Glossary
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - R - S - T - U - V - W - X
A
ABS (Acrylonitrile
Butadiene Styrene)
The plastic used to make
molded (or injected) cards.
AES (Advanced Encryption
Standard)
A secret-key encryption
algorithm.
Algorithm
A mathematical routine used
to perform computations (often used for cryptography).
Analog
Information presented in the
form of a continuously varying signal.
Anti-collision (or
collision avoidance)
A feature commonly used in
contactless card systems to prevent conflicts between different signals
competing for attention at the same time.
APDU (Application
Protocol Data Unit)
The basic command unit for a
smart card. An APDU contains either a command message or a response message,
sent from the interface device to the smart card or from the card to the
device. See ISO 7816-3 for more information.
API (Application Programming Interface) A definition of calling conventions by which an application program accesses to other services such as the operating system, drivers, databases, or middleware layers.
Applet
A compact program that can be
downloaded quickly and used by a remote computing device. Applets are not
allowed to access certain resources on the remote device.
ASIC
(Application-Specific Integrated Circuit)
A chip that has been customer
designed.
ATR (Answer To Reset)
A message that is returned by
a smart card when it is powered up or when its reset pin is activated. The
ATR indicates the card type, communication protocol and other basic
information.
Authentication
The process whereby a card,
terminal or person proves who they are. A fundamental part of many
cryptography systems.
External Authentication.
The procedure used to
authenticate the external world (e.g., terminal) to the card.
Internal Authentication.
The procedure used to prove
that the card is genuine by means of an algorithm, a random value and a
secret key. The authentication process can be further distinguished
between passive authentication in which the same values are used each time
(e.g., PIN) and active authentication in which an algorithm and variable
values are used.
B
Bandwidth
The amount of data that can
be sent through a connection. Usually measured in bps.
Baud
A unit of signaling speed.
The speed in baud is the number of discrete conditions or signal elements
per second. It is now largely obsolete and has been replaced by "bits per
second" (bps).
Biometrics
Identification and
authentication techniques based on the physical characteristics of a person
such as fingerprints, hand geometry, retina scan or voice print.
BIP (Bearer Independent
Protocol)
Standardized protocol that
lets a SIM card communicate directly with a remote server.
Bluetooth
A technology that allows an
array of devices to communicate over short-distance wireless connections.
This technology applies to PCs on a local area network as well as cell
phones, personal digital assistants and even wristwatches.
Bps (Bits-Per-Second)
Data transmission speed, the
number of pieces of information transmitted per second.
Broadband
A term to describe a
high-speed communications channel (usually > 1.5 Megabytes per second).
C
CA (Certification
Authority)
The organization that issues
certificates and takes liability associated with the validity of the
holder's identity. Often financial and institutional organizations.
CAP file (Converted
Applet File)
The file produced when a Java
class file is converted for loading into a Java Card.
CASE (Computer-Aided
Software Engineering)
Generic term for tools and
techniques that are said to offer major productivity gains for analysts and
programmers.
CCITT (Comité Consultatif
International Télégraphique et Téléphonique)
The French acronym that
translates to the International Telegraph and Telephone Consultative
Committee. This international body renamed itself ITU (International
Telecommunications Union).
Certificate
A file, digitally signed by a
Certification Authority. There are many different types of certificates (the
most common being X 509 V3).
Checksum
(also called Hash) A count of
the number of bits in a transmission unit so that the recipient can make
sure the correct number of bits arrived and that the message is intact.
Chromalin
A printer's proof
manufactured by Dupont. Chromalin proofs are the most common way of
exchanging final artwork for printing on smart cards.
Class File
The Java executable file
produced when source code has been compiled. A class file must be converted
into a CAP file before it can be executed on a Java Card.
Client/server
An information system with a
client device (usually a PC or a terminal) and a central server that houses
all or part of the application.
CMS (Card Management
System)
Tools and services used to
deploy and manage smart card-based applications. CMS is used primarily to
manage the lifecycle of cards and applications hosted by the cards.
Comp128-1
The proprietary algorithm
that was initially used by default in SIM cards. The GSM Association
formally recommends against using Comp128-1, as it has been proven unsecure.
Confidentiality
Guarantee that a message will
be legible to no-one other than the intended recipient. Confidentiality is
an essential role of cryptography systems.
Contact Smart Card
A smart card that operates by
physical contact between the reader and the smart card's different contacts
(in comparison to Contactless smart cards).
Contactless
A smart card with a module
that communicates by means of a radio frequency signal. There is no need of
physical contact between the card and a reader (in comparison to Contact
smart cards).
