GLOSSARY

802.11a
An IEEE specification for wireless networking that operates in the 5 GHz frequency range (5,725 GHz to 5,850 GHz) with a maximum 54 Mbps data transfer rate. The 5 GHz frequency band is not as crowded as the 2.4 GHz frequency, because the 802.11a specification offers more radio channels than the 802.11b. These additional channels can help avoid radio and microwave interference.

802.11b
International standard for wireless networking that operates in the 2.4 GHz frequency range (2,4 GHz to 2,4835 GHz) and provides a throughput of up to 11 Mbps. This is a very commonly used frequency. Microwave ovens, cordless phones, medical and scientific equipment, as well as Bluetooth devices, all work within the 2.4 GHz frequency band.

802.11g
Similar to 802.11b, but this standard provides a throughput of up to 54 Mbps. It also operates in the 2,4 GHz frequency band but uses a different radio technology in order to boost overall bandwidth.

AES (Advanced Encryption Standard)
This cryptosystem was chosen after a lengthy survey conducted by the NIST (National Institute of Standard and Technology) as the new standard to replace the DES (see below). It uses the Rinjdael algorithm, which is well known for its good performance and its ability to withstand hardware and software implementations. It is already used in smart cards as an alternate to the DES.

AFIS
Automated Fingerprint Identification System. A system originally developed for use by law enforcement agencies, which compares a single fingerprint with a database of fingerprint images. Subsequent developments have seen its use in commercial applications, where a client or customer has their finger image compared with existing personal data by placing a finger on a scanner, or by the scanning of inked paper impressions.

Algorithm
A sequence of instructions that tells a system how to solve a problem. Used by biometric systems to tell whether a sample and a template are a match or by cryptosystems. Cryptographic algorithms are used to encrypt sensitive data files, to encrypt and decrypt messages, and to digitally sign documents.

Anti-collision
Communication protocol used in some contactless smart cards and in most tags for "broadcast" reading by one reader. Actually, they are red in a sequential manner, using that protocol, but in very short time (between 10 and 50 tags or cards a second).

APDU (Application Protocol Data Unit)
Means data, controls and replies exchanges between a smart card and a reader to perform low level services (operating system level) offered by the card.

API (Application Programming Interface)
Software layer through which an application can access the resources of an operating system in a standardised manner, without needing to know how it works.

Applet
Small size application (a few KB) written in a high level language translated into byte code after being compiled. It is designed to be interpreted by a virtual machine. With smart card applications, another name is cardlet.

Attack
A set of techniques implemented to " break " the security of a system or piece of equipment (including smart cards) by discovering the secrets (keys) it relies on. There are attack families : brutal attack, "Yes Card" attack, Timing Attack, SPA (Simple Power Analysis), DPA (Differential Power Analysis), etc. for which components and cards manufacturers have developed counter-measures or answers. A successful attack is referred to as a method.

Authentication
Technique used to check the stated identity of a person, a document or system (a smart card in its dialogue, with a reader, for instance). One refers to passive, static and low authentication, if the password or secret exchanged to administer the proof of the identity is always the same, and active, dynamic or strong authentication if the password or secret is different, and recalculated at each authentication. The smart card is ideally suited to that calculation.

Biometry
Set of identification and authentication techniques based on the recognition of characteristics one has (fingerprints, hand shape, iris or retina patter, etc.) or learns (keyboard typing , signature, speech).

Bluetooth
Radiofrequency transmission technology (2.45 GHz) dedicated to telephones personal assistants, notebooks, laptop PCs and other portable objects. It originates in a project launched by Ericsson, IBM, Intel, Nokia and Toshiba. It offers a 1Mbit/s flow rate with a range of several metres. Its distinctive features is its sturdiness and safe transmission means, allowing very easy data exchanges between various pieces of equipment, including smart cards.

CEPS
Common Electronic Purse Specification. A set of specifications developed by Visa before being handed over to the European Committee for Banking Standards (ECBS). This is a unique standard for the global interoperability of smart cards at the level purse or e-wallet applications.

Certificate
" Legalised " document produced by a trusted third party ("Authority certification") to authenticate a public key (signed key associated with information regarding is owner). Its format (X.509) is the subject of an ISO standard. The document can also be calculated by a smart card to avoid any denial (payment, for instance) of a transaction that first required user authentication.

