Network devices of various kinds may participate in network security functions based on cryptographic algorithms. Then, initializing these devices encompasses the configuration of one or more cryptographic keys or shared secrets. The organization overseeing the network device operations needs assurance that keys are not configured maliciously. This issue boils down to the problem of initially distributing a key or a secret in a device supervised by an authorized person. That's because any automated (and anonymous) configuration procedure is either restricted by a key previously established in confidence, or unrestricted for anyone who knows the operation of the device.
Examples include VPN (Virtual Private Network) nodes, and POS (Point-Of-Sales) devices and ABMs (Automated Banking Machines) used for encrypting debit card payment transactions.
The SAKEM procedure is known to provide constructive security for field initialization of network devices.