Coupler
An electronic system used to
read the smart card. It is the basis of a reader. Designed to be integrated
in a machine (e.g., gaming machine, gas meter...).
CQL (Card Query Language)
A subset of Structured Query
Language (SQL) implemented on a smart card.
CRC (Cyclic Redundancy
Check)
A popular method of ensuring
transmissions have not been garbled.
CryptoAPI (Cryptographic
Application Programming Interface)
A Microsoft API that offers
system-level access to common cryptographic functions.
Cryptography
The science of ensuring that
messages are secure. Cryptographic systems are based on the concepts of
authentication, integrity, confidentiality and non-repudiation.
D
DES (Data Encryption
Standard)
The most widely used secret
key encryption algorithm (orginally developed by IBM in 1977). A
strengthened version of DES called triple DES (or 3DES) is commonly used in
bank cards.
DF (Dedicated File)
Memory organization for
microprocessor cards: A DF is a logical entity that holds a number of
elementary files (EF). In multi-purpose cards each DF will normally
correspond to a distinct application.
Digital
Said of systems whose
information is represented in binary form. Compares to Analog.
Digital Printing
A relatively recent
technology that lets you print directly from a digital file. Digital
printing is particularly well suited for small production runs.
Digital Signature
(not to be confused with a
digital certificate) An electronic signature created using a public-key
algorithm. A digital signature can be used by the recipient to authenticate
the identity of the sender and to ensure the integrity of the message.
DMZ (De-Militarized Zone)
A network added between a
protected network and an external network in order to provide an additional
layer of security.
DNS (Domain Naming
System)
The name lookup the Internet
uses to convert from alphabetic names to 32-bit binary IP addresses.
Domain Name
The unique name that
identifies an Internet site. Domain Names always have 2 or more parts,
separated by dots. The part on the left is the most specific, and the part
on the right is the most general.
DRM (Digital Rights
Management)
DRM systems allow the owners
of copyrighted material or of intellectual property (such as a music, video,
or text file) to specify just what users will be allowed to do with it.
Dual Slot
Said of a smart card reader
than can accommodate two cards simultaneously (often one for the end-user
and one to identify an authorized professional).
E
E-Cash
Digital money, typically in
the form of downloadable "digital coins" that can be stored in a bank
account, on a PC or on a smart card.
e-Commerce (Electronic
Commerce)
Business that is conducted
(up to and including payment) electronically (usually over the Internet).
e-Purse or e-Wallet
A small portable device that
contains electronic money. e-wallets are generally used for low-dollar
transactions.
EAC (External
Authentication Cryptogram)
Signature computed by an
external entity (typically a terminal / host for a smart card).
ECC (Elliptic Curve
Cryptosystem)
A public-key system that uses
a mathematical approach called the elliptic curve problem.
EEPROM (Electrically
Erasable Programmable Read-Only Memory)
Special non-volatile memory
whose contents can be erased and new data can be reloaded electrically. In
smart cards EEPROM is typically used for application data and for certain
filtered functions.
EF (Elementary File)
Memory organization for
microprocessor cards: The smallest logical entity that can be secured in the
operating system. File containing data.
Embedding
The operation that consists
in placing the module in the cavity of the card body.
EMV (Europay - Mastercard
- Visa)
Set of specifications
defining the main structures for an international debit/credit smart card.
Encryption
A cryptographic procedure
whereby a legible message is encrypted and made illegible to all but the
holder of the appropriate cryptographic key.
ETSI (European
Telecommunications Standards Institute)
The E.U. organization in
charge of defining European telecommunications standards.
F
FAQ (Frequently Asked
Questions)
Documents that list and
answer the most common questions on a particular subject.
Filtered
Said of data or functions
that are loaded into the memory of a smart card. Masked data and functions,
by comparison, are hardwired into the card's chip.
Firewall
An application or a dedicated
computer that protects the resources of one network from users on other
networks.
Firewire
A communication protocol
proposed by Apple and standardized as IEEE 1394; similar to USB. Data rate
up to 400 Mbps.
Firmware
Low-level software that is
similar to hardware features. This software operates by exchanging commands
directly with an external device or with a specific software loaded in the
product.
Flash Memory
A non-volatile memory device
that can be reprogrammed more quickly than EEPROM.
Footprint
(also Memory Footprint) The
amount of space taken up by the operating system, an application or data in
the memory of a smart card.
FRAM (Ferroelectric RAM)
(also called Fe-RAM) A
non-volatile memory technology (i.e., it does not lose its data if the power
is shut off). FRAM can read data thousands of times faster at far lower
voltage than other non-volatile memory devices.
