Upload
ziva
View
23
Download
0
Tags:
Embed Size (px)
DESCRIPTION
STS, Key Management and Revenue Protection. Don Taylor STS Association. www.sts.org.za. What’s it all about ?. Standard Transfer Specification (STS) Meter Keys Vending Keys and Supply Group Codes (SGC) Encryption / Decryption Key Change Tokens Key Load Files Secure Modules (SM) - PowerPoint PPT Presentation
Citation preview
Don Taylor
STS Association
STS, Key Management and Revenue Protection
www.sts.org.zawww.sts.org.za
• Standard Transfer Specification (STS)• Meter Keys• Vending Keys and Supply Group Codes (SGC)• Encryption / Decryption• Key Change Tokens• Key Load Files• Secure Modules (SM)• Key Management Center (KMC)• Meter Manufacturers• Utilities• Token Vendors
What’s it all about ?
A host of entities that work together.
What is encryption ?
“JOE” message
reversethe shuffle
process
000 0 JOE
001 1 JEO
010 2 EJO
011 3 EOJ
100 4 OEJ
101 5 OJE
shuffleletters
3
Key
3
Key shuffle rule
“JOE” message
shuffle rule
ENCRYPTION
DECRYPTION
Secure Module
Token
Meter
shuffled combinations
The Key is a shared secret between sender and receiver.
What is a key ?
64-bit STS Key = 18 x 1018 combinations
1001 1100 1011 1110 1101 11011011 1110 1001 1110 0001 1000 1011 1010 1011 1111
1001 1100 1011 1110 1101 11011011 1110 1001 1110 0001 1000 1011 1010
56-bit DES Key = 72 x 1015 combinations
A secret random number
101
3-bit Key = 8 combinations
DES keys are still widely used in the banking industry
STS key is 256 times “stronger” than a DES key.
Meter key ?
Each meter Key1 is uniquely derived from Key.
applies for SGC Key Management Centre
Key SGC
Secure Module
Key Load File
SGC = 000439
Meter
Key Change Token
Key1
Utility
Meter Manufacturer
places order
installs
manufactures
Supply Group
SGC= 000439
installed in
KMC generates Key and allocates
Supply Group Code to Utility
Key SGC
Vending key ?
The Key gives vending authorization.
Meterinstalled
Customer
Vendor
Utility
contracts
with
installsSecure Module
authorizes Key Management Centre
Key SGC
Key Load File
$
(credit)
Credit Token
Encrypt (credit) using Key1
$
Key1Decrypt (credit) using Key1
Key SGC
Already allocated Key and SGC
• Key authorizes credit transfer to customer
• Anyone in possession of the Key can transfer credit
• A loaded Secure Module is a credit transfer machine
• A “lost” or “unused” SM is a money printer
The implication ?
Manage your Secure Modules.
• The Utility owns the Key
• The Key protects the Utility’s revenue
• It is the Utility’s responsibility to keep the Key safe once it leaves the KMC
Who owns the key ?
Responsibility accompanies ownership.
• Generate Supply Group Codes and Keys
• Allocate to Utilities
• ESCROW in safe storage
• Distribute to equipment manufacturers and token vendors authorized by Utility
• Authenticate Secure Modules
• Initialize Secure Modules
What does KMC do ?
KMC is responsible for keys in its own domain.
• Facilitates access to STS services• Product certification• Key management
• Assures availability of services
• Assures conformance to standards• STS protocols• Codes of practice
What does STSA do ?
STSA supports the STS infrastructure.
• Every meter manufacturer that supplied meters to the Utility
• Every SM that vended tokens for the Utility
• Loaded SMs in cupboards and boxes
• Stolen or missing SMs
Where are your keys now ?
Keys are all over the show.
• Many Utilities are ignorant of responsibility
• Few can give 100% accountability of SMs
• Many SMs becoming redundant due to online vending systems
• Program initiated by NRS User Group and KMC to bring keys and SMs under control
• STS Association initiated a project for enhanced key management infrastructure
Present status ?
We need to get our act together.
• Take ownership and responsibility
• Understand all relevant aspects of key management
• Put own management plan in place
• Actively participate in the STS User Group
• Take “ownership” of the infrastructure
What should Utility do ?
Wake up before it is too late.
The Key protects your Revenue
Manage it
Conclusion ?
Thank you for your attention!