The ACOS6 Secure Access Module (SAM) is designed as a general cryptogram computation module or as a security authentication module for ACOS contact client cards - ACOS3, ACOS6, ACOS7 and ACOS10, and common contactless client cards - DESFire, DESFire EV1, Ultralight-C and Mifare Plus.
The ACOS6-SAM card securely stores cryptographic keys and uses these keys to compute cryptograms for other applications or smart cards. Using this, terminals need not know the master key(s) of an application, considering that the keys never leave the ACOS6-SAM.
The ACOS6-SAM card can perform:
- Mutual Authentication: To guarantee the authenticity of the terminal and the client card
- Secure Messaging: To ensure that the data transmission between the card and terminal/server is secured and not susceptible to eavesdropping, replay attack and unauthorized modification
- Purse MAC Computation: To authenticate and ensure data integrity of data and commands that are transferred into the card and vice versa
- Key Diversification: To enable diversified entry of keys without exposing the master key
- Secure Key Injection: To ensure the key injection from SAM to client cards for contactless cards with protection of Encryption and Message Authentication Code, besides, key(s) may be changed after injection