Secure Elements SAM AV Key mapping
April 13, 2023 at 2:40 AMKey mapping
The SAM AV uses a key storage table in order to store and manage symmetric keys and the attributes related to them.
The key storage table has 128 entries. Every entry contains either a 3DES, and AES128 or an AES192 key. In the current version of firmware, only 3DES and AES128 keys are supported. Every key entry is referred to by its index, from 00 (0) to 7F (127).
The SpringCore firmware makes assumptions regarding the role of a key given its index. This chapter details how the key entries shall be understood and managed.
Vendor keys
Keys 00 to 07 are called ‘Vendor keys’ and are managed internally by the SpringCore firmware. They shall therefore not be changed directly, nor their have settings modified. Always use the public functions of the SAM AV class to manipulate these key entries.
Warning:
Do not try to change the keys listed below as they are required for proper operation of the SpringCore device. Changing any of these keys voids the warranty and may permanently lock the device.
| Index | Name | Description |
|---|---|---|
00 |
SamMasterKey | This is the main management key of the Secure Element. |
01 |
SamFactoryUnlockKey | This key allows to unlock the Secure Element, should it have been locked by another key |
02 |
ApplicationLicenceKey | When the SpringCore device is sold together with a software solution, this keys allows the application to validate its licence |
03 |
MasterCardReadKey | This is the authentication key used to read the master cards |
04 |
MasterCardCheckKey | This is the CMAC key used to authentify the content of the master cards |
05 |
MasterCardSamKey | This key allows a master card to change other keys in the Secure Element |
06 |
HostCommUserKey | This key is used to protect the communication with the host, but does not open administrative access to the device |
07 |
HostCommAdminKey | This key is used to protect the communication with the host, and opens administrative access to the device (i.e. write the configuration or the keys) |
Notes:
- MasterCardReadKey, MasterCardCheckKey, MasterCardSamKey, HostCommUserKey and HostCommAdminKey are restored to their factory value by the “Restore Factory Settings” procedure,
- ApplicationLicenceKey is preserved by the “Restore Factory Settings” procedure,
- SamMasterKey and SamFactoryUnlockKey always keep the same value.
Smart Reader keys
In Smart Reader mode, the SpringCore device runs “card processing templates” to fetch data from the contactless cards, NFC objects, or BLE peers. The authentication keys used by the template engine may be stored in the Secure Element.
Keys 10 to 1F are dedicated to this usage.
| Index | Role | Remark |
|---|---|---|
10 |
PICC key for template #0 | Template #0 is used for BLE peers (Orange Pack ID, SpringBlue, …) |
11 |
PICC key for template #1 | |
12 |
PICC key for template #2 | |
13 |
PICC key for template #3 | |
14 |
PICC key for template #4 | |
15 |
RFU | |
16 |
RFU | |
17 |
RFU | |
18 |
Optional second PICC key for template #0 | Orange Pack ID uses two keys |
19 |
RFU | |
1A |
RFU | |
1B |
RFU | |
1C |
RFU | |
1D |
RFU | |
1E |
RFU | |
1F |
RFU |
Free keys
Keys 20 to 7F i.e. 96 keys are freely usable for either
- Desfire authentication and secure communication,
- Mifare Plus authentication and secure communication,
- Mifare UltraLight C authentication.
Note:
The free keys are restored to their factory value (i.e.: disabled) by the “Restore Factory Settings” procedure, provided that their change key field remains equal to Key Index 00, Version 00.