Swissbit TSE Solutions for all Applications

Requirements

According to new statutory regulations of the tax authorities, all new electronic and existing PC-based POS systems in Germany must be able to be equipped with a certified technical security device (TSE) from January 1, 2020 and a legally compliant conversion of their POS systems must be implemented by March 31, 2021.

Our Solution

Swissbit a complete provider of tamper-proof recording solutions for POS data in accordance with the German Cash Security Ordinance (KassenSichV). Whether single devices, networked POS systems in a LAN or online-capable POS systems with a cloud connection, Swissbit provides an easy-to-integrate, flexible and secure TSE connection for all scenarios.
Certificate for Swissbit TSE: BSI-K-TR-0412-2020

Swissbit TSE Solutions

POS manufacturers receive convenient and standardized interfaces for local and cloud-based POS systems, which allows them to easily switch between the technologies as needed. Swissbit also offers businesses an interface to the DATEV fiscalization platform MeinFiskal, which amongst other great benefits, offers an intuitive POS-data archiving and checking feature and provides businesses with access to an ideal fiscal services package.

Swissbit TSE Solutions for Taximeter

From 2024 all old and new taximeters in the European Union should be equipped with a certified technical security device (TSE). An exception are taximeters with INSIKA technology, which were equipped before January 1, 2021, and may still be used until December 31, 2025. In addition, the Federal Ministry of Finance has granted a general non-objection period until December 31, 2025.

However, a legally compliant transition is already possible now! Swissbit is already supplying legally compliant retrofittable TSE solution for the Pont-of-Sales (POS) market and leading taximeter manufacturers have already started or even successfully completed the implementation of Swissbit TSE products.

You are a manufacturer and interested in our TSE solutions for taximeters? Contact us at fiscal@swissbit.com or +49 (30) 936 954 400.

Standalone and LAN Solution

Swissbit was the first manufacturer to receive TSE certification for storage solutions in Germany. With USB sticks, SD and microSD cards from Swissbit, almost every modern POS system can be retrofitted to meet the requirements of the German Cash Security Ordinance.

An optional LAN solution enables the efficient retrofitting of networked POS systems. In this way, devices in different locations, such as PC cash registers or tablets, can be easily retrofitted to be legally compliant without any further hardware intervention at the individual cash registers. In addition to the secure fiscal memory where the automatically signed transactions are stored, the Swissbit TSE memory solutions offer a user memory that can be freely used by POS equipment manufacturers.

The core of the certified Swissbit TSE is a durable, industrial flash memory with signature certificate in accordance with TR-03145 and the Common Criteria (CC) certified security modules BSI-PP-SMAERS and BSI-PP-CSP.

Swissbit TSE in Detail

  • TSE (according to BSI TR-03153) in three variants with 8 GB flash memory - without adapters for maximum reliability: microSD, SD and USB
  • Encryption: 384 bit - more than specified by the BSI and therefore future-proof
  • Validity of the signature certificate: 5 or 7 years + 6 months for warehouse / logistics
  • Processing time (signature and storage): less than 250 ms
  • Lifetime: guaranteed 20 million signatures
  • Data retention (with non-powered storage): 10 years
  • Optional: secure remote connection to fiscalization platform from Datev & T-Systems possible

LAN Solution in Detail

  • TSE package for LAN solution in connection with the purchase of USB TSE through our sales partners Gastro-MIS, Jarltech or Partner Tech
  • LAN Connector Software (.exe) for provider of cash systems with a one-time fee per location
  • Suitable for up to 5 POS systems per USB TSE (factor 5: 1 and free assignment of the POS systems to USB TSE possible)
  • Easy connection of additional cash registers possible (only limited by the number of USB ports in the server)
  • Multiple TSE products can run in parallel

Swissbit Cloud-TSE 2: Future-proof. Simple. Flexible.

Swissbit is once again setting new standards with the new Cloud TSE 2. As a “TSE-as-a-Service” model, the solution enables future-oriented, simple, and flexible fiscalization of online and cloud-based POS systems.

The Cloud-TSE 2 is the first solution of its kind to be certified following the latest BSI TR-03153-1, version 1.1.1. It is characterized by maximum security and an innovative pricing model. Thanks to its intuitive CRM and product interface, it can also be easily integrated into existing merchandise management systems and POS systems.

While the BSI certification process is underway, the first implementations can start as early as June 2024. If you are interested, please contact fiskal@swissbit.com. The Swissbit Cloud-TSE 2 will be fully available from September 2024.

