1. Manuals
  2. Brands
  3. Prism Manuals
  4. Network Hardware
  5. STS6
  6. User manual

Prism STS6 User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
STS6 Manufacturing TSM500i NSS User Guide
Document number:
Release date:
Copyright:
The information in this document is intended only for the person or the entity to which it is addressed and
may contain confidential and/or privileged material. Any views, recreation, dissemination or other use of or
taking of any action in reliance upon this information by persons or entities other than the intended
recipient, is prohibited.
Prism Payment Technologies (Pty) Ltd makes no representations or warranties whether expressed or implied
by or with respect to anything in this document, and shall not be liable for any implied warranties of
merchantability or fitness for a particular purpose or for any indirect, special or consequential damages.
Directors: L. Mail, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten
Tel: +27 11 343 2000 | Fax: +27 11 442 5908 | Email: info@prism.co.za
May 2024
PR-D2-1124 Rev 1.2
May 2024
© 2024 Prism Payment Technologies (Pty) Ltd
Synopsis:
This document describes the PCI HSM v3.0 STS6
Manufacturing TSM500i-NSS Hardware Security
Module (HSM), and the TsmWeb and PrismToken
interfaces used to manage this HSM.
Company Confidential
Disclaimer
Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07
www.prism.co.za
Address: President Place, Johannesburg, South Africa

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the STS6 and is the answer not in the manual?

Questions and answers

Related Manuals for Prism STS6

Summary of Contents for Prism STS6

  • Page 1 Tel: +27 11 343 2000 | Fax: +27 11 442 5908 | Email: info@prism.co.za Address: President Place, Johannesburg, South Africa STS6 Manufacturing TSM500i NSS User Guide May 2024 Document number: PR-D2-1124 Rev 1.2 Release date: May 2024 Copyright: © 2024 Prism Payment Technologies (Pty) Ltd Synopsis: This document describes the PCI HSM v3.0 STS6...

  • Page 2: Important Notes

    Address: President Place, Johannesburg, South Africa Important Notes This document only applies to a STS6 Manufacturing TSM500i that has Boot Loader v1.5.0.0 or later. Earlier versions of the boot loader do not have the same dual control requirements as mandated by PCI HSM v3.0.

  • Page 3: Table Of Contents

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 3 Contents 1 Overview .................. 7 TSM500i-NSS Description ....................7 Key Component Entry Device (KCED) DESCRIPTION ............8 2 Setup Quick Guide ..............9 3 NSS Initial Setup ..............10 Inspect and Install Hardware...................10...
  • Page 4 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 4 Preferences ........................24 Configuring Conductor Service ..................25 5.6.1 Changing the TCP Port ......................... 25 5.6.2 Trace Level Setting ........................25 5.6.3 Maximum number of socket connections ................. 25 5.6.4 Restarting Conductor ........................25 PrismToken Dashboard .....................25...
  • Page 5 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 5 Look at the LCD ........................46 TSM500i Status LEDs ......................46 Contact Prism Support .....................46 9 Managing TsmWeb ............... 47 SSL/TLS Certificate ......................47 9.1.1 SSL / TLS can be disabled (Not Recommended) ..............47 Preference Manager .......................48...
  • Page 6 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 6 Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07 Directors: L. Mali, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten www.prism.co.za...

  • Page 7: Overview

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 7 1 Overview The STS6 Manufacturing TSM500i-NSS is a Hardware Security Module (HSM) and is also referred to as the TSM or HSM in this document. These terms are used interchangeably in the remainder of this document. This document only applies to the STS6 Manufacturing TSM500i-NSS that has Boot Loader v1.5.0.0 or later.

  • Page 8: Key Component Entry Device (Kced) Description

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 8 1.2 Key Component Entry Device (KCED) DESCRIPTION The Key Component Entry Device (KCED) is secure handheld device that is used for the following purposes: • Entry of Cryptographic Passwords •...

  • Page 9: Setup Quick Guide

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 9 2 Setup Quick Guide (See 3.1) The TSM500i NSS hardware must be inspected and then installed in a secure environment. Inspect and Install Hardware (See 3.2) Power on and check physical indicators (LEDs) to confirm that the hardware has been Check Physical Indicators successfully installed.

