Show your support by donating any amount. (Note: We are still technically a for-profit company, so your
contribution is not tax-deductible.)
PayPal Acct: 
Feedback: 
Donate to VoyForums (PayPal):
| [ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, 2, 3, 4, [5], 6, 7, 8 ] |
| Subject: Glossary of Smart Card Terms | |
|
Author: Java Card Special Interest Group |
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
Date Posted: 19:50:21 01/26/03 Sun Java Card Special Interest Group Glossary of Smart Card Terms A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S T | U | V | W | X | Y |Z More will be added soon ... A Algorithm "A set of computational rules specifying the procedures to perform a specific computation" (1997, Allen). Algorithmic encryption Computational scrambling of security codes to prevent unauthorised access to information (1996, Schlumberger). American National Standards Institute (ANSI) "The national standards setting body in the United States" (1997, Allen). American Standards Committee (ASC) A sub-committee of ANSI (1997, Allen). Authorisation Approval or guarantee given by an issuer to a user to honour a transaction (1997, Allen). Acceptor The organisation (usually a merchant) which accepts a card (e.g. in payment). Acquirer The bank which processes a merchant's transactions and passes them into the clearing system. AID Application Identifier: the unique code associated with a card application, which allows the terminal to select a suitable application within the card for a given operation. Anti-tearing (or Anti-pulling) A card feature, which protects the contents of memory if the card is removed before the end of the transaction. Anti-collision (or collision avoidance) A feature commonly used in contactless card systems to prevent conflicts between different signals competing for attention at the same time. Application The program within a smart card which governs its external functions. APDU The basic command unit for a smart card. An APDU contains either a command message or a response message, sent from the interface device to the smart card or from the card to the device. See ISO 7816-3 standard for more information. ASIC Application-Specific Integrated Circuit: a very large scale integrated circuit (a VLSI chip) designed for a specific customer and function (often on the basis of a Programmable Gate Array). ATC Application Transaction Counter: a counter maintained within a chip card which increments by one for each transaction performed. ATM Automated teller machine (cash machine) (or, for data networks, asynchronous transfer mode). ATR A message that is returned by a smart card when it is powered up. The ATR indicates the card type, communication protocol and other basic information that is used to determine the parameters for the communication between the card and the interface device. Authentication The process of verifying the identity and legitimacy of a person, object or system. Asynchronous Microprocessor cards (MPCOS, GPK2000, GemXplore, etc.). A card operating in asynchronous mode is capable of automatically adjusting to the transmission frequency. See also Synchronous Cards. API (Application Programming Interface) The set of programming tools that allows a developer to work with low-level devices such as smart cards. ABS Acrylonitrile Butadiene Styrene, a plastic used to make molded (or injected) card bodies for certain cards (see also PVC). JC SIG | Top -------------------------------------------------------------------------------- B Biometrics Unique human charateristics such as fingerprint, voice and retinal pattern, or signature (1997, Allen). Bandwidth The quantity of data that is able to transit over a network at a given time. Baud A unit of transmission speed. Often confused with bits per second (bps). JC SIG | Top -------------------------------------------------------------------------------- C Card accepting device Device used to communicate with smart card during a transaction (1997, Allen). Chip Integrated circuit that carries card intelligence. Embedded in the plastic surface of a card and hidden by the communication contacts (1996, Schlumberger). COS "Card (Chip) Operating System" (1997, Allen). CA Certification Authority: a body able to certify the identity of one or more parties to an exchange or transaction. CAM Card Authentication Method: the method (usually Static or Dynamic Data Authentication) used to verify that a card has come from a valid issuer and has not been tampered with. CAT Cardholder activated terminal. Card schemes further subdivide CATs into groups, for example, low-value vending machines, limited-value (e.g. petrol pumps) and unlimited value on-line terminals (e.g. kiosks and ticket booking systems). Cardholder The person to whom a personal card was issued (not necessarily the person holding the card). CB The French "GIE Cartes Bancaires" is an umbrella body controlling the