Secure access module
A Secure Access Module (SAM), also known as a Secure Application Module, is a piece of cryptographic hardware typically used by smart card card readers to perform mutual key authentication.[1][2][3] SAMs can be used to manage access in a variety of contexts, such as public transport fare collection and point of sale devices.
Formats
- Removable SAM: This form factor resembles a standard Subscriber Identification Module (SIM) card. It plugs into a dedicated SAM slot within the smart card reader.
- Embedded SAM: This form factor integrates the SAM functionality directly onto the printed circuit board (PCB) of the reader system. The SAM component is typically housed within a secure enclosure soldered onto the PCB.
Components
A typical smart card reader system generally consists of the following key components:
- Microcontroller (MCU): This acts as the central processing unit (CPU) of the reader system. It manages various tasks such as protocol handling, data flow control, and data interpretation.
- Reader Integrated Circuit (Reader IC): This specialized chip facilitates communication between the SAM and the contactless smart card using radio frequency (RF) interface protocols.
Integration and functionality
By integrating a SAM into the reader system, the security functionalities are centralized and offloaded from the MCU. The SAM assumes responsibility for:[4]
- Key Management: Secure storage and management of cryptographic keys, including master keys and application keys derived from them.
- Cryptography: Performing various cryptographic operations such as encryption, decryption, and digital signing to ensure data confidentiality and integrity.
- Mutual Authentication: Facilitating a two-way authentication process between the smart card and the reader system to verify the legitimacy of both parties before allowing any communication to proceed.
- Secure Messaging: Enabling secure communication between the SAM and the host system by encrypting and authenticating data packets.[5]
SAMs can be deployed in any of the following applications:[6][2][7][8]
- Generate application keys based on master keys
- Store and secure master keys
- Perform cryptographic functions with smart cards
- Use as a secure encryption device
- Perform mutual authentication
- Generate session keys
- Perform secure messaging
References
- ^ Al-Khouri, Ali M. (2013). Critical Insights from a Practitioner Mindset. Chartridge Books Oxford. p. 243. ISBN 978-1-909287-59-4.
- ^ a b "Fare Collection Systems - Secure application modules". www.ssatp.org. Retrieved 2024-05-02.
- ^ "What is a Secure Access Module (SAM)?". community.infineon.com. 2023-12-05. Retrieved 2024-05-02.
- ^ Bragdon, Clifford (2011-08-19). Transportation Security. Butterworth-Heinemann. ISBN 978-0-08-088730-2.
- ^ "ACOS6-SAM". acs.com.hk. Retrieved 2024-05-02.
- ^ "ACOS6-SAM Secure Access Module Card". acs.com.hk. Retrieved 2024-05-02.
- ^ "Secure Access Module. Sims Direct". simsdirect. Retrieved 2024-05-02.
- ^ WO2019210427A1, Ouellet, Sylvain, "Secure access control", issued 2019-11-07