Key mapping

The SAM AV uses a key storage table in order to store and manage symmetric keys and the attributes related to them.

The key storage table has 128 entries. Every entry contains either a 3DES, and AES128 or an AES192 key. In the current version of firmware, only 3DES and AES128 keys are supported. Every key entry is referred to by its index, from 00 (0) to 7F (127).

The SpringCore firmware makes assumptions regarding the role of a key given its index. This chapter details how the key entries shall be understood and managed.

Vendor keys

Keys 00 to 07 are called 'Vendor keys' and are managed internally by the SpringCore firmware. They shall therefore not be changed directly, nor their have settings modified. Always use the public functions of the SAM AV class to manipulate these key entries.

Warning:

Do not try to change the keys listed below as they are required for proper operation of the SpringCore device. Changing any of these keys voids the warranty and may permanently lock the device.

Index Name Description
00 SamMasterKey This is the main management key of the Secure Element.
01 SamFactoryUnlockKey This key allows to unlock the Secure Element, should it have been locked by another key
02 ApplicationLicenceKey When the SpringCore device is sold together with a software solution, this keys allows the application to validate its licence
03 MasterCardReadKey This is the authentication key used to read the master cards
04 MasterCardCheckKey This is the CMAC key used to authentify the content of the master cards
05 MasterCardSamKey This key allows a master card to change other keys in the Secure Element
06 HostCommUserKey This key is used to protect the communication with the host, but does not open administrative access to the device
07 HostCommAdminKey This key is used to protect the communication with the host, and opens administrative access to the device (i.e. write the configuration or the keys)

Notes:

  • MasterCardReadKey, MasterCardCheckKey, MasterCardSamKey, HostCommUserKey and HostCommAdminKey are restored to their factory value by the "Restore Factory Settings" procedure,
  • ApplicationLicenceKey is preserved by the "Restore Factory Settings" procedure,
  • SamMasterKey and SamFactoryUnlockKey always keep the same value.

Smart Reader keys

In Smart Reader mode, the SpringCore device runs "card processing templates" to fetch data from the contactless cards, NFC objects, or BLE peers. The authentication keys used by the template engine may be stored in the Secure Element.

Keys 10 to 1F are dedicated to this usage.

Index Role Remark
10 PICC key for template #0 Template #0 is used for BLE peers (Orange Pack ID, SpringBlue, ...)
11 PICC key for template #1
12 PICC key for template #2
13 PICC key for template #3
14 PICC key for template #4
15 RFU
16 RFU
17 RFU
18 Optional second PICC key for template #0 Orange Pack ID uses two keys
19 RFU
1A RFU
1B RFU
1C RFU
1D RFU
1E RFU
1F RFU

Free keys

Keys 20 to 7F i.e. 96 keys are freely usable for either

  • Desfire authentication and secure communication,
  • Mifare Plus authentication and secure communication,
  • Mifare UltraLight C authentication.

Note:

The free keys are restored to their factory value (i.e.: disabled) by the "Restore Factory Settings" procedure, provided that their change key field remains equal to Key Index 00, Version 00.