Prepaid Metering & STS Standard:
Legacy Key Management in SSA

1. Purpose and Background

This letter is submitted to the STS Association (STSA) and to the prepaid meter manufacturing community to:

1. Formally validate the specific operational context of mini-grid and off-grid deployments in Sub-Saharan Africa as distinct from utility-scale grid deployments;
2. Formally enumerate all STS encryption algorithm versions and key management parameters encountered in deployed legacy meter fleets across SSA, for the purposes of creating an authoritative reference for STS correspondence, technical compliance, and field operations;
3. Request formal recognition from the STSA and from meter OEMs of the right of mini-grid developers and operators with large legacy meter fleets to self-manage and continue operating their existing meters indefinitely, without being compelled to undertake full fleet replacement due to algorithm or TID lifecycle changes.

2. Sub-Saharan Africa — Validation of the Operating Context

2.1 Why SSA Mini-Grid Deployments Are Structurally Different

Mini-grid and off-grid deployments in Sub-Saharan Africa differ materially from the urban utility environments for which the STS standard was originally designed and in which it is most typically administered. The following characteristics define the SSA mini-grid context:

2.2 The Mini-Grid Energy Access Imperative

Approximately 600 million people in Sub-Saharan Africa lack access to electricity. Mini-grids powered by solar and hybrid generation are one of the most cost-effective pathways to energy access for populations beyond the reach of the national grid. The IEA and SE4All estimate that >35% of new electricity connections needed to reach universal energy access in Africa by 2030 must come from mini-grids and off-grid solutions.

STS prepaid metering is uniquely suited to this environment because: - It functions entirely offline — no internet or GSM required for token generation or meter operation - It is vendor-interoperable — utilities can procure from multiple manufacturers - It is tamper-evident and fraud-resistant — critical for remote revenue collection - It uses a 20-digit keypad interface — accessible without smartphones or connectivity

The STS standard is, for practical purposes, the de facto mandatory standard for mini-grid metering across SSA. Regulatory agencies in Kenya (EPRA), Tanzania (EWURA), Uganda (ERA), Ghana (PURC), and South Africa (NERSA/SANEDI) either formally mandate or strongly prefer STS-compliant meters for off-grid licensees.

2.3 The Legacy Fleet Problem

Mini-grid projects in SSA typically have a 25-year project life, financed by a combination of development finance institution (DFI) loans, climate finance, and equity. Meters are procured at project commissioning and are expected to last the full project term.

The installed legacy fleet across SSA includes meters manufactured between 2010 and 2022, spanning multiple STS algorithm generations. The TID (Token Identifier) Rollover event of 24 November 2024 exposed a systemic vulnerability: a significant subset of mini-grid operators discovered they lacked the authorised access to Security Modules or vending keys required to generate TID rollover tokens for their own fleets, because those keys were held by the meter OEM or the original vending platform provider — not by the mini-grid developer.

This situation is commercially and operationally unacceptable. Mini-grid developers must have documented, authorised, and long-term access to the cryptographic material and STSA-compliant processes needed to service the meters they have procured and deployed.

3. Enumeration of STS Algorithm Versions and Key Parameters — Legacy Reference

This section constitutes a formal enumeration of all STS cryptographic algorithm versions and key management parameters relevant to SSA-deployed legacy meter fleets, for use in STS correspondence, compliance documentation, field operations, and authorised key management requests.

3.1 STS Encryption Algorithms (EA)

The STS standard defines Encryption Algorithms that are applied to tokens to secure token data in transit and prevent unauthorised token generation. The following EA versions are known to be present in deployed SSA meter fleets:

3.1.1 EA07 — Legacy 64-bit DES

• Cipher: DES (Data Encryption Standard), 64-bit block cipher
• Key effective length: 56 bits (8 parity bits discarded)
• IEC 62055-41 reference: Edition 1, Annex A
• Security status: Cryptographically weak by modern standards. NIST formally deprecated DES in 2005. However, the STS token format provides additional security layers (Supply Group Code, Meter Primary Account Number, Token Class) that partially compensate.
• SSA field prevalence: Estimated to represent 40–60% of the current SSA installed base, concentrated in meter generations manufactured between 2005 and 2016.
• Legacy management requirement: Operators managing EA07 fleets must retain access to EA07-capable Security Modules and DKGA02-compliant vending key material. Transition to EA11 requires physical key-change tokens or meter replacement.

