The SmartCard-HSM already supports a scheme to derive EC keys from a master key. The scheme was developed based on a customer request to implement a crypto wallet.
The scheme is described in chapter 2.19 of the user manual:
In order to support an unlimited number of subkeys from a randomly chosen EC private
key, the SmartCard-HSM implements the scalar addition of the private key value with an
externally provided offset. This scheme is loosely based on BIP32 to allow building
hierarchical wallets for crypto currencies.
In the given ECC equation Q = d * G, d is the private key, G the generator point of the
curve and Q the public point. For a transformation d’ = (d + i) mod n, with i the scalar to
add and n the order of the curve, the public key value can be computed as Q’ = (d + i) *
G, which is equal to Q’ = d * G + i * G and Q’ = Q + i * G.
As such an application can easily determine Q’ from Q and use the SmartCard-HSM to
derive a subkey given the scalar offset.
EC key derivation is implemented using the DERIVE KEY (2.19) command.
An example is provided in the deriveECKey.js script that is part of the SmartCard-HSM SDK. It can be downloaded as part of the Starterkit and is contained in the sc-hsm-workspace.zip. Just unpack the zip, install the Smart Card Shell and select the unzipped folder as workspace. The script is contained in the sc-hsm-sdk-scripts/examples folder.