card operations of the French banks. It sets standards as well as running the data network. The current CB standard card does not conform with ISO 7816 (its contacts are closer to the top of the card), but a migration is planned. CEN Centre Européen pour la Normalisation (European Standards Centre). See also EN. Challenge-response A form of authentication in which the system seeking authentication sends out a random "challenge". The object (e.g. the card or terminal) being authenticated performs a calculation on the challenge and responds with a result, from which the challenger can ascertain the authenticity or otherwise of the object. This method of authentication is much more secure than a simple password or other unvarying response. Chip card A card which embodies a "chip" (an integrated circuit). Also commonly known as a smart card, but the term "chip card" is often used to include those types of card which are not really "smart", such as memory cards. Chinese remainder A mathematical technique for performing modular arithmetic. It is used in smart cards for deriving digital signatures. CLEF Commercial Licensed Evaluation Facility: a body licensed to carry out security evaluations using the ITSEC criteria CMOS Complementary Metal-Oxide Silicon: a way of forming semiconductor material which uses less power than most other forms. See also HCMOS. Combi card A card which uses both contact and contactless technology. Contactless smart card Smart card technology using radio waves rather than contacts to energise and communicate with the chip inside the card. CRC Cyclic Redundancy Check: a check field often added to the end of a message, calculated as a polynomial from the rest of the message content. If a bit in the message is altered, then the CRC should alter. Cryptogram The result of a cryptographic operation. Cryptology The science of transforming confidential information to make it unreadable to non-authorized parties (see also Public Key, Private Key, DES, RSA, Algorithm) Cryptoprocessor A processor optimised for cryptographic functions (e.g. variable-length arithmetic, modular exponentiation or DES encryption) CVM Cardholder Verification Method: the signature, password, PIN or biometric used to check the identity of the cardholder, particularly for bank cards. Coupler A coupler is an electronic system used to read the smart card. It is the basis of a reader. Designed to be integrated in a machine (e.g., gaming machine, gas meter...). Closed systems A system whose use is limited to the original application issuer(s). Common closed systems include campus cards, corporate badges, etc. See also Open systems JC SIG | Top -------------------------------------------------------------------------------- D Data encryption algorithm An ANSI standard that describes a cryptographic algorithm for encrypting data" (1997, Allen). Digital signature A technique which authenticates user's transaction. It is generated by a cryptographic algorithm (1997, Allen). DDA Dynamic Data Authentication: authentication of a card using a challenge and response mechanism. DES Data Encryption Standard (or Data Encryption Algorithm): the most widely used method for "symmetric" encryption (i.e. using the same key for encryption and decryption). The main source is ANSI X3.92. DF Dedicated File: the intermediate level of a card's file structure. DFs can hold data, EFs or other DFs. Diffie-Hellman Diffie and Hellman were the first to describe viable public-key distribution and signature cryptograms in a paper in 1976. Their method, which is based on discrete logarithms, is still used in some systems, but RSA is more widely used in smart card schemes. Digital cash This term is applied to various schemes which represent money using electronic means. In the smart card world, value is usually stored on a card known as an electronic purse. Digital cash, however, normally consists of software "certificates" or tokens which can be stored on computer, or transferred to another party as payment. DSP Digital Signal Processor: an integrated circuit or specialised computer for processing high frequency analogue signals. JC SIG | Top -------------------------------------------------------------------------------- E EEPROM Electrical Erasable Programmable Read-Only Memory. "A memory technology that can be electronically eased and rewritten" (1997, Allen). Electronic funds transfer "A funds transfer that is sent electronically, either by telecommunication or written on magnetic media such as tape, cassette, or disk" (1997, Allen). Electronic purse (E-Purse) Smart cards that contain electronic money as opposed to bank notes and coins (1996, Schlumberger). Electronic wallet Similar to an E-Purse with added functions (1997, Allen). Encryption "The use of cryptographic algorithms to encode clear text data to ensure that it cannot be learned" (1997, Allen). Encoding Writing of system, issuer and cardholder data