  • Page 10: Nss Initial Setup

    Installation & User Guide.pdf (0560-00157) for more details. • Contact Prism immediately if the serial tamper evident stickers have been interfered with, or if the HSM is in the tampered state. An HSM that arrives in the tampered state cannot be authenticated and should be returned to the Manufacturer.

  • Page 11: Check Physical Indicators (Leds)

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 11 3.2 Check Physical Indicators (LEDs) After powering on the TSM500i-NSS check status LEDs that are located on the front panel. The red and green status LEDs provide very important information about the current state of the TSM500i.

  • Page 12: Network Setup And Recovery

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 12 3.3 Network Setup and Recovery The IP address of the TSM500i-NSS will be displayed on the LCD on the front panel after powering up. The network setting factory defaults are: IP address 192.168.0.201...

  • Page 13: Tsmweb Interface

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 13 3.4 TsmWeb Interface TsmWeb works best with Chrome and Mozilla Firefox web browsers. Internet Explorer is not officially supported. 3.4.1 Invoking TsmWeb for a TSM500i-NSS When using a TSM500i-NSS, verify that the LCD on the TSM500i-NSS displays “TSM500-NSS READY” and that it also displays its IP address.

  • Page 14: Setting The Tsmweb Admin Password

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 14 3.4.2 Setting the TsmWeb admin password Please note that TsmWeb is not supplied with default passwords, and it is necessary to set a password for the pre-defined admin username before using TsmWeb.

  • Page 15: Using Tsmweb For The First Time

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 15 3.4.3 Using TsmWeb for the first time Enter the username (admin) and your newly assigned password and click Login Click TSM from the left side menu, wait for the TSM Management page to load.

  • Page 16: Hsm Initial Setup

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 16 4 HSM Initial Setup 4.1 Managing the Secure KCED Service USB connected Secure KCED: Only connect the Secure KCED to the TSM500i-NSS USB port after the LCD reports status Ready. Then power on the Secure KCED and wait for it to finishing booting.

  • Page 17: Pairing The Tsm500I Hsm With The Secure Kced

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 17 Click on “START” and confirm that “Status” changes to “Running”. 4.2 Pairing the TSM500i HSM with the Secure KCED TSM500i HSMs shipped with V1.6.0.0 (or later) Boot loader and V5.0.0.0 (or later) Application firmware must be paired with a Secure KCED, before the Secure KCED can be used to setup Crypto Officers, to display generated components or be used for key component entry.
  • Page 18 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 18 Click on the Start Pairing button. The HSM will generate a 45-digit fingerprint, which will be displayed in TsmWeb. Click on the Continue button, after which the 45-digit fingerprint must then be entered on the KCED. You have 180 seconds to enter the fingerprint via the KCED.

  • Page 19: Authenticate Hsm And Set Initial Passwords

    The Cryptographic Officer passwords reside inside the HSM. They must not be confused with, and are not related to, the TsmWeb user account passwords. This section is not applicable to HSMs running STS6 vending firmware, as device authentication is performed by completing a key refresh with the KMC. No cryptographic officer passwords are required.

  • Page 20: Authenticate Hsm - Request Step

    Authenticate HSM - Finalise Step To perform this operation, you must have completed the Request step and received the necessary response from the Manufacturer (Prism). The tokens will be emailed individually to the 2 officers identified in the Request step.

  • Page 21: Add Additional Crypto Officers

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 21 • Officer 2 will be required to enter and confirm their password via the KCED. Make a record of the password and keep in a safe place. • A password must be at least 7 digits in length, using digits in the range 0 to 9.

  • Page 22: Tsmweb Initial Setup

    Log into TsmWeb as a user with the ‘admin’ role (for example, the ‘admin’ user) Navigate to the Settings > Licenses page. Copy the PrismToken license certificate (supplied via email by Prism) and paste it into the “License” field above the “UPLOAD LICENSE” button. Include the BEGIN/END lines.

