Efficient key derivation with forward secrecy

What is claimed is: 1 . A non-transitory machine-readable medium encoded with instructions for execution by a processor, the non-transitory machine-readable medium comprising: instructions for determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key; instructions for deriving a session key using the master key; instructions for generating a new master key value based on the master key; instructions for deleting the current master key value; and instructions for using the new master key value as the master key. 2 . The non-transitory machine-readable medium of claim 1 , wherein the instructions for generating a new master key value based on the master key comprise: instructions for combining the session key with at least one additional session key derived using the master key to form the new master key value. 3 . The non-transitory machine-readable medium of claim 1 , wherein the instructions for generating a new master key value based on the master key comprise: instructions for combining the current master key value with at least the session key to form the new master key. 4 . The non-transitory machine-readable medium of claim 1 , wherein the instructions for generating a new master key value comprise instructions for encrypting a constant value using the master key. 5 . The non-transitory machine-readable medium of claim 1 , wherein the instructions for generating a new master key value comprise instructions for applying an XOR function to two or more cryptographic keys. 6 . The non-transitory machine-readable medium of claim 1 , wherein the instructions for deriving at least one session key using the master key comprise: instructions for encrypting at least one constant value using the master key. 7 . The non-transitory machine-readable medium of claim 1 , wherein the instructions for deriving at least one session key using the master key comprise: instructions for combining the current value of the master key with the new value of the master key to produce a session key. 8 . The non-transitory machine-readable medium of claim 1 , further comprising instructions for periodically re-executing the instructions for generating a new master key. 9 . The non-transitory machine-readable medium of claim 1 , wherein the instructions for negotiating a master key value with a different device comprise instructions for negotiating with a secure element that is part of the same device as the processor. 10 . The non-transitory machine-readable medium of claim 1 , wherein the non-transitory machine-readable medium is encoded with instructions for execution by a secure element within a host device. 11 . A device for participating in a secure communication session, the device comprising: a memory; an interface to another device with which secure communication will occur; and a processor in communication with the interface and memory, the processor being configured to determine a master key value for use in secure communications with a different device, wherein the master key value is used as a master key, derive a session key using the master key, generate a new master key value based on the master key, delete the current master key value, and use the new master key value as the master key. 12 . The device of claim 11 , wherein in generating a new master key value based on the master key, the processor is configured to: combine the session key with at least one additional session key derived using the master key to form the new master key value. 13 . The device of claim 11 , wherein in generating a new master key value based on the master key, the processor is configured to: combine the current master key value with at least the session key to form the new master key. 14 . The device of claim 11 , wherein in generating a new master key value, the processor is configured to encrypt a constant value using the master key. 15 . The device of claim 11 , wherein in generating a new master key value, the processor is configured to apply an XOR function to two or more cryptographic keys. 16 . The device of claim 11 , wherein in deriving at least one session key using the master key the, processor is configured to: encrypt at least one constant value using the master key. 17 . The device of claim 11 , wherein in deriving at least one session key using the master key, the processor is configured to: combine the current value of the master key with the new value of the master key to produce a session key. 18 . The device of claim 11 , wherein the processor is further configured to periodically re-execute the step generating a new master key. 19 . The device of claim 11 , further comprising a secure element, wherein the secure element is the other device with which secure communication will occur. 20 . The device of claim 11 , wherein the device is a secure element to be installed in a host system, wherein the host system is the other device with which secure communication will occur.