UniSAM is the first multi-standard Security Applications Module for new generation phonecard authentication (T2G and Eurochip authentication algorithms).
It ensures interoperability between various service providers.
UniSAM can be installed in payphones or in properly designed terminals, its first role is to authenticate prepaid disposable cards. It offers security against fraud and allows dynamic storage of issuer secrets (i.e., application data).
See the outline of the authentication process.
The main application of Gemplus UniSAM is in public payment. Telecom operators running phone service applications are implementing advanced new systems to guarantee " state-of-the-art " protection against fraud. Payphone terminals can thus be individually equipped with a removable UniSAM security application module (plug-in format) that offers active cryptographic authentication for new generation phonecards.
Gemplus UniSAM integrates secure certified value counters, which are required to authorize transactions for Interoperability schemes: several Telecom Operators decide to accept the same phonecard on their respective infrastructure.
|Off-line authentication of the phonecard||The anti-cloning algorithm includes Eurochip 1 (Siemens SLE4436), Eurochip 2 (Siemens SLE5536), and T2G German protocol (Thomson ST1335).|
|Diversification of the phonecard authentication key (Kc)||By combining the card identification data with the Application secret key stored in UniSAM (Km).|
|Secure downloading of secret keys||During the downloading process, the secret keys are encrypted In addition to this encryption mechanism, the origin and integrity of the secret keys are verified using a cryptogram.|
|Remote downloading of secret keys||Using the Payphone Management System (PMS) (off-line).|
|Secure revenue counter management||To support inter-operability between various service providers. Successful phonecard authentication protects revenue counter incrementation. The revenue counter read-outs are protected by a Message Authentication Code (MAC). This MAC ensures the integrity of the counter value for the purpose of financial clearing.|
|Interoperability||UniSAM s secure file architecture allows different customers to share the same terminal. Where more than one customer shares a terminal, UniSAM ensures that access rights between key files and revenue counter files owned by one customer do not interfere with key and revenue counter files of another customer. In addition, the availability of 8k bytes of EEPROM allows UniSAM to support many different service providers operating from the same terminal.|
|Cross-authentication||One UniSAM may be challenged by another UniSAM for verification purposes. This process is called .|
ISO Standard 7816: "Identification cards - integrated circuit(s) cards with contacts:"
ETSI ES 201 209-1 v1.1.1 (1997-05): "Identification card systems; Telecommunications IC cards and terminals; Interoperability with synchronous prepaid cards; Part 1: Requirements for off-line and on-line configurations; Part 2: Security requirements."
|Communication protocols||T=0 protocol as specified in ISO 7816-3.|
|Power consumption||:UniSAM operates on a single power supply of 5V. UniSAM has optimized power consumption management to save energy in payphone terminals. For example, when UniSAM is not challenged, it automatically switches to "sleep" mode. While in "sleep" mode, power consumption is less than 100µA.|
UniSAM is supplied in GSM 11.11 "plug-in" format or in ISO 7816 format.
As required by the European Telecommunications Standards Institute for all components dealing with Security in telecommunication applications, UniSAM is certified ITSEC level E3 medium.