G
GPRS (General Packet Radio Service)
A packet-based 2.5G (in
comparison to 3G) telecommunication technology. GPRS supports exchange rates
up to 114 Kbps, allowing wireless Internet and other multimedia services.
GSM (Global System for
Mobile Communications)
A European standard for
digital cellular telephones that has now been widely adopted throughout the
world. Under the ETSI standard, GSM telephones contain a SIM smart card that identifies the individual subscriber.
H
Hardwired
Said of electronic circuits
that perform fixed logical operations, rather than a stored program.
Hash (also called Checksum) A count of the number of bits in a transmission unit so that the recipient can make sure the correct number of bits arrived and that the message is intact.
I
IC (Integrated circuit)
A set of electronic circuits
implemented on a piece of semiconductor material. Common ICs include
microprocessors and memory chips. Synonym: Chip
IETF (Internet
Engineering Task Force)
A body responsible for
recommending protocols and procedures to be used on the Internet. The IETF
and the W3C are the main standards organizations for the Internet.
Initialization
First stage of the card
issuing process. This process loads all the data common to one application
into the smart card's EEPROM.
Integrity
Guarantee that a data (or
code) has not been modified in transit. Integrity is an essential role of
cryptography systems.
Interoperability
The ability of products
manufactured by different companies to operate correctly with one another.
IP (Internet Protocol) The protocol used on the Internet to transfer packets. This protocol can also be used on a LAN (to implement an Intranet).
IP address
A unique number assigned by
an Internet authority that identifies a computer on the Internet. The number
consists of four groups of numbers between 0 and 255, separated by periods
(dots). For example, 172.16.6.129 is an IP address.
IPsec (IP Security)
A set of security protocols
as defined by a body of the IETF that is developing a secure standard for
the Internet Proctocol.
ISO (International
Standards Organization)
The main international
standards organization. ISO works to ensure that chip makers, software
developers and smart card companies comply with the same specifications.
ITSEC (Information
Technology Security Evaluation Certification)
A set of criteria adopted by
Europe and Australia used to evaluate the security of software and computer
components.
ITU (International
Telecommunications Union)
Successor to CCITT. The
international agency in charge of telecommunications coordination between
nations.
J
J2EE (Java 2 Enterprise
Edition)
A version of Java designed
for heavy-duty servers with strong support for integration of back-end
systems.
J2ME (Java 2 Micro
Edition)
An implementation of the Java
operating system for resource restricted devices such as mobile handsets or
PDAs.
J2SE (Java 2 Standard
Edition)
A version of Java 2 designed
primarily for individual desktops computers.
Java
A network-oriented
programming language invented by Sun Microsystems. Java was specifically
designed so that programs could be safely downloaded to remote devices
(e.g., Web pages, smart cards, etc.).
Java Card
A set of specifications for
running a subset of Java on a smart card.
JCF (Java Card Forum)
An industry association
devoted to the advancement of the Java Card specifications to serve the
markets for Java card.
JCRE (Java Card Runtime
Environment)
The Java Card run-time
environment that manages operations such as applet loading and initializing.
It also keeps track of the current state of the card.
JDK (Java Development
Kit)
A software development kit
(SDK) that is used to produce Java programs.
Jini
A distributed computing
framework introduced by Sun Microsystems. Jini is an extension of the Java
application environment.
JVM (Java Virtual
Machine)
An essential element of the
Java programming language. The JVM is an abstract computing machine with its
own instruction set and memory. A JVM is included in each release of Java
(J2ME, J2SE and J2EE).
K
Key
A value that is used with a
cryptographic algorithm to encrypt (or sign) data. The longer the key, the
more secure the encryption.
KVM (K Virtual Machine)
A Java VM (Virtual Machine)
suited for mobile devices. As its name suggests, the VM is measured in tens
of KB.
L
LAN (Local Area Network)
A geographically limited
network (generally within a building or small group of buildings) that is
managed and owned by a single company.
Lifecyle
The time between the issuance
of a smart card and its cancellation or expiration.
Linux
An Open Source operating
system that is derived from UNIX.
M
Mapping
(also called memory map) A
functional representation of the different blocks in the memory of a chip.
Masked
Said of data or functions
that are permanently loaded into the chip on the smart card.
Memory Card
A smart card containing a
memory chip with read / write capability and in some cases hardwired
security functions (some people do not consider memory cards as smart
cards).
MF (Master File)
Memory organization for
microprocessor cards: This file is unique and obligatory. It has its own
security attributes and may contain DFs and/or EFs.
MIDlet (Mobile
Information Device [App]let)
An applet designed to run on
a mobile device under the MID profile of J2ME.
