As you know SAM Modules are used mainly in the electronic payment industry. Due to the low security of key storing in general storage devices or MCUs, Manufacturers used SAM modules for secure storing and transfering data between processor and the end point card reader. In some (e.g. SAM AV2 series from NXP) both connection between MCU-SAM and MCU-Reader can be secured. But the thing I can't understand is that the MCU and the SAM still must present their keys to each other for authenticating and because of this still must the key be stored in the MCU and how do they introduce themselves to each other securely? How do the SAM module and the reader secure connections? EDIT: Let me explain more:My question is about procedure of identifying between MCU-SAM & SAM_Reader,Are we need to store a key(derived key or Master one) in the MCU?if yes is it safe to storing it in general MCU's memory?if not how MCU & SAM authenticate each other without key ?is SAM's internal MCU programmable?whats procedure of authenticating between SAM-Reader & Reader-Card?
1 Answers
In the Smart Card industry, it is often used a technique called diversification: individual Smart Cards get a serial number $S$, and a device-unique secret key $K_S$ computed from a Master Key $K$, and $S$, using a (typically: non-entropy-stretching) Key Derivation Function. For example, $K_S=\operatorname{AES-ENC}(K,S)$ where the first parameter of $\operatorname{AES-ENC}$ is the key; or perhaps, $K_S=\operatorname{HMAC-SHA-256}(K,S)$. Injection of $K_S$ in Smart Cards, and injection of $K$ in SAMs, is done in secure conditions (production line of a card manufacturer).
A SAM contains $K$, thus is able to internally recompute $K_S$ of any Smart Card that it must interact with, from its (alleged) serial number $S$, which is usually freely readable from the Smart Card. The SAM and the Smart Card (if it is genuine) will thus share the secret key $K_S$, and then there are plethora of protocols to perform mutual authentication and establish a secure link.
- 149,326
- 13
- 324
- 622