Академический Документы
Профессиональный Документы
Культура Документы
Application Note
Table of Contents
1 Scope ....................................................................................................................................................... 3
2 References................................................................................................................................................ 3
3 Functionality ............................................................................................................................................ 4
3.1 System overview ............................................................................................................................ 4
3.2 Veeder Root TLS ........................................................................................................................... 5
3.3 PSS dynamic password in the TLS communication ...................................................................... 5
3.4 PSS dynamic password in serial server.......................................................................................... 6
3.5 PSS dynamic password with Inform .............................................................................................. 6
4 Activation procedure for secured serial interface to TLS ........................................................................ 7
4.1 PSS and Site Info update sequence ................................................................................................ 7
4.2 PSS installation procedure ............................................................................................................. 7
4.2.1 Setup a secure TLS with unsealed DIP-switch ..................................................................... 7
4.2.2 Setup a secure TLS with sealed DIP-switch ......................................................................... 8
5 History ..................................................................................................................................................... 9
PSS5000/APNO/805055/00 Page 2 of 9
PSS 5000, Application Note
TLS interface using Dynamic Password
1 Scope
In the communication to a Veeder-Root Tank Level System (TLS) via a serial interface, it is possible to
use a security code to protect the TLS against unauthorized access. The security code used is normally a
fixed password, but to increase security a dynamic password has now been introduced.
The scope of this document is to describe the use of a dynamic password in the communication protocol
towards the Veeder-Root TLS and the activation procedure.
2 References
1. PSS Dynamic Password, Application Note, Algorithm and example - PSS5000/APNO/804401/--
2. TLS User Guide, Veeder Root Doc. Ref. : VEEDER – ROOT SERIAL INTERFACE MANUAL
for TLS-300 and TLS-350 UST Monitoring Systems and TLS-350R Environmental & Inventory
Management System through Software Versions 020/127/327/427/520 Manual Number
576013-635 Revision S
3. TLS-3XX Series Consoles – System Setup Manual Ref.: 576013-623
4. DOMS POS Protocol, Application Level Specification, Control Functions –
PROTOCOL/SPEC/804706/--
PSS5000/APNO/805055/00 Page 3 of 9
PSS 5000, Application Note
TLS interface using Dynamic Password
3 Functionality
3.1 System overview
Wetstock information is needed for a Back Office System (BOS) and a head office application such as
Site Info. The collection of wetstock information from the BOS is achieved through the PSS wetstock
controller, which means that the PSS handles the communication to the TLS. A head office application
can use a serial server in the PSS to communicate directly to the TLS.
Inserting a dynamic password in the communication between the PSS and the TLS will not affect the
BOS to PSS communication because the communication to the TLS is handled by PSS wetstock
controller. But a secure TLS communication will affect the accessibility for a Head office application
because of the direct communication. Therefore, the Head office application must also be able to
generate these dynamic passwords. The dynamic password used by the Head office application will be
validated by the PSS serial server before it is retransmitted to the TLS.
Security code
Security code
protected
protected
BOS
Network
BOS Network
Router
PSS 5000
TCP/IP
Doms POS Doms Host Serial
Protocol Protocol Server
PSS 5000
Wetstock
Controller
Router
Security code Serial
protected Driver
Security code
protected
PSS5000/APNO/805055/00 Page 4 of 9
PSS 5000, Application Note
TLS interface using Dynamic Password
The Veeder-Root TLS has an option that enables protection of the communication protocol with a 6
character “security code”. If the security option is activated (see TLS User Guide), the TLS will only
reply when the correct “security code” is provided in all the protocol messages. The security option is
activated by the DIP switch settings on the TLS CPU board.
Since the security code can be set using the TLS front panel, it is important to protect the TLS front
panel with a password. This front panel password is enabled by another DIP-switch on the TLS CPU
board. For the security code protected communication to make sense, these DIP switches should be
sealed.
When “Secure Veeder-Root Protocol” is selected in the PSS Protocol to Port assignment, the PSS will
automatically start using a Security Code based on PSS Dynamic Password in the TLS communication.
Please be aware that in order to activate changes in protocol-to-port assignment, the PSS needs a
“Master Reset” and must be configured / reconfigured afterwards.
The PSS has a dynamic password concept that consists of a 4 hex digit password, which is dependent on
the date and site. This makes it possible to issue passwords that provide access to a specific site on a
specific day.