 

Swissbit Cloud-TSE 2 in Detail

  • Cloud solution without hardware component
  • Subscription can be canceled monthly
  • Flexible subscription model for efficient connection of all POS landscapes
  • Connection to the cash register via REST API
  • Fixed IP address for companies that are classified as Critical Infrastructures (KRITIS)
  • First solution on the market to be certified following the latest BSI TR-03153-1, version 1.1.1 (certification process ongoing)
  • Supports automatic rollout with zero-touch onboarding
  • Fully manageable via REST API
  • Fiscal data storage for 30 days

Your Benefits

  • Easy to integrate into existing and new POS systems
  • Flexible and scalable: available as a single device and LAN solution as well as easily scalable. Easy switching between technologies possible.
  • Secure: reliable and 100% secure certified Swissbit TSE as microSD, SD and USB for the best protection of fiscal data
  • Fiscal services: connection to the fiscalization platform MeinFiskal of DATEV with further additional services

Where to Buy

If you would like to order the Swissbit TSE or have technical questions about your Swissbit TSE, then contact our sales and support partners. If you would like to know more about how we can help you with our Swissbit TSE for the legally compliant solution for the fiscal market in Germany, then just contact us: oder fiscal@swissbit.com or by phone: +49 (30) 936 954 400 .

All Swissbit TSE Products

partner-tech

+49 (40) 450635199
tse@partner-tech.eu
tse.partner-tech.eu

 

 

europe@jarltech.de

+49 (0) 800 JARLTECH
+49 (0) 800 52758324
europe@jarltech.de

gastro-mis

Tel +49 (89) 898 7869-200
tse@gastro-mis.de
tse.gastro-mis.de/tse

Frequently Asked Questions (FAQ)

General Questions

What does fiscalization mean?
Fiscalization is the legally compliant implementation of the extensive requirements of the German tax authorities for tamper-proof cash register systems.

What are the legal framework conditions?
The law for the protection against manipulation of digital basic records according to the Kassen-Sicherheitverordnung (KassenSichV) regulates that from 1.1.2020 electronic cash register systems via a TSE (technical security device) certified by the Federal Office for Information Security (BSI) with a security module, a storage device and have a uniform digital interface so that cash register operators can use legally compliant devices.
In addition, the notification of the Federal Ministry of Finance (BMF) of November 6, 2019 applies: Non-objection regulation when using electronic recording systems within the meaning of § 146a AO without certified technical security device after December 31, 2019. This non-complaint regulation means that new cash registers that are sold between 1.1 and 30.9.2020 must be "TSE-capable", i.e. the design in the TSE must have already taken place, and be retrofitted with a TSE by 30.9.2020, i.e. be plugged into this cash register. New cash registers that cannot be upgraded in this way do not comply with the law and may not be placed on the market.

Which POS systems are affected?
New cash register systems (cash registers and PC cash register systems) as well as existing PC cash register systems must be equipped with a certified TSE by January 1st, 2020. Cash registers that are already in the field and cannot be retrofitted must be operated with a certified TSE by December 31, 2022 at the latest.

How the Swissbit TSE Works

What are the components of the Swissbit TSE?
The Swissbit TSE, certified according to TR-03153, consists of an 8 GB memory module including fiscal and freely usable user data memory, a certified security module application (SMAERS) and a certified "Secure Element" from a cryptography service provider (CSP), as well as a certificate according to TR 3145 for the registration of the CSP with the tax authorities.

How is a transaction recorded?
The Swissbit TSE offers secure and fast transaction recording (secure storage, assignment of transaction numbers, digital signature with time stamp and signature counter) of the process data (process start, type of process, payment type, process end, TSE serial number, test value) and the document data (issuer, issue time, goods including quantity and type, transaction number, fee, tax amount, TSE serial number).
The number of transactions per booking (receipt) depends on the application (gastronomy, retail, ...) and the implementation of the till. A booking in the catering sector can, for example, consist of 4 transactions: process and receipt data at the beginning of the order process, as well as process and receipt data at the end of the process.

What is the signature counter?
Each signature of the “Secure Element” (CSP) leads to a step-by-step increase in the signature counter. Resetting the fiscal memory, e.g. after successfully exporting the fiscal data, has no effect on the signature counter.

How many TSEs can be connected to the server or the master cash register in a LAN solution?
With the LAN solution, USB TSE modules must be plugged into a server in the shop itself or in a master cash register. Swissbit supports up to five POS systems at the same time for each inserted USB TSE. In principle, an unlimited number of POS systems can easily be made tamper-proof with the LAN solution and other USB TSEs.

Can the fiscal data be deleted after the export?
Yes, according to the specification of the BSI, the fiscal data can be deleted after a successful export. Resetting the fiscal data memory does not affect the signature and transaction counter. The Swissbit TSE is "worn out" after approx. 20 million signatures.


