CONNOTECH Experts-conseils Inc.

FAQ about SAKEM
(Secret Authentication Key Establishment Method)

Say "Open, Sesame" to Electronic Identification!

Table of Contents

1. What is an electronic identification key?

An electronic identification key (identification key) is a small size device that holds a secret cryptographic key (secret key) used by a given user for identification purposes. This identification is valid for a single service organisation, because the secret key is also found in the user's record of the secure database of this service organisation, but nowhere else.

Note:

This definition refers to the conventional cryptographic identification technology. It purposely ignores the more recent "public key" cryptography. See question 9.

This definition is silent about the actual shape of the "small size device" and the way it connects to computers or communications networks. Examples are abundant:

• A smart card used for customer or account holder identification by a financial institution.
  
  
• A multi-application smart card, where each application may independently fall under our definition of electronic identification key.
  
  
• A smart card with biometric identification data, the latter being in addition to the secret key proper to our definition of electronic identification key.
  
  
• A magnetic stripe card, if loaded with a secret key and if usage is restricted to "trusted" magnetic stripe readers, e.g. in premises access control.
  
  
• Small-size digital memories of various shapes, e.g. the Dallas Semiconductor TouchMemory or IButtons, which are coin-shaped micro-cans conveniently attached to a key ring or a physical object for identification.
  
  
• Special-purpose calculators providing one-time passwords in a challenge-response protocol for user identification in computer networks, e.g. the Racal Datacom Watchword.
  
  
• Small size LCD (Liquid Crystal Display) showing a time-variant password based on a secret key for user identification in computer networks.

2. What are the disadvantages of the current method for issuance of electronic identification keys?

The issuance of an identification key starts when a user applies to the issuer for the service to which the identification key is intended. After being verified, the new application request is accepted and the identification key is personalized and loaded with a secret key specific to the user. The issuer database is updated at the same time. The identification key is then sent by courrier to the user.

This process has many disadvantages:

• involved physical handling of the identification key by the issuer,
  
  
• inventory costs for the blank identification keys,
  
  
• courrier costs,
  
  
• annoying delays between the initial application and the final delivery to the user,
  
  
• fraud risk between the loading of the secret key and the final delivery to the user,
  
  
• long disruption of service if the identification key has to be replaced,
  
  
• little user commitment in initial security.

3. What is "SAKEM", the all-new procedure for issuance of electronic identification keys?

SAKEM stands for Secret Authentication Key Establishment Method. With the SAKEM procedure, the issuer no longer loads a secret key in the identification key. Here are the three main steps of the procedure:

1. The key loading is done by the applicant himself on his personal computer (assuming it has a connector for the identification device), or at any convenient location like a multimedia kiosk in a shopping mall.
   
   
2. During the key loading operation, the local system transmits an electronic registration request to the issuer. Strong cryptographic protection is applied at this stage.
   
   
3. Thereafter, an issuer employee or agent verifies the applicant's identity by reviewing the contents of a paper application form with a handwritten signature, or during a telephone conversation, or during a face-to-face meeting at a branch location.

The logical bond between the key loading and the verification of identity is secured with an ephemeral "pass reply" that the applicant must pronounce to the issuer employee upon request (the ephemeral pass reply is used only once for the verification of identity). The identification key is validated and operational as soon as the verification of identity is complete.

4. What are the benefits of the SAKEM procedure?

• reduced labor cost: single step registration process for the issuer,
  
  
• cost avoidance for handling, courier services, and inventory,
  
  
• increased security,
  
  
• total flexibility for the distribution channel carrying the identification keys,
  
  
• ease of integration for multiple applications on a smart card,
  
  
• simplified business model.

Click here for more details.

5. What is the simplified business model of the SAKEM procedure?

The SAKEM procedure lets every participant do what they do best:

• service organizations, e.g. financial institutions, focus on electronic processing of application requests and the single unavoidable personnal contact for the verification of identity of the applicant,
  
  
• inventory is carried by distributors and retailers,
  
  
• if non-confidential data is required on the identification key, it can be printed/embossed by any processor upon request from the user
  
  
• by being committed early in the identification key issuance process, the user becomes more security-conscious.

The cost savings of the SAKEM procedure are up-front in the relationship between a new customer and a service organisation. Actually, the issuance of identification keys to new customers is an unavoidable first step that represents no value for the customer. Worse, it usually generates no revenue for the service organisation. Less streamlined methods of identification key issuance may be prohibitive for the 80% of new customers that are deemed to generate only 20% of the revenues. But who can recognize profitable customers before they join a service agreement?

6. How does SAKEM deal with "unsolicited issuance of access devices?"

In the United States, consumer protection statutes (EFTA, Electronic Fund Transfer Act, Title IX of the Customer Credit Protection Act, and Regulation E: Electronic Fund Transfers, 12 C.F.R.) govern the issuance of access devices to consumers for electronic fund transfers. An application of the SAKEM procedure is not necessarily covered by the EFTA. Nonetheless, the stringent EFTA requirements may be taken as an example to show how SAKEM can secure the legal bond between a user as a legal entity and the electronic transactions authorized with an identification key.

