Opposite to secure messaging with a Personalization Terminal, secure messaging with a Inspection System
also attaches cryptographic protection to the APDU responses sent by the MRTD’s chip.
In both cases, the key used is a 112 bits Triple DES session key derived as part of the authentication procedure
(Basic Access Control Protocol or Chip Authentication Protocol). Different keys are used for computing the MAC
and for encrypting the data field. These keys are different for each secure channel session. If the Inspection
System supports Chip Authentication, they are replaced during the session upon successful re-authentication of
the Basic Inspection System using this latter protocol.