Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC 62055-21 Standard: Framework for Payment Metering Systems (STS)
IEC 62055-21 defines the overarching framework for the Standard Transfer Specification (STS), the globally dominant open standard for prepayment (payment) metering systems. This standard establishes the architectural model, functional components, and security mechanisms that enable any STS-compliant vending system to generate tokens accepted by any STS-compliant meter. With over 50 million STS meters deployed across 100+ countries, IEC 62055-21 is one of the most impactful metering standards in the developing world.
Market Scale: STS is used in over 50 countries across Africa, Asia, Latin America, and the Middle East. South Africa alone has more than 10 million STS-compliant prepayment meters installed.
System Architecture and Functional Components
IEC 62055-21 defines a modular architecture with clearly separated functional components. This separation enables an open market where components from different manufacturers can interoperate seamlessly:
| Component | Abbreviation | Function | Example |
|---|---|---|---|
| Payment Meter | PM | Manages credit transfer, consumption measurement, and disconnection/reconnection | STS-compliant electricity meter with keypad |
| Vending System | VS | Generates encrypted tokens upon payment; manages tariffs and customer accounts | Point-of-sale terminal, mobile app, web portal |
| Token Carrier | TC | Physical or electronic medium for transferring the token from VS to PM | Printed receipt, SMS, smart card, NFC |
| Customer Interface Device | CID | Transfers the token from the carrier to the meter | Meter keypad, card reader, smartphone app |
| Key Management Centre | KMC | Generates and manages cryptographic keys; operated by the STS Association | Centralized secure facility |
Interoperability Guarantee: The modular framework means a customer can purchase credit from a vending system operated by any authorized provider, and the token will work in their meter. This is analogous to a mobile phone SIM card working in any unlocked handset.
Token Architecture and Security
The security of the STS system is built on three cryptographic layers, each defined in IEC 62055-21:
Layer 1: Token Structure
STS tokens are decimal numbers that customers enter into their meter keypad. Edition 1 tokens are 20 digits; Edition 2 tokens are 22 digits (the extra digits accommodate the enhanced AES-128 security). The token encodes the amount of credit, the meter identifier, a timestamp (Token Identifier), and a cryptographic message authentication code (MAC).
| Token Field | Edition 1 (20-digit) | Edition 2 (22-digit) |
|---|---|---|
| Amount/Data field | 6 digits | 6 digits |
| Meter identifier (KRN) | 4 digits | 4 digits |
| Token Identifier (TID) | 4 digits (12 bits) | 5 digits (16 bits) |
| Message Authentication Code | 6 digits | 7 digits |
| Total | 20 digits | 22 digits |
Layer 2: Cryptographic Algorithm
Edition 1 uses DES/3DES encryption with a 112-bit effective key length. Edition 2 (defined in IEC 62055-21:2018) migrates to AES-128 with a 128-bit key. The cryptographic MAC is computed over the concatenated token data fields using the selected algorithm.
Layer 3: Key Management
The STS Association operates a centralized Key Management Centre (KMC) that generates and distributes cryptographic keys to authorized utilities and meter manufacturers. Each meter is loaded with a unique decryption key at the point of manufacture. The key hierarchy includes:
- Vending Key (VK): Used by vending systems to generate tokens
- Supply Group Code (SGC): Groups meters by tariff region or utility
- Key Generation Technology (KGT): Identifies the key derivation algorithm version
- Key Revision Number (KRN): Embedded in the token to identify the key version
Edition 2 Migration Deadline: The STS industry is under a mandatory migration from Edition 1 (3DES) to Edition 2 (AES-128). All new meters manufactured after a certain date must support Edition 2, and all vending systems must be upgraded. Failure to migrate will result in Token Identifier rollover issues that prevent token acceptance.
Engineering Design Insights
Implementing IEC 62055-21 in a payment meter or vending system presents several engineering challenges:
Meter Firmware Architecture
The STS protocol stack occupies roughly 8-12 KB of flash on a typical meter microcontroller. The critical components include the token decoder (verifying the MAC), the TID replay protection mechanism (storing the last 2-10 TIDs in EEPROM to prevent token reuse), and the credit management logic (deducting consumed energy).
Vending System Integration
A vending system must implement the STS encryption algorithm in a secure environment — typically a Hardware Security Module (HSM) or a software equivalent that has been certified by the STS Association. The vending system must also manage the TID counter (which increments with each token) and handle the KMC synchronization protocol.
Token Carrier Diversity
Modern STS deployments support multiple token carriers simultaneously:
- Keypad entry: The customer manually types the 20/22-digit token (most common in Africa)
- Smart card: Token written to an ISO 7816 card; the meter reads via a card slot
- NFC/RFID: Token transferred via near-field communication from a smartphone
- SMS/USSD: Token delivered via mobile messaging (dominant in Asia)
Cost Optimization: The keypad-entry model has the lowest bill-of-materials cost (no display needed beyond basic LCD segments, no communication module). For large-scale deployments (millions of meters), this can result in savings of $150M+ compared to fully communicating smart meters, making STS the preferred solution for electrification programs in developing economies.
FAQs
Q: Is STS only for electricity, or can it be used for water and gas?
A: Originally developed for electricity, STS has been extended to water and gas metering through the IEC 62055 series. The same token structure and security framework apply, but the OBIS codes and measurement units differ. Water STS meters typically measure in liters or cubic meters with different credit decay rates.
Q: How does the STS prevent tampering and theft?
A: STS provides four layers of security: (1) cryptographic MAC prevents token forgery, (2) TID replay protection prevents using the same token twice, (3) meter tamper detection (magnetic, cover-open, terminal cover) is part of the meter hardware spec, and (4) the KMC key management ensures that even the utility cannot extract the meter’s private key after deployment.
Q: Can STS support pay-as-you-go (PAYG) models via mobile money?
A: Yes, and this is the fastest-growing deployment model. The vending system is integrated with mobile money platforms (M-Pesa, Airtel Money, etc.). When a customer makes a payment via mobile money, the VS generates an STS token and sends it to the customer’s phone via SMS. The customer enters the token into the meter keypad.
Q: What happens if a customer loses their STS token before entering it?
A: The vending system maintains a transaction log and can reprint/re-send the token. However, if the token has already been entered into the meter (consumed), the TID replay protection will reject a second attempt. The vending system can check the token status against the TID database to verify if it has been used.
