The Standard Transfer Specification STS

STS
the STS logo

The Standard Transfer Specification (STS) has become recognised as the only globally accepted open standard for prepayment systems, ensuring inter-operability between system components from different manufacturers of prepayment systems.
The application of the technology is licensed through the STS Association, thus ensuring that the appropriate encryption key management practices are applied to protect the security of the prepayment transactions of utilities operating to protect the security of the prepayment transactions of utilities operating STS systems.
It has become established as a worldwide standard for the transfer of electricity prepayment tokens since its introduction in South Africa in 1993 and subsequent publication by the International Electrotechnical Commission as the IEC62055 series of specifications.

CLOU is member of the STS association. See a member list here.

Security issues are of prime importance to the utility supplier and the consumer. The use of the STS standard prevents:

  • Fraudulent generation of tokens from hit and miss attempts at entering the correct number
  • Fraudulent generation of tokens from a stolen vending station
  • Fraudulent generation of tokens from legitimate vending stations outside of the utility's area
  • Fraudulent use of tokens which have already been used
  • Tampering of legitimate tokens e.g. to change the value

STS provides the facility of generating (e.g. credit transfer) tokens which can only be used by the intended meter, and furthermore in the case of credit tokens, can only be used once in that meter.
In order to achieve the above security, the standard defines the following:

  • the use of advanced encryption techniques, which are at all times hidden from the consumer
  • the use of very secure key management procedures, including the manner in which keys are generated and transported
  • Required functionality at both the vending station and the meter

Glossary

Meter Specific Token

Meter specific tokens can only be issued by the utility or power supply company.

General token handling
During input the numbers entered are displayed on the LCD, scrolling from right to left, with a dash displayed at every fourth digit. A counter in the upper left corner shows the total number of entered digits.
In this example 15 digits have already been entered.

STS-token-input
STS-token-input

The delay for accepting an input of the next digit is 20 seconds. After that time the display returns to the default display and the token entry was incomplete.

After token input the display shows one of the following information for 3 seconds.

STS-token-input-accepted-1
STS-token-input-accepted

Accept:
The Token is accepted and the purchased energy amount is added to the remaining credit. After that the meter shows the purchased amount for 5 seconds.

STS-token-input-rejected
STS-token-input-rejected

Reject:
If the input is wrong, or random numbers are input with the purpose of tampering, the LCD display will indicate Reject-x, x is the times of wrong input.

In this example have been already eight inputs wrong. After 3 wrong inputs the keyboard is locked for 10 seconds.
During that time the display shows: REJECT and the remaining waiting time in seconds (toggles every two seconds).
With each new wrong input the lockout time for the keyboard is doubled. After 10 wrong inputs the customer needs to wait 1,280 seconds. This is the maximum waiting time. Each new incorrect input leads to another waiting time of 1,280 seconds.
When token entry lockout is active the interface does not decrypt any meter specific tokens. Non-meter specific tokens and codes are still accepted and processed as normal while in lockout mode.
The lockout period is reset to its original non-lockout status after any meter specific token has been successfully accepted by the meter or after meter is powered down and up again.

STS-token-used
STS-token-used

Used:
A security feature built into the STS is that no credit token can be used more than once. This is achieved by having an identifier built into the token. These identifiers are stored in a table in the meter, and the identifier of a new token is compared with the table If it has already been entered into the meter, the token will be rejected. The meter will give a notification that the token is used.

STS-token-old
STS-token-old

Old:
Due to the nature of the token identifier, an STS token has an effective life-time of approximately three months. If a token older than three months is entered, the meter may reject that token, and give an indication on the display that the token is old.

STS-token-full
STS-token-full

Full:
A meter has a maximum amount of credit that it can store. If the number of units on the token will cause the meter credit to exceed this maximum value, the token will be rejected. The token may be entered at a later date when the level of credit in the meter has reduced enough to accept this token. The meter gives an indication that it is full.

