I am recently doing some study on Global Platfrom Card. I got a questions while reading the specs. The spec 2.2.1 mentioned while In OP_READY status, it's able to load, install Supplementary Security Domains. and this is the very beginning state of Card. However, it also mentioned for install Supplementary Security Domains, "An initial key shall be available within the Issuer Security Domain.". which make me confused. Where are there initial key from? Is it pre implanted in the factory?
I found some docs said, the initial keys for ISD is diversified from "Key diversification data" which is returned by doing "INITIALIZE UPDATE" request. Is this true? How can I generate initial keys from this data?
Big thanks for your answers!!!
