Standard Transfer Specification Association
Standard Transfer Specification Association


A HSM (hardware security module) is a device used to encrypt token data using one of the specified EA and DKGA algorithms specified by the IEC62055-41 specification. The HSM contains all the algorithms required for the encryption of token data. 

To order a security module please consult the manufactures list, and enter 'security module' in the product search box. 


The HSM is typically used in the production of payment meters for encrypting and configuring the payment meter before shipping to a customer. It is also used by vending systems to generate tokens for payment meters. The STS600-8-x API (Application programmer interface) documents are available for developers wishing to use HSM devices in their system.

Security module types

Several HSM types exist for the implementation of STS compliant systems and payment meters.

Vending module

The vending module allows the generation of credit and management tokens for payment meters. It is connected via TCP/IP or serial connections to the vending system.

Manufacturing module

The manufacturing HSM is only used for the manufacture of payment meters. It cannot generate credit tokens for payment meters.

Functions supported

The following functions are supported by HSM devices (this is not an exhaustive list - please consult the relevant API document for a full list of functions)

  • generation of credit tokens
  • generation of management tokens (including key-change tokens)
  • verification of encrypted tokens

Connection to a vending system

Connection to vending systems is via TCP/IP or USB serial connections.

Coding a security module for use

The HSM devices are coded with vending keys by the Key Management Centre with customer specific vending keys. These keys are loaded into the security module by the vending system from special files obtained from the KMC, and are unique to a specific HSM device - i.e. a key-load file is only usable for a specific HSM device.