onto the smart card. EPROM "Electrically Programmable Read-Only Memory. A memory technology that can be written only once brfore being erased using ultrviolet light, after which it may be written again" (1997, Allen). EF Memory organization for microprocessor cards: The smallest logical entity that can be secured in the operating system. File containing data. EFT-POS Electronic Funds Transfer at Point of Sale: electronic payment. Electronic purse A card which stores value in the form of digital cash. An electronic purse is normally issued by a bank and the value it holds is the strict counterpart of legal tender. See also Stored Value Card. EMV The Europay-Mastercard-Visa specifications for chip-based payment cards. EMV part 1 corresponds with (and generally conforms with) ISO 7816 parts 1-5; the other parts of this specification cover the details of a standard credit/debit application and the requirements for terminals. EN Euronorm or European Standard. Important ENs for smart cards include EN 726 (a multifunction telephone card) and EN 1546 (Inter-sector Electronic Purse). EPOS Electronic Point of Sale (terminal): a networked and programmable electronic till. ESD Electrostatic discharge - the effect of discharging a high voltage but at a very low current, as when removing a woollen jumper or leaving a car after a long journey. ESD can be very harmful to electronic devices, particularly those using CMOS technology. ETSI European Telecommunications Standards Institute ETU Elementary Time Unit: the "clock tick" on which all chip card timings are based. ETSI (European Telecommunications Standards Institute) The E.U. organization in charge of defining European telecommunications standards. The most well known European telecom standard is GSM. see also ITU Embossing The action of implementing raised letters or logos on a plastic card. Embedding This operation consists in placing the micromodule in the cavity of the card body. An electrical test is carried out and the embedded module is then encoded. Electronic Commerce (or e-commerce) Doing business electronically. E-commerce often refers to business that is conducted (up to and including payment) over electronic networks (especially the Internet). JC SIG | Top -------------------------------------------------------------------------------- F Fabrication The process of manufacturing the chip which is used in a smart card. Ferroelectric memory (FRAM) Molecular electric field orientation storage device with nearly an infinite read/write capability (1996, Shoemaker). FAR False Accept Rate: the percentage of impostors accepted by a biometric or other identification check. FERAM Ferro-electric RAM: random access memory covered with an additional layer in a patented process to make it non-volatile (i.e. it does not lose its memory when powered off). FERAM is much faster and uses less space than E2PROM, but the FERAM process is proprietary. Flash memory Semiconductor memory which can be written once, but can thereafter only be erased as a block. It is increasingly used for program storage, since it allows the program to be updated. FPGA Field Programmable Gate Array: a semiconductor device which generates its outputs directly from its input states according to a "program" defined by the user. FRAM See FERAM. FRR False Reject Rate: the percentage of valid users rejected by a biometric or other identification check. Filtered Function Refers to a smart card function that has been downloaded into the card's EEPROM. A masked function, by comparison, is hardwired in the card's chip (ROM). Film A roll with a series of electrical contacts (ready to receive the chip). JC SIG | Top -------------------------------------------------------------------------------- G Global System for Mobile communications (GSM) A communications standard for mobile phones (1996, Schlumberger). JC SIG | Top -------------------------------------------------------------------------------- H Handshake "A process between two devices such as card, terminal, or modem to establish a common dialogue. Parameters may include speed, parity, number of bits, stop bits, and other basic information" (1997, Allen). HCMOS High-power CMOS: the technology used in most smart card microcontrollers. HSM Host Security Module (or Hardware Security Module): a hardware device used for storing keys and performing cryptographic functions under control of a host computer. Home Banking Retail banking operations conducted by customers using electronic payment terminals in their own homes. Hologram A flat optical image which looks three dimensional when viewed with the naked eye. Holograms are implemented as a security feature to prevent fraud. JC SIG | Top -------------------------------------------------------------------------------- I IEC "International Electrotechnical Commission" (1997, Allen). Integrated circuit "Electronic components designed to perform processing and/or