使用SAM模块存储安全密钥 [英] Using SAM modules for storing secure keys

问题描述

据我了解，SAM模块是一种SMART卡，它们通过ISO 7816协议连接到MCU.

As i understand SAM modules are kind of SMART Cards which connect to the MCU via ISO 7816 protocol.

1. 除了安全存储之外，还有其他应用程序吗? 钥匙?
2. 我可以使用普通的移动SIM卡代替SAM模块进行存储吗? 钥匙?
3. 据我所知，当我们将密钥存储在SAM模块中时，几乎 无法检索密钥，& SAM使用了随机序列 挑战与多相身份验证以验证卡.然后如何进行SAM 将此验证发送给MCU吗?SAM&之间是否可以直接访问? 读者?还是通过MCU连接?用于存储密钥的命令 在SAM中?
4. 此安全性是否有任何特殊的标准协议 传播? (SAM/验证之间的存储密钥 CARD-SAM-MCU/验证流程...)
5. 为什么芯片制造商未为此安全配备其MCU 内部元素?

1. Is there any other application for them except storing secure keys?
2. Can I used usual mobile sim-cards instead of SAM module to storing keys?
3. As i know when we store keys in the SAM module ,it is almost impossible to retrieve the keys, & SAM used a sequence of random challenge & polyphase authentication to verify the card.Then how SAM send this verification to MCU?is there direct access between SAM & Reader ? or they connected via MCU?which command used to store keys in the SAM?
4. Is there any special standard protocol for this secure transmission? (storing key in SAM/ Authentication between CARD-SAM-MCU/ verifying process & ...)
5. Why chip manufacturer does not equipped their MCU to this secure Element internally?

推荐答案

除了存储安全密钥外，还有其他应用程序吗?

Is there any other application for them except storing secure keys?

智能卡包含通用CPU，因此您可以想到的任何事物.但是，对存储的密钥执行操作确实是其主要目的.

Smart Cards contain a general purpose CPU, so anything you can think of. But performing operations on the stored keys are indeed their main purpose.

我可以使用普通的移动SIM卡代替SAM模块来存储密钥吗?

Can I used usual mobile sim-cards instead of SAM module to storing keys?

使用通用(Java)卡更有意义.

A generic (Java) card would make more sense.

据我所知，当我们将密钥存储在SAM模块中时，几乎不可能检索到密钥&. SAM使用了一系列随机质询和多相身份验证以验证卡.然后，SAM如何将此验证发送到MCU? SAM&之间是否可以直接访问?读者?还是通过MCU连接?哪个命令用于在SAM中存储密钥?

As i know when we store keys in the SAM module it is almost impossible to retrieve the keys, & SAM used a sequence of random challenge & polyphase authentication to verify the card. Then how SAM send this verification to MCU? Is there direct access between SAM & Reader? Or they connected via MCU? Which command used to store keys in the SAM?

这真的取决于实现方式.

This really depends on the implementation.

此安全传输是否有任何特殊的标准协议? (SAM中的存储密钥/CARD-SAM-MCU之间的身份验证/验证过程& ...)

Is there any special standard protocol for this secure transmission? (storing key in SAM/ Authentication between CARD-SAM-MCU/ verifying process & ...)

据我所知.可能有很多适用的标准"，但据我所知，没有一个标准可以大致描述SAM卡的使用.

Not as far as I know. There are probably many "standards" that do apply, but to my knowledge there isn't a one that describes the use of SAM cards in general.

为什么芯片制造商内部没有为其安全性元件配备他们的MCU?

Why chip manufacturer does not equipped their MCU to this secure Element internally?

有时候是.

但是，保护芯片非常棘手.基本上，您是将密钥存储在知道攻击者即将使用的设备中.因此，您必须使用地址总线加扰，屏蔽等.等等.

Securing a chip is however very tricky. Basically you are storing a key in a device that you know an attacker is going to get its hands on. So you have to use address-bus scrambling, shields etc. etc. etc.

使用先前已获得认证并经过渗透测试的标准智能卡更具成本效益.

Using a standard smart card that has previously received certification and withstood penetration testing is much more cost effective.

这篇关于使用SAM模块存储安全密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！