Secure access module explained

A Secure Access Module (SAM), also known as a Secure Application Module, is a piece of cryptographic hardware typically used by smart card card readers to perform mutual key authentication.^{[1] [2] [3]} SAMs can be used to manage access in a variety of contexts, such as public transport fare collection and point of sale devices.

Formats

• Removable SAM: This form factor resembles a standard Subscriber Identification Module (SIM) card. It plugs into a dedicated SAM slot within the smart card reader.
• Embedded SAM: This form factor integrates the SAM functionality directly onto the printed circuit board (PCB) of the reader system. The SAM component is typically housed within a secure enclosure soldered onto the PCB.

Components

A typical smart card reader system generally consists of the following key components:

• Microcontroller (MCU): This acts as the central processing unit (CPU) of the reader system. It manages various tasks such as protocol handling, data flow control, and data interpretation.
• Reader Integrated Circuit (Reader IC): This specialized chip facilitates communication between the SAM and the contactless smart card using radio frequency (RF) interface protocols.

Integration and functionality

By integrating a SAM into the reader system, the security functionalities are centralized and offloaded from the MCU. The SAM assumes responsibility for:^[4]

• Key Management: Secure storage and management of cryptographic keys, including master keys and application keys derived from them.
• Cryptography: Performing various cryptographic operations such as encryption, decryption, and digital signing to ensure data confidentiality and integrity.
• Mutual Authentication: Facilitating a two-way authentication process between the smart card and the reader system to verify the legitimacy of both parties before allowing any communication to proceed.
• Secure Messaging: Enabling secure communication between the SAM and the host system by encrypting and authenticating data packets.^[5]

SAMs can be deployed in any of the following applications:^{[6] [7] [8]}

• Generate application keys based on master keys

• Store and secure master keys

• Perform cryptographic functions with smart cards

• Use as a secure encryption device

• Perform mutual authentication

• Generate session keys

• Perform secure messaging

Notes and References

1. Book: Al-Khouri, Ali M. . Critical Insights from a Practitioner Mindset . 2013 . Chartridge Books Oxford . 978-1-909287-59-4 . 243 . en.
2. Web site: Fare Collection Systems - Secure application modules . 2024-05-02 . www.ssatp.org.
3. Web site: 2023-12-05 . What is a Secure Access Module (SAM)? . 2024-05-02 . community.infineon.com . en.
4. Book: Bragdon, Clifford . Transportation Security . 2011-08-19 . Butterworth-Heinemann . 978-0-08-088730-2 . en.
5. Web site: ACOS6-SAM . 2024-05-02 . acs.com.hk.
6. Web site: ACOS6-SAM Secure Access Module Card . 2024-05-02 . acs.com.hk.
7. Web site: Secure Access Module. Sims Direct . 2024-05-02 . simsdirect.
8. WO2019210427A1. Secure access control. 2019-11-07. Ouellet. Sylvain.