The plastic used to make molded (or injected) cards.
A secret-key encryption algorithm.
A mathematical routine used to perform computations (often used for cryptography).
Information presented in the form of a continuously varying signal.
A feature commonly used in contactless card systems to prevent conflicts between different signals competing for attention at the same time
The basic command unit for a smart card. An APDU contains either a command message or a response message, sent from the interface device to the smart card or from the card to the device. See ISO 7816-3 for more information.
A definition of calling conventions by which an application program accesses to other services such as the operating system, drivers, databases, or middleware layers.
A compact program that can be downloaded quickly and used by a remote computing device. Applets are not allowed to access certain resources on the remote device.
A chip that has been customer designed.
A message that is returned by a smart card when it is powered up or when its reset pin is activated. The ATR indicates the card type, communication protocol and other basic information.
The process whereby a card, terminal or person proves who they are. A fundamental part of many cryptography systems.
The amount of data that can be sent through a connection. Usually measured in bps.
A unit of signaling speed. The speed in baud is the number of discrete conditions or signal elements per second. It is now largely obsolete and has been replaced by “bits per second” (bps).
Identification and authentication techniques based on the physical characteristics of a person such as fingerprints, hand geometry, retina scan or voice print.
Standardized protocol that lets a SIM card communicate directly with a remote server.
A technology that allows an array of devices to communicate over short-distance wireless connections. This technology applies to PCs on a local area network as well as cell phones, personal digital assistants and even wristwatches.
Data transmission speed, the number of pieces of information transmitted per second.
A term to describe a high-speed communications channel (usually > 1.5 Megabytes per second).
The organization that issues certificates and takes liability associated with the validity of the holder’s identity. Often financial and institutional organizations.
The file produced when a Java class file is converted for loading into a Java Card.
Generic term for tools and techniques that are said to offer major productivity gains for analysts and programmers.
The French acronym that translates to the International Telegraph and Telephone Consultative Committee. This international body renamed itself ITU (International Telecommunications Union).
A file, digitally signed by a Certification Authority. There are many different types of certificates (the most common being X 509 V3).
(also called Hash) A count of the number of bits in a transmission unit so that the recipient can make sure the correct number of bits arrived and that the message is intact.
A printer’s proof manufactured by Dupont. Chromalin proofs are the most common way of exchanging final artwork for printing on smart cards.
The Java executable file produced when source code has been compiled. A class file must be converted into a CAP file before it can be executed on a Java Card.
An information system with a client device (usually a PC or a terminal) and a central server that houses all or part of the application.
Tools and services used to deploy and manage smart card-based applications. CMS is used primarily to manage the lifecycle of cards and applications hosted by the cards.
The proprietary algorithm that was initially used by default in SIM cards. The GSM Association formally recommends against using Comp128-1, as it has been proven unsecure.
Guarantee that a message will be legible to no-one other than the intended recipient. Confidentiality is an essential role of cryptography systems.
A smart card that operates by physical contact between the reader and the smart card’s different contacts (in comparison to Contactless smart cards).
A smart card with a module that communicates by means of a radio frequency signal. There is no need of physical contact between the card and a reader (in comparison to Contact smart cards).
An electronic system used to read the smart card. It is the basis of a reader. Designed to be integrated in a machine (e.g., gaming machine, gas meter).
A subset of Structured Query Language (SQL) implemented on a smart card.
A popular method of ensuring transmissions have not been garbled.
A Microsoft API that offers system-level access to common cryptographic functions.
The science of ensuring that messages are secure. Cryptographic systems are based on the concepts of authentication, integrity, confidentiality and non-repudiation.
The most widely used secret key encryption algorithm (orginally developed by IBM in 1977). A strengthened version of DES called triple DES (or 3DES) is commonly used in bank cards.
Memory organization for microprocessor cards: A DF is a logical entity that holds a number of elementary files (EF). In multi-purpose cards each DF will normally correspond to a distinct application.
Said of systems whose information is represented in binary form. Compares to Analog.
A relatively recent technology that lets you print directly from a digital file. Digital printing is particularly well suited for small production runs.
(not to be confused with a digital certificate) An electronic signature created using a public-key algorithm. A digital signature can be used by the recipient to authenticate the identity of the sender and to ensure the integrity of the message.