Load Control

STS prepayment meters have a programmable load limit. This limit can be set by the Set Maximum Power Load Token. If the load is higher than the load threshold, the meter will have acoustic alarm and the red LEDs on UIU (user interface unit) and MCU (the meter) are flashing.
The following procedure is employed to restrict the number of switching cycles, when the meter is disconnecting the load in order to limit the average power consumed.

UIU-over-power
UIU-over-power

If overload state duration reaches 30 seconds, meter shall cut off consumption load and relay shall auto close in 2 minutes. After 5 attempts within 30 minutes, the meter waits for the lockout period (default is 30 minutes) if the consumption is still above the limit before repeating the procedure. This are the CLOU default settings.
The display gives a clear indication that the load has been disconnected to limit the power. This indication shall exist for as long as the load switch is in the "off" state due to this condition and toggles with the remaining waiting time every 2 seconds. When the supply voltage is out of the operating voltage range (<68% Un or >132% Un), the relay will not operate. When the supply voltage returns to the operating range the MCU sets the relay into the actual status.

Key Change Token

If necessary the meter key can be changed with a set of key change tokens. Two tokens make up the generation of a Key Change Token. They are created to change the meter configuration, namely the Tariff Index, Supply Group Code and Key Revision Number. These two tokens may be entered in any order. If there is a delay of more than 10 minutes the meter timeout and forgets the first key change token entered.
When the first token is issued, the meter accepts it, but performs no action on it. Only after accepting the second token will the meter actually perform the key change. These key change tokens are encrypted in the same way as credit tokens, therefore the trouble shooting procedure for non-acceptance is the same as for credit tokens. Depending on the token input the display shows one of this information.

STS-Key-change-first-token
STS-Key-change-first-token
STS-Key-change-second-token
STS-Key-change-second-token

If the second token was entered at first, the display shows PLS-1St, means the meter is waiting for the first token. This display indicates the acceptance of the entered token.
If the first token was entered at first, the display shows PLS-2nd, means the meter is waiting for the second token.

Supply Group Code (SGC)

The Supply Group Code (SGC) is usually assigned to a meter by the manufacture for a specific utility and location (usually a large distribution area). The meter SGC must match with the vending system SGC. If it does not match, it is not possible to run STS token operations.
Supply Group Codes are currently managed by the Eskom Key Management Centre, physically located at Eskom Midrand.

Key Management Centre (KMC)

The STS Key management centre is operated for the STS association by the national electricity utility company Eskom in South Africa. Their services are as follows:

  • The registration of Supply Group Codes (SGCs) on the KMC
  • The registration of all security modules on the KMC
  • The initialisation of all security modules on the KMC
  • The generation of all STS vending keys for the relevant Supply Group Codes
  • The loading/coding of the relevant STS vending keys into security modules, for use by the appointed vending equipment manufacturer/s. This will include security modules that are new, repaired or that need to be re-coded. The physical coding needs to take place in Eskom's KMC in Midrand
  • The loading of a key file onto a disk to accompany the security module (for loading onto the vending equipment). The disks will be supplied by Eskom
  • The loading of STS vending keys on key cards, for use by the appointed meter manufacturers. The physical loading of the key cards needs to take place in Eskom's KMC in Midrand.
STS Security

Security issues are of prime importance to the utility supplier and the consumer. The use of the STS standard prevents:

  • Fraudulent generation of tokens from hit and miss attempts at entering the correct number
  • Fraudulent generation of tokens from a stolen vending station
  • Fraudulent generation of tokens from legitimate vending stations outside of the utility's area
  • Fraudulent use of tokens which have already been used
  • Tampering of legitimate tokens e.g. to change the value

STS provides the facility of generating (e.g. credit transfer) tokens which can only be used by the intended meter, and furthermore in the case of credit tokens, can only be used once in that meter.
In order to achieve the above security, the standard defines the following:

  • the use of advanced encryption techniques, which are at all times hidden from the consumer
  • the use of very secure key management procedures, including the manner in which keys are generated and transported
  • Required functionality at both the vending station and the meter
Credit Token
Clear Tamper Token
STS-tamper
STS-tamper

If the meter is tampered the display shows a raised hand and the internal relay disconnects the power supply. In this case the customer needs to apply for a tampering clearance token with the utility or the local Power Vending Center (POS). After the token is successfully entered the meter will close the relay and return to normal operation.

