A single digitally signed instruction was given to a
financial institution to credit a customer's account. The
financial institution received the instruction three times
and credited the account three times. Which of the following
would be the MOST appropriate control against such multiple
credits?
A. Encrypting the hash of the payment instruction with the
public key of the financial institution.
B. Affixing a time stamp to the instruction and using it to
check for duplicate payments.
C. Encrypting the hash of the payment instruction with the
private key of the instructor.
D. Affixing a time stamp to the hash of the instruction
before being digitally signed by the instructor.
Answer Posted / guest
Answer: B
Affixing a time stamp to the instruction and using it to
check for duplicate payments makes the instruction unique.
The financial institution can check that the instruction was
not intercepted and replayed and thus it could prevent
crediting the account three times. Encrypting the hash of
the payment instruction with the public key of the financial
institution does not protect replay, it only protects
confidentiality and integrity of the instruction. Encrypting
the hash of the payment instruction with the private key of
the instructor ensures integrity of the instruction and
nonrepudiation of the issued instruction. The process of
creating a message digest requires applying a cryptographic
hashing algorithm to the entire message. The receiver, upon
decrypting the message digest, will re-compute the hash
using the same hashing algorithm and compare the result with
what was sent. Hence, affixing a time stamp into the hash of
the instruction before being digitally signed by the
instructor would violate the integrity requirements of
digital signature.
Is This Answer Correct ? | 2 Yes | 0 No |
Post New Answer View All Answers