CONNOTECH Experts-conseils Inc.

Operational Aspects of the SAKEM Procedure

Say "Open, Sesame" to Electronic Identification!

Table of Contents

    Outline / Strategy / Security / Cryptography / Programming

Introduction

"SAKEM" stands for "Secret Authentication Key Establishment Method." It is useful for the issuance of electronic identification devices. This hypertext document gives simple language explanations about what happens in this procedure.

According to the present invention, there is an issuer, that is a service organization that registers applicants.

    Outline / Strategy / Security / Cryptography / Programming

Definitions and context

Issuer

The issuer is the organization that issues secret keys for identification purposes.

For the issuer, it is reasonable and economically justified to maintain a computerized database of its customers, account holders, clients or subscribers, where this database contains sensitive information, and to train personnel, or issuer agents, to provide customer services with a relevant degree of integrity and loyalty.

    Outline / Strategy / Security / Cryptography / Programming

Applicant

The applicant is the new customer, client, subscriber, or member to whom a secret key will be issued.

The applicants have access to electronic apparatuses through which they conduct their ordinary activities. This electronic apparatus used for ordinary activities is also used in the SAKEM procedure for the initial registration of the applicant.

    Outline / Strategy / Security / Cryptography / Programming

Identification token

An identification token is a portable memory device, e.g. a smart card, that may be used to store the secret key issued to the applicant.

In many cases, a connector or receptacle of some sort is needed for the electronic contact between the identification token and a personal computer. There is an increasing awareness of the need for this type of connector for to secure the information world. Very soon, affordable personal computer keyboards will be equipped with a smartcard reader slot. Also, USB (Universal Serial Bus) peripherals will provide interfaces for all sorts of identification tokens. The prototypes for "Network Computers" were all shown with smartcard slots.

    Outline / Strategy / Security / Cryptography / Programming

Reduced cost of highly secure electronic transactions

SAKEM advances the affordability of highly secure electronic transactions.

For to reach the highest security stardards in electronic transactions, special electronic identification devices are needed. The cellular telephony industry experienced massive revenue losses due to high-tech frauds, and is now introducing the "Subscriber Identity Modules" (SIM) as a countermeasure.

SAKEM reduces the cost of issuing electronic identification devices, or tokens, and at the same time maintains the highest standards of security.

    Outline / Strategy / Security / Cryptography / Programming

Call centers

Doing business over the telephone is a general trend in service industries.

With the SAKEM procedure, the task of verifying the identity of an applicant may be assigned to a call center agent. For the issuer, this task is the single labor-intensive activity in the SAKEM procedure.

    Outline / Strategy / Security / Cryptography / Programming

Broad distribution of low cost software and electronic devices

SAKEM fits well in the ever-decreasing up-front price charged for software, computers, and other electronic equipment.

Usually, an identification token has to be prepared upon request by every applicant. Sometimes, the software is bundled with the token. With the SAKEM procedure, these items are distributed before any personalization operation is applied to them. This streamlines the way of doing business for the issuer.

    Outline / Strategy / Security / Cryptography / Programming

Preparation steps by the issuer

The issuer gets a private/public key pair for a public key cryptosystem.

This preparation step is critical for the security of the SAKEM procedure. Thus it is usually done by the information security experts of the issuer, using a special-purpose computer utility. The critical result of this step is some very private key kept in the most secluded memory of the issuer data processing center. This is done once, and normally repeated only when a major new release of software occurs.

    Outline / Strategy / Security / Cryptography / Programming

The issuer prepares an applicant registration software.

The applicant needs access to application software functions in order to first submit his registration request, and then do the routine electronic transactions according to the type of service (sometimes the routine "transactions" are embedded in an electronic device as in the examples of mobile telephone or an electronic door lock). The SAKEM procedure requires the issuer to prepare the applicant registration software, or at the very least to prepare a configuration file for an applicant registration software provided by a third party. During this preparation step, security precautions are usually required for to prevent fraud attempts based on bogus software.

    Outline / Strategy / Security / Cryptography / Programming

The issuer releases the applicant registration software.

Once readied, the application software may be distributed using any channel of distribution.

    Outline / Strategy / Security / Cryptography / Programming

Preparation steps by the applicant

The applicant obtains the applicant registration software.

