Understanding AGSES

To get the basic idea of AGSES, imagine the following situation:
There are two people (person A and person B), geographically separated from each other. Each of them has a key able to unlock a box which cannot be opened by anybody else. Person A thinks up a code (e.g. N8ZG95), writes it on a piece of paper, puts it into the box and locks the box with their key. The box is forwarded to person B (no matter by which means). Person B opens the box with his key and reads the code – as a consequence, person A and person B know the code . If person B now calls person A and tells them the code (N8ZG95), person A knows for sure that the person on the other end of the line definitely is person B. It is utterly insignificant whether the call has been encrypted or not in order for person A to clearly identify his/her conversational partner as person B.

  • The AGSES server generates a secret that is intended for and can only be decrypted and displayed by one particular AGSES Card.
  • The owner of the AGSES Card requests the transmission of the secret by entering their card’s unique card number.
  • The AGSES server receives the request and generates a secret for the card with that specific card number.
  • The secret’s basic information is sent to the AGSES Card in an encrypted form (via flickering message) and only the intended recipient card can decrypt and display the secret.
  • Thus only two systems know of the secret: The AGSES Server and one specific AGSES Card.
  • This secret is visible only to the card owner , who can trigger the display of the secret by identifiying themselves to the card using their fingerprints.
  • The card user that the secret is displayed to sends the information (also called “response code”) back to the AGSES server.
  • The AGSES server checks whether the returned information corresponds with the secret known to it or not – if it does, the server positively identifies the sender of the message as the particular AGSES Card’s owner and therefore grants access.
  • For the next access request, a new secret will be prompted and generated.