A security system is disclosed in which a secure communication session is established between an external security processor and an interface device. After insertion of the external security processor into the interface device, an authorization server provides authorization to the external security processor and the interface device based on, for example, identification information for each device. A derived key may be generated using a common device security key, and a seed value stored at the interface device. The derived key may then be used for multiple communication sessions between the interface device and the external security processor.