The problem with that is that it would make the system dependent on that authority and its uptime.
Only when you want to add more balance to your card - if you just want to read out the bitcoin private keys, it should be able to work outside the authority's IT infrastructure.
I mean: offline payments are supposed to be the biggest advantage here and if you make a card which you cannot pop up with more coins, people might be more reluctant to buy it.
It would also require signature master keys to be present on an Internet-connected server (or a separate set of keys that are only used to sign balance confirmations or the current time). I would like to keep the keys offline as much as possible (all cards will be certified completely offline and the master keys will never leave the computer used to sign/certify the cards).
Yes, this is a real problem.
Obviously you don't want to keep the super master key online - you must not, it's against any acceptable security practices.
So I was rather thinking about a solution where the master key would only be used in an offline environment, in some dark room behind a steel door..
But then how do you handle depositing more coins into a card?
You can try to address it by using a key hierarchy; there would be the super master key (kept offline, that never changes) and a second-level key that cycles (this one can be online, though it needs to be really secured).
Let's say that the 2nd level key would cycle every 3 months.
So a user of a card would need to "refresh" the card at least once a quarter (using some kind of online terminal) to get the key for the next quarter...
But in general the key update can just be done by the way of adding a new balance to the card - which needs to happen online anyway.
This gives you (the issuing authority) an additional control over every card that you have issued.
You can not only refuse to refresh/pop-up cards that you already have on the blacklist, but you can also get advantage of a subscription based business model.
E.g. if someone stops paying you a $1/quarter fee, he cannot pop up his card anymore, because you won't give him a fresh 2nd level key.
Though he can still read out the existing bitcoin private keys from the card (and spend his existing balance), because only pop-ups would requite a valid 2nd level key.
The quarterly refresh messages (unique per card) can be prepared offline - in a bulk.
Even if you have tens of millions of cards, doing it once a quarter isn't impossible, especially when you are on a subscription model, so you essentially get paid for it.