I'm trying to understand the different EMV-related keys that are shared between a bank who issues EMV cards and a card scheme, such as Visa or MasterCard.
I understand the bank would typically generate an RSA key pair and request the scheme to certify the public key. The result of this is an issuer public key certificate. What other keys might be exchanged between the two parties?
I've heard that in some cases, the bank will ask the scheme to generate other issuer master keys (for application cryptogram generation and script encryption/MACing keys), rather than doing it themselves. Is this true? Are there other keys exchanged for stand-in processing, for example, or for handling transactions from overseas?
I appreciate there may be some differences between different schemes, but I hope there is enough common ground upon which to form an answer.
