INSIKA – A new approach against tax frauds at ECRs Norbert Zisky Physikalisch-Technische Bundesanstalt Jörg Wolff Physikalisch-Technische Mathias Neuhaus Bundesanstalt cv cryptovision
Content � Background � Technical concept � Technical details � Verification � Summary INSIKA - A new approach against tax frauds at ECRs 2
Background Germany on the way to fiscal solutions Big problems in tax compliance were indicated in 2003 – Nobody knows the exact loss of money for the society. � The Federal Audit Office (BRH) has complained that current models of electronic cash registers and cash management systems fail to meet the principles of correct accounting practices when it comes to recording transactions … The risk of tax fraud running into many billions [of euro] should not be underestimated in cash transactions � The German Ministry of Finance had to find a solution for this problem � In 2004 PTB proposed the new concept INSIKA - A new approach against tax frauds at ECRs 3
Background Possibilities of Manipulation � Using functions for service technicians (e.g. setting of Z-report-counter or grand total) � Misuse of training functions � Using report generators (e.g. suppression of voids in printout) � Direct data modification in files or data bases (PC-based systems) INSIKA - A new approach against tax frauds at ECRs 4
But ! this is only the tip of the iceberg Source: Ansgar Walk, Creative Commons-License Attribution ShareAlike 2.5 INSIKA - A new approach against tax frauds at ECRs 5
Manipulation of ECR Data A global problem Possible Solutions � Better market observation � Classical fiscal systems � Online data transfer of each transaction � New approach in Germany – INSIKA concept INSIKA - A new approach against tax frauds at ECRs 6
Content � Background � Technical concept � Technical details � Verification � Summary INSIKA - A new approach against tax frauds at ECRs 7
Concept – Idea May 2004 Use of cryptographic mechanisms for the protection of ECRs against manipulation � Finance authorities distribute signature devices and operating instructions for ECR and POS systems � Finance authorities define sets of data to be signed and data structures � Manufacturers integrate the signature devices into ECR and POS systems � Tax audit starts with testing the integrity and plausibility of the tax data by verifying signatures INSIKA - A new approach against tax frauds at ECRs 8
Concept – Basic idea Simple basic idea: � Compulsory recording of all transactions � Access to electronic data for tax auditors � Protection against manipulation using digital signatures � In case of data loss estimation possible, using totalizers on smart card Use existing rules and procedures for POS systems with added manipulation protection INSIKA - A new approach against tax frauds at ECRs 9
Concept – System architecture Central authority smart cards smart cards Store public key acquire acquire personalize personalize and deliver and deliver deliver smart card read public key ECR transactions Tax audit transactions generate and sign generate and sign store and export store and export 12343222 Xx23434-362632 20031016_09:05 123.34|432.22|822.31 1ad3477ca123a2b3b4b77aa verify verify transactions transactions 12343222 Xx23434- 20031016_09:05 123.34|432.22|822.3 1ad3477ca123a2b3b4b77aa 362632 1 transaction data set signature INSIKA - A new approach against tax frauds at ECRs 10
