TSE Online Archive

We recommend the use of the TSE online archive, as it helps you to fulfil your duty of care for data protection with regard to the TSE data.

The Hypersoft TSE online archive saves the /Logfiles Log files contain the automatically maintained protocol of all or certain actions on a computer system. Hypersoft uses these files for support purposes. The TSE (D Cash Security Ordinance) uses these files for authoritative security., which are stored as *.tar files when signing operations on their TSE. By means of these log files and in connection with the DSFinV-K export, the complete recording and signing of a POS system can be proven during a tax audit.

According to GoBD, you as the operator must keep this data for at least 10 years and be able to provide it at short notice at any time in the event of an audit.

Since the certificate of a TSE has a maximum duration of 5 years and the memory it contains is limited, this data (log files) must be stored in an archiving system. This is the only way to ensure that the data can still be retained even after a TSE has been changed (due to a defect, a full memory, or an expired certificate).

If you have a large hypersoft system with several TSEs, which may have been purchased at different times and thus have different durations, the output of TSE log files can prove to be complex, especially if some TSEs already have an expired certificate and have been replaced by new TSEs.

In conjunction with the Hypersoft POS system, we have developed a backup procedure that ensures the completeness of your TSE log files and runs fully automatically in the background so that you can always be sure that your data can be output in the event of an audit.

TSE Archive Mandatory Recommendation

Swissbit TSE Sticks are among the best solutions for storing TSE data. With the many thousands of sticks we use, we have now found that a small double-digit number can be defective without us noticing. The special thing about it, however, is that this defect is not noticeable: In this rare phenomenon, the Swissbit TSE Stick accepts the bookings, duly acknowledges the acceptance, but the stick gives out absolutely no more data. This means that no data from the stick can be exported and used during an audit (if you have not backed it up with our TSE Online Archive or manually). In the last few days and weeks we have tested the sticks remotely at our customers and have already contacted the acutely affected customers. We will replace the sticks with the help of the manufacturer. Swissbit has not yet submitted a statement on the issue. Unfortunately, Swissbit cannot make the data visible either, but assumes that the problem can no longer arise with the current Swissbit SDK (Software Development Kit). We have already distributed this SDK to all customers with active support contracts. We have also installed a monitoring system that automatically tests the TSE export at the turn of the month, for example, and sends a message to our support team if it fails. However, since the data will then also no longer be released and other errors are also conceivable, we again feel obliged to urgently advise you to use our TSE online archive (for only €2 per month), as the majority of our customers already do. Please contact your Hypersoft representative.

Requirements and start

At least one Hypersoft TSE set up
TSE online archive" licence (per location using TSE, possibly also central clients)
Master token set up between POS and portal
After adding the licences, they must be retrieved in the MCP. (This is done automatically at the end of the day)

Note: It is necessary to restart the Terminal Commander on the server so that the correct modules are started depending on the licences. Further stations do not have to be started.

Licensing...

All available sites are displayed in the TSE online archive, even if this archive has not been licensed by all sites. This way they can ensure that they have considered all locations. TSE archives can only be uploaded with a valid licence. You can activate the programme by ordering a licence. Details of the licence TSE Online Archive.

Procedure documentation TSE Online Archive

This procedure description provides you with the exact procedure for data storage and data transmission. In addition, we go into all components of the TSE online archive and can thus already answer the most frequent queries about your archive solution for tax audits (at the POS, data transfer, portal, data centre).

Commissioning...

During commissioning, an export is created once for all data accumulated up to that point and this is uploaded to the TSE online archive.

At the POS...

With a valid TSE online archive licence, each connected TSE stick on your system exports all TSE log files on it in *.tar format to a running local archive every day at TTA (with a time offset of 15 minutes). These *.tar files already contain the DSFinV-K 2.0 format required by tax authorities. The daily export does not only take into account the TSE log files of the current opening day, but ALL data on it.

TSE master data archives are written to the database approximately 1 minute after a trade is created.

All TSE exports are written locally to running archives (per TSE), which are supplemented daily with the respective new exports of their TSE sticks. If they put an additional TSE stick into operation, these exports are also included in a new running archive.

Ongoing local archives are uploaded daily to the TSE online archive in encrypted form (S-FTP and SLL) within 5 hours of the TTA.

If there is a change of month, a monthly archive is created from the current archives and these are "closed". The completed monthly archives are also transferred to the TSE online archive after the TTA and additionally copied to the local free memory of the respective TSE sticks. Only now are the TSE log files deleted from the TSE stick and a new running archive is started for the new month.

In summary...

Daily:

Export of the TSE log files to a running archive
Upload of the current archives to the TSE online archive

Monthly:

Current archives become monthly archives
Copying the monthly archives into the free memory area of the TSE
Upload of the monthly archives to the TSE online archive
Deleting the TSE log files from the TSE
Creation of new running archives for the current month

An internal algorithm based on the customer number distributes the uploads of all customers to the time range after the TTA in order to evenly utilise the FTP server.

