Who are the smart card guides written for?

Security

Key Management for Smart Cards

<\/script>\n

'; }, get iframeSnippet() { const domain = '{ SITE_DOMAIN }'; const type = '{ embed_type }'; const slug = '{ embed_slug }'; return ''; }, get activeSnippet() { return this.method === 'script' ? this.scriptSnippet : this.iframeSnippet; }, copySnippet() { navigator.clipboard.writeText(this.activeSnippet).then(() => { this.copied = true; setTimeout(() => { this.copied = false; }, 2000); }); } }" @keydown.escape.window="open = false" @click.outside="open = false">

Embed This Widget

Theme

Widget powered by . Free, no account required.

HSM integration, key diversification, and lifecycle management.

업데이트됨 3월 2, 2026 | 4 min read

Key Management for Smart Cards
Key Lifecycle
Key Diversification
HSM Integration
Secure Channel Protocol and Session Keys
Best Practices

Key Management for Smart Cards

Key management encompasses the complete lifecycle of cryptographic keys that a smart card uses: generation, distribution, storage, usage, rotation, and destruction. Weaknesses in key management are the most common root cause of large-scale smart card credential compromises — not weaknesses in the cryptographic algorithms themselves.

Key Lifecycle

A smart card key passes through well-defined lifecycle states. Each transition must be governed by documented procedures and, for high-assurance programmes, verified by an independent audit.

State	Description	Custodian
Pre-operational	Key generated, not yet in service	HSM
Active	Key is used for cryptographic operations	Card + HSM
Suspended	Key temporarily unavailable (revoked pending investigation)	Card Management System
Deactivated	Key no longer used for protection, retained for decryption only	HSM archive
Compromised	Key exposure confirmed; all dependent material invalidated	Incident response
Destroyed	Key material securely erased, all copies gone	—

NIST SP 800-57 Part 1 provides the authoritative guidelines for cryptographic key management, including recommended key lifetimes by algorithm and key type.

Key Diversification

Issuing every card with the same master key is a catastrophic failure mode: one card compromise exposes the entire portfolio. Key diversification derives a card-unique key from a master key and a card-specific diversification input (typically the card serial number or a random diversification data field).

Diversification scheme	Algorithm	Domain
EMV Visa / MasterCard	3DES + KCMVP	Legacy payment
GlobalPlatform SCP02	3DES-CBC	Legacy card management
SCP03	AES-CMAC based	Current card management
NIST SP 800-108 counter-KDF	HMAC-SHA-256 / AES-CMAC	Modern multi-application
PBKDF2 (personalisation)	HMAC-SHA-256	PIN-derived key wrapping

The GlobalPlatform INITIALIZE UPDATE response provides the Key Diversification Data (KDD) — a card-unique value that the card management back-end feeds into the HSM KDF to compute the session-specific card key without the HSM ever transmitting the master key over any network.

HSM Integration

The HSM is the physical root of trust for the entire card programme. It stores master keys in tamper-resistant hardware and performs all key operations on behalf of the card management system. Key design principles:

Key Ceremony — Master key generation must be performed as a documented ceremony with multiple custodians, each holding one smartcard or HSM token representing a key-split share (typically 3-of-5 Shamir Secret Sharing or XOR splitting)
Dual control — No single individual can activate the master key; a quorum of custodians must authenticate simultaneously
HSM clustering — Production environments deploy geographically redundant HSM clusters with synchronised key material and automatic failover
Backup and recovery — Encrypted key backups (wrapped by a long-term backup KEK) are stored off-site under the same dual-control and quorum rules as the primary HSM

Secure Channel Protocol and Session Keys

For each card management session, SCP03 derives three ephemeral session keys from the card-unique base key plus session-specific data:

Session key	Purpose	Derived from
S-ENC	Command data confidentiality (AES-CBC)	Base key + counter + "04"
S-MAC	Command integrity (AES-CMAC)	Base key + counter + "06"
S-RMAC	Response integrity	Base key + counter + "07"

These session keys are used for exactly one session and discarded. The counter prevents replay: a secure element that receives the same counter value twice will reject the session.

Best Practices

Never derive operational keys from PINs without key stretching — Use PBKDF2 or Argon2 with ≥100,000 iterations and a per-card salt for any PIN-derived key
Separate encryption and signing keys — A key used for authentication should never encrypt bulk data; key purpose segregation limits the blast radius of compromise
Rotate issuer keys on a schedule — Annual or biennial rotation limits the exposure window; new card batches receive the new issuer key automatically
Log all HSM operations — Every key operation, custody transfer, and key ceremony must be logged to an append-only audit trail stored outside the HSM
Test key destruction — Validate that destroyed keys produce no recoverable output; test restoration from backup to confirm backup integrity before you need it

See GlobalPlatform Card Management for how SCP03 session key derivation integrates with the card management workflow.

자주 묻는 질문

Our guides cover a range of experience levels. Getting Started guides introduce smart card fundamentals. Security guides address Common Criteria certification and key management. Programming guides target developers working with APDU commands, JavaCard applets, and GlobalPlatform card management.