The Standard Transfer Specification STS

STS
the STS logo

The Standard Transfer Specification (STS) has become recognised as the only globally accepted open standard for prepayment systems, ensuring inter-operability between system components from different manufacturers of prepayment systems.
The application of the technology is licensed through the STS Association, thus ensuring that the appropriate encryption key management practices are applied to protect the security of the prepayment transactions of utilities operating to protect the security of the prepayment transactions of utilities operating STS systems.
It has become established as a worldwide standard for the transfer of electricity prepayment tokens since its introduction in South Africa in 1993 and subsequent publication by the International Electrotechnical Commission as the IEC62055 series of specifications.

CLOU is member of the STS association. See a member list here.

Security issues are of prime importance to the utility supplier and the consumer. The use of the STS standard prevents:

  • Fraudulent generation of tokens from hit and miss attempts at entering the correct number
  • Fraudulent generation of tokens from a stolen vending station
  • Fraudulent generation of tokens from legitimate vending stations outside of the utility's area
  • Fraudulent use of tokens which have already been used
  • Tampering of legitimate tokens e.g. to change the value

STS provides the facility of generating (e.g. credit transfer) tokens which can only be used by the intended meter, and furthermore in the case of credit tokens, can only be used once in that meter.
In order to achieve the above security, the standard defines the following:

  • the use of advanced encryption techniques, which are at all times hidden from the consumer
  • the use of very secure key management procedures, including the manner in which keys are generated and transported
  • Required functionality at both the vending station and the meter

Glossary

Meter Specific Token

Meter specific tokens can only be issued by the utility or power supply company.

General token handling
During input the numbers entered are displayed on the LCD, scrolling from right to left, with a dash displayed at every fourth digit. A counter in the upper left corner shows the total number of entered digits.
In this example 15 digits have already been entered.

STS-token-input
STS-token-input

The delay for accepting an input of the next digit is 20 seconds. After that time the display returns to the default display and the token entry was incomplete.

After token input the display shows one of the following information for 3 seconds.

STS-token-input-accepted-1
STS-token-input-accepted

Accept:
The Token is accepted and the purchased energy amount is added to the remaining credit. After that the meter shows the purchased amount for 5 seconds.

STS-token-input-rejected
STS-token-input-rejected

Reject:
If the input is wrong, or random numbers are input with the purpose of tampering, the LCD display will indicate Reject-x, x is the times of wrong input.

In this example have been already eight inputs wrong. After 3 wrong inputs the keyboard is locked for 10 seconds.
During that time the display shows: REJECT and the remaining waiting time in seconds (toggles every two seconds).
With each new wrong input the lockout time for the keyboard is doubled. After 10 wrong inputs the customer needs to wait 1,280 seconds. This is the maximum waiting time. Each new incorrect input leads to another waiting time of 1,280 seconds.
When token entry lockout is active the interface does not decrypt any meter specific tokens. Non-meter specific tokens and codes are still accepted and processed as normal while in lockout mode.
The lockout period is reset to its original non-lockout status after any meter specific token has been successfully accepted by the meter or after meter is powered down and up again.

STS-token-used
STS-token-used

Used:
A security feature built into the STS is that no credit token can be used more than once. This is achieved by having an identifier built into the token. These identifiers are stored in a table in the meter, and the identifier of a new token is compared with the table If it has already been entered into the meter, the token will be rejected. The meter will give a notification that the token is used.

STS-token-old
STS-token-old

Old:
Due to the nature of the token identifier, an STS token has an effective life-time of approximately three months. If a token older than three months is entered, the meter may reject that token, and give an indication on the display that the token is old.

STS-token-full
STS-token-full

Full:
A meter has a maximum amount of credit that it can store. If the number of units on the token will cause the meter credit to exceed this maximum value, the token will be rejected. The token may be entered at a later date when the level of credit in the meter has reduced enough to accept this token. The meter gives an indication that it is full.

Load Control

STS prepayment meters have a programmable load limit. This limit can be set by the Set Maximum Power Load Token. If the load is higher than the load threshold, the meter will have acoustic alarm and the red LEDs on UIU (user interface unit) and MCU (the meter) are flashing.
The following procedure is employed to restrict the number of switching cycles, when the meter is disconnecting the load in order to limit the average power consumed.

UIU-over-power
UIU-over-power

If overload state duration reaches 30 seconds, meter shall cut off consumption load and relay shall auto close in 2 minutes. After 5 attempts within 30 minutes, the meter waits for the lockout period (default is 30 minutes) if the consumption is still above the limit before repeating the procedure. This are the CLOU default settings.
The display gives a clear indication that the load has been disconnected to limit the power. This indication shall exist for as long as the load switch is in the “off” state due to this condition and toggles with the remaining waiting time every 2 seconds. When the supply voltage is out of the operating voltage range (<68% Un or >132% Un), the relay will not operate. When the supply voltage returns to the operating range the MCU sets the relay into the actual status.

