Security Protocol Controller –
Crypto Authenticator

Overview of SPC‐CA



SPC-CA Standard is oriented towards organizations, involved in goods and/or service delivery, intending to collect unified financial data from multiple electronic devices for sales registration.

During the development of systems that collect financial information from various electronic devices, several problems commonly arise. Such problems are data validation, source verification and reliable data transfer. The SPC-CA standard provides a complete and unified solution for these problems.



There are many organizations, related to goods and/or service delivery and interested in collecting unified financial data from multiple points of sale (POS). Examples of such organizations are:

– Franchise companies that want to receive accurate information for their partners’ sales.

– Tax Authorities, which need to collect information for tax duties of various taxpayers.

– Big companies that want to get accurate data for their distributors’ sales.

In many cases the POS includes an electronic device (register), that issue (and usually print) primary documents (receipts, refund receipts, invoices etc.) for the performed financial transactions. Subsequently, based on the primary documents, these devices generate secondary documents (daily or control reports), that summarize the sales data fora certain period of time. Examples of such devices are fiscal and non-fiscal electronic cash registers, fiscal printers,vending machines, ticket vending machines, etc.

There is а big variety of electronic registers, which makes their integration into a single system a significant challenge.

The main problems are as follow:

1. Data integrity and validation

In many cases, the POS operators (or owners) are interested to misrepresent the data. That requires reliable detection methods for the following possible manipulations:

1.1. Forged primary documents – issuing of completely counterfeit primary documents.

1.2. Altered primary documents – printing of originally genuine primary documents, but manipulating their content.

1.3. Discrepancy between the primary and secondary documents – when forming a secondary document, some primary documents are missed or incorrectly calculated.

1.4. Single or multiple documents are not transmitted – certain primary or secondary documents are not transmitted to the data collecting organization.


2. Data origin authentication

When collecting data from various sources, the following must be ensured:

2.1. Reliable authentication and authorization of the source devices – data from non-registered devices should not be allowed into the system.

2.2. Reliable data origin authentication – the issuer of every received document should be reliably determined.


3. Providing reliable and secure data transfer from different data sources.

The successful transfer of data between the source devices and the data collecting organization requires:

3.1. Data transport medium – widespread and cheap data transport medium must be selected.

3.2. Data protection – the transmitted data must be protected from modification and wiretapping.

3.3. Traffic optimization – the size of the transferred data and the speed of transmission must be optimized.

3.4. Scalability – it should be possible to easily increase the number of data source devices, handled by the system. Some of the organizations may cover hundreds of thousands of registers.

3.5. Support of different source device types – ability to collect data from different models of electronic devices.

The SPC-CA standard aims to offer a single solution to the problems above.



SPC-CA standard uses a data collecting system model (with multiple sources), featuring the following components:

– Registering Device (RegD).

– Crypto Module (CM) with Crypto Card (CC) – connected to any registering device

– Data transport medium

– Communication servers

SPC-CA Components

1. Registering Device (RegD)

Various models of electronic devices (featuring the issuing and printing of primary and secondary documents) can be compatible with the SPC-CA standard, provided that certain requirements are fulfilled. The most important of these requirements are:

– support for CM connection

– support for CM communication protocol

– mandatory CC signature of issued documents and printing of the CM generated barcode

– documents’ data storing (including the encrypted data) on non-volatile memory

– support for TCP/IP


2. Crypto Module (CM)

The crypto-module is a device that unifies the interfaces between the RegD and the other system components. It relives the RegDs developers from implementing the server communication protocol and dealing with the specifics of the transmission logic and crypto card interface. In addition the CM protects the server communication from malicious intervention.


3. Crypto Card (CC)

The CC provides encryption and decryption for different data for various operations. It also stores unique data regarding the connected RegD. SPC-CA Card Issuing


4. Data transport medium

Communications between the RegD and the communication servers are based on TCP/IP channel. This provides more flexibility for the SPC-CA standard implementations, because various network solutions are possible – private networks, GPRS or 3G networks of GSM mobile operators, Internet, etc.


5. Communication Server

The standardization of the communication protocol (between the Crypto Module and the communication server) provides unified and secure method of communication with different RegD models.

