Using SAM modules for storing secure keys

问题

As i understand SAM modules are kind of SMART Cards which connect to the MCU via ISO 7816 protocol.

1. Is there any other application for them except storing secure keys?
2. Can I used usual mobile sim-cards instead of SAM module to storing keys?
3. As i know when we store keys in the SAM module ,it is almost impossible to retrieve the keys, & SAM used a sequence of random challenge & polyphase authentication to verify the card.Then how SAM send this verification to MCU?is there direct access between SAM & Reader ? or they connected via MCU?which command used to store keys in the SAM?
4. Is there any special standard protocol for this secure transmission? (storing key in SAM/ Authentication between CARD-SAM-MCU/ verifying process & ...)
5. Why chip manufacturer does not equipped their MCU to this secure Element internally?

回答1:

Is there any other application for them except storing secure keys?

Smart Cards contain a general purpose CPU, so anything you can think of. But performing operations on the stored keys are indeed their main purpose.

Can I used usual mobile sim-cards instead of SAM module to storing keys?

A generic (Java) card would make more sense.

As i know when we store keys in the SAM module it is almost impossible to retrieve the keys, & SAM used a sequence of random challenge & polyphase authentication to verify the card. Then how SAM send this verification to MCU? Is there direct access between SAM & Reader? Or they connected via MCU? Which command used to store keys in the SAM?

This really depends on the implementation.

Is there any special standard protocol for this secure transmission? (storing key in SAM/ Authentication between CARD-SAM-MCU/ verifying process & ...)

Not as far as I know. There are probably many "standards" that do apply, but to my knowledge there isn't a one that describes the use of SAM cards in general.

Why chip manufacturer does not equipped their MCU to this secure Element internally?

Sometimes they do.

Securing a chip is however very tricky. Basically you are storing a key in a device that you know an attacker is going to get its hands on. So you have to use address-bus scrambling, shields etc. etc. etc.

Using a standard smart card that has previously received certification and withstood penetration testing is much more cost effective.

来源：https://stackoverflow.com/questions/38075062/using-sam-modules-for-storing-secure-keys