Challenge-Response
A common authentication technique for tokens and smart cards whereby an individual is prompted (the challenge) to provide some private information (the response). The in-built security system presents a code (the challenge) to the user, which he or she enters into the smart card. This generates a new code (the response) that the user can present to log in.

Ciphering
Encryption technique based on keys, algorithms and protocols to transform a non-coded text into a coded text (ciphered), unusable and incomprehensible to anyone who does not have the key to turn it back into its initial non-coded form.

Combi card
Memory card or micro-circuit card equipped with an antenna to communicate without a contact, which also has 8 physical contacts like conventional smart cards. Applications : physical access control for the contactless function, electronic wallet or debit-credit or logical access control for the contact function.

Common criteria
Set of concepts, rules and methodologies defines since June 1999 as an ISO standard (15408) to be used as models for the evaluation of assurance levels (EAL standing for Evaluation Assurance Level) offered in the area of security by software, hardware or hardware and software packages such as the smart card. EAL7 is the highest level.

Confidentiality
Feature of information to be kept for unauthorised third parties (people, entities or systems). Result of a ciphering transaction.

Contactless card
Memory card or microcircuit card equipped with an antenna to communicate at distances of a few centimetres, through radiofrequency (125 kHz, 13.56 MHz, 860-915 MHz, 2,45 GHz) with a coupler used as a reader. Main applications : transport and access control.

Cryptoprocessor
Hardware part of some microcontrollers dedicated to complex encryption calculation (including exponential calculation). Essential for carrying out RSA calculations in a smart card. Not required with DES or AES calculations.

Data integrity
Different from authentication and confidentiality, which are the two other conventional features provided by encryption. It uses protocols and calculations that ensure that a message is not changed (intentionally or accidentally) during transmission.

DDA
Dynamic Data Authentification : An off-line smart card authentification method supported as an option by EMV and using asymetric cryptography (RSA for instance) for proving the card is not cloned or counterfeit.

DES (Data Encryption Standard)
Symmetrical encryption system (secret key, i.e. with a single key to cipher and decipher) established as a ciphering standard by the American government in 1977 based on developments made by IBM. It usually uses a 56 bit key to cipher 64 bit data blocks. It is increasingly used in the triple DES form (three ciphering operations instead of one according to different protocols). Now replaced as a standard by the AES (see above).

DPA (Differential Power Analysis)
A type of attack against smart cards, discovered by American Paul Kocher. In order to discover the secrets contained in the card, the attack uses error correction and tension and radiation variation statistical analysis techniques observed directly on an active smart card.

EAP-SIM
Extensible Authentification Protocol- Subscriber Identity Module. A smartcard-like authentification method enabling a user of Wi-Fi network to utilize the existing GSM roaming infrastructure. The credentials embedded in SIM card are used to mutual authentification of the user and the network.

EDI (Electronic Data Interchange)
Electronic, standardised and safe company document exchange system (order forms, invoices, etc.).

Electronic signature
Digital form signature using encryption systems. It should be associated with the signer only, allow to identify him or her, be created with resources controlled exclusively by the signer, and be linked with the data the contents of which it validates, so any change to the latter can be detected. It provides transaction authentication, data integrity and non-denial.

Elliptic curves (ECC)
Public key encryption system based on mathematical difficulties (discrete logarithm problems) different from those at the heart of the RSA (prime number factorisation). The system offers the whole range of conventional encryption functions (authentication signature, non denial, data integrity and ciphering to ensure data confidentiality), and has an advantage over the conventional RSA for smart card applications : it requires less memory capacity (4 times less than the RSA) and less calculation resources (no need for an encryption processor).

Embossing
Relief printing technique used on plastic cards (including bank cards).

EMV (Europay Mastercard Visa)
Set of specifications describing the physical, electrical, logical features of interoperable payment smart cards (debit and credit) defined by three major international bank operators.

Encryption
Set of techniques, protocols and algorithms (cryptosystems) using secrets (keys, codes, biometry characters, certificates) to ensure the confidentiality and integrity of a document, the non denial of a transaction and/or authentication of a person during a transaction.