A network added between a protected network and an external network in order to provide an additional layer of security.
The name lookup the Internet uses to convert from alphabetic names to 32-bit binary IP addresses.
The unique name that identifies an Internet site. Domain Names always have 2 or more parts, separated by dots. The part on the left is the most specific, and the part on the right is the most general.
DRM systems allow the owners of copyrighted material or of intellectual property (such as a music, video, or text file) to specify just what users will be allowed to do with it.
Said of a smart card reader than can accommodate two cards simultaneously (often one for the end-user and one to identify an authorized professional
Digital money, typically in the form of downloadable “digital coins” that can be stored in a bank account, on a PC or on a smart card.
Business that is conducted (up to and including payment) electronically (usually over the Internet).
A small portable device that contains electronic money. e-wallets are generally used for low-dollar transactions.
Signature computed by an external entity (typically a terminal / host for a smart card).
A public-key system that uses a mathematical approach called the elliptic curve problem.
Special non-volatile memory whose contents can be erased and new data can be reloaded electrically. In smart cards EEPROM is typically used for application data and for certain filtered functions.
Memory organization for microprocessor cards: The smallest logical entity that can be secured in the operating system. File containing data.
The operation that consists in placing the module in the cavity of the card body.
Set of specifications defining the main structures for an international debit/credit smart card.
A cryptographic procedure whereby a legible message is encrypted and made illegible to all but the holder of the appropriate cryptographic key.
The E.U. organization in charge of defining European telecommunications standards.
The procedure used to authenticate the external world (e.g., terminal) to the card.
Documents that list and answer the most common questions on a particular subject.
Said of data or functions that are loaded into the memory of a smart card. Masked data and functions, by comparison, are hardwired into the card’s chip.
An application or a dedicated computer that protects the resources of one network from users on other networks.
A communication protocol proposed by Apple and standardized as IEEE 1394; similar to USB. Data rate up to 400 Mbps.
Low-level software that is similar to hardware features. This software operates by exchanging commands directly with an external device or with a specific software loaded in the product.
A non-volatile memory device that can be reprogrammed more quickly than EEPROM.
(also Memory Footprint) The amount of space taken up by the operating system, an application or data in the memory of a smart card.
(also called Fe-RAM) A non-volatile memory technology (i.e., it does not lose its data if the power is shut off). FRAM can read data thousands of times faster at far lower voltage than other non-volatile memory devices.
A packet-based 2.5G (in comparison to 3G) telecommunication technology. GPRS supports exchange rates up to 114 Kbps, allowing wireless Internet and other multimedia services.
A European standard for digital cellular telephones that has now been widely adopted throughout the world. Under the ETSI standard, GSM telephones contain a SIM smart card that identifies the individual subscriber.
Said of electronic circuits that perform fixed logical operations, rather than a stored program.
(also called Checksum) A count of the number of bits in a transmission unit so that the recipient can make sure the correct number of bits arrived and that the message is intact.
A set of electronic circuits implemented on a piece of semiconductor material. Common ICs include microprocessors and memory chips. Synonym: Chip
A body responsible for recommending protocols and procedures to be used on the Internet. The IETF and the W3C are the main standards organizations for the Internet.
First stage of the card issuing process. This process loads all the data common to one application into the smart card’s EEPROM.
Guarantee that a data (or code) has not been modified in transit. Integrity is an essential role of cryptography systems.
The procedure used to prove that the card is genuine by means of an algorithm, a random value and a secret key. The authentication process can be further distinguished between passive authentication in which the same values are used each time (e.g., PIN) and active authentication in which an algorithm and variable values are used.
The ability of products manufactured by different companies to operate correctly with one another
The protocol used on the Internet to transfer packets. This protocol can also be used on a LAN (to implement an Intranet).
A unique number assigned by an Internet authority that identifies a computer on the Internet. The number consists of four groups of numbers between 0 and 255, separated by periods (dots). For example, is an IP address.
A set of security protocols as defined by a body of the IETF that is developing a secure standard for the Internet Proctocol.
The main international standards organization. ISO works to ensure that chip makers, software developers and smart card companies comply with the same specifications.
A set of criteria adopted by Europe and Australia used to evaluate the security of software and computer components.
Successor to CCITT. The international agency in charge of telecommunications coordination between nations.
