CONNOTECH Experts-conseils Inc.

Outline of the SAKEM Procedure

Say "Open, Sesame" to Electronic Identification!

by Thierry Moreau

May 1997

© 1997 CONNOTECH Experts-conseils Inc.

Table of Contents

Introduction
Definitions and context
Preparation steps by the issuer
Preparation steps by the applicant
Computerized portion of the SAKEM procedure
Conversational portion of the SAKEM procedure
    Operational / Strategy / Security / Cryptography / Programming

Introduction

"SAKEM" stands for "Secret Authentication Key Establishment Method." It is useful for the issuance of electronic identification devices. This hypertext document gives a succint outline of the SAKEM procedure and pointers to five other documents addressing different reader's needs:

Operational Aspects of the SAKEM Procedure.
Gives simple language explanations about what happens in this procedure.
Project Strategy Options for the SAKEM Procedure.
For those who have a specific electronic identification application in mind. The SAKEM procedure can be used in a myriad of different application areas, and this document focuses on project strategy options and flexibility of the procedure.
Information Security Principles of the SAKEM Procedure.
Covers important security aspects of the SAKEM procedure, namely those that require management attention.
Cryptographic Processing in the SAKEM Procedure
This is a very specialized document for the cryptography expert. It assumes that the reader is familiar with public key cryptography.
Programming Issues in the SAKEM Procedure
This is the programmer's perspective on the SAKEM procedure.

In each section, including this introductory paragraph, there is a very short summary and up to five pointer to more information from these five perspectives: 

    Operational / Strategy / Security / Cryptography / Programming

Definitions and context

Issuer

The issuer is the organization that issues secret keys for identification purposes. 
    Operational / Strategy / Security / Cryptography / Programming
Applicant

The applicant is the new customer, client, subscriber, or member to whom a secret key will be issued. 
    Operational / Strategy / Security / Cryptography / Programming
Identification token

An identification token is a portable memory device, e.g. a smart card, that may be used to store the secret key issued to the applicant. 
    Operational / Strategy / Security / Cryptography / Programming
Reduced cost of highly secure electronic transactions

SAKEM advances the affordability of highly secure electronic transactions. 
    Operational / Strategy / Security / Cryptography / Programming
Call centers

Doing business over the telephone is a general trend in service industries. 
    Operational / Strategy / Security / Cryptography / Programming
Broad distribution of low cost software and electronic devices

SAKEM fits well in the ever-decreasing up-front price charged for software, computers, and other electronic equipment. 
    Operational / Strategy / Security / Cryptography / Programming

Preparation steps by the issuer

The issuer gets a private/public key pair for a public key cryptosystem 

    Operational / Strategy / Security / Cryptography / Programming

The issuer prepares an applicant registration software. 

    Operational / Strategy / Security / Cryptography / Programming

The issuer releases the applicant registration software. 

    Operational / Strategy / Security / Cryptography / Programming

Preparation steps by the applicant

The applicant obtains the applicant registration software. 

    Operational / Strategy / Security / Cryptography / Programming

The applicant obtains a blank identification token. 

    Operational / Strategy / Security / Cryptography / Programming

Computerized portion of the SAKEM procedure

The applicant starts the registration software. 

    Operational / Strategy / Security / Cryptography / Programming

The applicant chooses and types a pass query and a pass reply. 

    Operational / Strategy / Security / Cryptography / Programming

The secret key is loaded in the identification token. 

    Operational / Strategy / Security / Cryptography / Programming

The registration programs sends a registration request message to the issuer data processing center. 

    Operational / Strategy / Security / Cryptography / Programming

The issuer data processing center receives the request, processes it and files the application request in the issuer database. 

    Operational / Strategy / Security / Cryptography / Programming

Conversational portion of the SAKEM procedure

A voice contact is established between applicant and issuer agent. 

    Operational / Strategy / Security / Cryptography / Programming

The applicant and the issuer agent mutually verify the knowledge of pass query/reply by the other person in the conversation. 

    Operational / Strategy / Security / Cryptography / Programming

The issuer agent verifies the identity of the applicant. 

    Operational / Strategy / Security / Cryptography / Programming

The issuer agent flags the registration as being validated in the issuer database. 

    Operational / Strategy / Security / Cryptography / Programming

[ CONNOTECH home page: http://www.connotech.com/ | SAKEM web page: http://www.connotech.com/sakem.htmabout usweb editorial policy | e-mail to: info@connotech.com ]

CONNOTECH Experts-conseils Inc.
9130 Place de Montgolfier
Montréal, Québec, Canada, H2M 2A1
Tél.: +1-514-385-5691 Fax: +1-514-385-5900