FAR (biometric)
False acceptance rate: The percentage of imposters incorrectly accepted as valid users by a biometric device (sensor and matching software). The is a stong mathematical relation between FAR and FFR.

FFR (biometric)
False Rejection rate: the percentage of incorrectly rejected valid users by a biometric device (sensor and matching software). There is a strong mathematical relation between FFR and FAR.

Firewall
Systems implemented in some smart cards to provide tight separation between various applications, or to prevent some applications (possibly uploaded) from accessing unauthorised data or parts of the code in the card's memory.

GIE CB (Groupement Cartes Bancaires)
French economic interest group, promoting interbankarity, which contributed to the success of the smart card back in 1984. It is responsible for organising and supervising the French banking system, including the rules, standards and specifications applicable to bank cards and bank-card-related equipment.

GPRS (General Packet Radio Service)
Integrated in Etsi's GSM Phase 2+ specifications, GPRS was developed so the cell network operators could offer data transmission services in packet mode at sport flow rates reaching 170 kbit/s.

Identification
The process by which a device or a system could perform matches against many persons (1:n, one to many) to set up a strong relation between a person and a template, an image or some data.

ISO 14443 (A and B)
Set of standards covering contactless smart cards (proximity cards) communicating at 13.56 MHz. The A (Philips-Mifare) and B (STMicroelectronics Innovatron) versions correspond to differences in the protocol and anti-collision system types (see above) used in those cards. The possibility to standardise a C version (FeliCa from Sony) was ruled out in early 2002.

ISO 7816-1 to 10
Set of standards describing the features of contact smart cards. The first standards established back in 1987, cover the card's physical features. The others, which have also been revised, cover electric signals, transmission protocols (2 and 3), APDU message structure (4), application ID definition (5), intersectorial data (6), data base language control (7), safe intersectorial data (8 and 9), and electric signals and replies to synchronous card resetting (10).

Java Bytecode
Code whose format was determined by Sun and which the source code of a given application is translated into. Its execution by the operating system requires its prior interpretation by a virtual machine.

JavaCard
Describes a set of specifications (Java language, API and virtual machine dedicated to the smart card) defined by the JavaCard Forum which brings together integrated circuit, manufactures, card manufacturers, software suppliers and reader manufacturers, and operators. The 2.2 version was published in early 2002. It integrates the RMI technology (see below) and refers to the possibility of integrating biometrics data in the smart card.

Jini
Set of protocols defined by Sun to facilitate the sharing and management of resources related with equipment connected to the same network. These protocols are based on the implementation of a dialogue between several virtual machines, i.e. several smart cards. (see RMI too)..

Mask (smart card )
Microcontroller Rom personalisation, which, in conventional " proprietary " architectures, covers the joint development of the operating system and of the interfaces with the microcontroller, but also the card-related application. This term is no longer used in open systems (JavaCard type) where the operating systems and applications are well differentiated when personalising the card electrically.

Masking
During the manufacturing process, solidifying COS (Card Operating System) mask implemented onto chips’s Rom is known as hard mask process. COS may also be installed into chip's Eeprom (soft mask)

Matching (biometric)
The process of comparing biometric templates or images to determine their degree of similarity (a score). If the score exceeds a given threshold, the matching is positive, and a strong correlation between a person and the related template or the image could be established.

Memory card
Smart card equipped with a memory component Rom type (256 bits, 8 Kbits or more) where the application is stored (token meter like in the phonecard, for instance). Its performance in the area of security remains limited.

Microcircuit card
Smart card equipped with a microcontroller, i.e. a programmable circuit including several types of Rom, Ram and Eeprom memories (or Flash or Fram) where the card's security operating system (Rom) and its applications (Eeprom, Flash or Fram) are stored.

Multi-application
Refers to smart cards that are able to store several applications in their memories (identity, electronic wallet, debit, credit, transport, loyalty, games, etc.) or to upload or deleted applications in the card, in the form of applets (mostly JavaCard).

Multos
Open multi-application-oriented programming language and operating system (MAOS) for smart cards, integrating a virtual machine, originally developed by Mondex International. Its specification development and promotion are now handled by the MAOSCO Consortium, which includes about fifteen members including smart card component suppliers, card manufacturers and operators.