A version of Java designed for heavy-duty servers with strong support for integration of back-end systems.
An implementation of the Java operating system for resource restricted devices such as mobile handsets or PDAs.
A version of Java 2 designed primarily for individual desktops computers.
A network-oriented programming language invented by Sun Microsystems. Java was specifically designed so that programs could be safely downloaded to remote devices (e.g., Web pages, smart cards, etc.).
A set of specifications for running a subset of Java on a smart card.
An industry association devoted to the advancement of the Java Card specifications to serve the markets for Java card.
The Java Card run-time environment that manages operations such as applet loading and initializing. It also keeps track of the current state of the card.
A software development kit (SDK) that is used to produce Java programs.
A distributed computing framework introduced by Sun Microsystems. Jini is an extension of the Java application environment.
An essential element of the Java programming language. The JVM is an abstract computing machine with its own instruction set and memory. A JVM is included in each release of Java (J2ME, J2SE and J2EE).
A value that is used with a cryptographic algorithm to encrypt (or sign) data. The longer the key, the more secure the encryption.
A Java VM (Virtual Machine) suited for mobile devices. As its name suggests, the VM is measured in tens of KB.
A geographically limited network (generally within a building or small group of buildings) that is managed and owned by a single company.
The time between the issuance of a smart card and its cancellation or expiration.
An Open Source operating system that is derived from UNIX.
(also called memory map) A functional representation of the different blocks in the memory of a chip.
Said of data or functions that are permanently loaded into the chip on the smart card.
A smart card containing a memory chip with read / write capability and in some cases hardwired security functions (some people do not consider memory cards as smart cards).
Memory organization for microprocessor cards: This file is unique and obligatory. It has its own security attributes and may contain DFs and/or EFs.
LET)” open=”yes”]An applet designed to run on a mobile device under the MID profile of J2ME.
A standard for very small (24 x 32 x 1.4 mm) memory units that can be used in portable devices (e.g., PDAs, mobile phones, etc.). They can store up to 64 MB of data
Wireless telephone system where each geographic area is covered by a base station.
(also called micromodule) The unit formed of a chip and a contact plate, with fine connecting wires that is encapsulated in a drop of epoxy resin. The module is embedded in a cavity in the card body.
Said of a smart card that can accommodate more than one application while maintaining separate security conditions.
A smart card open operating system developed by MAOSCO, notably for financial transactions.
Guarantee that a sender cannot falsely deny having sent a message. Non-repudiation is an essential role of cryptography systems.
Said of memory chips that do not lose their contents when the power is switched off.
A transaction during which no direct connection is made to a central computer facility.
A transaction during which a direct connection is made to a central computer facility (usually via the public telephone network, computer networks, or the Internet).
A system that uses industry standard development approaches. Open systems allow issuers to call upon multiple suppliers for a given product. See interoperability.
A smart card OS ensures secure access to data as well as file management functions, much like the operating systems on a personal computer.
A model that was proposed by the ISO for communications. OSI uses a modular approach, dividing different functions into seven distinct layers.
Transmission using microwave channels. This acronym is used in the world of wireless telecommunications.
One or more bits appended to a message in order to ensure that it contains the required number of bits or bytes.
Standard architecture-independent extension device. These cards are typically used in laptop computers (formerly called PCMCIA).
Mobile code (e.g., an applet) that contains the proof that the code complies with a given security policy.
A standard architecture-independent extension device typically used in laptop computers.
Said of an information system when the participants are both “users” and “service providers.”
Process during which a smart card is modified to contain the information for one person. Graphical personalization modifies the visual aspect of the card (holder’s name, photograph). Electrical personalization modifies the information in the card’s chip.
The number or code that a cardholder must type in to confirm that he or she is the genuine cardholder.
RSA Encryption Standard PKCS #3: Diffie-Hellman Key-Agreement Standard PKCS #5: Password-Based Cryptography Standard PKCS #6: Extended-Certificate Syntax Standard PKCS #7: Cryptographic Message Syntax Standard Informal inter-vendor standards developed in 1991 under the impetus of RSA. More information at: PKCS #8: Private-Key Information Syntax Standard PKCS #9: Selected Attribute Types PKCS #10: Certification Request Syntax Standard PKCS #11: Cryptographic Token Interface Standard PKCS #12: Personal Information Exchange Syntax Standard PKCS #13: Elliptic Curve Cryptography Standard PKCS #15: Cryptographic Token Information Format Standard.