memory functions" (1997, Allen). Interoperability The ability of products manufactured by different companies to operate correctly with one another. Issuer The institution identified on the card issued to the user (1997, Allen). IC Integrated Circuit IC Card Same as "chip card". The banking industry prefers the term "IC card" or "ICC". IFD Interface Device: same as a Card Accepting Device or Read-Write Unit, the equivalent of a card reader. Integrity (of data or a message) Not having been altered since it was originated. ISO International Standards Organisation. The main ISO standard relating to smart cards is ISO 7816: "Identification cards: integrated circuit cards with contacts". ISO 10536 and the draft standard 14443 cover, respectively, close-coupled and remotely coupled contactless cards. Many other standards covering aspects of security and computer systems operations are used by smart card systems. ITSEC Information Technology Security Evaluation Criteria: European standard for evaluating the security of commercial computer products (see also TCSEC). ITU International Telecommunications Union: the international body responsible for telecommunications co-ordination, the successor body to CCITT. See also ETSI. Initialization First stage of the card issuing process. The purpose of this process is to load all the data common to one application into the smart card's EEPROM. JC SIG | Top -------------------------------------------------------------------------------- J Java Card Schlumberger and Gemplus have developed specifications for running a subset of the Java language on a smart card. Java is an open, machine-independent language which offers a high level of protection between applications; it is thus well suited to a multi-application smart card, although it imposes a higher overhead than conventional smart card operating systems. Java An object oriented programming language developed by Sun Microsystems. Java is a machine independent language and offers considerable protection between applications. JC SIG | Top -------------------------------------------------------------------------------- K Keys In a modern encryption system, the algorithm is generally assumed to be known, and what is kept secret is the key. There are many different forms of key, each of which can be regarded as a string of meaningless bits until it is used to encode or decode a message. Key escrow One of the more emotive topics in cryptography is governments' desire to control the use of "strong" encryption, to prevent its use by criminals and enemies of the state. One method proposed to give this control, whilst still permitting the use of strong encryption, is key escrow: encryption users lodge a copy of their private keys with an accredited body, which agrees to surrender the keys to the Government on production of a court order. Key Length The number of bits forming a key. The longer the key, the more secure the encryption. Government regulations limit the length of cryptographic keys in a number of countries JC SIG | Top -------------------------------------------------------------------------------- M Microprocessor "A microcomputer with all of its processing facilities on a single chip" (1997, Allen). MAC Message Authentication Code: a cryptographically derived block of data appended to a message to demonstrate that it has not been altered during transmission. Mask The fixed program of a microprocessor smart card. Masked Function A function that is manufactured into the original chip (see also Filtered Function). Memory card A chip card with memory, but controlled only by fixed logic rather than by a microprocessor. MF Master File: the top level of a card's file structure. A card always has a Master File, which may contain data, DFs or EFs. Microprocessor A semiconductor device which can execute a program. In a microprocessor-based smart card, the processor is combined with memory, power control and other functions on a single "chip" of silicon. Mondex The electronic purse system developed by National Westminster Bank in the UK; it is now 51% owned by MasterCard International, and is licensed to banks in many countries. Mondex is unusual amongst bank-owned electronic purse schemes in that the individual transactions are not reported back to the scheme owner, and transactions between purses are allowed. This makes it closer to a true cash substitute than other schemes. Multos A programming language developed by Mondex for systems using MAOS (multi-application operating systems) for smart cards. Multi-application card (or general purpose card) A smart card that can accommodate more than one application while maintaining separate security conditions. Micromodule The electronic unit on a smart card. The mircomodule is formed of a chip and a contact plate, connected by fine wires and encapsulated in a drop of epoxy resin. The micromodule is inserted into a cavity in the card