Technical Details
The TSS consists of three modules: a security module, a storage medium, and a uniform digital interface. The detailed requirements for these modules were developed by the BSI and published in technical guidelines. These requirements meet the ISO/IEC 15408 (Common Criteria, CC) specifications. The TSS is certified by the BSI to ensure security and compliance.
Functional requirements
Section titled “Functional requirements”
Basic structure of the technical safety device. Source: BSI TR-03153
The three TSS modules
Section titled “The three TSS modules”Security Module
The security module logs cash register transactions and ensures that they cannot be changed later.
It is comprised of the following components:
SMA (SMAERS)Security Module Application — This module prepares the data recorded during a transaction. It communicates with the CSP (Cryptographic Service Provider) to sign the data to be secured. The certified SMA component is provided by fiskaly.
CSPCryptographic Service Provider — A CC-certified component that generates the signatures of the data to be secured. It is the cryptographic heart of the TSS security.
Storage Media
The records of each transaction are stored for the duration of the legal retention period.
The fiskaly cloud uses distributed databases for storage. The databases are operated synchronously and backed up regularly. The secure and highly available operation of the database infrastructure is guaranteed by our partner Google Cloud.
💡Security measures- Data storage is encrypted (AES256) at rest
- External access is only possible via our APIs
- Authorization is carried out via JWT (RedHat Keycloak)
- All external communication is encrypted via TLS 1.2 or higher
Standard Digital Interface
The digital interface guarantees smooth data transfer for verification purposes.
The fiskaly TSS has a unified digital interface, according to the TR-03153 specifications. The fiskaly HUB can be used to manage multiple organisations, TSSs, and reporting necessities. It supports multi-user authorization on an organisation level.
📘Third-party accessThird-party service providers, such as archiving services, can also access the TSS export data via this authorization system.
Related Pages
Section titled “Related Pages”Was this page helpful?