Encryption / Decryption • Key Change Tokens • Key Load Files • Secure Modules (SM) • Key Management Center (KMC) • Meter Manufacturers • Utilities • Token Vendors A host of entities that work together.

  3. “JOE” message Secure Module Key shuffle rule 3 shuffled combinations Token 3 shuffle rule Key Meter “JOE” message What is encryption ? shuffle letters ENCRYPTION reverse the shuffle process DECRYPTION The Key is a shared secret between sender and receiver.

  4. What is a key ? A secret random number 3-bit Key = 8 combinations 56-bit DES Key = 72 x 1015 combinations 64-bit STS Key = 18 x 1018 combinations DES keys are still widely used in the banking industry STS key is 256 times “stronger” than a DES key.

  5. Key SGC Meter key ? Each meter Key1 is uniquely derived from Key. KMC generates Key and allocates Supply Group Code to Utility applies for SGC Key Management Centre Utility Key SGC SGC = 000439 Key Load File places order installs Secure Module Supply Group Meter Manufacturer Key Change Token SGC= 000439 Meter manufactures Key1 installed in

  6. Key SGC Vending key ? The Key gives vending authorization. Key Management Centre authorizes Already allocated Key and SGC Utility Key SGC contracts with $ Key Load File installs Vendor Secure Module Encrypt (credit) using Key1 (credit) $ Credit Token installed Customer Meter Decrypt (credit) using Key1 Key1

  7. The implication ? • Key authorizes credit transfer to customer • Anyone in possession of the Key can transfer credit • A loaded Secure Module is a credit transfer machine • A “lost” or “unused” SM is a money printer Manage your Secure Modules.

  8. Who owns the key ? • The Utility owns the Key • The Key protects the Utility’s revenue • It is the Utility’s responsibility to keep the Key safe once it leaves the KMC Responsibility accompanies ownership.

  9. What does KMC do ? • Generate Supply Group Codes and Keys • Allocate to Utilities • ESCROW in safe storage • Distribute to equipment manufacturers and token vendors authorized by Utility • Authenticate Secure Modules • Initialize Secure Modules KMC is responsible for keys in its own domain.

  10. What does STSA do ? • Facilitates access to STS services • Product certification • Key management • Assures availability of services • Assures conformance to standards • STS protocols • Codes of practice STSA supports the STS infrastructure.

  11. Where are your keys now ? • Every meter manufacturer that supplied meters to the Utility • Every SM that vended tokens for the Utility • Loaded SMs in cupboards and boxes • Stolen or missing SMs Keys are all over the show.

  12. Present status ? • Many Utilities are ignorant of responsibility • Few can give 100% accountability of SMs • Many SMs becoming redundant due to online vending systems • Program initiated by NRS User Group and KMC to bring keys and SMs under control • STS Association initiated a project for enhanced key management infrastructure We need to get our act together.

  13. What should Utility do ? • Take ownership and responsibility • Understand all relevant aspects of key management • Put own management plan in place • Actively participate in the STS User Group • Take “ownership” of the infrastructure Wake up before it is too late.

  14. Conclusion ? The Key protects your Revenue Manage it Thank you for your attention!

More Related