Multi-MAC Scheme (CSNBMMS)
Use the Multi-MAC Scheme verb to derive M of N MAC verification keys, validate M of N possible MACs over the input data, derive a final MAC key, then generate and return a final MAC.
Since the values of M, N, and the MAC identifier counter c are used in derivation processing, the values of the keys used for creating the input MACs directly depend on using the correct values when computing the individual MACs, binding the derived keys to the scheme parameters.
This verb is part of a comprehensive Multi-MAC Scheme (also often referred to as M of N MAC Scheme) as follows:
Consider that a business needs to change a personal account number (PAN) associated with a customer personal identification number (PIN). For security reasons, the service needs to verify input data before allowing the PAN change to occur, but that data verification must happen at multiple parties that are separate business entities and cryptographic trust and verification is needed. For performance and security strength, a PKI solution is not desirable.
A Multi-MAC Scheme can sollve this problem, where the derivation of the MAC generation keys is tightly controlled through a key management system (KMS) and where the input parameters to the derivation include the Multi-MAC Scheme parameters.
This verb does not need to document any Restrictions.