Who is responsible for the TSE?
The taxpayer is responsible for operating a legally compliant TSE in his cash register. When the certificate in the TSE expires, the TSE solution can no longer be accessed and the cash register goes out of service. This is a mandatory requirement of the BSI.


Can the user continue to use his existing cash register equipment?
Mostly yes, because the Swissbit TSE is an ideal retrofit solution. The user should approach the cash register manufacturer or system partner in this regard.

Features of the Swissbit TSE

How many transactions can be done on the TSE card?
The Swissbit TSE products can securely manage around 20 million signatures.

The Swissbit TSE products are made up of a fiscal data store and a freely manageable user data store. How big are they?
The 8 GB TSE products consist of 6.5 GB of reusable fiscal data storage and 1 GB of free storage for other usage data, such as a price list, analysis reports or GOBD data.

What is the transaction speed?
The Swissbit TSE offers a fast transaction speed of less than 250 ms (milliseconds). This refers to future-proof 384-bit ECDSA signatures, which exceeds the current minimum requirements of BSI.

How long is the data available?
Swissbit TSE allows data availability for at least 10 years.

Are certain service models available?
Yes, future security services that Swissbit can provide to cash register manufacturers are possible, such as securing fiscal data, reporting the TSE to the tax office, lifetime monitoring of the TSE. Swissbit was the first TSE supplier to offer a interface to DATEV's open fiscalization platform in the Swissbit SDK.

Swissbit TSE & Certification

Is the Swissbit TSE certified?
The Swissbit TSE modules (technical security device according to BSI TR-03153), which are available in three versions, received approval as part of the certification process at the BSI (Federal Office for Information Security) on December 20, 2019. The Swissbit TSE is officially certified and manufacturers of POS systems can now deliver a legally compliant solution for the tamper-proof recording of POS data.

For how long can a TSE remain in the field?
Such a TSE may remain in the field for the period of its individual signature certificate, usually 5 years.

What is the maximum possible service life with which a TSE can be operated in the field?
The maximum life span of a TSE is 8 years and is limited by its individual signature certificate term.

The Swissbit TSE also includes a certificate? Who offers this certificate?
The certificate (according to TR-3145 for registering the CSP with the tax authorities) is already included in the Swissbit TSE ex works.

Can this certificate (according to TR-3145) be renewed?
The Swissbit TSE comes with a certificate that cannot be renewed. After the certificate has expired, the TSE must be exchanged.

What is the duration of the certificate (according to TR-3145)?
Swissbit TSEs have a standard term of 5 years, depending on the project, 3 years are also offered (plus 6 months for logistics / storage). After the certificate has expired, the TSE must be exchanged.

Does the cash register manufacturer have to carry out own certification?
No. As soon as the cash register manufacturer has integrated a certified TSE in accordance with TR-03153 into the cash register system, a separate POS certification is not necessary.

Swissbit TSE as LAN Solution

What exactly does the customer / cash register manufacturer need in order to be able to offer a Swissbit LAN TSE?
The TSE as a LAN solution is only available in conjunction with the purchase of USB TSEs from the distribution partners Gastro-MIS, Jarltech or Partner Tech. The associated LAN connector software (.exe) is available at low cost with a one-time fee per location.
The LAN solution is suitable for up to 5 POS systems per inserted USB-TSE (factor 5: 1 and free allocation of the POS systems to USB-TSE possible). With 15 registers, the end customer needs at least 3 TSEs.
Swissbit offers OEM versions of the LAN connector software for cash register manufacturers on request. If you are a cash register manufacturer and are interested, please contact our sales team.


Can the secondary cash register use the TSE module at the main cash register (with TSE) via the API?
Yes, as long as (1) the assignment of the cash register to a specific TSE is static and (2) the connection is local and secured / authenticated (e.g. SSL or similar).

Does the local network connection via LAN cable or WLAN from the cash register to the TSE in the LAN solution also need to be secured? For example, is WLAN encryption sufficient for a WLAN connection?
The communication between the cash register and the TSE in the LAN solution must have an independent fuse. WLAN encryption itself is not enough. The Swissbit API uses end-to-end security between the cash register and LAN connector software of sufficient quality (HTTPS, SSL / TLS).

How is it measured whether the permitted number of POS systems is used per inserted USB TSEs?
Active access registers are measured (i.e. client ID starts a transaction on the TSE). The "measurement interval" is 10 minutes.

What happens if the permitted number of USB TSEs connected to POS systems is exceeded?
If the allowed factor of 5: 1 of POS systems per inserted USB-TSE is exceeded (i.e. 6 or more instead of 5 registers are used within the time interval with 1 USB-TSE), all transactions last 1 second for 10 minutes from the time exceeded (instead of 250ms).