The Standard Transfer Specification STS

Meter specific tokens can only be issued by the utility or power supply company.

General token handling
During input the numbers entered are displayed on the LCD, scrolling from right to left, with a dash displayed at every fourth digit. A counter in the upper left corner shows the total number of entered digits.
In this example 15 digits have already been entered.

The delay for accepting an input of the next digit is 20 seconds. After that time the display returns to the default display and the token entry was incomplete.

After token input the display shows one of the following information for 3 seconds.

Accept:
The Token is accepted and the purchased energy amount is added to the remaining credit. After that the meter shows the purchased amount for 5 seconds.

Reject:
If the input is wrong, or random numbers are input with the purpose of tampering, the LCD display will indicate Reject-x, x is the times of wrong input.

In this example have been already eight inputs wrong. After 3 wrong inputs the keyboard is locked for 10 seconds.
During that time the display shows: REJECT and the remaining waiting time in seconds (toggles every two seconds).
With each new wrong input the lockout time for the keyboard is doubled. After 10 wrong inputs the customer needs to wait 1,280 seconds. This is the maximum waiting time. Each new incorrect input leads to another waiting time of 1,280 seconds.
When token entry lockout is active the interface does not decrypt any meter specific tokens. Non-meter specific tokens and codes are still accepted and processed as normal while in lockout mode.
The lockout period is reset to its original non-lockout status after any meter specific token has been successfully accepted by the meter or after meter is powered down and up again.

Used:
A security feature built into the STS is that no credit token can be used more than once. This is achieved by having an identifier built into the token. These identifiers are stored in a table in the meter, and the identifier of a new token is compared with the table If it has already been entered into the meter, the token will be rejected. The meter will give a notification that the token is used.

Old:
Due to the nature of the token identifier, an STS token has an effective life-time of approximately three months. If a token older than three months is entered, the meter may reject that token, and give an indication on the display that the token is old.

Full:
A meter has a maximum amount of credit that it can store. If the number of units on the token will cause the meter credit to exceed this maximum value, the token will be rejected. The token may be entered at a later date when the level of credit in the meter has reduced enough to accept this token. The meter gives an indication that it is full.

This tokens are generally defined and are working with all STS prepayment meters. Sometimes this token are also called engineering token.

Internal Latching Relays Test
0000 0000 0001 5099 7584

Display Test
0000 0000 0001 6777 4880

Total Units Register Value
0000 0000 0002 0132 8896

Key revision No. KRN
1844 6744 0738 4377 2416

Tariff Index
3689 3488 1475 5332 2496

Power limit Threshold
0000 0000 0012 0797 4400

Actual active power
0000 0000 0044 2920 8064

Meter Software Version
0000 0000 0087 2419 5840

Tamper Status
0000 0000 0022 8172 8512

Phase Power Unbalance Limit
0000 0000 0173 1410 5857

Tariff Rate
0000 0000 0688 5369 7029

Run all above Token in Sequence
5649 3153 7254 5031 3471

In a test sequence (run all), each test has a duration of 2.5 seconds, and is performed in the above order. For a single test per token, the test has a duration of 5 seconds.
After completion of the test sequence the meter returns to its actual operation mode.

STS prepayment meters have a programmable load limit. This limit can be set by the Set Maximum Power Load Token. If the load is higher than the load threshold, the meter will have acoustic alarm and the red LEDs on UIU (user interface unit) and MCU (the meter) are flashing.
The following procedure is employed to restrict the number of switching cycles, when the meter is disconnecting the load in order to limit the average power consumed.

If overload state duration reaches 30 seconds, meter shall cut off consumption load and relay shall auto close in 2 minutes. After 5 attempts within 30 minutes, the meter waits for the lockout period (default is 30 minutes) if the consumption is still above the limit before repeating the procedure. This are the CLOU default settings.
The display gives a clear indication that the load has been disconnected to limit the power. This indication shall exist for as long as the load switch is in the “off” state due to this condition and toggles with the remaining waiting time every 2 seconds. When the supply voltage is out of the operating voltage range (<68% Un or >132% Un), the relay will not operate. When the supply voltage returns to the operating range the MCU sets the relay into the actual status.

If necessary the meter key can be changed with a set of key change tokens. Two tokens make up the generation of a Key Change Token. They are created to change the meter configuration, namely the Tariff Index, Supply Group Code and Key Revision Number. These two tokens may be entered in any order. If there is a delay of more than 10 minutes the meter timeout and forgets the first key change token entered.
When the first token is issued, the meter accepts it, but performs no action on it. Only after accepting the second token will the meter actually perform the key change. These key change tokens are encrypted in the same way as credit tokens, therefore the trouble shooting procedure for non-acceptance is the same as for credit tokens. Depending on the token input the display shows one of this information.

