cryptography - DUKPT - how does the receiver verify the transaction counter? -
ansi x9.24 says (page 41) receiver should verify originator's transaction counter in smid has increased.
other sources hsm's not store state apart base derivation keys.
the base derivation keys can looked key set identifier (contained in smid). receiver (hsm) able decrypt without keeping state of originator. when verifying transaction counter can not imagine other way keeping track of transaction counter per key serial number (ksn) of originator (a table or map) - there state kept, there should not kept state.
does know how implemented or explain basic idea how can done without keeping track of state?
edit: question posted to:
Comments
Post a Comment