3.1.2 EA11 — Current 128-bit MISTY1

• Cipher: MISTY1 (Mitsubishi Improved Security Technology 1), 128-bit key, 64-bit payload
• IEC 62055-41 reference: Edition 2 (introduced in 2014 revision, formally adopted)
• Security status: Current; recommended for all new deployments
• SSA field prevalence: Predominant in meters manufactured from 2016 onwards; rapidly becoming standard in new SSA mini-grid tenders
• Key management: Requires DKGA04-compatible Security Modules and STSA KMC registration

3.2 Decoder Key Generation Algorithms (DKGA)

The DKGA defines how the meter’s unique Decoder Key (DeKu) is derived from its credentials (PAN, SGC, VK). Different DKGA versions are tied to different encryption algorithm eras.

3.3 Token Identifier (TID) and Key Revision Number (KRN)

3.3.1 TID — Token Identifier

The TID is a 24-bit field encoding elapsed time in minutes from the STS Epoch (1 January 1993, 00:00:00 UTC). It serves as an anti-replay mechanism — meters reject tokens with a TID equal to or less than the last accepted token’s TID.

Rollover event (November 2024): Meters operating with KRN=1 exhausted their 24-bit TID counter on 24 November 2024. Meters not updated via two-token Key Change process prior to this date began rejecting new credit tokens.

3.3.2 KRN — Key Revision Number

The KRN indicates which TID epoch and associated vending keys a meter is operating under. A “Key Change” (two-token process) increments the KRN and resets the TID stack.

3.4 Key Types Summary — SSA Legacy Reference Table

The following table consolidates the key management framework relevant to SSA legacy fleet operators:

3.5 Manufacturer Codes — Known SSA-Deployed OEMs

The following manufacturer codes (as published or verifiable via the STSA member register) are associated with OEMs whose meters are commonly encountered in SSA mini-grid fleets. Recipients of this letter are requested to confirm or correct their manufacturer code(s) as applicable and to provide a complete list of all STS-certified product model numbers active in SSA.

4. Formal Request — Indefinite Legacy Fleet Management Permission

4.1 The Request

The undersigned coalition formally requests that the STS Association, in consultation with recipient OEMs, establish and publish a Formal Legacy Fleet Management Framework (hereafter “the Framework”) that grants mini-grid developers and operators the following rights:

4.1.1 Right to Retain and Operate Legacy Security Modules

Mini-grid operators who have procured STS-compliant Security Modules (hardware security modules or licensed software equivalents) compliant with DKGA02 and/or DKGA04 standards shall be entitled to continue operating those modules for the purpose of generating tokens for their registered meter fleet, indefinitely, without mandatory upgrade timelines, for as long as: - The Security Modules themselves remain cryptographically functional; - The meters in the fleet were lawfully procured from an STSA-certified manufacturer; and - The operator maintains accurate records (PAN, SGC, MFG Code, DKGA version, EA version) for each meter under management.

4.1.2 Right to Access the STSA Key Management Centre (KMC)

Mini-grid operators who do not hold full STSA membership shall be entitled to access the STSA KMC through a designated Mini-Grid Operator Fast-Track pathway for the purpose of: - Obtaining vending keys (VK) for their registered SGC; - Generating Key Change token pairs for TID rollover remediation (KRN=1 → KRN=2); - Registering new meters acquired from STSA-certified manufacturers.

