Below are several layers of protection applied for sensitive data storage in smartcard:

• Encrypted storage of data (include keys and data) in NVM (Flash/EEPROM)
• Scrambling of data storage (virtual/physical memory concept – real physical address unknown)
• Implementations to prevent side-channel attacks. Sensors to monitor frequency, voltage, temperature, light parameters
• Security Domain implementation following Global Platform specifications for Multi-application cards.
• Application-level Access Rights Protection for Key storage
• Application-level use of secure Javacard API for Key storage and access.

smartcard chip is the most secure and trusted hardware solution for on-chip key generation, digital signature.

The smart card chips itself designed to be tamper-proof and resist attempts to extract key data. Smart card operating system or application will generally have specific key store area in the memory with additional security mechanisms (eg: encryption, key shares etc). And the application will be designed in such a way that there is no provision to retrieve key like you retrieve data using APDUs (eg: READ BINARY)