NFC (Near Field Communication)
NFC is an open platform technology for contactless networking based upon ISO 14443-2.3 and 4 existing standards operating in the 13.56 MHz band. It was standardized in ECMA 340 as well as ETSI TS 102 190 V1.1.1 and ISO/IEC 18092. These standards specify the modulation schemes, coding, transfer speeds, and frame format of the RF interface of NFC devices, as well as initialization schemes and conditions required for data collision-control during initialization - for both passive and active NFC modes.

Obfuscator
A tool that converts a program into an equivalent one (from the functionality point of view) that is more difficult to understand and reverse engineer. It is an interesting means for delaying reverse-engineering and fooling the basic programmers. Furthermore, it appears to be one of the best ways to protect portable mobile code.

OCF(Open Card Framework)
Project initiated by IBM and Sun to define a software architecture (service components and API) capable of providing different smart card reader and smart card interoperability. The project attracted several smart card companies (Gemplus, Bull, Schlumberger, SCM Microsystems) and card issuers such as Visa International, and mostly covers Java environments.

Personalization
Both card graphical (printing, hologram, embossing) and electrical personalisation : completion of the mask or implementation of the operating system in the Rom memory, storage of keys and identifiers corresponding to the card issuer and holder, application storage in Eeprom or Flash memory, writing on magnetic track.

PKCS#11
This standard specifies an API, called Cryptoki, to devices which hold cryptographic information and perform cryptographic functions. It follows a simple object-based approach, addressing the goals of technology independence and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device called a cryptographic token.

PKCS#15
A standard which ensure that users will be able to use cryptographic tokens (as smartcards) to identify themselves to multiple, standards-aware applications, regardless of the application's cryptoki (or other token interface) provider.

PKI (Public Key Infrastructure)
Defines a safe information system based on public key encryption (RSA, elliptic curves, etc.). This system environment includes at least one certification authority in charge of producing keys and certificates, clients (PC or smart card) using those keys or certificates, and safe servers in charge of circulating, managing and storing those keys and certificates. Public key infrastructures can apply to company Intranet systems (access control), Extranet systems (orders, invoicing, EDI) or Internet (e. trading, transaction security and document exchanges).

PP (Protection Profile)
Model used by the Common Criteria to determine a category of products, equipment or given systems (a payment smart card, a microcircuit, an operating system, etc.), objectives and requirements in the area of security , without any reference to specific implementation.

Private key
Ciphering key used in a public key algorithm (also referred to as asymmetrical). It is kept secret (in a smart card, for instance, much safer than the hard drive of a PC). It forms a pair with its matching public key. Only the owner of that key can decipher the coded messages, using the public key. It can be used as a ciphering key (and deciphered by its public key) only to do digital signatures.

PS/SC
Project initiated by Microsoft, whose purpose is to standardise the interfaces between PCs and smart card readers. It attracted many smart card companies; Microsoft has already "labellised" a number of smart card readers so they can be integrated in the Windows environment.

Public key
Ciphering key of a public key algorithm (also referred to as asymmetrical). It can be made public without any risk (in an Internet directory, for instance). It is almost impossible to find the matching secret key by calculation.

RMI (Remote Method Invocation)
Technology integrated in the latest JavaCard Forum specifications (2.2 version, early 2002) used to allow a smart card to use distant resources (other smart card, reader or PC) in a piece of equipment in a transparent manner via a network (Bluetooth type, for instance). A way of bypass the card's specific controls (APDU) to have communicate with terminals.

RSA (Rivest Shamir Adelman)
The most famous and popular public key encryption systems (using a private key and a public key). Developed by Rivest, Shamir and Adleman in 1977, it is based on the mathematical difficulty of factorising great numbers into two or several prime numbers. It is used to produce digital signatures or cipher messages.

SDA
Static Data Authentification: An off-line smart card authentification method supported by EMV as an option and using a unique value for proving some critical data embedded in the card didn't have tampered since the issuance of the card.

Secret key
Key used both for ciphering and deciphering in symmetrical algorithms (also refereed to as secret keys).

