SECURITY MODULES (HSM, SM)
A HSM (hardware security module) is a device used to encrypt token data using one of the specified EA and DKGA algorithms specified by the IEC62055-41 specification. The HSM contains all the algorithms required for the encryption of token data.
The HSM is typically used in the production of payment meters for encrypting and configuring the payment meter before shipping to a customer. It is also used by vending systems to generate tokens for payment meters. The STS600-8-x API (Application programmer interface) documents are available for developers wishing to use HSM devices in their system.
Security module types
Several HSM types exist for the implementation of STS compliant systems and payment meters.
The vending module allows the generation of credit and management tokens for payment meters. It is connected via TCP/IP or serial connections to the vending system.
The manufacturing HSM is only used for the manufacture of payment meters. It cannot generate credit tokens for payment meters.
The following functions are supported by HSM devices (this is not an exhaustive list - please consult the relevant API document for a full list of functions)
- generation of credit tokens
- generation of management tokens (including key-change tokens)
- verification of encrypted tokens
Connection to a vending system
Coding a security module for use
The HSM devices are coded with vending keys by the Key Management Centre with customer specific vending keys. These keys are loaded into the security module by the vending system from special files obtained from the KMC, and are unique to a specific HSM device - i.e. a key-load file is only usable for a specific HSM device.