The 6 character security code in the TLS will, therefore, have 2 leading characters set to „0‟ and the four
subsequent characters as the dynamic password of the day.
For example:
At the End Of Day (EOD), when the date changes, or when the “site number” is changed there will be a
new dynamic password and the PSS will:
set a new security code in the TLS using the old security code
use the new security code in subsequent commands sent to the TLS
The PSS will remember the last security code used, even if the TLS has been offline for several days.
However, if a Super Master Reset occurs, this stored security code is lost.
When the “site number” is changed, it can take up to 60 seconds before the new security code is
updated.
1
for this purpose the ”user” parameter in the algorithm will be ”host”.
PSS5000/APNO/805055/00 Page 5 of 9
PSS 5000, Application Note
TLS interface using Dynamic Password
A head office application (e.g. Site Info) can use the serial server interface (Doms POS Protocol) to
communicate to the TLS, so when the PSS is configured to use secure communication with the TLS, the
head office application must use the security code as well. The security code must be “DD” + “PSS
Dynamic Password”, where DD is day in month (range 01-31)
Used security code = “DDXXXX”, XXXX todays security code, DD monthly day
It could happen that the EOD at host level and site level are out of synchronization, resulting in the host
application and the PSS having different dynamic passwords. By providing the day in month, the PSS
knows for which day the host password is calculated; this should be either the same as in the PSS, one
day earlier or one day later.
Around EOD both yesterday‟s, today‟s and tomorrow‟s dynamic security code will be valid within the
time interval of ±2 hours from midnight (00:00)
To calculate the dynamic password the Head office application needs the date and site number. This
information can be retrieved from the non-password protected pss_info.xml file via the PSS.
Furthermore, the pss_info.xml file will also show the status of the installed secure Veeder-Root serial
server; here it is possible to retrieve the following information about the serial server:
<serial_server tcp_port="6015">
<device protocol="veeder-root_TLS" secure="yes" online="yes"/>
</serial_server>
When using Inform to communicate with the Veeder-Root TLS, it is necessary to know the current
dynamic password.
Inform can either use a serial server interface or a serial interface to communicate with the TLS. When
Inform uses a serial interface, the password described in section 3.3 is required. However, when using
the serial server interface, the password described in section 3.4 is required.
PSS5000/APNO/805055/00 Page 6 of 9
PSS 5000, Application Note
TLS interface using Dynamic Password
As the use of dynamic passwords has an impact on the transparent interface used by Site Info, it cannot
be activated on the sites until both the PSS applications on the sites and Site Info installed in the HQ
have been updated to support this. The following describes the update sequence for both Site Info and
the PSS
Update Site Info to support Secure Veeder-Root protocol and disable the use of dynamic
password
Update PSS on site to support the “Secure Veeder-Root protocol”
On site, the PSS Protocol to Port assignment “Secure Veeder-Root Protocol” must be selected. The PSS
will automatically start using a Security Code based on the PSS Dynamic Password in the TLS
communication.
Please be aware that in order to activate changes in protocol-to-port assignment, the PSS must be
“Master Reset” and configured / reconfigured afterwards.
When the TLS is connected to the PSS, there are two ways to initialize the TLS with a secure
connection. In both cases the PSS will automatically set the correct security code after it has detected the
TLS online.
Connecting the TLS to the PSS with the security DIP-switch OFF and afterwards enable
security option when a connection is established.
Set the “default security code” (000000) in the TLS with the security DIP-switch ON, and
afterwards connecting the TLS to the PSS.
To get the TLS online in this situation, the security DIP-switch must be set to the “OFF” position until
the connection has been established.
When the “Secure Veeder-Root Protocol” is selected via Protocol to Port Assignment in the PSS, the
following must be done:
PSS5000/APNO/805055/00 Page 7 of 9
PSS 5000, Application Note
TLS interface using Dynamic Password
To get the TLS online in this situation, the security DIP-switch must set in the “ON” position.
When the “Secure Veeder-Root Protocol” is selected via Protocol to Port Assignment in the PSS, the
following must be done:
PSS5000/APNO/805055/00 Page 8 of 9
PSS 5000, Application Note
TLS interface using Dynamic Password
5 History
Date Rev. Init. Comments
2011-05-26 00 MKR First release
PSS5000/APNO/805055/00 Page 9 of 9