diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c
index f03ae50c..804339e4 100644
--- a/src/core/crypto_tc.c
+++ b/src/core/crypto_tc.c
@@ -1593,8 +1593,10 @@ int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_proc
     {
         if (crypto_config.sa_type == SA_TYPE_MARIADB)
         {
-            //if (sa_ptr->ek_ref != NULL)
-            //    free(sa_ptr->ek_ref);
+            if (sa_ptr->ek_ref[0] != '\0')
+                clean_ekref(sa_ptr);
+            if (sa_ptr->ak_ref[0] != '\0')
+                clean_akref(sa_ptr);
             free(sa_ptr);
         }
     }
diff --git a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c
index a1462aad..3edaebd0 100644
--- a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c
+++ b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c
@@ -762,7 +762,7 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out,
         return CRYPTO_LIB_ERR_NULL_BUFFER;
     }
 
-    if(sa_ptr->ak_ref == NULL)
+    if(sa_ptr->ak_ref[0] == '\0')
     {
         status = CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA;
         return status;
@@ -995,7 +995,7 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
     Crypto_hexprint(mac,mac_size);
 #endif
 
-    if(sa_ptr->ak_ref == NULL)
+    if(sa_ptr->ak_ref[0] == '\0')
     {
         status = CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA;
         return status;