If you decide to use our TSE online archive at a later date, ALL previously accumulated TSE log files will be exported to a new monthly archive and transferred to the TSE online archive after licensing for the following TTA. Archiving is therefore also possible "retroactively".

Monthly archives can also contain TSE log files from other months if, for example, the TSE online archive was not licensed until later. Monthly archives thus reflect the time of export, not the time of the TSE log files. (In the case of an audit, you should always export plus/minus 1-2 additional months).

data transmission

The access data to the TSE archive server is retrieved once a day (and once per start of portal clearing) for each client in the portal in encrypted form and stored locally. Retrieval is only possible with a valid customer number and matching Master Token. This way, we can ensure that only the respective licensed sites can transfer new data to the TSE online archive.

The programme FTP Manager is a system component and starts automatically on main cash registers and servers. It has a small icon in the SysTray and clicking on it opens the protocol.

The respective process is logged in the window.

The time of the next upload is displayed. Optionally, the button can be used to start the upload directly (if files are available for upload). The transfer from the POS to the TSE online archive takes place via encrypted SSH FTP.

TSE online archive in general

Hosting with Hetzner...

The server systems of the TSE Online Archive consist of several dedicated root servers at our hosting partner Hetzer.

Information about the company Hetzner:

Link: https://www.hetzner.com/de

Hetzner GmbH is certified according to ISO/IEC 270001 , see: https://www.hetzner.com/de/unternehmen/zertifizierung/

Download the certificate at: https://www.hetzner.com/de/assets/downloads/FOX-Zertifikat.pdf

Previous certificate, download the certificate at: https://www.hetzner.com/de/pdf/FOX_Zertifikat.pdf

Link to the Hetzner homepage: About Hetzner

The certificate proves adequate security management, the security of data, the confidentiality of information and the availability of IT systems. It also confirms that safety standards are continuously improved and sustainably controlled.

The archive servers are monitored 24/7 via SNMP events in the active Hypersoft monitoring system.

Maintenance as well as troubleshooting is ensured by Hypersoft IT.

For security reasons, only one of the archive servers is accessible from the POS as well as the Hypersoft portal; the other servers replicate the data via an encrypted IP/MAC binding and are not accessible externally.

Your data is protected against loss several times over via the following systems.

Data mirroring per archive server via RAID
Replication of the archive data to further archive servers, which are also equipped with a RAID
Additional backups to a NAS system (Network Attached Storage)

Access protection...

Access to the archive servers is only possible for selected Hypersoft employees from the IT and development departments. The authorisation management and the password guidelines comply with the current DSGVO. Further information can be found in the Hypersoft ADV (commissioned data processing), which you can download and digitally sign in the Hypersoft portal at My contracts and documents.

Use TSE Online Archive

The TSE online archive can be reached at www.myhypersoft.de in the "Archives" section. Depending on the licensing and user As users we call people who operate programs, in our case mostly the users of the MCP and the contained programs. authorisation, this menu item is displayed.

Overview...

The location overview shows them all available locations. They also have an overview of the licensing, the number of TSEs, the number of active TSEs, the total size of the archive, the time of the last upload and (if available) the release status for central systems.

Note: The location list also shows their central location, which may also have TSE and need to back up their data accordingly. However, location sharing is not possible for the central location, which is why the sharing status is hidden.

Show licensing

All available sites are displayed in the TSE online archive, even if this archive has not been licensed by all sites. This way they can ensure that they have considered all locations.

TSE archives can only be uploaded with a valid licence.

Licensing details: TSE-Online-Archive Licences

Choose location

If you have a central system and manage a large number of locations, you can select the desired location via the location filter. By default, all available locations are displayed, including locations without a valid TSE Online Archive licence.

Search...

Use the "magnifying glass" icon in the title bar to activate the search and enter a search term. The table of their locations is filtered according to the search term entered and shows all hits with a yellow highlight.

Submenu...

You can open the submenu by clicking on the three dots in the top right-hand corner of the module TSE-Archive.

Here you can also open the Export dialogue to download TSE data for an audit.

You can also use the dialogue Location/Alias to change the internal designation of your locations so that they match your internal language usage. This change only affects the designations in our portal.

permissions

The following user As users we call people who operate programs, in our case mostly the users of the MCP and the contained programs. authorisations are available for selection:

Archive = main authorisation to view Hypersoft archive solutions
TSE Archive = Here you can call up the TSE online archive and view information.
Edit = Here you can activate or deactivate the central release.
Export = Here you can call up the export dialogue and create and download exports.

Location details

After selecting a location, you will be taken to the location details. All TSEs ever used at this location are displayed here.

TSE status

You can further narrow down the list of TSEs per location using the "Status" filter. In the standard system, all TSEs are displayed with all their statuses.

You can choose from the following statuses:

All: All TSEs are displayed in the list.
Active: TSEs that are actively set up at the POS and have a valid certificate.
Inactive: TSE that is not (no longer) in operation and may have an expired certificate.
To be updated: The TSE status is currently updated by the POS

TSE Certificate

The TSEs from Swissbit used by Hypersoft currently have a certificate term of 5 years. After this time has elapsed, the TSE can no longer sign transactions and may no longer be used. You can also filter the list according to the validity of the certificate, so that if you have a large number of TSEs, for example, only the TSEs with an active certificate are displayed. In the column Expiry of the certificate at you can see the remaining term of each TSE.