SPC-CA standard includes the following documents:

– Registering device requirements

– Crypto module specification

– Crypto card specification

– Data transport medium requirements

– Communication protocol between the registering device and the crypto-module

– Communication protocol between the crypto module and the crypto card

– Communication protocol between the crypto module and the communication server



The crypto cards, complying with the SPC-CA standard, must have the following features:

– Each CC generates internally a unique pair of keys – public and private. The private key is secret. It is stored in the CC and cannot be retrieved. It is used for data encryption/decryption by the RSA algorithm. The public key is known and securely stored on the server. There it is used to encrypt/decrypt the data for/from the corresponding private key.

– Any new CC goes through a process of personalization with information about the connected RegD and its owner. It is not possible to change key data, set during this personalization. The CCs can be used up to one year after the personalization and then must be replaced for security reasons (as commonly done for Digital Certificates).

When a product/service sale is carried out by the RegD, it issues a new primary document for it. Before this document is finalized, important data (for example document number, issuing date/time, total amount etc.) are sent to the CM and then to the CC. The CC encrypts these data (using RSA algorithm) and the result is returned to the RegD. At the same time, the CC accumulates some of these data (for example the Total Amount) in its internal registers (for secondary document control). To complete successfully every primary document, the RegD must print the encrypted data in the end of the receipt (in the form of 2D barcode) and store it, together with other primary document data into the non-volatile memory.

A similar procedure is performed, when secondary documents are generated. However, in this case, instead of calculating control data, the CC includes the already accumulated register values in the encrypted section of the secondary document (for control).

Periodically, depending on its settings, the CM requires from the RegD to provide a TCP/IP channel for data transmission to the communication server. A login procedure follows – the CM sends a RSA encrypted packet, thus providing secure identification of the data source. In case of success the CM sends any “new” documents (the documents still not sent or specifically requested from the server). This operation uses binary, encrypted, and optimized by size and speed protocol. The communication process is controlled by the CM. Non-authorized devices access to the server is not possible, because a list with all RegD (with their access permissions) is stored in the server(configuration: RegD-CM-CC).

If a CM fails to communicate with the server for a certain time period (for example for several days), it ceases documents signing. This blocks the valid document printing process and, consequently, the main RegD functions (until next successful communication).

Each document can be verified by reading and decoding the 2D barcode printed on it. This is generally done by a special scanner device or application (for example software application for PC or smart-phone). This way:

– The encrypted data validity is checked.

– The content of text data can be compared with the decoded encrypted data.

Thereby the 2D barcode provides an easy and reliable method to identify the issuer of each document and to determine its validity, despite being printed on normal paper medium.



How the SPC-CA standard solves the problems, described in II „OBJECTIVES”?

1. Data integrity and validation

1.1. The unique 2D barcode, printed on each document, and containing encrypted data, provides a simple and reliable method for document verification – the scanning of the barcode. Thereby different forms of document control can be implemented – varying from inspection of randomly selected documents to organization of lotteries, discounts etc. that encourage the customers to register their primary documents.

1.2. The added encrypted data ensures that any document manipulation can be reliably detected. Any discrepancy between the plain-text document and the encrypted data or encrypted data manipulation can be automatically determined on the server.

1.3. The secondary document data from the RegD and the encrypted control data from the CM are sent together to the server. Therefore it is easy to compare them and detect possible discrepancy.

1.4. If the CM does not send data, after certain period of time, it refuses to generate 2D barcodes. If the RegD fails to send certain documents, the server can automatically detect and report the missing data.


2. Data origin authentication

2.1. The electronic signature identification mechanism and the use of list with valid CC, effectively denies system access to any non-valid devices.

2.2. Each document is electronically signed, which guarantees reliable verification (data origin authentication) of the data sent by the corresponding RegD.


3. Providing reliable and secure data transfer from different registration devices

3.1. SPC-CA uses the industry-standard TCP/IP protocol which allows selection of the most-suitable solution for each implementation.

3.2. The combined application of symmetric and asymmetric cryptographic algorithms used for data transmission provides maximum data protection.

3.3. The chosen communication protocol is binary and is optimized for the purposes of financial data transfer. Moreover the standard allows the selection of the level of detail of the data transmitted.

3.4. The system can be easily expanded by simply registering new RegDs and CC personalization. The communication protocol with the server allows building of scalable communication modules.

3.5. The unified interface to the CM allows effortless integration with different RegD types.


For more information, please Log in / Sign up.