ACOS6-SAM - Ideal Solution for Security Enhancement
The ACOS6 Secure Access Module (SAM) is designed as a general cryptogram computation module or as a security authentication module for ACOS contact client cards - ACOS3, ACOS6, ACOS7 and ACOS10, and common contactless client cards - DESFire, DESFire EV1, Ultralight-C and Mifare Plus.
The ACOS6-SAM card securely stores cryptographic keys and uses these keys to compute cryptograms for other applications or smart cards. Using this, terminals need not know the master key(s) of an application, whereas the keys never leave the ACOS6-SAM.
The ACOS6-SAM card can perform:
- Mutual Authentication to guarantee the authenticity of the terminal and the client card
- Secure Messaging to ensure data transmission between the card and terminal/server is secured and not susceptible to eavesdropping, replay attack and unauthorized modification
- Purse MAC Computation to authenticate and ensure data integrity of data and commands that are transferred into the card and vice versa
- Key Diversification to enable diversified entry of keys without exposing the master key
- Secure Key Injection to ensure the key injection from SAM to client cards for contactless cards with protection of Encryption and Message Authentication Code, besides, key(s) is allowed to be change after injection
One application of how the ACOS6-SAM enhances system security can be seen in e-health transactions, as when a doctor or a patient inserts his or her ACOS smart card into the card reader, which prompts the ACOS6-SAM to use the proprietary information it contains to verify the validity of the card.
- Compliance with ISO 7816 Parts 1, 2, 3, 4
- High baud rate switchable from 9600 to 223,200 bps
- Full 32 KB of EEPROM for application data
- Supports ISO 7816 Part 4 file structures: Transparent, Linear fixed, Linear Variable, Cyclic
- DES/Triple DES capability
- AES-128 support
- Hardware based random number generator compliant to FIPS140-2
- Mutual authentication with session key generation
- Secure Messaging ensures data transfers are confidential and authenticated
- Secure Access Module pairs with ACOS3, ACOS6, ACOS7, ACOS10 and Mifare Ultralight C, DESFire, DESFire EV1, Mifare Plus cards
- Stores and performs all key operations for mutual authentication, encrypted PIN submission, secure messaging, and e-Purse commands
- Multilevel secured access hierarchy
- Anti-tearing capability