  • Page 23: Configuring Account And Password Policy

    5.2.4 Disable the default admin account Prism recommends that once the user accounts have been created, the default TsmWeb admin account should be disabled by setting the role for the admin account to ‘none’. To do this, create a TsmWeb user account that has the admin role. Login to TsmWeb with this account and change the role of the admin user to ‘none’.

  • Page 24: Enable Prismtoken For Meter Manufacturing

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 24 2. For each individual who will operate PrismToken, should have their own user account with the ‘ptoken-operator’ role. Operation includes getting keys from the KMC and managing Vending Keys.

  • Page 25: Configuring Conductor Service

    Please ignore this section if you are using PrismToken as this section is not applicable to HSMs using PrismToken. Customers using the low level STS6 API will need to communicate to the STS6 firmware in the HSM via the Conductor service. It is not usually necessary to configure Conductor on the TSM500i-NSS. The default settings will work in most environments.

  • Page 26: Generating And Loading The Ditk

    KCED. You will be instructed to enter your Crypto Officer passwords. e. The “Access control mode” should now be “AC:PRIVILEGED”. The STS6 application firmware will exit the “AC:PRIVILEGED” state automatically if any one of the following conditions are met: After 30 minutes the HSM will return to operational state.
  • Page 27 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 27 Note that every time you navigate to a different page on TsmWeb this will count towards a call. Some pages require more than one call. Therefore, this may result in the HSM returning to operational state if more than 50 calls are made.

  • Page 28: Generating Ditk Components

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 28 • Once the DITK is loaded the KCV will be shown in the “DITK Slots” box. If a dash (“-“) is shown, then no DITK has been loaded for that EA.
  • Page 29 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 29 • Select the EA and the number of components (equal to the number of custodians who will look after the key), then click “View on KCED”. • It is important to note that generating an EA7 DITK using the PrismToken UI will generate an ODD parity DITK.

  • Page 30: Ditk Component Sheet Template

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 30 5.8.3 DITK Component Sheet Template Key name DENTIFYING NAME OR DESCRIPTION OF THE KEY Date YYYY/MM/DD OF KEY COMPONENT CREATION Generated ULL NAME AND CONTACT NUMBER OF CUSTODIAN AT KEY GENERATION...

  • Page 31: Ditk Is Known

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 31 5.8.4 DITK is known It is important to note: • The meter manufacturer must check whether the process of injecting the key into the meter, or possibly the meter itself, modifies the DITK in any way before using it (e.g. by setting parity to ODD), and ensure that the DITK loaded into the SM must match the actual DITK used by the meter.

  • Page 32: Backup Nss Settings

    You may need to load one or more KMC PUBKEYs. These keys are required before PrismToken can obtain Vending Keys from the KMC. You must request the KMC PUBKEY from your STS Key Management Centre. For testing purposes, you can find the KMC PUBKEY for Prism’s test KMC under the “Documentation” link in TsmWeb’s menu.

  • Page 33: Vending Keys

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 33 • Open/view the PUBLIC KEY (plain text file) in a text editor then highlight and copy the entire contents. Include the BEGIN/END lines. • In the "Upload KMC Public Key" popup, paste the contents in the box labelled "Paste KMC PUBKEY", then click "Upload".

  • Page 34: Upload Klf Into Prismtoken

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 34 Send the most recent VKLOAD.REQ.1 record to the KMC (not an earlier one). The SM stores the timestamp of the last VKLOADREQ and will not accept a VKLOADRSPKMC unless it matches that timestamp.

  • Page 35: Load All Vending Keys

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 35 The security module stores the timestamp of the last VKLOADREQ and will not accept a VKLOADRSP unless it matches that timestamp. NOTE: Sometimes users commit the mistake of generating another VKLOADREQ after submitting a current VKLOADREQ to the KMC! In such a scenario the following error will be returned by the SM for an SM?KR request: SM!KREEPSM.3B.8:...
  • Page 36 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 36 There is a task button per vending key, where there are two options. You can load or delete the vending key from the security module. The key agreement session can be ended after loading the individual vending keys to complete the process HOWEVER in the case of manufacturing firmware it is not necessary to close the key management session: the STS Manufacturing Commands can be used while the session is open (KEK Slot is in “Loading”...
  • Page 37 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 37 Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07 Directors: L. Mali, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten www.prism.co.za...

