If the meter is tampered the display shows a raised hand ✋ and the internal relay disconnects the power supply. In this case the customer needs to apply for a tampering clearance token with the utility or the local Power Vending Center (POS). After the token is successfully entered the meter will close the relay and return to normal operation.
The Vending Center (POS, point of sales) produces a 20 digits transfer code (Token) generated based on user’s meter number and purchase amount. After the user input this code via the meter’s keypad, the meter will decrypt the code.
After passing the encryption authentication, the purchased energy amount is stored into meter’s memory and added to the available credit. (see meter feedback here)
If the customer has allowance to use emergency credit (overdraft), this energy amount is deducted from the new purchase amount. When the user is consuming energy, the meter deducts the credit according to the consumption.
Once the credit is zero or on emergency credit level, the meter disconnects the customer from power supply.
The example shows the information shortcode (07)1, the remaining credit (0.00) and the symbol that the relay has opened.
– Payment systems – Part 41:
Standard transfer specification (STS)
– Application layer protocol for one-way token carrier systems
The STS Key management centre is operated for the STS association by the national electricity utility company Eskom in South Africa. Their services are as follows:
- The registration of Supply Group Codes (SGCs) on the KMC
- The registration of all security modules on the KMC
- The initialisation of all security modules on the KMC
- The generation of all STS vending keys for the relevant Supply Group Codes
- The loading / coding of the relevant STS vending keys into security modules, for use by the appointed vending equipment manufacturer/s. This will include security modules that are new, repaired or that need to be re-coded. The physical coding needs to take place in Eskom’s KMC in Midrand
- The loading of a key file onto a disk to accompany the security module (for loading onto the vending equipment). The disks will be supplied by Eskom
- The loading of STS vending keys on key cards, for use by the appointed meter manufacturer/s. The physical loading of the key cards needs to take place in Eskom’s KMC in Midrand.
The following meter-specific tokens are used:
General token handling
During input the numbers entered are displayed on the LCD, scrolling from right to left, with a dash displayed at every fourth digit. A counter in the upper left corner shows the total number of entered digits.
In this example 15 digits have already been entered.
The delay for accepting an input of the next digit is 20 seconds. After that time the display returns to the default display and the token entry was incomplete.
After token input the display shows one of the following information for 3 seconds.
The Token is accepted and the purchased energy amount is added to the remaining credit.
After that the meter shows the purchased amount for 5 seconds.
If the input is wrong, or random numbers are input with the purpose of tampering, the LCD display will indicate Reject-x, x is the times of wrong input.
In this example have been already eight inputs wrong. After 3 wrong inputs the keyboard is locked for 10 seconds. During that time the display shows: REJECT and the remaining waiting time in seconds (toggles every two seconds). With each new wrong input the lockout time for the keyboard is doubled. After 10 wrong inputs the customer needs to wait 1,280 seconds. This is the maximum waiting time. Each new incorrect input leads to another waiting time of 1,280 seconds. When token entry lockout is active the interface does not decrypt any meter specific tokens. Non-meter specific tokens and codes are still accepted and processed as normal while in lockout mode. The lockout period is reset to its original non-lockout status after any meter specific token has been successfully accepted by the meter or after meter is powered down and up again.
A security feature built into the STS is that no credit token can be used more than once. This is achieved by having an identifier built into the token. These identifiers are stored in a table in the meter, and the identifier of a new token is compared with the table If it has already been entered into the meter, the token will be rejected. The meter will give a notification that the token is used.
Due to the nature of the token identifier, an STS token has an effective life-time of approximately three months. If a token older than three months is entered, the meter may reject that token, and give an indication on the display that the token is old.
Full: A meter has a maximum amount of credit that it can store. If the number of units on the token will cause the meter credit to exceed this maximum value, the token will be rejected. The token may be entered at a later date when the level of credit in the meter has reduced enough to accept this token. The meter gives an indication that it is full.
The load threshold can be changed by this token. If the user has an increased load demand that causes a frequent overload condition he needs to apply for a higher load threshold. A new Maximum Power Load Token will set this threshold.
The Standard Transfer Specification (STS) has become recognised as the only globally accepted open standard for prepayment systems, ensuring inter-operability between system components from different manufacturers of prepayment systems.
The application of the technology is licensed through the STS Association, thus ensuring that the appropriate encryption key management practices are applied to protect the security of the prepayment transactions of utilities operating to protect the security of the prepayment transactions of utilities operating STS systems.
It has become established as a worldwide standard for the transfer of electricity prepayment tokens since its introduction in South Africa in 1993 and subsequent publication by the International Electrotechnical Commission as the IEC62055 series of specifications.
Shenzhen CLOU is member of the STS association. See a member list here.
This tokens are generally defined and are working with all STS prepayment meters. Sometimes this token are also called engineering token.
Internal Latching Relays Test
0000 0000 0001 5099 7584
0000 0000 0001 6777 4880
Total Units Register Value
0000 0000 0002 0132 8896
Key revision No. KRN
1844 6744 0738 4377 2416
3689 3488 1475 5332 2496
Power limit Threshold
0000 0000 0012 0797 4400
Actual active power
0000 0000 0044 2920 8064
Meter Software Version
0000 0000 0087 2419 5840
0000 0000 0022 8172 8512
Phase Power Unbalance Limit
0000 0000 0173 1410 5857
0000 0000 0688 5369 7029
Run all above Token in Sequence
5649 3153 7254 5031 3471
In a test sequence (run all), each test has a duration of 2.5 seconds, and is performed in the above order. For a single test per token, the test has a duration of 5 seconds.
After completion of the test sequence the meter returns to its actual operation mode.
Security issues are of prime importance to the utility supplier and the consumer. The use of the STS standard prevents:
- Fraudulent generation of tokens from hit and miss attempts at entering the correct number
- Fraudulent generation of tokens from a stolen vending station
- Fraudulent generation of tokens from legitimate vending stations outside of the utility’s area
- Fraudulent use of tokens which have already been used
- Tampering of legitimate tokens e.g. to change the value
STS provides the facility of generating (e.g. credit transfer) tokens which can only be used by the intended meter, and furthermore in the case of credit tokens, can only be used once in that meter.
In order to achieve the above security, the standard defines the following:
- the use of advanced encryption techniques, which are at all times hidden from the consumer
- the use of very secure key management procedures, including the manner in which keys are generated and transported
- Required functionality at both the vending station and the meter
The Supply Group Code (SGC) is usually assigned to a meter by the manufacture for a specific utility and location (usually a large distribution area). The meter SGC must match with the vending system SGC. If it does not match, it is not possible to run STS token operations.
Supply Group Codes are currently managed by the Eskom Key Management Centre, physically located at Eskom Midrand.