There is no doubt that if an identification key loaded with a secret key is given to a consumer in the United States for electronic funds transfers, it falls under the EFTA definition of an access device. In the streamlined SAKEM procedure, the applicant does not request the access device from the issuer before he receives it. As a consequence, EFTA provisions for issuance of access device on an unsolicited basis apply (12 C.F.R. § 205.5(b)). This is due more to a lack of evidence in the issuer's records than to the actual sequence of events (in using his computer or a kiosk, the applicant actively requested the access device before he received it, 12 C.F.R. § 205.2(a)(2)(i) and § 205.5(a)(1)).

In any event, the provisions for unsolicited access devices are easily met as follows. Before the applicant's personal computer proceeds with the key loading operation, it should display to the user 1) a complete disclosure of rights and liabilities applicable to the access device if the registration and validation procedures are completed (12 C.F.R. § 205.5(b)(2)), and 2) a clear explanation that the access device is not validated and how the consumer may dispose of the access device if validation is not desired (12 C.F.R. § 205.5(b)(3)). During the conversation leading to the validation, the applicant should orally request the access device validation and the actual verification of identity should occur using a reasonable means which is comparable with a photograph, fingerprint, personal visit or signature comparison (12 C.F.R. § 205.5(b)(4)).

7. How secure is the SAKEM procedure?

This question deserves an answer at two levels. At the crude technology level, the SAKEM procedure uses a unique combination of state-of-the-art cryptographic techniques. After close examination, one could view this combination as an useless overkill, but many recent security incidents justify such bullet-proof cryptography irrespective of security risk studies.

At the administrative level, the security of the SAKEM procedure is up to the issuer preferences. Since SAKEM streamlines the procedures surrounding the issuance of identification keys, it assigns user registration authority to a single issuer employee or agent. Internal controls and audits are added by the issuer as needed. Without SAKEM, the complex issuer procedures often give a false impression of separation of duties, for instance if a security department issues loaded identification keys that are later assigned and expedited by a separate department (although there is apparent separation of duties, a single employee can still commit fraud).

8. What are the other uses of the SAKEM procedure?

The SAKEM procedure can be used to load secret keys in memory devices other than "small size device" and/or for purposes other than personal identification. For instance, during installation and configuration of personal computers in a network, it may be required to establish an identification secret key assigned to the personal computer. This type of key can be stored in the hardware register of a network adapter card, or encrypted and written to disk as a configuration file record. The SAKEM procedure can be used for encryption only applications.

For secure network management, the SAKEM procedure can be used for field initialization of network devices. Also, the SAKEM procedure is great to implement dual control over secret key management functions.

9. Is SAKEM related to public key digital signatures or RSA?

SAKEM is most useful when a central organization maintains a user identification database with secret cryptographic keys. Indeed, SAKEM provides the critical benefit of public key cryptography without its burden which became known as "public key infrastructure." It reduces the cost of using secret-key cryptography. In doing so, it makes internal use of public key techniques. Namely, there are three alternate public key cryptosystems which are offered "under the hood" of the SAKEM procedure: PEKE (Probabilistic Encryption Key Exchange), RSA, or an enhanced Diffie-Hellman protocol.

10. What is the destiny of SAKEM with the export control restrictions on cryptographic equipments?

Historically, the financial industry has been the largest user of cryptographic equipment and has been able to operate across international borders with minimal annoyance from the export control authorities. Since the SAKEM procedure adheres to the centralized security model typical of the financial industry, there is no reason to fear unexpected resistance from the export control authorities.

A portion of the Internet community argues for privacy protection technologies totally controlled by the end-users. Representatives of law enforcement agencies repeatedly complain about the technological barriers that such technologies put in their way to crime repression. Until recently, these conflicting goals have been settled by many governments by limiting the key size for "exportable" encryption equipment. Recently, the focus shifted towards key management with the introduction of "key recovery". In the newer perspective, the SAKEM adherence to the centralized security model should remain acceptable to regulatory bodies. Indeed, with the "key recovery" initiative, governments would like privacy-concerned end users to accept some form of centralized security model in exchange for a larger key size.

11. How to learn more about SAKEM?

The text of patent documents for SAKEM is available on-line.

The SAKEM procedure is most useful when strong security techniques are considered for a new application and there is a need for client authentication. There is a lot of confusion about the role and business justification for any information security terchnique. In an attempt to sort this out, CONNOTECH prepared a qualification questionaire.

CONNOTECH Experts-conseils Inc.
9130 Place de Montgolfier
Montréal, Québec, Canada, H2M 2A1
Tél.: +1-514-385-5691 Fax: +1-514-385-5900