When the applicant installs the software, there is no particular security issue that he should care about. The usual awareness of the potential virus infection from unreliable software sources is sufficient.

    Outline / Strategy / Security / Cryptography / Programming

The applicant obtains a blank identification token.

There are many options for the type of identification token, and for how an identification token reaches the applicant when needed. The SAKEM procedure creates no specific requirement to print or emboss the applicant name on an identification token.

    Outline / Strategy / Security / Cryptography / Programming

Computerized portion of the SAKEM procedure

The applicant starts the registration software.

Whenever there is a need to join a service agreement, the applicant initiates the SAKEM procedure by starting the registration software function. Relevant instructions may be given to the applicant by the software in help screens. At this point, the applicant should be in possession of the identification token to be loaded with a secret key.

    Outline / Strategy / Security / Cryptography / Programming

The applicant chooses and types a pass query and a pass reply.

The identification token is securely bound to the applicant with the help of a secret "pass query" and secret "pass reply" that the applicant chooses. The applicant types the pass query and reply on data entry fields of the registration program and must remember them until the conversational portion of the SAKEM procedure is completed.

The pass query and pass reply are used only once. The applicant should choose unique and unrelated secret phrases for these two inputs. He should be given clear instructions to reveal the pass reply only to an issuer agent who just pronounced the pass query.

    Outline / Strategy / Security / Cryptography / Programming

The secret key is loaded in the identification token.

The applicant must insert the identification token into the slot, connector, or receptacle through which the registration software will load the generated secret key into the token.

    Outline / Strategy / Security / Cryptography / Programming

The registration programs sends a registration request message to the issuer data processing center.

The complete applicant registration is automatically encrypted using high security cryptographic techniques. It is then sent to the issuer data processing center using any available data transmission means.

    Outline / Strategy / Security / Cryptography / Programming

The issuer data processing center receives the request, processes it and files the application request in the issuer database.

Once the issuer data processing center receives a registration, it may process it immediately. The first step is the automated decryption of the encrypted data, an operation that requires the private component of the issuer private/public key pair. In plain language, it means that the registration processing must be done by a secure computer.

As the end-result of the automated processing, the registration request is filed in the issuer's database. Its status is set to indicate "identity verification outstanding". From then on, an issuer agent may take part in the conversational portion of the SAKEM procedure.

    Outline / Strategy / Security / Cryptography / Programming

Conversational portion of the SAKEM procedure

A voice contact is established between applicant and issuer agent.

This communication should be two-way simultaneous like a telephone conversation or a personal visit to a branch of the issuer. It doesn't really matter who initiates the call (either the applicant or an issuer agent). The pass query mechanism is there to reassure the applicant that someone who calls is actually an authorized issuer agent.

    Outline / Strategy / Security / Cryptography / Programming

The applicant and the issuer agent mutually verify the knowledge of pass query/reply by the other person in the conversation.

The issuer agent explains the purpose of the conversation, and then he tells the pass query to the applicant. The applicant so recognizes the person he is speaking with as an agent authorized to verify his identity. Then, the applicant should reply with the pass reply. The issuer agent so recognizes the person he is speaking with as whoever has filled the applicant registration request. The pass query and pass reply are not intended for further use after this mutual verification.

    Outline / Strategy / Security / Cryptography / Programming

The issuer agent verifies the identity of the applicant.

Using any applicant information available to the issuer, the issuer agent verifies the identity of the person he is speaking with. He may ask specific questions like "for how long have you been a client of us?" The agent should notice any unusual hesitation or imprecision in the answers given by the person he is speaking with. He should be ready to reject the registration if something seems suspect.

    Outline / Strategy / Security / Cryptography / Programming

The issuer agent flags the registration as being validated in the issuer database.

If the issuer agent is satisfied with the verification of identity, he flags the registration as "validated" in the issuer's database. This completes the SAKEM procedure, and the secret key stored in the issuer's database is ready to secure routine electronic transactions.

    Outline / Strategy / Security / Cryptography / Programming

[ CONNOTECH home page: http://www.connotech.com/ | SAKEM web page: http://www.connotech.com/sakem.htm | about us | web editorial policy | e-mail to: info@connotech.com ]

CONNOTECH Experts-conseils Inc.
9130 Place de Montgolfier
Montréal, Québec, Canada, H2M 2A1
Tél.: +1-514-385-5691 Fax: +1-514-385-5900