ISD keys mangement process
I've a question about the ISD keys and I was not able to find the answer with google. It seems to be generally three alternatives to implement the SE (secure memory card, uicc and embedded chip). Other alternatives don't seem to be used in the future.
Considering these three alternatives, is there any difference in the ISD keys process ? The ISD keys are always owned by the TSM in the end, but can in the TSM create the ISD keys in the three case ? or in some cases the keys are provided by the manufacturer and cannot be changed ?
More precisely, I'm looking to know if the TSM can choose (create) the ISD keys of the SE in each alternative or if, depending on the alternative, the TSM receives (securely) the keys of the SE ?
I'm also asking myself if the data for the SE use the same path with the three alternatives ? In the case of the UICC SE, the SE commands should directly go from the OTA linker to the SE, but what about the commands for the SMC and the embedded SE ? Do they go through the OS ?
Thank you for your help