Hello,
I have a EMV JAVA CARD. The doc which I got for this card says:-
the key value of issuer security domain(encryption, MAC,and key encryption key): 404142434445464748494a4b4c4d4e4f. and the value of sequence counter is 0.
Ques 1 - Can I say this key is KMC? As I know that KMC never reside in the card, Static Keys Derived from this key actually reside in the card and this keys is used to create Session keys , Am I correct?
Ques 2 - At initial this key is given by card manufacturer/issuer (nxp in my case) so normally we should change it. here i think the process flow will be like:-
a) decide a new x = 16 byte key ( can we say this is CMK ?)
b} derived 3 static keys with using key data and this new 16 byte key and put this static key inside the card,
afterwords this new key x will be use by off card entity to create card/host and c-mac values . right????
Ques 3 -the significance of this keys KMC/CMK --> 3 Static Keys ---> 3 Session keys is only for Card Pesonalization time. Once the card has been personalized , no use of this key in future. am I right ?? I Mean when this card move to client hand, no use of this keys anymore...
Ques 4 - In real Scenario, if a card is fully personalized and ready to give to customer, can be personalize again if anyone know about KMC?? Is there any card state we set to prevent the personalization again??? I am asking because I want to know what happen in real scenario when a EMV Credit card personalized and handed over to client, what significance of card state here???
I am reading EMV now days and really now I have a tons of PDF and its make me confused more I read... sorry for my english.. if any explanation require please let me know...
Thanks in advance....