  • Page 38: Configure And Test Access Service

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 38 6 Configure and Test Access Service 6.1 PrismToken Thrift API 6.1.1 Automating PrismToken using the Thrift API PrismToken has a remotely callable Thrift API that can be used to integrate its token issue capabilities into your applications.
  • Page 39 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 39 Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07 Directors: L. Mali, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten www.prism.co.za...

  • Page 40: Conductor

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 40 6.2 Conductor If PrismToken is not being used then client software must be configured to communicate with TSM500i HSM Conductor service, and then tested to ensure that transaction processing can proceed successfully.

  • Page 41: Security, Operations, And Monitoring

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 41 7 Security, Operations, and Monitoring This section provides guidance for operating PrismToken securely and reliably in a Live environment. 7.1 General General guidance for Live environments: • IT equipment can fail unexpectedly. You should always have a Disaster Recovery (DR) plan. That plan should include a standby PrismToken and Security Module, fully loaded with Vending Keys, and monitored regularly to ensure that the standby system is functional (with non-expired keys!).

  • Page 42: Prismtoken Setup

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 42 are usually set to a far-future date, but in some cases (such as a compromised key) these dates may be brought forward to force a key change on all meters.
  • Page 43 The resolution is typically to synchronise the time of the NSS (or PC) to the SM’s clock (the NSS normally does this automatically). If the SM’s clock is very different to wall-clock UTC time (more than 24 hours) then contact Prism for advice. •...

  • Page 44: Known Issues Affecting Reliability

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 44 vulnerability scanner. Check with your IT department whether this was an intentional security activity undertaken by them; if not then: (1) investigate whether the IP addresses indicate an internal or external scan;...

  • Page 45: Status & Diagnostics

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 45 8 Status & Diagnostics 8.1 TSM500i Status Information The user can view the current status of the HSM as well as the history of security-related events on the HSM.

  • Page 46: Network Diagnostics (Nss Service/Firewall Specific)

    After powering on the TSM500i-NSS check status LEDs that are located on the front panel. Refer to section for description of the LED states. 8.7 Contact Prism Support To provide support Prism will require log files, and to know what you have already tried. There are two ways to get logs from the TSM500i-NSS: •...

  • Page 47: Managing Tsmweb

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 47 9 Managing TsmWeb 9.1 SSL/TLS Certificate TsmWeb uses TLS by default to secure browser connections. The login page, and all pages that require the user to be logged in, are only accessible using TLS. TLS can be disabled but this is not recommended.

  • Page 48: Preference Manager

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 48 9.2 Preference Manager TsmWeb can be configured using various preferences. Preference values can be viewed and updated using the Settings > Preference Manager page. This page displays a table of preferences and their associated values.

  • Page 49: Managing Your Nss

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 49 10 Managing Your NSS 10.1 NSS LCD Menu The LCD’s MAIN MENU allows the following settings to be modified: IP Address, Netmask, default gateway, USB Backup & Restore, Disable SSL/TLS and Resetting of parameters such as Admin Password and factory default settings.

  • Page 50: Backup And Restore

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 50 Backup and Restore 10.2 10.2.1 Backup & Restore on a TSM500i-NSS Backup Refer to section for the procedure to backup NSS settings and the TsmWeb database to a directory “NSS_BACKUPS”...
  • Page 51 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 51 NSS v4.75 introduces a new database structure that improves disk space utilization. To restore a backup taken on NSS v4.74 or lower, to an NSS with v4.75 or higher, the restore operation requires free space on the USB flash drive (that contains the backup) to perform a database migration.

  • Page 52: Reset Nss To Default Settings

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 52 10.3 Reset NSS to Default Settings Section 10.1 details how to access the Reset submenu from the NSS LCD Main Menu. The Reset Menu includes a number of options and the associated default values are detailed below: 10.3.1 Admin Password Reset...