We get frequently requests for Clear Tamper Tokens. First of all we'd like to say „Thank You" for visiting our page.
We as meter manufacturer can not provide you with working tokens. You need to contact your power supply company. If for whatever reason you don't want to do that, you have the following options:

Try all possible tokens
This will take you about 40 millenniums depending on your input speed. (One millennium is 1,000 years). You better make a list with all combinations first to avoid double entries. Actually the time gets longer because our STS payment meters and most competitor ones have a lock-out after a certain number of wrong attempts.

Consult your local fortune teller
Maybe it helps and he/she comes out with the right token. Most likely you need to consider a service fee.

User the random short time token generator
It generates a Magic Random Short Time TokenHow to get a Clear Tamper Token?How to get a Clear Tamper Token? (MRSTT) and it's valid for one minute only. We are using a fancy artificial intelligence algorithm. Due to heavy server load during the day we recommend to choose a time between midnight and sun rise. It's also important that you have a strong believe.
Putting some garlic on the UIU (user interface unit) helps to avoid the vampire radiation.

Set Maximum Power Load Token

The load threshold can be changed by this token. If the user has an increased load demand that causes a frequent overload condition he needs to apply for a higher load threshold. A new Maximum Power Load Token will set this threshold.


Comments and questions are welcome.

Editor's note: This article was originally published in July 2019 and has been updated for comprehensiveness.

Leave a Reply

Your email address will not be published. Required fields are marked *

 


All comments are moderated before being published. Inappropriate or off-topic comments may not be approved.

89 Replies to “The Standard Transfer Specification STS”
  1. As a supplier, how much will I need to pay for tokens and do cost decrease with the number of tokens?

    1. As a supplier (utility or vending company), you don't "buy" tokens in bulk to resell. Instead, you operate or connect to a vending system that generates unique tokens for each customer transaction. Each token is a numeric code that represents a specific value (amount of prepaid electricity) and is encrypted for security.

      You pay for the STS-compliant vending software or service. There may be transaction fees or service charges depending on your vending platform.
      The cost per token does not decrease with volume, because you're not purchasing physical tokens—each is generated on demand for a customer's payment.

      In summary:
      You don't stock up on tokens. You provide a system that generates them as needed, and your costs are related to the software, your calculated unit price, licensing, and possibly transaction processing, —not to the number of tokens issued.

    1. KRN stands for Key Revision Number. In the context of STS (Standard Transfer Specification) prepaid meters, the KRN indicates which encryption key version the meter is using to accept credit tokens. When a utility upgrades its security keys (for example, as part of the TID rollover process), the KRN changes to ensure only tokens generated with the correct, latest key can be accepted by the meter. This helps prevent fraud and keeps the prepaid system secure.

    1. Thank you for your question. In electricity metering—especially with prepayment systems—TID stands for Token Identifier.
      When you use a prepayment meter, you purchase electricity credit as a numeric token (a 20-digit code). You enter this code into your meter e.g. to top up your balance. Each token includes a TID, which is a unique number that plays several key roles:
      – Prevents Token Reuse:
      The TID ensures each token can only be used once. If you try to enter the same token again, the meter will reject it, recognizing that the TID has already been accepted.
      – Tracks Token Validity:
      The TID is based on a rolling counter—linked to time, specifically the number of minutes since a set base date (the "TID epoch"). Originally, this base date was 1993-11-01, but after the TID rollover, the new base date is 2024-11-24. This update was necessary because the counter reached its maximum value, and tokens generated with the old base date would no longer work.
      – Security and Anti-Fraud:
      The TID system helps prevent fraud and ensures that only valid, unused tokens can credit the meter.

      Since the TID rollover, all meters and vending systems now use the new base date (2024-11-24) for generating and validating tokens. This means tokens are once again unique and secure, and the system will keep running smoothly for decades to come.

    1. There is no requirement for an operating system with 64-bit from STS side.