JavaCard OS

In response field of Initialized Update command, Key Diversification data which contains manufacture ID and last two bytes of security domain AID is returned to reader. I wonder for what purpose Key Diversification data is used.

I have read global platform specifications, but I didn't find any answer. I tried to google and found somewhere said that the base keys are derived at off card's end using this diversification data. Is this right? Hope anyone give me some suggestions!
Thanks, marclo

Diversified keys are basically an encryption of a base key with other data, such as the 2 you mentioned and usually some random bytes
as well. Usually used as short term keys like session keys for SSL/TLS or data between card and PC for mutual authentication without
exposing the base key to being picked up by hackers.