Concept – INSIKA Interfaces XML Export- XML Export- Interface Interface TIM Signature- TIM Signature- <?xml version="1.0“ <?xml version="1.0“ encoding="iso-8859-1"?> Interface <?xml version="1.0“ encoding="iso-8859-1"?> Interface <?xml version="1.0“ <insika> encoding="iso-8859-1"?> <?xml version="1.0“ <insika> encoding="iso-8859-1"?> <?xml version="1.0“ <document-information> <insika> encoding="iso-8859-1"?> <document-information> <insika> encoding="iso-8859-1"?> <version>1.0</version> <document-information> <insika> <version>1.0</version> <document-information> <insika> </document-information> <version>1.0</version> <document-information> </document-information> <version>1.0</version> <document-information> <transaction> ... </document-information> <version>1.0</version> <transaction> ... </document-information> <version>1.0</version> <transaction> ... </document-information> <transaction> ... </document-information> <transaction> ... <transaction> ... <?xml version="1.0“ <?xml version="1.0“ XML Data encoding="iso-8859-1"?> encoding="iso-8859-1"?> <insika> <insika> <document-information> <document-information> <version>1.0</version> <version>1.0</version> </document-information> </document-information> <transaction> ... <transaction> ... � INSIKA defines the TIM Signature Signature Device – TIM Signature Device – TIM and the XML Export interfaces only � calculates digital signatures � calculates digital signatures (SHA-1, ECC 192 bit) � there are no specific requirements (SHA-1, ECC 192 bit) � safe memory of private key � safe memory of private key on the ECR’s journal � management of sequence � management of sequence � XML Data can be built by an numbers numbers � Memory for turnover sums � Memory for turnover sums additional XML-Generator INSIKA - A new approach against tax frauds at ECRs 11
Content � Background � Technical concept � Technical details � Verification � Summary INSIKA - A new approach against tax frauds at ECRs 12
Details – Transaction and Receipt � Data of transaction and on receipt are the same signature of transaction = signature on receipt � With the help of a sequence number the correspondence is defined definitely � Transaction data can be stored durable on user-defined electronic media Source: Ocrho, Creative Commons-License Source: Everaldo Coelho and YellowIcon Source: Wikipedia, GNU Public Attribution ShareAlike 2.5 INSIKA - A new approach against tax frauds at ECRs 13
Details – Signed data elements XYZ G XYZ G m m bH, Abbest r . 2, 10587 Ber l i n bH, Abbest r . 2, 10587 Ber l i n XYZ G XYZ G m m bH, Abbest r . 2, 10587 Ber l i n bH, Abbest r . 2, 10587 Ber l i n Identification Identification DE 081508150- 14 DE 081508150- 14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Br eakf ast Par i s A 5, 98 Br eakf ast Par i s A 5, 98 Transaction Items Transaction Items Cof f ee Beans Ar abi ca Cof f ee Beans Ar abi ca 0, 253 kg x 9, 99€/ kg = B 2, 53 0, 253 kg x 9, 99€/ kg = B 2, 53 Fi r ewood Beech A 14, 98 Turnover Turnover Fi r ewood Beech A 14, 98 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (per VAT Rate) (per VAT Rate) Sum 23, 49 Sum 23, 49 VAT Rat e Tot al w/ o Tax Tax VAT Rat e Tot al w/ o Tax Tax Hash Value Hash Value A 19% 20, 96 17, 61 3, 35 A 19% 20, 96 17, 61 3, 35 of Transaction Items B 7% 2, 53 2, 36 0, 17 of Transaction Items B 7% 2, 53 2, 36 0, 17 Hash Hash 5FE5- W J6Q - M URZ- FNUZ- UQ JJ- W FM Z- 3G P6- NKYS 5FE5- W J6Q - M URZ- FNUZ- UQ JJ- W FM Z- 3G P6- NKYS Signature Signature Si gnat ur e Si gnat ur e U5Y4- VCBB- I G XM - SCB6- 6M O F- O 2G F- ALS6- W 5O 4 U5Y4- VCBB- I G XM - SCB6- 6M O F- O 2G F- ALS6- W 5O 4 VETD- 3ELO - T77N- Q TA4- T6EG - TSI K- JYXY- 253J Sequence Number Sequence Number VETD- 3ELO - T77N- Q TA4- T6EG - TSI K- JYXY- 253J BXV6- 4VYC- TURZ BXV6- 4VYC- TURZ SEQ : 388 SEQ : 388 Operator-ID, Operator-ID, O per at or : Fox 12. 02. 2009 13: 27: 36 O per at or : Fox 12. 02. 2009 13: 27: 36 Date, Time Date, Time Thank You f or vi si t i ng Us! Thank You f or vi si t i ng Us! INSIKA - A new approach against tax frauds at ECRs 14
Recommend
More recommend