The software and/or hardware components necessary to manage and enable the effective use of public key encryption technology, particularly on a large scale.
Compact format for SIM cards.
POS terminals (in comparison to central terminal) are handheld or desktop devices that can conduct transactions with smart or mag-stripe cards.
A card permitting the holder to buy goods or services usually of a particular type up to the pre-paid value. Some pre-paid cards are reloadable, others are not.
(1) On the Internet, a set of rules and procedures defining the intercommunications between various network elements. (2) A set of rules and procedures governing interchange of information between a smart card and a reader. The ISO defines several protocols, including T=0, T=1 and T=14.
A cryptographic system that uses two different keys (public and private) for encrypting and signing data. The most well-know public key algorithm is RSA.
A type of plastic used to product of laminated card bodies for certain types of smart cards, notably those that require embossing, signature panels or overlays.
An approach that relies on small teams using joint application development and iterative-prototyping techniques to construct interactive systems within several months.
A volatile memory that is used as a scratchpad by the microprocessor in a smart card.
An addition to Java Card (after version 2.1). Java Card RMI lets developers access resources on both the terminal and the card withot having to manage low-level APDU commands.
The most widely used public key encryption algorithm, named after its creators.
A dedicated microprocessor unit that conducts active authentication with a memory or microprocessor card.
A card that is produced with special ink that can be scratched away to reveal a number or message.
A set of development utilities for writing software applications, usually associated with specific environments.
A cryptographic system that uses a single key for encrypting and signing data.
Period of time between two card resets, or between power up and a power down.
A multi-party protocol to secure online communications. Sensitive card information is protected from misuse throughout the transaction.
A hash algorithm developed by the National Institute of Standards and Technology and the National Security Agency.
An applet that incorporates a digital signature to prove that it came from a particular trusted author.
A smart card for GSM systems holding the subscriber’s ID number, security information and memory for a personal directory of numbers thus allowing him to call from any GSM device.
Also called IC card, chip card or memory card (for certain types). A card formed of a plastic body with a chip (or module) embedded in a special cavity.
A protocol designed by Netscape Communications to enable encrypted, authenticated communications across the Internet (e.g., sites beginning with https://).
Specifications that are widely accepted by companies and institutions. Standards normally define the physical, electrical or logical characteristics of a device.
An API that allows secure loading of applets into a SIM.
The protocol used on the Internet to transfer packets of data. This protocol can also be used on a LAN (to implement an Intranet).
An initiative led by Intel to build a computing platform with built-in security functions, notably for DRM and copyright enforcement.
Any device that can communicate with a smart card (e.g., reader, coupler…). Certain terminals can operate in standalone mode, while others must be connected to a central information system to access an application.
(also R-UIM for “removable” UIM) An identity module for standards other than GSM (notably for CDMA).
A language used for modeling object-oriented systems. UML is particularly well suited for projects in C++ and Java.
A third-generation (3G) system to offer broadband communication over mobile communications networks.
A standard Input/Output bus that supports very high transmission rates. Up to 120 devices can be daisy-chained to a USB port.
An application that processes incoming code (e.g., applets) and ensures that it complies with security policy.
A standalone operating environment that acts a a separate device (applets in a Java virtual machine have no access to the host operating system). See also J2SE, J2EE, JVM, and KVM.
A memory device (e.g., RAM ) that does not retain stored information when power is switched off.
A comprehensive system architecture allowing fast development of globally interoperable smart card systems. (“Open Platform” is a variant of this architecture that is not restricted to the banking industry).
A system to securely deliver corporate information over a shared public infrastructure. The remote user session is handled through a firewall using encrypted communications.
A 3G technology for wireless systems based on CDMA technology.
The organization that proposes common protocols for the Web.
Protocol used to view a Web page on the display of a mobile phone
A SIM card that is specifically developed for the Internet.
Any wireless LAN technology. The most widespread WLAN technology is 802.11b, sometimes called “Wi-Fi”.
A subset of HTML for use on wireless devices.
A specialized markup language that can be used to define many different document types, each of which uses its own element type names.