New TSEs that have not yet been put into operation at the POS and are therefore not yet actively signing have a lifetime of 5 years, but this has nothing to do with the validity of the certificate. Only when the TSE has been put into operation at the POS is the actual remaining term of the certificate transmitted to the portal and thus also to the TSE online archive. The lifetime of a TSE also begins to expire after a cart time of approx. 5 months from manufacture, even without commissioning.

Data release for location systems

If you have a central/location system and you log into the TSE archive with a central account, you can view and export all data of the connected locations.

Depending on their legal situation, locations can also prevent the release of data to the control centre; this is set with the switch in the location details at the top right TSE data are released for the control centre.

By default, this function is activated (a data release for the head office exists), as we assume that during tax audits and the creation of TSE exports, the head office will assist in providing the data, if necessary. This setting can be adjusted by a site user As users we call people who operate programs, in our case mostly the users of the MCP and the contained programs. at any time.

If there is no data release for a location for the Central Users, the TSE data cannot be exported. All other data can still be viewed.

The location list also shows their central location, which may also have TSE and need to back up their data accordingly. However, location sharing is not possible for the central location, which is why the sharing status is hidden.

TSE device details

You can open the hardware data sheet of the device management per TSE by selecting the desired TSE.

Further documentation: TSEs in the device management.

The "Unit details" dialogue shows you all relevant information about the selected TSE. Among other things, the serial number, the date of purchase and the respective lifetime are displayed, i.e. the time for which the TSE certificate is still valid.

Exporting the data

In the event of an audit, they may have to export the TSE log files at short notice for a specific location and time period and make them available to the auditor on a data stick. The Export dialogue allows you to create new exports, download existing exports and view their export history.

Create export...

You can create a new export at any time, provided you have the appropriate user As users we call people who operate programs, in our case mostly the users of the MCP and the contained programs. authorisation.

For this purpose, please indicate the desired location as well as a time period from / to in months or years, yes according to the requirement of your audit. Use the input field Notification to to enter an e-mail address that will be notified when the export is ready for download.

The provision of data depends on the number of TSE sticks used, their booking volume, as well as the specified time period.

Then press the "Export" button to create the export order and request the provision of the data.

To be on the safe side, the exported data always includes the previous or following month of the selected period, as the upload algorithm can cause a time shift of a few days.

Notification...

If you have entered an e-mail address in the field Notification to, you will receive a message when your export is ready for download. For security reasons, this is only a notification, the download is exclusively via the TSE Online Archive using your authorisation at www.myhypersoft.de:

If your export order fails, we will also inform you by email about the incident. Please create a new export in case of an error.

Export history

The export history shows you all current and past export orders. This way, they can always check which data has already been exported and made available for audits. You can also see here when the export was generated for which location and period by which user As users we call people who operate programs, in our case mostly the users of the MCP and the contained programs..

Download...

Within 30 days, the exported data can be downloaded via the download icon. We create a ZIP archive which contains all *.tar files (TSE log files) unchanged.

Running time...

Exports have a validity period of 30 days. After these 30 days, no more downloads are possible for security reasons. If you want to download an export that was created more than 30 days ago, please create a new export order for the same location and period.

The remaining download runtime of the exports is shown in the column Status in days.

Cancellation of the TSE Online Archive

Further documentation: Questions on change of ownership or termination of business

If you wish to cancel the TSE online archive, please note the following information:

Responsibilities...

You are responsible for keeping and archiving the log files of your TSE signature unit.

In the case of the TSE online archive, Hypersoft takes on this responsibility and redundantly backs up your data as long as you have booked this service with Hypersoft and play your part in the service delivery. In the event of termination of our service, we will transfer this responsibility back to you. You must then take care of your data and export the data from the TSE Online Archive for this purpose.

Exporting data after closing the TSE Online Archive...

Using the Export function, you can export your log files saved up to that point, download them and transfer them to a data carrier of your choice so that you have them at your disposal and can hand them over in the event of an audit.

We can either strictly reject a reference by you to Hypersoft as the storage location for your data after the end of the cooperation or, if the data is available to us, we must hand it over to bodies authorised to enforce the handover of such data.

Important information after cancellation of the TSE Online Archive...

During a subsequent check, please note the possible difficulties in assigning the log file periods, TSE sticks used, as well as the security of your data carriers. This information can only be derived from your own records. We will retain your data for approximately 90 days in the event of termination before it can be automatically deleted if necessary. Of course, you can license the TSE online archive again during this time, so that we transfer any new log files created in the meantime to your archive.

If you no longer wish to use Hypersoft with all products, please note that you should sign a GoBD follow-up agreement in order to continue to access our portal and your data.

Nevertheless, the grace period of 90 days until the retention of your TSE log files still applies.

Back to the parent page: KassenSichV TSE safety device