SAKEM Circumvents Operational Limitations

SAKEM Circumvents Operational Limitations Intrinsic to Many High Security Electronic Identification Schemes

Return->

Let's look at the basics. If a service provider has to provide a key of any type to a customer, it faces the issue of delivering the key to the proper person. In electronic identification, the "key" is a cryptographic key or a shared secret.

Two levels of security requirements emerge:

low security, logical key factor: sufficient security is achieved if the cryptographic key or shared secret is provided to the customer as a computer record (which is easy to copy and might be tampered with), or
higher security, physical key factor: the cryptographic key or shared secret is provided in a memory device of some kind, with the hope to prevent tampering with the key.

Let's consider the higher security case, where a key contained in a memory device has to be delivered to the proper person. This physical delivery requirement creates a situation different from the logical security. At some point in the process, the memory device must receive the key, which involves either a keyboard input or a direct connection with a compatible interface.

Generally, the SAKEM procedure allows any compatible interface to be used for the secure delivery of a key into the memory device already in the hands of the proper person. This opens the door to many service arrangements that were otherwise inconvenient or impracticable.

Return->