Definitions: KEY MANAGEMENT
ACT - Activation Time
The date from which a vending key becomes active [STS600-4-2].
BDT - Base Date
The date from which the TokenIdentifier starts counting minutes (the date associated with a TID value of zero). At present there are 3 base dates defined:
· 1993 – TID starts from 01/01/1993
· 2014 – TID starts from 01/01/2014
· 2035 – TID starts from 01/01/2035
CLM - Currency Credit Limit
The amount of currency credit that the security module is allowed to vend. This is specified in the range 00000000 to FFFFFFFF (hexadecimal) currency credit units, which is equivalent to:
00000000 to 4 294 967 295 currency credit units in decimal.
CLU - Cluster
The cluster is a group of supply group codes. Key-changes are not allowed across different clusters. Currently only cluster number 0 is defined.
DOE - DateOfexpiry
Optional expiry date for the identification data as encoded onto a payment meter ID card or token carrier [IEC62055-52].
EXP - Expiry
The date, contained in the KMC, after which the KMC will stop issuing key-load files to that vending key whose expiry date has been reached [STS600-4-2].
IUT - Issued Until
A date and time after which the security module will prevent the key from being used for the generation of tokens.
KEY REFRESH PERIOD
The period, in days, after which the vending key whose refresh period has expired, must be refreshed using a key-load file from the KMC [STS600-4-2].
KLF - KEYLOAD FILE
A text file, generated by the KMC, containing all approved vending keys, in encrypted form, and metadata for those keys, pertaining to a particular security module [STS600-4-2].
Two key load file types exist:
STS Edition1 key load file (KLF)
Key load file example showing two vending key records (record type 9520):
95000289050716STS04A600404040404040404E5502AECA2F33173F611D55F72E1E3F084296C67D3E5D7C3322A2FE6A5AF828AA9F3450421CB180B
9520LK01MST87629EA3022CAF5890CD8617000000000020160428114136201408130200001255999000STS CTS TEST
9520LK02MST87F23BCD98129D7BDDB568F9000000000020160428114136201302010000001255999001KMS Test001
The vending keys in these records are encrypted using the security module Key Exchange Key (KEK).
For a complete list of field definitions in these records, see [STS600-7].
STS Edition 2 key load file (KLF)
Since the introduction of the STS Edition2 specification, a key agreement scheme has been introduced to further strengthen the key management and transfer of keys between the KMS and the security module. The STS Edition2 key load files contain many other parameters that amongst other things, allow key revocation in the security module to take place.
The key load file is contained in a VKLOADRESP (vending key load response) text file that is generated by the KMS in response to a VKLOADREQ (vending key load request) generated by the security module.
A sample VKLOADRESP is shown below (5 keys included):
VKLOAD.RESP.1|KMCID.1:Prism:K0001:20160418T121717Z:52204DE9EEFA6EB8:E7BF|SMID.1:Prism:94000507:20160506T095338Z:F184871DC4F23CB0:1F8C|20160506T122741Z|C9A5161F864E1978435A2CEAA611930F37824EDCE6252CEC|71CC
KEY.1|A8556C52BA3345996C1551DC|ACT20160425T114321Z;BDT19930101T000000Z;CLM44fa0000;CLU0;DKG02;EXP20170506T215959Z;IUT20160903T102658Z;KCV17D819;KEN255;KRN1;KTC2;SBMFFFF;SGC0000112233;SGNSURELOAD KMC TEST VUDK 1;ULM1000;|849B9665C2BFFB75BF58629A0A057D528888559693DB293A|8F06
KEY.1|E1F557BEE6442E0FC5747E6B|ACT20160504T220000Z;BDT19930101T000000Z;CLM44fa0000;CLU0;DKG02;EXP20170506T215959Z;IUT20160903T102658Z;KCV707844;KEN255;KRN2;KTC1;SBMFFFF;SGC0000112233;SGNSURELOAD KMC TEST VUDK 1;ULM1000;|C4967CD420827099DE6A1E5E670BA559AE6A3BC034BA090E|5D2D
KEY.1|49C0495A0A6C26351C44A0CB|ACT20160430T220000Z;BDT19930101T000000Z;CLM44fa0000;CLU0;DKG02;EXP20170506T215959Z;IUT20160903T102658Z;KCV3A3273;KEN255;KRN3;KTC1;SBMFFFF;SGC0000112233;SGNSURELOAD KMC TEST VUDK 1;ULM1000;|DC29A26BBB03D794649E45856B8031B57323A090341CB747|576D
KEY.1|5EE5F985A1186F8A5DD1175F|ACT20140813T000000Z;BDT19930101T000000Z;CLM461c4000;CLU0;DKG02;EXP20170506T215959Z;IUT20160903T102658Z;KCVC33F45;KEN255;KRN1;KTC2;SBM0001;SGC0000123456;SGNACME;ULM10000;|7865DC2B97755CFFA8B5A83C34D1AB8EB6955666F5C78A0B|25EB
KEY.1|6EE438A953F883942F60DDD8|ACT20160502T220000Z;BDT19930101T000000Z;CLM461c4000;CLU0;DKG02;EXP20170506T215959Z;IUT20160903T102658Z;KCV55E354;KEN255;KRN2;KTC1;SBM0001;SGC0000123456;SGNACME;ULM10000;|9918600913859398D044C8D1E86A10EA5ECBF675E861862D|19FA
#2FC215350D8A718CD22783F5D81F8E33F6B46337
For a complete list of field definitions in these records, see [STS600-7-1] and [STS600-4-2].
SBM - Subclass Bitmap
The subclass bitmap limits the credit token subclasses that can be created using this key. The value is a 16-bit bitmap in ASCII-HEX; each bit corresponds to a Class 0 token subclass that is allowed.
Examples: 0007 (0000 0000 0000 0111) = subclasses 0-3: FFFE (1111 1111 1111 1110) = all subclasses except 0
ULM - Unit Credit Limit
The amount of unit (kwh, m3, kl) credit that the security module is allowed to vend.
The value is a decimal number in the range 0 – 999,999,998
VKLOADREQ
Vending key load request – a secure request, generated by an STS6 based security module, sent to the KMC to request a key-load file containing all approved keys for the relevant security module [STS600-4-2].
VKLOADRESP
Vending key load response – a secure text file, generated by the KMC, containing a key-load file in response to a VKLOADREQ [STS600-4-2].
reference: [STS600-4-2]