-3

I'm working on the AFC (automatic fare collection) system which required a SAM( secure access module) for key management.system works fine with local key management in MCU and I don't have any experience in using SAM.SAM required to install beside MCU as main reader controller & contactless card reader chip(PCD).

  1. Is used protocol based on the smart card ISO7816?Am i true?
  2. As i know SAMs are part of SMART cards family,are a SAM javacard or there are javacard SAM and non javacard SAM?
  3. is there upper level standard used for communicating with SAMs(based on iso7816 ) or each manufacturer use its own protocol?
  4. whats different between SAM and usual GSM SIM-CARD? and can i use a GSM-SIMCARD instead of SAM?
  5. is there any standard use case for process of key management in smart cards ? wbr
Mahmoud Hosseinipour
  • 293
  • 3
  • 20
  • 1
    You asked a similar question [here](http://stackoverflow.com/questions/38075062/using-sam-modules-for-storing-secure-keys). I indicated problems with your questions there as well. You seem to be very reluctant to learn to be honest. – Maarten Bodewes Jul 19 '16 at 17:27

1 Answers1

3

A SAM may be a smart card or another chip like a trusted platform module. A TPM is addressed using an API, see here.

SAMs are seldom required, so there are no domain independent standards how to address these.

If a smart card is used, then 7816 is obviously the way to go. A native smart card is also perfectly possible as SAM, especially if Perform Security Operation command of ISO 7816-8 is supported.

A typical SAM command is "encrypt these data with your (say AES) key number 1". A typical SIM card will have no command for it.

You have to collect the use cases you are interested in by yourself. Some ideas:

  • encrypt these data
  • decrypt this cryptogram
  • compute or verify this message authentication ocde
  • derive session key
  • replace key data of existing key
guidot
  • 5,095
  • 2
  • 25
  • 37
  • Does TMPs use ISO7816 too?about sim cards i saw a lot of banking application which seems use simcard for storing their secure keys,and also i read many articles in fintech field which consider sim cards as most secure elements in cell-phones and using them for security payment transactions,then i think there is a way for using & managing security operation by sim cards,am i true?about use case almost all of mentioned parameters are done but without SAM and in SW.3-i know it is possible to using a smart card for security key management,storing but then whats specific benefits of sam vs others ? – Mahmoud Hosseinipour Jul 19 '16 at 04:04
  • @MHD I added the TPM link, but you should work towards asking one specific question per topic and an occasional upvote on any answer also can do no harm. – guidot Jul 19 '16 at 06:52
  • really thanks for your great help,unfortunately i cant vote you up because of lacking in my points.I have to ask my questions in one topic too,because always i loose my points because of down voting to my topics about SAM modules and smart card fields(And really i don't know why???) , then i earn down vote only in one topic instead of some down voted topics. – Mahmoud Hosseinipour Jul 19 '16 at 08:24