-2

As i understand SAM modules are kind of SMART Cards which connect to the MCU via ISO 7816 protocol.

  1. Is there any other application for them except storing secure keys?
  2. Can I used usual mobile sim-cards instead of SAM module to storing keys?
  3. As i know when we store keys in the SAM module ,it is almost impossible to retrieve the keys, & SAM used a sequence of random challenge & polyphase authentication to verify the card.Then how SAM send this verification to MCU?is there direct access between SAM & Reader ? or they connected via MCU?which command used to store keys in the SAM?
  4. Is there any special standard protocol for this secure transmission? (storing key in SAM/ Authentication between CARD-SAM-MCU/ verifying process & ...)
  5. Why chip manufacturer does not equipped their MCU to this secure Element internally?
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
Mahmoud Hosseinipour
  • 293
  • 3
  • 20
  • Mahmoud, that #6 wasn't present when I answered and it really isn't a question in the first place. There is one close vote for "too broad" which is likely the reason for the downvotes as well. Expanding the already high number of questions won't do you any good. Besides that it only has limited applicability to programming itself, so it is at least bordering on off topic. Note that there is also the [security](https://security.stackexchange.com) SE site. – Maarten Bodewes Jul 02 '16 at 11:22
  • Downvoters, whats wrong with this question ?Maybe it's better clear me if I'm asking a wrong question! – Mahmoud Hosseinipour Jul 02 '16 at 11:50

1 Answers1

4

Is there any other application for them except storing secure keys?

Smart Cards contain a general purpose CPU, so anything you can think of. But performing operations on the stored keys are indeed their main purpose.

Can I used usual mobile sim-cards instead of SAM module to storing keys?

A generic (Java) card would make more sense.

As i know when we store keys in the SAM module it is almost impossible to retrieve the keys, & SAM used a sequence of random challenge & polyphase authentication to verify the card. Then how SAM send this verification to MCU? Is there direct access between SAM & Reader? Or they connected via MCU? Which command used to store keys in the SAM?

This really depends on the implementation.

Is there any special standard protocol for this secure transmission? (storing key in SAM/ Authentication between CARD-SAM-MCU/ verifying process & ...)

Not as far as I know. There are probably many "standards" that do apply, but to my knowledge there isn't a one that describes the use of SAM cards in general.

Why chip manufacturer does not equipped their MCU to this secure Element internally?

Sometimes they do.

Securing a chip is however very tricky. Basically you are storing a key in a device that you know an attacker is going to get its hands on. So you have to use address-bus scrambling, shields etc. etc. etc.

Using a standard smart card that has previously received certification and withstood penetration testing is much more cost effective.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • 1
    Thanks for your help But I don't know where i can obtain enough information about this subject yet .I designed a RFID Contactless reader & it works fine for reading / writing to Tags,Currently I want to add SAM module to this project for storing keys securely in SAM.but there are not any information about how i must connect to SAM ,store keys & authenticate PICCs.& still i don't know reason of my negatives,WBR. – Mahmoud Hosseinipour Jun 29 '16 at 10:56