Engineering:Secure access module

From HandWiki
A secure access module
A secure access module

A Secure Access Module (SAM), also known as a Secure Application Module, is a piece of cryptographic hardware typically used by smart card card readers to perform mutual key authentication.[1][2][3] SAMs can be used to manage access in a variety of contexts, such as public transport fare collection and point of sale devices.

Formats

  • Removable SAM: This form factor resembles a standard Subscriber Identification Module (SIM) card. It plugs into a dedicated SAM slot within the smart card reader.
  • Embedded SAM: This form factor integrates the SAM functionality directly onto the printed circuit board (PCB) of the reader system. The SAM component is typically housed within a secure enclosure soldered onto the PCB.

Components

A typical smart card reader system generally consists of the following key components:

  • Microcontroller (MCU): This acts as the central processing unit (CPU) of the reader system. It manages various tasks such as protocol handling, data flow control, and data interpretation.
  • Reader Integrated Circuit (Reader IC): This specialized chip facilitates communication between the SAM and the contactless smart card using radio frequency (RF) interface protocols.

Integration and functionality

By integrating a SAM into the reader system, the security functionalities are centralized and offloaded from the MCU. The SAM assumes responsibility for:[4]

  • Key Management: Secure storage and management of cryptographic keys, including master keys and application keys derived from them.
  • Cryptography: Performing various cryptographic operations such as encryption, decryption, and digital signing to ensure data confidentiality and integrity.
  • Mutual Authentication: Facilitating a two-way authentication process between the smart card and the reader system to verify the legitimacy of both parties before allowing any communication to proceed.
  • Secure Messaging: Enabling secure communication between the SAM and the host system by encrypting and authenticating data packets.[5]
SAM in a HVQFN housing

SAMs can be deployed in any of the following applications:[6][2][7][8]

  • Generate application keys based on master keys
  • Store and secure master keys
  • Perform cryptographic functions with smart cards
  • Use as a secure encryption device
  • Perform mutual authentication
  • Generate session keys
  • Perform secure messaging

References

  1. Al-Khouri, Ali M. (2013) (in en). Critical Insights from a Practitioner Mindset. Chartridge Books Oxford. pp. 243. ISBN 978-1-909287-59-4. https://books.google.com/books?id=MgIvy_GJwPoC. 
  2. 2.0 2.1 "Fare Collection Systems - Secure application modules". https://www.ssatp.org/sites/ssatp/files/publications/Toolkits/Fares%20Toolkit%20content/fare-collection-technologies/smart-card-transactions/secure-application-modules.html. 
  3. "What is a Secure Access Module (SAM)?" (in en). 2023-12-05. https://community.infineon.com/t5/Blogs/What-is-a-Secure-Access-Module-SAM/ba-p/653148. 
  4. Bragdon, Clifford (2011-08-19) (in en). Transportation Security. Butterworth-Heinemann. ISBN 978-0-08-088730-2. https://books.google.com/books?id=BagR-hUNmuoC&dq=Secure+Access+Module+%28SAM%29&pg=PA372. 
  5. "ACOS6-SAM". https://www.acs.com.hk/en/products/481/acos6-sam-secure-access-module-card/. 
  6. "ACOS6-SAM Secure Access Module Card". https://www.acs.com.hk/en/products/20/acos6-sam-secure-access-module-card/. 
  7. "Secure Access Module. Sims Direct". https://simsdirect.com.au/collections/europe. 
  8. , Sylvain"Secure access control" patent WO2019210427A1, issued 2019-11-07




Retrieved from "https://handwiki.org/wiki/index.php?title=Engineering:Secure_access_module&oldid=3912910"