  • Page 53: Upgrading Tsm500I-Nss System Software

    10.5.1 Software upgrade via USB service port If you receive an NSS software upgrade from Prism the mechanism for these software updates is via the USB Service port on the front panel of the TSM500i-NSS. The procedure to upgrade is as follows: •...

  • Page 54: Remote Software Upgrade Via Tsmweb

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 54 10.5.2 Remote software upgrade via TsmWeb  From NSS v5.20 s/w onwards updates can be performed REMOTELY via TsmWeb. It will be possible to update NSS Software WITHOUT being physically at the HSM provided that update 5.20 has previously been applied using a USB stick at the HSM.

  • Page 55: Lcd Menu Sequence

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 55 10.7 LCD Menu Sequence Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07 Directors: L. Mali, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten www.prism.co.za...
  • Page 56 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 56 Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07 Directors: L. Mali, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten www.prism.co.za...
  • Page 57 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 57 Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07 Directors: L. Mali, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten www.prism.co.za...
  • Page 58 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 58 Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07 Directors: L. Mali, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten www.prism.co.za...
  • Page 59 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 59 Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07 Directors: L. Mali, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten www.prism.co.za...
  • Page 60 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 60 Prism Payment Technologies (Pty) Ltd | Reg No. 1990/005062/07 Directors: L. Mali, A.M.R. Smith (British)| Company Secretary: C.W. van Straaten www.prism.co.za...

  • Page 61: Managing Your Hsm

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 61 11 Managing Your HSM 11.1 Pairing with Secure KCED The pairing process between the HSM and the Secure KCED is the same for a locally connected Secure KCED and the remotely connected Secure KCED. For the details on how to pair the Secure KCED with the HSM refer to sections and 4.2.

  • Page 62: How To Change An Existing Crypto Officer Password Or Name

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 62 11.2.2 How to change an Existing Crypto Officer Password or Name • Whenever the KCED is connected to the HSM, the Cryptographic Officers must inspect the HSM, the externally connected device, and the inter-connecting cable for any signs of tampering or insertion of a bugging device.

  • Page 63: Check Operational Vs Privileged State

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 63 • One Crypto Officer must have authenticated themselves, using the KCED to login. • Customer must have received the Reset Password Token for the Cryptographic Officer. These tokens will only be sent to the email specified on the signed letter. The tokens may only be used once where- after they will not function.

  • Page 64: Force A Tamper Condition

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 64 Click on “Update Firmware” tab on the TSM > TSM Management page, browse to the file that was provided by Prism and then click on the Update Firmware button.

  • Page 65: Vending Tokens Using Prismtoken Web Ui

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 65 12 Vending Tokens using PrismToken Web UI PrismToken web UI supports the generation of:- • Manufacturer Key Change tokens • Meter Specific Engineering tokens (MSE tokens) • STS Key Change Tokens 12.1 Manufacturer Key Change Token...

  • Page 66: Meter Specific Engineering Tokens

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 66 12.2 Meter Specific Engineering Tokens The PrismToken web UI supports the generation of MSE tokens • Click on “PrismToken” in the left navigation menu, the select the “Token Issue” tab.

  • Page 67: Vend Sts Key Change Token

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 67 12.3 Vend STS Key Change Token The PrismToken web UI supports the generation of STS Key Change Tokens: • In this example the security module has a 1993 base date key (SGC=123457, KRN=3) and a 2014 base date key (SGC=123457, KRN=4) •...
  • Page 68 STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 68 • Check “Update Configuration” and enter the “New Meter Configuration” • Expand the “Key Change Token” box and click “Issue KCT”. • This key change token will work in meter 600727000000000009 if it has been configured on SGC 123457, KRN 3, TI 1.

  • Page 69: Appendix A - List Of Abbreviations

    STS6 Manufacturing TSM500i NSS User Guide (PR-D2-1124 Rev 1.2)| Page 69 APPENDIX A – List of Abbreviations Boot Loader Critical Security Parameter (for example, a password or a key) DITK Decoder Initialisation Transfer Key (also known as “Dispenser ROM Key”)

This manual is also suitable for:

Tsm500i-nss

Table of Contents