> a secure enclave for the keys doesn't even provide any additional security since they key is transmitted to the card anyway
I'd assume that the keys (more accurately passwords, since a key would never be transmitted to the card over an unencrypted interface) are diversified by card serial number though? In that case, it would still be useful to have an SAM to hold that diversification key. You could further store some MAC authentication tag on the password-protected tag that the SAM needs to see before revealing the password over the radio.
I'm not saying that this is how every transit system practically does use MIFARE Ultralight, but based on the design, it's definitely possible.
I'd assume that the keys (more accurately passwords, since a key would never be transmitted to the card over an unencrypted interface) are diversified by card serial number though? In that case, it would still be useful to have an SAM to hold that diversification key. You could further store some MAC authentication tag on the password-protected tag that the SAM needs to see before revealing the password over the radio.
I'm not saying that this is how every transit system practically does use MIFARE Ultralight, but based on the design, it's definitely possible.