During "Terminal Authentication", the reader transmits its access permission to the RF chip in the form of a terminal certificate (reading device certificate). In addition, the reader also transmits the CVCA certificate and all certificates that are between these two certificates in the certificate hierarchy. This way the RF chip can verify the authenticity and integrity of the terminal certificate. For a positive result, all of the certificates which follow in the hierarchy have to be signed with the secret key of their predecessor, starting with the CVCA certificate. This is trustworthy for the RF chip, since the key is additionally saved on the RF chip during production.