MMC (Multimedia Card)
A standard for very small (24
x 32 x 1.4 mm) memory units that can be used in portable devices (e.g., PDAs,
mobile phones, etc.). They can store up to 64 MB of data.
Mobile Phone Network
Wireless telephone system
where each geographic area is covered by a base station.
Module
(also called micromodule) The
unit formed of a chip and a contact plate, with fine connecting wires that
is encapsulated in a drop of epoxy resin. The module is embedded in a cavity
in the card body.
Multi-application
Said of a smart card that can
accommodate more than one application while maintaining separate security
conditions.
MultOS
A smart card open operating
system developed by MAOSCO, notably for financial transactions.
N
Non-Repudiation
Guarantee that a sender
cannot falsely deny having sent a message. Non-repudiation is an essential
role of cryptography systems.
Non-Volatile Memory
Said of memory chips that do
not lose their contents when the power is switched off.
O
OCF (OpenCard Framework)
The framework that provides
programmers with an interface for the development of smart card applications
in Java.
Off-Line
A transaction during which no
direct connection is made to a central computer facility.
On-Line
A transaction during which a
direct connection is made to a central computer facility (usually via the
public telephone network, computer networks, or the Internet).
Open System
A system that uses industry
standard development approaches. Open systems allow issuers to call upon
multiple suppliers for a given product. See interoperability.
OS (Operating System)
A smart card OS ensures
secure access to data as well as file management functions, much like the
operating systems on a personal computer.
OSI (Open Systems
Interconnection)
A model that was proposed by
the ISO for communications. OSI uses a modular approach, dividing different
functions into seven distinct layers.
OTA (Over the Air)
Transmission using microwave
channels. This acronym is used in the world of wireless telecommunications.
P
Padding
One or more bits appended to
a message in order to ensure that it contains the required number of bits or
bytes.
PC Card
Standard
architecture-independent extension device. These cards are typically used in
laptop computers (formerly called PCMCIA).
PCC (Proof-carrying code)
Mobile code (e.g., an applet)
that contains the proof that the code complies with a given security policy.
PCMCIA (Personal Computer
Memory Card International Association)
A standard
architecture-independent extension device typically used in laptop
computers.
Peer-to-peer
Said of an information system
when the participants are both "users" and "service providers."
Personalization
Process during which a smart
card is modified to contain the information for one person. Graphical
personalization modifies the visual aspect of the card (holder's name,
photograph). Electrical personalization modifies the information in
the card's chip.
PIN (Personal
Identification Number)
The number or code that a
cardholder must type in to confirm that he or she is the genuine cardholder.
PKCS (Public-Key
Cryptography Standards)
RSA Encryption Standard
PKCS #3: Diffie-Hellman Key-Agreement Standard
PKCS #5: Password-Based Cryptography Standard
PKCS #6: Extended-Certificate Syntax Standard
PKCS #7: Cryptographic Message Syntax Standard
Informal inter-vendor standards developed in 1991 under the impetus of RSA.
More information at: http://www.rsasecurity.com/rsalabs/pkcs/
PKCS #8: Private-Key Information Syntax Standard
PKCS #9: Selected Attribute Types
PKCS #10: Certification Request Syntax Standard
PKCS #11: Cryptographic Token Interface Standard
PKCS #12: Personal Information Exchange Syntax Standard
PKCS #13: Elliptic Curve Cryptography Standard
PKCS #15: Cryptographic Token Information Format Standard.
PKI (Public Key
Infrastructure)
The software and/or hardware
components necessary to manage and enable the effective use of public key
encryption technology, particularly on a large scale.
Plug-In Card
Compact format for SIM cards.
POS (Point Of Sale)
Terminal
POS terminals (in comparison
to central terminal) are handheld or desktop devices that can conduct
transactions with smart or mag-stripe cards.
Pre-Paid Card
A card permitting the holder
to buy goods or services usually of a particular type up to the pre-paid
value. Some pre-paid cards are reloadable, others are not.
Protocol
(1) On the Internet, a set of
rules and procedures defining the intercommunications between various
network elements. (2) A set of rules and procedures governing interchange of
information between a smart card and a reader. The ISO defines several
protocols, including T=0, T=1 and T=14.
Public Key
A cryptographic system that
uses two different keys (public and private) for encrypting and signing
data. The most well-know public key algorithm is RSA.
PVC (Polyvinyl Chloride)
A type of plastic used to
product of laminated card bodies for certain types of smart cards, notably
those that require embossing, signature panels or overlays.
