Overview

The ACOS6 Secure Access Module (SAM) is designed as a general cryptogram computation module or as a security authentication module for ACOS contact client cards – ACOS3, ACOS6, ACOS7 and ACOS10, and common contactless client cards – DESFire, DESFire EV1, Ultralight-C and Mifare Plus.

The ACOS6-SAM card securely stores cryptographic keys and uses these keys to compute cryptograms for other applications or smart cards. Using this, terminals need not know the master key(s) of an application, considering that the keys never leave the ACOS6-SAM.

The ACOS6-SAM card can perform:

  • Mutual Authentication: To guarantee the authenticity of the terminal and the client card
  • Secure Messaging: To ensure that the data transmission between the card and terminal/server is secured and not susceptible to eavesdropping, replay attack and unauthorized modification
  • Purse MAC Computation: To authenticate and ensure data integrity of data and commands that are transferred into the card and vice versa
  • Key Diversification: To enable diversified entry of keys without exposing the master key
  • Secure Key Injection: To ensure the key injection from SAM to client cards for contactless cards with protection of Encryption and Message Authentication Code, besides, key(s) may be changed after injection

Features

  • Full 64KB of EEPROM memory for application data
  • Compliance with ISO 7816 Parts 1, 2, 3, and 4
    • Supports high-speed transmission rate from 9.6 to 223.2 kbps
    • Supports ISO 7816 Part 4 File Structures: Transparent, Linear Fixed, Linear Variable, Cyclic
  • Supports DES/3DES/3K3DES
  • Supports AES128/AES-192
  • Supports hardware-based random number generator compliant to FIPS140-2
  • Supports Mutual Authentication and Session Key generation
  • Supports Secure Messaging function ensuring data transfers are confidential and authenticated
  • Supports Access Module pairs with ACOS3, ACOS6, ACOS7, ACOS10, Mifare Ultralight C, DESFire, DESFire EV1, and Mifare Plus cards
  • Stores and performs all key operations for mutual authentication, encrypted PIN submission, secure messaging, and e-Purse commands
  • Supports multi-level secured access hierarchy
  • Supports Anti-tearing function