I keep on hearing PSAs/adverts on the radio about not buying tokens from illegal vendors.
Wasn't the whole update thing last year about finding such people?
Are these tokens the same ones I see in random FB comments offering units at very low rates?
What happens if you do input such tokens?
I'm assuming you'll eventually be exposed?
TIA
The KRN's were needed because of a technical limitation of the STS System.
A field called the TID counts up in minutes from a base date. The original base date was 1993, the new base date is 2014.
The new base date will roll over in 2045.
The TID field is important because it prevents replay attacks. The customer meter checks that the tokens entered into the meter were generated in order. This prevents old tokens from being reused. This is one of the reasons that you have to input prepaid meter tokens in order.
The STS system was developed in the 90s. Vendors in every small town and village needed to be able to generate tokens, this meant that an online internet connected token generation system was not viable.
Vendors were given vending machine with a black box (Security Module), the security module had vending keys that could be used to generate valid STS tokens. The machines stored the transactions made.
ESKOM would have to go reconcile with the vendors and sort out payment at a later date.
If a security module with valid keys was stolen, the vending system could create keys and Eskom would never get the money.
The KRN made all previous vending keys invalid.
If utilities insist on online vending systems then security modules can be more tightly controlled.
This should prevent rogue vendors.
Their are ways around it.
For example a meter that was never updated to KRN2 could still accept rouge tokens as long as the rouge vendor is capable of changing the time on the security module. This probably requires some amount of effort and would not be a sustainable practice.
The STS system is incredibly intricate and their is a hierarchy to the keys used in the system. The security of the system requires the keys higher up in the system to be kept secure. If the Master Key is compromised then other keys such as vending keys and Transfer keys can be derived potentially compromising the system.