Key Change Token

If necessary the meter key can be changed with a set of key change tokens. Two tokens make up the generation of a Key Change Token. They are created to change the meter configuration, namely the Tariff Index, Supply Group Code and Key Revision Number. These two tokens may be entered in any order. If there is a delay of more than 10 minutes the meter timeout and forgets the first key change token entered.
When the first token is issued, the meter accepts it, but performs no action on it. Only after accepting the second token will the meter actually perform the key change. These key change tokens are encrypted in the same way as credit tokens, therefore the trouble shooting procedure for non-acceptance is the same as for credit tokens. Depending on the token input the display shows one of this information.

STS-Key-change-first-token
STS-Key-change-first-token
STS-Key-change-second-token
STS-Key-change-second-token

If the second token was entered at first, the display shows PLS-1St, means the meter is waiting for the first token. This display indicates the acceptance of the entered token.
If the first token was entered at first, the display shows PLS-2nd, means the meter is waiting for the second token.

Supply Group Code (SGC)

The Supply Group Code (SGC) is usually assigned to a meter by the manufacture for a specific utility and location (usually a large distribution area). The meter SGC must match with the vending system SGC. If it does not match, it is not possible to run STS token operations.
Supply Group Codes are currently managed by the Eskom Key Management Centre, physically located at Eskom Midrand.

Key Management Centre (KMC)

The STS Key management centre is operated for the STS association by the national electricity utility company Eskom in South Africa. Their services are as follows:

  • The registration of Supply Group Codes (SGCs) on the KMC
  • The registration of all security modules on the KMC
  • The initialisation of all security modules on the KMC
  • The generation of all STS vending keys for the relevant Supply Group Codes
  • The loading/coding of the relevant STS vending keys into security modules, for use by the appointed vending equipment manufacturer/s. This will include security modules that are new, repaired or that need to be re-coded. The physical coding needs to take place in Eskom's KMC in Midrand
  • The loading of a key file onto a disk to accompany the security module (for loading onto the vending equipment). The disks will be supplied by Eskom
  • The loading of STS vending keys on key cards, for use by the appointed meter manufacturers. The physical loading of the key cards needs to take place in Eskom's KMC in Midrand.

STS Security

Security issues are of prime importance to the utility supplier and the consumer. The use of the STS standard prevents:

  • Fraudulent generation of tokens from hit and miss attempts at entering the correct number
  • Fraudulent generation of tokens from a stolen vending station
  • Fraudulent generation of tokens from legitimate vending stations outside of the utility's area
  • Fraudulent use of tokens which have already been used
  • Tampering of legitimate tokens e.g. to change the value

STS provides the facility of generating (e.g. credit transfer) tokens which can only be used by the intended meter, and furthermore in the case of credit tokens, can only be used once in that meter.
In order to achieve the above security, the standard defines the following:

  • the use of advanced encryption techniques, which are at all times hidden from the consumer
  • the use of very secure key management procedures, including the manner in which keys are generated and transported
  • Required functionality at both the vending station and the meter

Credit Token

Clear Tamper Token

STS-tamper
STS-tamper

If the meter is tampered the display shows a raised hand and the internal relay disconnects the power supply. In this case the customer needs to apply for a tampering clearance token with the utility or the local Power Vending Center (POS). After the token is successfully entered the meter will close the relay and return to normal operation.

We get frequently requests for Clear Tamper Tokens. First of all we'd like to say „Thank You“ for visiting our page.
We as meter manufacturer can not provide you with working tokens. You need to contact your power supply company. If for whatever reason you don't want to do that, you have the following options:

Try all possible tokens
This will take you about 40 millenniums depending on your input speed. (One millennium is 1,000 years). You better make a list with all combinations first to avoid double entries. Actually the time gets longer because our STS payment meters and most competitor ones have a lock-out after a certain number of wrong attempts.

Consult your local fortune teller
Maybe it helps and he/she comes out with the right token. Most likely you need to consider a service fee.

User the random short time token generator
It generates a Magic Random Short Time Token (MRSTT) and it's valid for one minute only. We are using a fancy artificial intelligence algorithm. Due to heavy server load during the day we recommend to choose a time between midnight and sun rise. It's also important that you have a strong believe.
Putting some garlic on the UIU (user interface unit) helps to avoid the vampire radiation.

Set Maximum Power Load Token

The load threshold can be changed by this token. If the user has an increased load demand that causes a frequent overload condition he needs to apply for a higher load threshold. A new Maximum Power Load Token will set this threshold.


Comments and questions are welcome.

Editor's note: This article was originally published in July 2019 and has been updated for comprehensiveness.

83 Replies to “The Standard Transfer Specification STS”
    1. There is no requirement for an operating system with 64-bit from STS side.

Leave a Reply to Reinhard Guenther Cancel reply

Your email address will not be published. Required fields are marked *

 


All comments are moderated before being published. Inappropriate or off-topic comments may not be approved.