The Planeta Informática specializes in offering innovative hardware and software solutions for various sectors, with a focus on security and automation. Discover our solutions for payments, telecommunications, and much more, designed to meet your needs with cutting-edge technology.
The Revolution in Transaction Security
VSAM is an advanced solution developed by Planeta Informática to ensure security and efficiency in payment terminals with contactless EMV cards. VSAM enables the upgrade of legacy systems and adopts a modern technology that provides greater protection and simplicity.
What is VSAM?
The SAM (Secure Access Module) is a pluggable smart card that enhances security and encryption performance in payment terminals for contactless EMV cards.
VSAM is a SAM variant supporting both open and closed-loop payments. Featuring an L2 EMV kernel for Visa "On Line Deferred" transactions and a contactless EMV Level 1 reader, it enables EMV integration into older equipment without software changes.
Key functions of VSAM:
- FDDA validation and expiration date check
- Support for VCPS 2.1.3 and Visa Ready MTT specifications
- DDA validation for other brands
VSAM employs Mirror, Virtualization, and Interception techniques, providing an API for virtualizing MIFARE Classic, CIPURSE, MIFARE Plus, and DESFire. It's remotely updatable, flexible, and customizable to support various EMV schemes.
Why VSAM?
Trends
Public transportation is increasingly adopting bank cards and mobile payments like Apple Pay, Google Pay, and Samsung Pay.
This trend offers enhanced user convenience, improved security for operators, and reduces cash handling. It also promotes the migration from legacy technologies such as MIFARE Classic to more secure options like CIPURSE or EMV, mitigating fraud risks.
Challenges
To integrate contactless EMV bank card acceptance into existing AFC systems and enhance the security of legacy systems, the solution must be:
- Simple
- Cost-effective
- Compatible with existing proprietary systems
Current validators
Current validators are, in most cases, based on proprietary hardware and software which has been developed to accomplish the only goal to enable closed loop card as only way of ticketing.
So the flexibility is limited becoming a barrier for the transportation stakeholders to develop new or upgrade existing transport applications.
How does VSAM work?
Interception Method
The interception method works by delegating communication with the card to the provided library when the application's original device does not recognize the card. In other words, the validator continues searching for a card and, upon finding a closed-loop card, it handles it as usual.
However, when the card is not recognized, the validator uses the Virtualization Library (VLIB), which generates the APDUs (Application Protocol Data Units) to be sent to the card and receives the responses, performing all necessary steps to execute the EMV transaction. Due to security requirements, this operation must be carried out through a level 1 EMV certified reader, which can be shared by both closed-loop cards and others.
The VLIB is a compact library that connects the card or the presented medium to the VSAM, allowing the secure software within the VSAM to generate and process the necessary APDUs to complete the transaction.
The VLIB can also incorporate the ULIB, which is the update library. This library is used to update the software and tables of the VSAM securely and transparently for the host validator, as all operations can be performed securely via a network connection.
Solution 1 (S1)
The S1 solution is the one where a new Level 2, Level 3 and MTT device with an EMV Level 1 reader is added to the system. This device shares the existing connection to send the authorization token to the closed loop host and can also activate a turnstile.
All the software components run inside this new device and no change is needed on the validator depending on the integration method. In this mode, there will be one device to present the closed loop card and other for the open loop card.
Solution 2 (S2)
The S2 solution replaces the reader inside the validator with an EMV Level 1 certified reader, while EMV L2, L3, and MTT operations are handled by the VSAM. To implement it, a few libraries need to be added to the validator's code.
Both open-loop and closed-loop cards are accepted by the same reader. The S2+ version incorporates libraries into the EMV L1 reader, simplifying the validator's requirements without compromising performance.
Solution 3 (S3)
When the validator already has an EMV Level 1 certified reader, simply adding the VSAM and libraries to the validator's code is sufficient. As with the S2 solution, the libraries are embedded in the reader along with the VSAM, simplifying the validator's requirements.
Both open-loop and closed-loop cards are accepted by the same reader. The S3+ solution follows the same approach, with the libraries integrated into the reader, making the requirements easier to meet.
Certifications
The VSAM is already EMVCo Level 2 certified. Combined with an EMV Level 1 certified reader, the certification process is simplified through a "regression test," speeding up implementation with greater confidence due to isolated cores.
Level 3 certification is required for each acquirer or brand involved in the end-to-end solution.
Visa Ready certification is ensured for this process.
A fast and easy-to-use system
Visa Ready MTT
The MTT model enables the issuance of complete multimodal tickets in environments where transaction speed is critical.
Features:
- Exclusively contactless
- Different authorization levels
- No financial transactions at the card tap point
- Shared responsibility between the merchant and the issuer
- Denial list / Administrative management
Benefits:
- High passenger throughput
- Versatile and adaptable solution
- Suitable for complex multimodal transit systems
- No need for equipment purchase
- Reduces operational costs for Public Transport Operators (PTO)
Where VSAM is being used?
