In response field of Initialized Update command, Key Diversification data which contains manufacture ID and last two bytes of security domain AID is returned to reader. I wonder for what purpose Key Diversification data is used.
I have read global platform specifications, but I didn't find any answer. I tried to google and found somewhere said that the base keys are derived at off card's end using this diversification data. Is this right? Hope anyone give me some suggestions!
Thanks, marclo
When and how to use Key Diversification data?
-
ThePhoenyx
- Posts: 54
- Joined: Mon Jul 20, 2015 1:08 pm
- Points :510
- Contact:
Re: When and how to use Key Diversification data?
Diversified keys are basically an encryption of a base key with other data, such as the 2 you mentioned and usually some random bytes
as well. Usually used as short term keys like session keys for SSL/TLS or data between card and PC for mutual authentication without
exposing the base key to being picked up by hackers.
as well. Usually used as short term keys like session keys for SSL/TLS or data between card and PC for mutual authentication without
exposing the base key to being picked up by hackers.
The world is full of stories;
And sometimes they permit themselves to be told.
~Cherokee Proverb
And sometimes they permit themselves to be told.
~Cherokee Proverb
Who is online
Users browsing this forum: Baidu [Spider] and 17 guests