R
RAD (Rapid Application Development)
An approach that relies on
small teams using joint application development and iterative-prototyping
techniques to construct interactive systems within several months.
RAM (Random Access
Memory)
A volatile memory that is
used as a scratchpad by the microprocessor in a smart card.
RMI (Remote Method
Invocation)
An addition to Java Card
(after version 2.1). Java Card RMI lets developers access resources on both
the terminal and the card withot having to manage low-level APDU commands.
RSA (Rivest-Shamir-Adleman)
The most widely used public
key encryption algorithm, named after its creators.
S
SAM (Security Access
Module)
A dedicated microprocessor
unit that conducts active authentication with a memory or microprocessor
card.
Scratch Card
A card that is produced with
special ink that can be scratched away to reveal a number or message.
SDK (Software Development
Kit)
A set of development
utilities for writing software applications, usually associated with
specific environments.
Secret Key
A cryptographic system that
uses a single key for encrypting and signing data.
Session
Period of time between two
card resets, or between power up and a power down.
SET (Secure Electronic
Transaction)
A multi-party protocol to
secure online communications. Sensitive card information is protected from
misuse throughout the transaction.
SHA-1 (Secure Hash
Algorithm 1)
A hash algorithm developed by
the National Institute of Standards and Technology and the National Security
Agency.
Signed Applets
An applet that incorporates a
digital signature to prove that it came from a particular trusted author.
SIM (Subscriber
Identification Module)
A smart card for GSM systems
holding the subscriber's ID number, security information and memory for a
personal directory of numbers thus allowing him to call from any GSM device.
Smart Card
Also called IC card, chip
card or memory card (for certain types). A card formed of a plastic body
with a chip (or module) embedded in a special cavity.
SSL (Secure Sockets
Layer)
A protocol designed by
Netscape Communications to enable encrypted, authenticated communications
across the Internet (e.g., sites beginning with https://).
Standards
Specifications that are
widely accepted by companies and institutions. Standards normally define the
physical, electrical or logical characteristics of a device.
STK (SIM Toolkit)
An API that allows secure loading of
applets into a SIM.
T
TCP/IP (Transfer Control
Protocol / Internet Protocol)
The protocol used on the
Internet to transfer packets of data. This protocol can also be used on a
LAN (to implement an Intranet).
TCPA (Trusted Computer
Platform Alliance)
An initiative led by Intel to
build a computing platform with built-in security functions, notably for DRM
and copyright enforcement.
Terminal
Any device that can
communicate with a smart card (e.g., reader, coupler…). Certain terminals
can operate in standalone mode, while others must be connected to a central
information system to access an application.
U
UIM (User Identity
Module)
(also R-UIM for "removable"
UIM) An identity module for standards other than GSM (notably for CDMA).
UML (Unified Modeling
Language)
A language used for modeling
object-oriented systems. UML is particularly well suited for projects in C++
and Java.
UMTS (Universal Mobile
Telecommunications System)
A third-generation (3G)
system to offer broadband communication over mobile communications networks.
USB (Universal Serial
Bus)
A standard Input/Output bus
that supports very high transmission rates. Up to 120 devices can be
daisy-chained to a USB port.
V
Verifier (or bytecode
verifier)
An application that processes
incoming code (e.g., applets) and ensures that it complies with security
policy.
Virtual Machine
A standalone operating
environment that acts a a separate device (applets in a Java virtual machine
have no access to the host operating system). See also J2SE, J2EE, JVM, and
KVM.
Volatile Memory
A memory device (e.g., RAM )
that does not retain stored information when power is switched off.
VOP (Visa Open Platform)
A comprehensive system
architecture allowing fast development of globally interoperable smart card
systems. ("Open Platform" is a variant of this architecture that is not
restricted to the banking industry).
VPN (Virtual Private
Network)
A system to securely deliver
corporate information over a shared public infrastructure. The remote user
session is handled through a firewall using encrypted communications.
W
W-CDMA (Wideband Code
Division Multiple Access)
A 3G technology for wireless
systems based on CDMA technology.
W3C (World Wide Web
Coalition)
The organization that
proposes common protocols for the Web.
WAP (Wireless Application
Protocol)
Protocol used to view a Web
page on the display of a mobile phone
WIM (WAP Identity Module)
A SIM card that is
specifically developed for the Internet.
WLAN (Wireless LAN)
Any wireless LAN technology.
The most widespread WLAN technology is 802.11b, sometimes called "Wi-Fi".
WML (Wireless Markup
Language)
A subset of HTML for use on
wireless devices.
X
XML (Extensible Markup
Language)
A
specialized markup language that can be used to define many different
document types, each of which uses its own element type names.