Content Hub

The public transport ticketing and payment ecosystem is undergoing a profound transformation, driven by digitalization, the expansion of mobility services, and increasing security requirements. Operators and technology providers must address structural challenges such as fragmented proprietary architectures, limited interoperability, supplier dependency, growing cybersecurity risks, and the need to integrate cards, mobile devices, biometrics, and digital accounts into a unified experience.

Despite these demands, the market often assumes that interoperability requires restrictive technological standardization. This approach limits innovation, reduces competitiveness, and creates operational rigidity. A more effective strategy is secure technological coexistence, enabled by architectures such as the SAM-CENTRIC model developed by Planeta Informatica, which supports multiple technologies operating simultaneously with high levels of security, auditability, and efficiency.

This paper presents a unified interoperability solution for Automatic Fare Collection (AFC) systems, enabling seamless integration across PQC, ABT, CBT, QR Code, BLE, and biometric environments while improving operational efficiency, scalability, and user experience.

SAM-CENTRIC Overview

The SAM-CENTRIC model positions the Secure Access Module (SAM) as the central trust component responsible for key management, cryptographic operations, secure storage, auditing, and contactless media interaction through standardized APIs.

Unlike traditional architectures where SAM operates as a simple coprocessor, SAM-CENTRIC establishes SAM as the core security controller. It communicates directly with readers, validates commands, and enforces security policies, while validators function as forwarding terminals. This approach significantly reduces vulnerabilities, enhances operational integrity, and standardizes security across the ecosystem.

The architecture improves performance through advanced software optimization techniques and is compatible with off-the-shelf transport readers through AIPA (Agnostic Intercept Payment Application). Programmable SAM technology enables hybrid transit ecosystems integrating Open Loop EMV, Account-Based Ticketing (ABT), Card-Based Ticketing (CBT), and QR solutions, while ensuring offline resilience, cryptographic sovereignty, governance compliance, and post-quantum readiness. The Programmable SAM enables Hybrid Transit Ecosystems integrating Open Loop EMV, Account-Based Ticketing (ABT), Card-Based Ticketing (CBT), and QR ecosystems, strengthens offline resilience, and enabling cryptographic sovereignty while maintaining compliance and governance controls, the concept is compatible with next-generation transit payment security and modular architecture design and PQC safe.

AIPA (Agnostic Intercept Payment Application)

Hardware-independent design is a fundamental principle of modern ticketing systems. AIPA provides an abstraction layer that enables integration with multiple reader manufacturers and payment service providers (PSPs), including simultaneous connectivity to address different brand and modality requirements.

By separating application logic from device infrastructure, AIPA reduces vendor lock-in, allows equipment replacement without system disruption, and simplifies the adoption of new payment technologies such as cards, mobile wallets, and digital credentials.

This agnosticism is achieved through a layered architecture that separates data capture from transaction processing, ensuring flexibility, scalability, and long-term technological sustainability. Combined with SAM-CENTRIC and standardized APIs (creating a layer of abstraction between devices and systems, ensuring scalability, security, and continuous evolution), AIPA creates a secure and future-proof infrastructure particularly suited for critical environments such as public transport.

Layered Interoperability: Beyond Restrictive Models (“trivial solution”)

Layered interoperability structures AFC systems into independent functional layers — hardware, security, application, and services — enabling continuous technological evolution without full infrastructure replacement.

Within this architecture, SAM provides a unified cryptographic API responsible for authentication, key management, and media handling. By centralizing these functions, the model delivers:

• Integration across multiple payment technologies
• Reduced technological dependency
• Enhanced scalability and auditability
• Continuous system evolution
• Strong governance and operational flexibility

This approach replaces restrictive interoperability models with a sustainable and innovation-driven framework.

Post-Quantum Security and Transaction Certification

Emerging threats associated with quantum computing demand long-term security strategies. SAM-CENTRIC facilitates post-quantum readiness by centralizing critical security functions within certified tamper-resistant hardware modules with minimal form factor and cost.

The SAM performs encryption, key management, integrity verification, and transaction certification, ensuring authenticity, integrity, and non-repudiation. It can also generate cryptographic proofs and synchronize with central systems, strengthening auditing and governance processes.

A layered abstraction strategy enables gradual implementation of post-quantum mitigation measures while maintaining operational continuity and technological sustainability.

Architectural Integration Across Payment Technologies

By combining centralized security, cryptographic certification, and standardized interfaces, the SAM-CENTRIC architecture establishes SAM as the cryptographic core of AFC systems. This enables:

• Centralized management of keys and security policies
• Interoperability between ABT, CBT, EMV, QR, BLE, and other technologies
• Secure coexistence of multiple payment methods
• Continuous transaction auditing
• Enhanced resilience against emerging threats

SAM evolves from a cryptographic component into a central platform for trust, governance, and operational oversight. Its portability allows deployment across different hardware platforms, creating a unified security layer that supports independent evolution of payment solutions.

Symmetric Cryptography and Quantum Resilience

Symmetric cryptography remains highly resilient in the quantum computing era. While Grover’s algorithm provides limited computational advantage, modern standards such as AES-256 maintain strong security.

In contrast, traditional asymmetric algorithms such as RSA and ECC face potential vulnerabilities from quantum attacks due to the Shor's algorithm. SAM-CENTRIC architectures strengthen long-term security by prioritizing symmetric cryptography and supporting hybrid strategies for future transitions.

Example of Success Case: Rio de Janeiro, Brazil

Rio de Janeiro’s public transport ticketing platform, Jaé, demonstrates large-scale implementation of SAM-CENTRIC architecture. The system modernizes payments, increases fare transparency, and improves subsidy management while supporting CBT, ABT, EMV, and QR models across cards, mobile applications, and digital channels.

The platform serves approximately four million registered users across an integrated urban network of 220 BRT, VLT, and subway stations, and more than 4,000 buses, processing approximately 2.3 million transactions daily with high reliability and operational efficiency.

Another Success Case: Mérida, Mexico

In Mérida, transport authorities required interoperability between a new operator and an existing provider with one million issued cards. Instead of restricting technologies, the SAM-CENTRIC model enabled secure coexistence.

Within two months, legacy technology was integrated into the new architecture. DESFire and CIPURSE media began operating simultaneously through a single API, with segregated mappings and independent key management.

This implementation demonstrates that interoperability can be achieved through architectural abstraction without technological restrictions, preserving supplier independence and system flexibility.

Related Solutions

AIPA — https://www.planeta.inf.br/wp-content/uploads/2026/03/EFOL-AIPA.pdf

VSAM — https://www.planeta.inf.br/wp-content/uploads/2026/02/EFOL-VSAM.pdf

HSM950 — https://www.planeta.inf.br/wp-content/uploads/2026/02/EFOL-HSM950.pdf