Among other things, the Tax Code provides for a combination of technical and organisational measures to effectively prevent manipulation of digital basic records. The core of the tax code is a certified technical security device (TSE for short). The TSE is the central technical component for securing the basic records against subsequent manipulation. The certification aims to ensure a uniform minimum level of trust and security in the TSE as well as compliance with necessary interoperability requirements.
Cash register systems carry out digital basic records in the above sense. Therefore, the cash register security ordinance of the Federal Ministry of Finance specifies requirements for the certification of TSEs, which have been implemented accordingly by the BSI. These include detailed requirements for the security module, the storage medium, the digital interface and the electronic storage, which have been published in the form of several technical guidelines and protection profiles.
The central security component of a TSE is a so-called Cryptographic Service Provider (CSP). This is the component that performs the cryptographic signature operations and securely manages essential components such as cryptographic keys and other parameters.
The BSI has certified fiskaly’s CSP Light based on the evaluation results of the SRC. This CSP Light is implemented as a cloud service to enable integration into networks.
In contrast, CSPs can also be created in the form of smart cards for stand-alone systems. Such products have also already been evaluated by SRC.