In that case, anyway, the protection against message replay attacks seems reasonable.

Yes, it’s true that you are authenticating a connection between your computer and a device connected to it. In this case I guess the main point for it is the authentication, specially protection against replaying messages.

Also, keep in mind that these devices can be used to sign stuff on other places such as the terminals provided in police stations and potentially other places. Imagine someone introducing a skimming device there and logging the communications at the APDU level.

Now, imagine everything goes in clear and without authentication. The skimmer could record the PIN for the card and later on steal this card if he’s able to trace you (and maybe he was even able to get your address from the ID in the clear!).

Of course you don’t want that, because it enables identity fraud in a quite “easy” way. If you encrypt and protect integrity, together with the sequence counter, you get that:

a) It’s not possible to record your PIN
b) It’s not possible to record APDUs in transit and replay them later bypassing authentication

So obviously when the card is being used on your computer it doesn’t provide too much security since malware could always hook the encryption routines and the secure channel establishment routines to get the clear data. But when you use it somewhere else, where attackers could have tampered with the readers, you want to avoid transmitting in the clear and allowing message replays.

Hope this clarifies it a little

Is this stupid, or are there any possible attack that I have not taken into account??