body to form a finished card. Mapping (or memory map) A functional representation of the different memory blocks. JC SIG | Top -------------------------------------------------------------------------------- N NC Network Computer: a client system designed for use only in a server-based network. Strictly, an NC must conform to the NC Reference Profile published by Apple, IBM, Netscape, Oracle and Sun. NCs normally have a smart card slot which stores the user profile. JC SIG | Top -------------------------------------------------------------------------------- O Off-line A transaction during which no direct connection is made to a central computer facility. see also On-Line On-line A transaction during which a direct connection is made to a central computer facility (usually via the public telephone network or computer networks). see also Off-Line OpenCard (OCF) The OpenCard Framework is an architecture for cards and terminals primarily intended to standardise the development of smart card and terminal applications in NCs. It is promoted by Apple, IBM, Netscape, NCI, and Sun. JC SIG | Top -------------------------------------------------------------------------------- P Payment transaction "The exchange of funds for goods and services" (1997, Allen). PIN "Personal Identification Number. Code the user possesses for verfication of identity" (1997,Allen). Personalisation Adding the individual card details to a card after manufacture. These will include the cardholder data in the chip's memory, usually the cardholder's name and an expiry date printed or embossed on the front. It may include other forms of personalisation such as magnetic stripe data or a photograph. During personalisation, any variable program (in addition to the mask) may be stored in the card, as well as cryptographic keys. PC/SC The PC Smart Card architecture promoted by Microsoft and other smart card and PC operating system vendors, to standardise hardware and software interfaces for smart cards in PCs. PGA Programmable Gate Array (see also FPGA) PIN Personal Identification Number: a code (usually 4 to 6 digits) used as a password by a cardholder. Public key A public key encryption algorithm is one in which one key is published and the other kept secret. Public Key Cryptosystem A cryptographic system that uses two different keys (public and private) for encrypting data. The most well-know public key algorithm is RSA Synonym: Asymmetric Cryptosystem; see also Digital Signature, Private Key Cryptosystem, Certification Authority Private Key Crypotosystem (or Secret Key Cryptosystem) A cryptographic system that uses a single key for encrypting data. The most well-know private key algorithm is DES Synonym: Symmetric Cryptosystem; see also Public Key Cryptosystem PUK PIN Unblocking Key (or Personal Unblocking Key): a numeric code used to release a blocked application or card. Protocol A set of rules and procedures governing interchange of information between a smart card and a reader. The ISO defines several protocols, including T=0, T=1 and T=14 Pre-Paid Card A card paid for at the point of sale, and permitting the holder to buy goods or services usually of a particular type up to the pre-paid value. Not all such cards are ISO standard identification cards because some do not show the identity of the bearer (e.g., phonecards…). POS (Point Of Sale) POS terminals (in comparison to central terminal) are the locations at which a transaction is contracted. PC Card Standard architecture-independent expansion device. These cards are typically used in laptop computers (formerly called PCMCIA). Pad A point of electrical connection between a micromodule and the chip. PVC Polyvinyl Chloride. A type of plastic used to product of laminated card bodies for certain types of smart cards, notably those that require embossing, signature panel or overlays (see also ABS) JC SIG | Top -------------------------------------------------------------------------------- R RF/DC A method of communication without physical contact. Accomplished through the use of radio waves (1997, Auto ID Service Providers). RF/ID A method identification without physical contact. Accomplished through the use of radio waves (1997, Auto ID Service Providers). RAM Random Access Memory (the equivalent of normal computer memory). RFID Radio Frequency Identification: a technology which allows an object or person to be identified at a distance, using radio waves to energise and communicate with some form of tag or card. RISC Reduced Instruction Set Computer: a computer or microprocessor which, by operating with a smaller range of instructions, is able to achieve higher instruction speeds than conventional processors. ROM Read-Only Memory RSA The Rivest-Shamir-Adleman algorithm is the form of public-key encryption most widely used today, particularly for digital signatures and key exchange. The most widely used Public Key cryptosystem; named after