I can not understand token well. Hope someone help me. If SD support delegated management, the ISD should have the information of the token key. Am I right? Is the token key stored to ISD in the card during installation of the SD? If there are few SDs support delegated management, how the ISD recognize which token key is belong to the SD?
The DM Tokens are signatures of one or more DM functions (loading application code, installing Applications and extraditing Applications) generated by the Card Issuer and used to provide the Card Issuer the control over these Card Content changes. Tokens are required when the Issuer Security Domain is not managing the Card Content changes itself. The Issuer Security Domain shall verify Tokens.