A sustainable mitigating solution to ghost vending will see the industry adopting
STS6 and executing the Token Identifier (TID) rollover process, writes Lance
Hawkins-Dady, engineering manager at Conlog.
There is a solution at hand to the concerns and challenges that the market faces in terms of ghost vending – the illegal practice of selling prepaid electricity resulting in a loss of
revenue and contributing significantly to non-technical losses at utilities.
The STS Association, of which Conlog is both a founding member and director, continuously strives to ensure that the only global, open standard for prepaid metering remains relevant and in line with latest technologies, best practices and state of the art security techniques (ENCRYPT II, NIST, ISO), while always ensuring backward
compatibility with current technology.
In doing so, users of the standard are protected. In this regard, the association has developed and released the latest enhancements known as STS6. To take advantage of the many important enhancements offered by this standard, the Vending Platform will need to support and be certified by the STS Association for compliance to the latest
STS test specifications.
What is STS6?
STS6 covers both functional and security advancements made to the key management system (KMS). These include the implementation of:
• Currency vending for electricity, water and gas
• Three or four key change token support for transferring the Supply Group Code (SGC) during a key change process
• The 64-bit Vending Key increased to 160-bit using KDF-HMAC-SHA256
• The 64-bit Meter Key increased to 128-bits using MISTY1
• Integrity protection of Vending Key transfer using a Key Load File with 192-bit AES encryption
• Protection of Security Modules through a secure link with the KMS
• Support for Token Identifier (TID) Rollover
• The protection of revenue due to the theft of Security Modules by implementing Policy Based Controls that are stipulated by the SGC Owner
Note that these policies include applying an expiry date to the vending key, applying a refresh period before which time the Security Module must contact the KMS and request an updated Vending Key, the ability to revoke a Vending Key at the KMS and the ability
to set transaction limits.
made to the key
Benefits of implementing STS6
The first and most important benefit relates to financial risk management for utilities or SGC owners. Security modules can be misplaced, lost or stolen, which can lead to rogue vendors, also known as ghost vendors.
The Policy Based Controls allow the operating parameters of a Security Module, by enforcing the Vending Key usage rules, to be governed by the SGC owner. The Security Module is now controlled by the SGC owner and not the operator of the module. An
additional advantage is the proactive implementation of enhanced security algorithms such as MISTY-1 for the next generation of STS products.
The second benefit is the inclusion of the TID rollover functionality. TID rollover ensures the longevity of the current STS infrastructure for many years to come as well as providing an additional mechanism to eradicate illegal vending operations.
TID rollover explained
The TID is a 24-bit field that is contained in specific STS compliant tokens and is used to identify the date and time, in 1-minute intervals, at which the token was generated. The TID value is calculated from a base date of 00h00 01/01/1993.
On receiving a token the TID is stored in the meter and is used to ensure that tokens cannot be inserted into the meter more than once. Being a 24-bit number means that the
TID window is a maximum of 31 years from 1993 to 2024. To extend this window two additional base dates have been defined, namely 2014 and 2035, which lengthens this window to 2066.
To extend the operational life of the current infrastructure, all meters will need to be key changed. This process will introduce into the meter a new Meter Key associated with the next active base date, which is currently set as 2014.
Performing the TID rollover introduces an additional benefit to the SGC owner in that illegal vendors will no longer be able to vend credit tokens to the meters due to the Meter Key having been changed. This then prohibits any further erosion of revenue.
"Security modules can be misplaced,
lost or stolen, which can lead to rogue
vendors, also known as ghost vendors."
How can Conlog help?
At Conlog, we understand that the process to implement STS6 and to manage and execute a TID rollover project may seem daunting so we have created a process and a plan to assist you. From an infrastructure perspective, this will include upgrading of the vending software and security modules.
In addition, we have devised several options for the generation and distribution of key change tokens. We can further assist in structuring a marketing plan to reach all your customers. Furthermore, Conlog, as global leaders in our industry, has been the first mover in ensuring our revenue management platform, ULTIMAplus, has been tested and certified for compliance (certificate number STS743).
Look no further for a partner that will assist and guide you with service excellence in the prepaid metering market.
About the author
Lance Hawkins-Dady is a board director of the Standards Transfer Specification
Association (STSA), representing Conlog in the development of STS specifications for
the prepayment industry. Lance holds a national diploma in electronic engineering, and
national higher diploma in electrical engineering.