If the second token was entered at first, the display shows PLS_1St, means the meter is waiting for the first token. This display indicates the acceptance of the entered token.
If the first token was entered at first, the display shows PLS_2nd, means the meter is waiting for the second token.

The Supply Group Code (SGC) is usually assigned to a meter by the manufacture for a specific utility and location (usually a large distribution area). The meter SGC must match with the vending system SGC. If it does not match, it is not possible to run STS token operations.
Supply Group Codes are currently managed by the Eskom Key Management Centre, physically located at Eskom Midrand.

The STS Key management centre is operated for the STS association by the national electricity utility company Eskom in South Africa. Their services are as follows:

• The registration of Supply Group Codes (SGCs) on the KMC
• The registration of all security modules on the KMC
• The initialisation of all security modules on the KMC
• The generation of all STS vending keys for the relevant Supply Group Codes
• The loading / coding of the relevant STS vending keys into security modules, for use by the appointed vending equipment manufacturer/s. This will include security modules that are new, repaired or that need to be re-coded. The physical coding needs to take place in Eskom’s KMC in Midrand
• The loading of a key file onto a disk to accompany the security module (for loading onto the vending equipment). The disks will be supplied by Eskom
• The loading of STS vending keys on key cards, for use by the appointed meter manufacturers. The physical loading of the key cards needs to take place in Eskom’s KMC in Midrand.

Security issues are of prime importance to the utility supplier and the consumer. The use of the STS standard prevents:

• Fraudulent generation of tokens from hit and miss attempts at entering the correct number
• Fraudulent generation of tokens from a stolen vending station
• Fraudulent generation of tokens from legitimate vending stations outside of the utility’s area
• Fraudulent use of tokens which have already been used
• Tampering of legitimate tokens e.g. to change the value

STS provides the facility of generating (e.g. credit transfer) tokens which can only be used by the intended meter, and furthermore in the case of credit tokens, can only be used once in that meter.
In order to achieve the above security, the standard defines the following:

• the use of advanced encryption techniques, which are at all times hidden from the consumer
• the use of very secure key management procedures, including the manner in which keys are generated and transported
• Required functionality at both the vending station and the meter

If the meter is tampered the display shows a raised hand ✋ and the internal relay disconnects the power supply. In this case the customer needs to apply for a tampering clearance token with the utility or the local Power Vending Center (POS). After the token is successfully entered the meter will close the relay and return to normal operation.

We get frequently requests for Clear Tamper Tokens. First of all we’d like to say „Thank You“ for visiting our page.
We as meter manufacturer can not provide you with working tokens. You need to contact your power supply company. If for whatever reason you don’t want to do that, you have the following options:

Try all possible tokens
This will take you about 40 millenniums depending on your input speed. (One millennium is 1,000 years). You better make a list with all combinations first to avoid double entries. Actually the time gets longer because our STS payment meters and most competitor ones have a lock-out after a certain number of wrong attempts.

Consult your local fortune teller
Maybe it helps and he/she comes out with the right token. Most likely you need to consider a service fee.

User the random short time token generator
It generates a Magic Random Short Time Token (MRSTT) and it’s valid for one minute only. We are using a fancy artificial intelligence algorithm. Due to heavy server load during the day we recommend to choose a time between midnight and sun rise. It’s also important that you have a strong believe.
Putting some garlic on the UIU (user interface unit) helps to avoid the vampire radiation.

The load threshold can be changed by this token. If the user has an increased load demand that causes a frequent overload condition he needs to apply for a higher load threshold. A new Maximum Power Load Token will set this threshold.

The Token Identifier (TID) is a 24 bit field, contained in STS compliant tokens, that identifies the date and time of the token generation. It is used to determine if a token has already been used in a payment meter.

The TID represents the minutes elapsed since the 1st January 1993. Every minute one bit is added.

This means, that at a certain date the TID field will be full and rolls over to all bits are zero. This magic date is the 24. November 2024 at 08:15pm.
Then the TID shows:
111111111111111111111111
One minute later it shows:
000000000000000000000000

All STS prepayment meters will be affected by TID roll over on that date. Any token generated after this date will be rejected if the vending software, security modules and meters are not updated.
Update of the meters will be done by two tokens, issued by the updated vending system.

The STS association has published a guideline to handle the rollover in a proper way. See more information here

Click the button to see the actual TID status.