Modal | PTO/Concessionary | Location | Phase | Date |
Metro | MetrôRio | Rio de Janeiro | Production | April/2019 |
Bus | SSPTrans | São Paulo | POC | September/2019 |
Bus | OMSA | Sto Domingo – D. Republic | Production | July/2020 |
Ferry Boat | CCR Barcas | Rio de Janeiro | POC | August/2020 |
Toll | Linha Amarela | Rio de Janeiro | Production | June/2021 |
Toll | EcoRodovias | Rio de Janeiro | Production | July/2021 |
Toll | CCR Rio SP | São Paulo – Rio de Janeiro | Production | January/2022 |
Toll | Rota das Bandeiras | São Paulo | Production | August/2022 |
Bus | Bus AEMUS Lima | Peru | Production | November/2023 |
Bus | Bus OASA Athens | Greece | Production | April/2024 |
Technical stuff
Technical Features
The device is based on a solid 32-bit security controller and supports the following standards and specifications:
- ISO7816-3: T = 0 or T = 1
- Communication Speed: Up to 1.25 Mbps (very fast)
- Formats: ISO7810, 2FF, or 3FF
- Operating Voltage: 3 V or 5 V
- CMAC Diversification
- Certified Cryptographic Libraries:
- SHA-1 / SHA-224 / SHA-256
- RSA up to 4096 bits (hardware-based)
- 3DES, DES (hardware-based)
- AES128 / 256 (hardware-based)
- Elliptic Curve Cryptography (ECC): 521 bits
- Number of Symmetric Keys per Directory: 31
- Number of Asymmetric Key Pairs per Directory: 1
- EMV Level 2 Certification: Approval # CDPLNI01376B
Hardware requirements
To use the device, an EMV L1 reader and one of the following interfaces are required:
- Serial Interface: At least 115,200 baud, or available USB CDC interface
- Power Supply for the EMV Level 1 Contactless Reader: Minimum of 500 mA @ 5Vdc
Mechanical requirement
The device must be adapted to accommodate EMV Level 1 contactless readers.
Software components
In addition to hardware components, the following libraries are required for proper operation:
- VLIB – VSAM Payment Library: Manages the exchange of information between the VSAM and the host. It contains 25,000 lines of code and uses approximately 200 kB of RAM.
- RLIB – Reader Library: Controls the reader and its peripherals, such as the LED and buzzer. It contains 5,000 lines of code and uses approximately 20 kB of RAM.
- ULIB – Update Library: Manages the software updates of both the VSAM and the reader. It contains 250 lines of code and uses approximately 1 kB of RAM.
- VLIB Lite: A “lite” version of VLIB, used in the “plus” solution where the three libraries mentioned above are integrated into the reader. Its main functions are:
- Providing a uniform interface between the reader and the host
- Converting (if necessary) the original reader protocol to a standard one
- Adapting the external TCP/IP communication interface for the VSAM, enabling communication and name resolution via a pre-established TCP socket
- Obtaining date and time
VLIB Lite contains between 200 and 500 lines of code, depending on the required protocol conversion, and uses approximately 4 kB of RAM.
Memories
The system requires memory to store data, which can be allocated either on the host or the reader, depending on availability:
DLM – Denial List Memory: Stores system events such as reboots and time adjustments. It is recommended to have 4 MB for up to 32,000 operations. The denial list stores identifiers of cards that are not allowed to perform transactions; at least 64 MB is recommended for up to 1 million entries, and the system can handle several gigabytes of memory if necessary.
LLM – Log List Memory: Stores offline transactions that will be uploaded once connectivity is restored. At least 4 MB is recommended for 1,000 transactions and up to 64 MB maximum.
ELM – Event List Memory: Stores all system events, such as reboots and time adjustments. It is recommended to have 4 MB for up to 32,000 operations.
How to start
The VSAM SDK is your fastest path to development, offering access to source code and practical examples with reference hardware.
Ready to use in just 10 minutes, our hardware includes an EMV adapter with a built-in EMV L1 reader, a pre-installed VSAM, and 4 full-size VSAM plug-ins.
Beyond quick demos, the SDK lets you compare hardware, aiding in implementation and performance evaluation.
Start your VSAM development journey today. Get your SDK now and explore all its features.
Technical Features
By purchasing the SDK, you will gain access to a number of valuable resources. These include the VLIB source code, available in C, Java and Node, and detailed documentation of the VSAM protocol, essential for communication between the host and the EMV reader. In addition, the package includes the full source code for the implementation software and the Nano EMV A2 demo application.
To ensure you have all the support you need, the SDK offers 16-hour email support, extending up to 90 days after receipt. You can also take advantage of special pricing on the purchase of other devices in the ecosystem and additional BackOffice hours, benefits that are only available after purchasing and registering the SDK.
EN 
BR