Secure Access Module (SAM) made simple
What is a SAM?
SAMs are a form of smart chip which are widely used in electronic transaction (e-transaction) systems to store cryptographic functions and keys. As an example, SAM form part of the readers used in city transport networks which allow users to access the system using a smart token rather than purchasing paper tickets. The requirements of the market have changed. Sectors such as transportation and identity now need to constantly update the keys stored on the chip, use the latest cryptographic algorithms and accept tokens from other e-transaction systems.
What is GlobalPlatform’s involvement in this area?
SAM’s that are developed based on GlobalPlatform’s Card Specification v2.2.1 can be updated over-the-air (OTA) or over-the-network (OTN). This enables issuers to update GlobalPlatform compliant SAMs with new keys and cryptographic functions remotely; saving time and money compared to native SAMs that need to be physically replaced.
Long-term, this capability will facilitate the stability and scalability of the solution as it will be able to efficiently respond to future technical and business requirements. For example, transit operator A has had a smart chip ticketing system implemented for 12 months. Transit operator B has just moved away from paper-based tickets and has deployed its new smart chip system. Offering users access to both transit networks by using a standardised and interoperable secure chip system will be commercially beneficial to both operators as well as convenient to customers. If transit operator A has based its SAMs on GlobalPlatform Specifications, it will be able to update them remotely and efficiently, granting access to transit operator B’s customers. This scenario can be extended, for example, for operator B to also accept chip cards from a different e-transaction system such as a privative e-purse.
What resources are available?
In November 2011, GlobalPlatform released a white paper – ‘The GlobalPlatform Value Proposition for Remote Post-Issuance Secure Access Modules (SAM) Management’ – which details how post-issuance OTA and OTN management of SAMs can be achieved in a standardized and interoperable manner. The paper demonstrates how this will eliminate the need to issue new SAMs when deploying an update.
GlobalPlatform recognizes that the paper is crucial reading, for any providers of e-transaction systems, given the fast pace at which contactless services are rolling out and are advancing across a host of different platforms and sectors.
What are the next steps?
The release of the GlobalPlatform white paper was to educate the SAM industry on the capabilities offered by the GlobalPlatform Specifications. The document provides guidance and explores the value that can be achieved by the SAM community of using a standardized remote management infrastructure.
Parties interested in this area of work should download, and monitor for, the latest updates to the GlobalPlatform’s Card Specification v2.2.1. For any specific enquiries, contact: firstname.lastname@example.org.