The ACOS6-SAM Secure Access Module (SAM) is designed as a general cryptogram computation module or as a security authentication module for ACOS contact client cards – ACOS3, ACOS6, ACOS7 and ACOS10, and common contactless client cards – MIFARE DESFire, DESFire EV1, Ultralight-C and Mifare Plus.
ACOS6S is a Security Access Module (SAM) specifically designed for use in mutual authentication, secure messaging and key diversification.
The SAM card securely stores cryptographic keys and uses these keys to inject keys or to compute cryptograms for other applications or smart cards. Both the master keys and diversified keys are securely stored in the card and never leave the card, enhancing the security of the system. These features ensure the ultimate security of a payment system such as e-Purse as well as Identification Systems.
The ACOS6-SAM card can perform:
- Mutual Authentication: To guarantee the authenticity of the terminal and the client card
- Secure Messaging: To ensure that the data transmission between the card and terminal/server is secured and not susceptible to eavesdropping, replay attack and unauthorized modification
- Purse MAC Computation: To authenticate and ensure data integrity of data and commands that are transferred into the card and vice versa
- Key Diversification: To enable diversified entry of keys without exposing the master key
- Secure Key Injection: To ensure the key injection from SAM to client cards for contactless cards with protection of Encryption and Message Authentication Code, besides, key(s) may be changed after injection
e-Purse Application for a Merchant
Card Issuance and Card Usage
- During the Card Issuance Stage, the ACOS6-SAM is used to store Diversified Keys when initializing client cards (ACOS3/ACOS6) for a Payment/e-Purse Application.
- The customer receives the card, and tops up the card in a kiosk (e.g. an ACR900 device). The client card (ACOS3/ACOS6) is authenticated by the terminal and vice versa. This process is called mutual authentication, and is made possible by the ACOS6-SAM card inside the terminal.
- Customer purchases items using the card and a merchant’s PIN-pad terminal.
- Mutual Authentication is once again performed and a session key is also generated as proof of the transaction. This is possible because of the ACOS6-SAM card stored in the PIN-pad terminal.
Available ACOS6 SDK
The ACOS6 Multi-Application & Purse Smart Card Software Development Kit (ACOS6-SDK) is designed for professional developers who are interested in developing applications on ACOS6 and ACOS6-SAM. It contains tools allowing one to learn the ISO7816-4’s file structure on ACOS6, as well as a personalization scripting tool, the Scripting Tool Plus, enabling one to personalize a smart card. Further, development of applications is facilitated through the unique ACS Card Tool, which allows users to send direct commands to any PC/SC-compliant smart card readers and cards. With these useful tools and a user-friendly interface, the development kit can reduce the time and cost that users invest into R&D and Marketing.