As per Section 5 of the German Cash Register Anti-Tampering Ordinance, requirements for technical security mechanisms are set out in the BSI's well-known technical guidelines and security profiles. Accordingly, a technical security mechanism only conforms to this Ordinance if it also complies with the BSI's technical guidelines and security profiles.
The standards published by the BSI specify that the transaction number issued by a security module must be unique and sequential, and that it must be incremented by the security module each time a transaction is started. In particular, the security module must never issue an identical transaction number to two different transactions, even if these transactions originate in processes involving two separate cash registers.
The transaction number references the key within the security module. Following a key change, the transaction number starts again at '0'.
In order to comply with BSI standards, the transaction number in each SMAERS (Security Module Application for Electronic Recordkeeping Systems) instance must therefore be unique, and a separate signature key must be used within CSP for each SMAERS (Security Module Application for Electronic Recordkeeping Systems).
This unambiguous key assignment offers a significant advantage while also limiting the impact of a potential system compromise.