SET (Security Electronic Transaction)
The SET protocol was defined by Visa and Mastercard. Its purpose is to make bank transactions on open networks safer by implementing public key and secret key encryption resources and using key certification and management organisations (servers).

Short Message Service (SMS)
Short text messages are transmitted to and from a mobile phone, fax machine and/or IP address. Messages must be no longer than 160 alpha-numeric characters and contain no images or graphics.
The message sent is received by a Short Message Service Center (SMSC), which must then get it to the appropriate mobile device.

Sim card (Subscriber Identity Module)
Microcircuit card used in GSM cell phones. Originally intended for the purpose of user authentication, it has changed to perform other functions such as the ability to provide a web micro-navigator, and to control the screen and keyboard of the cell phone to perform the applications (applets) stored in the card.

SimToolkit
Set of standardised controls used by the SIM smart card (in the GSMs) to dialogue with the phone and execute applications (mostly JavaCard).

SOAP
SOAP is a lightweight protocol for exchange of information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses.

SSL (Secure Socket Layer)
Protocol intended to make the TCP-IP transport layer safer (authentication of a server/client link, ciphering and integrity). It originates in work conducted by Netscape (A. Frier, P. Karlton and P. Kocher). It is usually used to download bank card numbers on Internet.

Tag
This terms is now broadly used to designate unsupplied (induction-supplied energy) electronic tags or radofrequencies (smart label), which should be distinguished from supplied electronic tags equipped with an LCD display, used in some stores. Tags can be in the form of a token, flexible film or smart card. It is noteworthy that self-supplied tags have recently appeared, using a film battery.

USB (universal Serial Bus)
"Plug and play " communication protocol offering flow rates of 1.2 and 12 Mbit/s developed by Intel, and now used in some smart cards instead of the communication protocol defined by ISO 7816-3, for access control applications in the PC world.

USIM card (Universal Subscriber Identity Module)
Upgrade of the Sim card performing functions related to third generation telephone systems (3G) : user and network authentication, transaction security , use of an Internet mini-navigator, highly-sophisticated phone directory, etc.

Virtual machine
Software interpreter used to translate the byte code of applets (originating in the compilation of code written in high level language) into a machine language understood by the card's micro-controller via the operating system loaded in the latter. The JVM (Java Virtual Machine), may be the piece of software responsible for executing the Bytecode written in Java line by line. Multos also has a virtual machine to interpret byte code written in its own language (MEL).

WAP Forum
Created by Nokia, Ericsson, Motorola and Phone.com (ex-Unwired Planet), this organisation developed a protocol (compatible with the SMS or future GPRS) dedicated to cell phones, and offering advanced data services via Internet, unified voice mail, and access to practical information services. This protocol is not dependant on the used technologies (GSM, DSC 1800, CDMA, etc.).

WEP
Basic wireless security provided by Wi-Fi. In some instances, WEP may be all a home or small-business user needs to protect wireless data. WEP is available in 40-bit (also called 64-bit), or in 108-bit (also called 128-bit) encryption modes. As 108-bit encryption provides a longer algorithm that takes longer to decode, it can provide better security than basic 40-bit (64-bit) encryption

Wi-Fi
An interoperability certification for wireless local area network (LAN) products based on IEEE 802.11 standard. Wi-Fi , 802.11, comprises several standards operating in different radio frequencies: 802.11b is a standard for wireless LANs operating in the 2.4 GHz spectrum with a bandwidth of 11 Mbps; 802.11a is a different standard for wireless LANs, and pertains to systems operating in the 5 GHz frequency range with a bandwidth of 54 Mbps. Another standard, 802.11g, is for WLANS operating in the 2.4 GHz frequency but with a bandwidth of 54 Mbps.

WIM card (Wap Identity Module)
Microcircuit card similar to the Sim card, designed to allow safe access and transactions from a cell phone to an Internet server via the WAP protocol, or through another protocol, to make an application used in a PKI safer.

XML
Object description language, sub-set of the SGML language (Standard Generalized Markup Language), a metalanguage used for document description. It is a marking language like HTML (also originating in SGML), and a document exchange and publishing standard. The markers used (unlike HTML) are also semantic indexes pointing on the content of the information described.