the inventors of this algorithm. JC SIG | Top -------------------------------------------------------------------------------- S Security features "Measures taken to achieve a reasonable freedom from accidental, criminal, fraudulent, and vandalizing actions while maintaining sensitifity to unexpected attacks or system failures that cannot be distinguished from attacks" (1997, Allen). SIM card Smart card that connects to a GSM phone. Establishes the idtentity of the user (1996, Schlumberger). Standard "A voluntary aggreement to a uniform and consistent methodology and/or specification to achieve a common action or result" (1997, Allen). Standardized processes and protocols "Guidelines for common data requirements, utilization control requirements, and document requirements across all payers" (1997, Allen). System "A group of interacting, interrelated, or interdependent elements forming or regarded as forming a collective entity (1978, Morris). SAM Security Application Module: a chip normally used as part of a terminal to store keys and encryption algorithms securely. SAMs often use the same smart card technology as the associated cards, or a more specialised cryptographic chip. SDA Static Data Authentication: authentication of a card by means of a digitally signed copy of selected card data. SET Secure Electronic Transactions: a standard for credit-card payment across networks, which does not depend on the security of the network and does not allow the merchant access to the customer's card number. It also links the payment to a specific sale transaction. SET does not require the use of a smart card, but various ways of implementing SET using smart cards have been proposed and are being trialled. Smart card A card which incorporates a microprocessor chip and some form of storage. By extension, and in common usage, any form of chip card. Stored Value Card A card which is used to store value such as loyalty points or credit for canteen meals. In Europe, the term is used to denote a card which is issued and redeemed within a closed circuit, in contrast with an electronic purse, which can be used to buy goods and services in the open market. In the USA, the term "stored value card" is used more widely, and can denote an electronic purse. Synchronous Cards Memory cards. These are the least complex cards. The communication frequency for these cards is determined by the reader. See also Asynchronous Cards. Standards A standard is a set of specifications defining the physical, electrical or logical properties of a device. For smart cards, there are a number of ISO standards defining such issues. Session Period of time between two card resets, or between power up and a power down. JC SIG | Top -------------------------------------------------------------------------------- T Telephone card "A card that can be utilized for the payment of telephone calls. This card maybe a prepaid card, a credit card, or one that adds the cost of the call to a standard bill" (1997, Allen). Transaction "A business or payment event for the exchange of value for goods and services" (1997, Allen). TASI Terminal Application Services Interface: the way that an application interfaces with the outside world (for use in testing an application or service). TC Transaction Certificate: a value derived cryptographically from other transaction parameters, which enables the integrity and source of the transaction to be verified at a later date. TCSEC Trusted Computer Security Evaluation Criteria: the US "Orange Book" requirements for evaluating the security of computer systems. TTP Trusted Third Party: an organisation (usually Government appointed or registered) which holds keys used for authentication purposes. Tag An electronic device (contactless) that can communicate with a reader by means of a radio frequency signal. JC SIG | Top -------------------------------------------------------------------------------- V Volatile Memory A memory device that does not retain stored information when power is interrupted (e.g., RAM). JC SIG | Top -------------------------------------------------------------------------------- W Write-once "A storage medium in which data cannot be altered or erased once it has been written" (1997, Allen). WORM Write once read many times (form of semiconductor memory). Wafer Arrays of ICs or discrete devices are fabricated in the wafers during the manufacturing process. JC SIG | Top -------------------------------------------------------------------------------- Z Zero knowledge A form of authentication in which the object demonstrates that it knows a secret, without disclosing that secret to the challenger (who may not know the secret). Most zero knowledge tests make use of public key cryptography, where the secret represents the private key or a function thereof. See also "challenge-response". JC SIG | Top [ Next Thread | Previous Thread | Next Message | Previous Message ] |