ACOS6-SAM Secure Access Module

ACOS6-SAM Secure Access Module

Call to Customize and Purchase +1.949.380.1312

  • Secure Access Module Compatibility
    • ACOS3
    • ACOS6
    • MIFARE Ultralight® C
    • MIFARE® DESFire®
    • MIFARE Plus®
  • Cryptographic Features
    • AES: 128/192/256-bits (ECB, CBC)
    • DES/3DES: 56/112/168-bits (ECB, CBC)
    • Random Number Generation: FIPS 140-2 compliant hardware based RNG


The ACOS6-SAM Secure Access Module (SAM) is designed as a general cryptogram computation module or as a security authentication module for ACOS contact client cards – ACOS3, ACOS6, ACOS7 and ACOS10, and common contactless client cards – MIFARE DESFire, DESFire EV1, Ultralight-C and Mifare Plus.

ACOS6S is a Security Access Module (SAM) specifically designed for use in mutual authentication, secure messaging and key diversification.

The SAM card securely stores cryptographic keys and uses these keys to inject keys or to compute cryptograms for other applications or smart cards. Both the master keys and diversified keys are securely stored in the card and never leave the card, enhancing the security of the system. These features ensure the ultimate security of a payment system such as e-Purse as well as Identification Systems.

The ACOS6-SAM card can perform:

  • Mutual Authentication: To guarantee the authenticity of the terminal and the client card
  • Secure Messaging: To ensure that the data transmission between the card and terminal/server is secured and not susceptible to eavesdropping, replay attack and unauthorized modification
  • Purse MAC Computation: To authenticate and ensure data integrity of data and commands that are transferred into the card and vice versa
  • Key Diversification: To enable diversified entry of keys without exposing the master key
  • Secure Key Injection: To ensure the key injection from SAM to client cards for contactless cards with protection of Encryption and Message Authentication Code, besides, key(s) may be changed after injection

e-Purse Application for a Merchant

Card Issuance and Card Usage

  1. During the Card Issuance Stage, the ACOS6-SAM is used to store Diversified Keys when initializing client cards (ACOS3/ACOS6) for a Payment/e-Purse Application.
  2. The customer receives the card, and tops up the card in a kiosk (e.g. an ACR900 device). The client card (ACOS3/ACOS6) is authenticated by the terminal and vice versa. This process is called mutual authentication, and is made possible by the ACOS6-SAM card inside the terminal.
  3. Customer purchases items using the card and a merchant’s PIN-pad terminal.
  4. Mutual Authentication is once again performed and a session key is also generated as proof of the transaction. This is possible because of the ACOS6-SAM card stored in the PIN-pad terminal.

Available ACOS6 SDK

The ACOS6 Multi-Application & Purse Smart Card Software Development Kit (ACOS6-SDK) is designed for professional developers who are interested in developing applications on ACOS6 and ACOS6-SAM. It contains tools allowing one to learn the ISO7816-4’s file structure on ACOS6, as well as a personalization scripting tool, the Scripting Tool Plus, enabling one to personalize a smart card. Further, development of applications is facilitated through the unique ACS Card Tool, which allows users to send direct commands to any PC/SC-compliant smart card readers and cards. With these useful tools and a user-friendly interface, the development kit can reduce the time and cost that users invest into R&D and Marketing.


ACOS6-SAM Features

  • Full 64KB of EEPROM memory for application data
  • Supports high-speed transmission rate from 9.6 to 223.2 kbps
  • Protocol T=0
  • Compliance with ISO 7816 Parts 1, 2, 3, and 4:
    • Transparent
    • Linear fixed
    • Linear variable
    • Cyclic
  • Strong Cryptographic Capabilities: DES/3DES/Secure Messaging with MAC
  • Has multiple secure e-Purse available for payment applications
  • Supports multi-level secured access hierarchy
  • Anti-tearing done on file headers and PIN commands
  • Initialize client card (e.g., ACOS3/ ACOS6) with diversified keys based on the card’s serial number
  • 100,000 write/erase cycles

Cryptographic Capabilities

  • AES: 128/192/256-bits (ECB, CBC)
  • DES/3DES: 56/112/168-bits (ECB, CBC)
  • Random Number Generation: FIPS 140-2 compliant hardware based RNG

File Security

  • Session key based on random numbers
  • Key pair for mutual authentication
  • Secure Messaging function for confidential and authenticated data transfers (e.g., ACOS3/ACOS6)
  • Stores and performs all key operations for mutual authentication, encrypted PIN submission, secure messaging, and e-Purse commands
  • Multilevel secured access hierarchy
  • Anti-tearing capability

Certifications / Compliance

  • ISO 7816 – 1/2/3 (T=0 Only)
  • CC EAL5+ (chip level)


Secure Access Module Compatibility



Support & Downloads





ACOS6-SAM Secure Access Module

  • 64 KB
  • EEPROM Endurance: 100,000 erase/write cycles
  • Data Retention: 10 years
Communication Protocol
  • T=0 in direct convention.
  • High baud rate switchable from 9600 to 223,200 bps
  • Operating Voltage: 5 VDC +/-10% (Class A) and 3 VDC +/-10% (Class B)
  • Maximum Supply Current: < 10 mA
  • ESD Protection: ≤ 4 KV
  • DES, 2K3DES, 3K3DES (ECB, CBC)
  • AES: 128/192 bits (ECB, CBC)
  • MAC
Random Number Generation FIPS 140-2 compliant RNG
File Security
  • PIN code
  • Key pair for mutual authentication
  • Session key based on random numbers
  • Secure Messaging function for confidential and authenticated data transfers
  • Support for highly secured e-Purse for payment applications
  • ISO 7816 Parts 1, 2 and 3
  • CC EAL5+ (chip level)
  • Operating Temperature: -25 °C to 85 °C
  • Storage Temperature: -40 °C to 100 °C
Card Life Cycle States
  • Pre-Personalization State
  • Personalization State
  • User State
Client Supported Cards
Dimensions SIM Size PC/SC: 25.00 x 15.00 x 0.76mm (0.984 × 0.591 × 0.591in)
Manufacturer Advanced Card Systems (ACS)
Part Numbers ACOS6S-B, ACOS6S-C, ACOS6-SAM
Warranty 1 Year Limited Warranty

You may also like…