This access shall not require full institutional utility membership, but shall require: - Registration of the mini-grid project with relevant national energy regulator; - Submission of a meter fleet manifest (PAN, SGC, MFG Code, DKGA, EA version per meter); - Agreement to STSA data protection and security protocols.

4.1.3 Right to Continued EA07/DKGA02 Key Material for Legacy Fleets

The STSA and OEM recipients are requested to formally commit that: - EA07/DKGA02 key material and Security Modules will not be forcibly retired from service with a hard cutoff date for operators managing lawfully-procured existing fleets; - If EA07 Security Modules must be deprecated for new issuance, a grace period of no less than 10 years from the date of this letter shall be provided for operators to transition at their own project-appropriate pace; - OEMs shall make available, on request, all technical documentation (PAN records, DKGA version, EA version, SGC assignments) for meters they have supplied to SSA mini-grid operators, to enable those operators to conduct independent fleet management.

4.1.4 Right to OEM-Independent Meter Management

No STS-certified OEM shall impose contractual or technical restrictions that prevent a mini-grid operator from: - Obtaining their meter’s PAN, SGC, MFG Code, and DeKu derivation parameters from an alternative authorised source; - Migrating their vending infrastructure from one STSA-compliant vending platform to another; - Retaining the vending keys for their SGC independently of any OEM service agreement.

This is consistent with the fundamental STS design principle of vendor interoperability and utility independence in token generation.

4.2 Rationale

The STS standard’s greatest contribution to energy access in Africa has been its open architecture — no utility, developer, or operator should be permanently dependent on a single OEM or vending platform to service their meters. This principle is undermined when: - OEMs retain sole custody of vending keys for meters they have sold; - Security Modules are deprecated on OEM-determined timelines regardless of project lifecycle needs; - KMC access is restricted to institutional utility members, excluding the mini-grid sector; - Legacy algorithm support is sunset without adequate transition mechanisms for remote, off-grid fleets.

The Framework requested herein is the minimum necessary to align STS administration with the realities of the Sub-Saharan Africa mini-grid sector, and to protect the energy access investments of development finance institutions, governments, and private developers who have deployed this technology in good faith.

5. Summary of Requests to Recipient OEMs

Each OEM recipient of this letter is specifically requested to:

1. Confirm their STSA Manufacturer Code(s) and list all STS-certified product models currently deployed or supported in SSA
2. Provide the EA version, DKGA version, and KRN/TID parameters applicable to each product generation deployed in SSA
3. Commit to providing PAN records, SGC assignments, and DeKu derivation parameters to lawful mini-grid operator purchasers of their meters upon request
4. Confirm a minimum legacy key support commitment (EA07/DKGA02 or EA11/DKGA04 as applicable) for existing SSA-deployed meter fleets, with a minimum 10-year committed support horizon from date of last supply
5. Support the STSA in establishing the Mini-Grid Operator Fast-Track KMC access pathway described in Section 4.1.2

6. Requested Response

Recipients are respectfully requested to provide a written response within 60 days of the date of this letter, addressing the specific requests in Section 5.

Responses should be directed to:

SSA Mini-Grid Coalition Secretariat c/o [Coalition Lead Organisation] Email: [contact@coalition-address.org] Reference: SSA-STS-LEGACY-2026-001

ANNEX A — Full Recipient List

A.1 Primary Addressees — STS Association and Standards Bodies

A.2 Chinese Meter OEMs — Mid-Tier, Strong SSA Presence

A.3 Indian OEM

A.4 Global Integrators

A.5 Regional Regulators — For Information

ANNEX B — Technical Glossary

This letter has been prepared in good faith by practitioners operating in the Sub-Saharan Africa off-grid and mini-grid energy sector. It is submitted for formal consideration by the STS Association and the named recipients. Technical parameters are cited from IEC 62055-41 (Editions 1 and 2) and STSA published materials. Recipients are invited to submit corrections to any technical parameters stated herein.

End of Document — SSA-STS-LEGACY-2026-001