Secure access module

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

A Secure Access Module (SAM), also known as a Secure Application Module, is a piece of cryptographic hardware typically used by smart card card readers to perform mutual key authentication.^[1]^[2]^[3] SAMs can be used to manage access in a variety of contexts, such as public transport fare collection and point of sale devices.

Formats

Removable SAM: This form factor resembles a standard Subscriber Identification Module (SIM) card. It plugs into a dedicated SAM slot within the smart card reader.

Embedded SAM: This form factor integrates the SAM functionality directly onto the printed circuit board (PCB) of the reader system. The SAM component is typically housed within a secure enclosure soldered onto the PCB.

Components

A typical smart card reader system generally consists of the following key components:

Microcontroller (MCU): This acts as the central processing unit (CPU) of the reader system. It manages various tasks such as protocol handling, data flow control, and data interpretation.
Reader Integrated Circuit (Reader IC): This specialized chip facilitates communication between the SAM and the contactless smart card using radio frequency (RF) interface protocols.

Integration and functionality

By integrating a SAM into the reader system, the security functionalities are centralized and offloaded from the MCU. The SAM assumes responsibility for:^[4]

Key Management: Secure storage and management of cryptographic keys, including master keys and application keys derived from them.
Cryptography: Performing various cryptographic operations such as encryption, decryption, and digital signing to ensure data confidentiality and integrity.
Mutual Authentication: Facilitating a two-way authentication process between the smart card and the reader system to verify the legitimacy of both parties before allowing any communication to proceed.

Secure Messaging: Enabling secure communication between the SAM and the host system by encrypting and authenticating data packets.^[5]

SAMs can be deployed in any of the following applications:^[6]^[2]^[7]^[8]

Generate application keys based on master keys
Store and secure master keys
Perform cryptographic functions with smart cards
Use as a secure encryption device
Perform mutual authentication
Generate session keys
Perform secure messaging

References

^ Al-Khouri, Ali M. (2013). Critical Insights from a Practitioner Mindset. Chartridge Books Oxford. p. 243. ISBN 978-1-909287-59-4.
^ ^a ^b "Fare Collection Systems - Secure application modules". www.ssatp.org. Retrieved 2024-05-02.
^ "What is a Secure Access Module (SAM)?". community.infineon.com. 2023-12-05. Retrieved 2024-05-02.
^ Bragdon, Clifford (2011-08-19). Transportation Security. Butterworth-Heinemann. ISBN 978-0-08-088730-2.
^ "ACOS6-SAM". acs.com.hk. Retrieved 2024-05-02.
^ "ACOS6-SAM Secure Access Module Card". acs.com.hk. Retrieved 2024-05-02.
^ "Secure Access Module. Sims Direct". simsdirect. Retrieved 2024-05-02.
^ WO2019210427A1, Ouellet, Sylvain, "Secure access control", issued 2019-11-07

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

[1] Al-Khouri, Ali M. (2013). Critical Insights from a Practitioner Mindset. Chartridge Books Oxford. p. 243. ISBN 978-1-909287-59-4.

[:0-2] "Fare Collection Systems - Secure application modules". www.ssatp.org. Retrieved 2024-05-02.

[3] "What is a Secure Access Module (SAM)?". community.infineon.com. 2023-12-05. Retrieved 2024-05-02.

[4] Bragdon, Clifford (2011-08-19). Transportation Security. Butterworth-Heinemann. ISBN 978-0-08-088730-2.

[5] "ACOS6-SAM". acs.com.hk. Retrieved 2024-05-02.

[6] "ACOS6-SAM Secure Access Module Card". acs.com.hk. Retrieved 2024-05-02.

[7] "Secure Access Module. Sims Direct". simsdirect. Retrieved 2024-05-02.

[8] WO2019210427A1, Ouellet, Sylvain, "Secure access control", issued 2019-11-07

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]