In this publication, we have tried to assimilate smart card technology and applications related technical terms and general definitions to help professionals & consumer read, understand, and gain better insight of smart card functions.
Application Programming Interface
A source code interface that a computer system or library provides allows other applications to request services from its source code or exchange data.
Verifying that a known entity or person has the authority to perform a specific operation by assigning a privilege or privileges (e.g., access to a building or network). An authorization is obtained after authentication.
Using a key that is different from the key used to encrypt and decrypt a message. The term technically refers to public-key cryptography.
An individual’s biometric attributes are stored in a formatted digital record. Typically, this record translates biometric attributes from an individual and is based on an algorithm.
A document that is used as an original source of identity when applying for (or breeding) other forms of identification.
Card management system (CMS)
Identity-based applications throughout an organization rely on cryptographic smart cards and PKI certificates for secure access. It is a smart card/token and digital credential management solution that issues manage personalizes and supports these identity-based applications.
Chain of trust
It is an attribute associated with a secure ID system that encompasses all its components and processes and ensures the reliability of the system as a whole. An identity chain should assure the authenticity of people, issuing organizations, equipment, networks, and other components of an ID system. In addition to ensuring information within the system is verified, authenticated, protected, and used appropriately, the chain of trust must ensure it is also protected.
Encrypted data, commonly referred to as ciphertext, is decrypted back into its original, readable format.
Dual Interface Card
A smart card with only one smart card chip, use of shared memory and chips, and two interfaces – contact and contactless.
The EMV standard allows financial transactions to be processed using IC cards and IC card processing devices. Its name is derived from the initials of Europay, MasterCard, and Visa, the three companies that developed the standard initially. ISO 7816, which implements IC Chip card technologies, contains a portion of this standard as well.
A procedure for entering an individual’s identity data into a system and associating that identity with the privileges being granted.
Federated identity has two major meanings in information technology (IT):
An embedded piece of software is known as firmware. It is the software that runs on the hardware and is created from its source code.
GSM (Global System for Mobile Communications) is the most popular standard for mobile phones.
Detection of intentional/unauthorized or unintentional/accidental data modification by the recipient of the data is enabled by using a software algorithm that computes a value from a particular data unit (hash).
The unique data uniquely identifies and describes a person. A credit card number and a name are examples of identifiers.
Data is encrypted or decrypted by combining a value with a cryptographic algorithm.
LCDs are electro-optical amplitude modulators that operate as thin, flat displays comprised of monochrome or color pixels arrayed in front of a light source.
This radio frequency (RF) runs between 30 and 300 kHz. Typically, the low frequency used in an RF-based identification system is 125 kHz.
Message Authentication Code
An authentication code (MAC) is a short piece of information required to verify a message’s authenticity. MAC algorithms accept as input a secret key and an arbitrary-length message to be authenticated and generate a message authentication code.
Microprocessors integrate most or all of the functions of a central processing unit (CPU) into a single integrated circuit (IC). It controls a device or a system.
The ability to verify and have evidence that a particular action occurred in an electronic transaction (e.g., that the sender of a message cannot deny sending it, or that the signatory of a transaction cannot deny its authenticity).
An ID card that doesn’t store data or perform computations due to a lack of integrated circuitry.
Personally Identifiable Information (PII)
Any information that can be used to identify, locate, or contact someone or steal their identity is considered information security and privacy.
An attack on a website that collects personal information for identity theft using cyberspace.
A body responsible for maintaining a list of codes that conform to international standards and issuing new codes to individuals wishing to register their products.
A method of exchanging encrypted and digitally-signed mail called Secure Multipurpose Internet Mail Extensions.
Symmetric key cryptography uses a unique key shared by both sender and receiver to encrypt and decrypt a message.
Special computer software generates a template from a fingerprint image by extracting key minutiae points.
Communication device capable of detecting and responding to an RF signal.
To interconnect devices, there is a universal serial bus standard.
A calculator-sized smart card reader verifies the identity of the cardholder and the presence of their payment card through Visa Dynamic Passcode Authentication (DPA). The reader displays a unique one-time numeric response code when the correct PIN and challenge are entered. The response code can be entered on a merchant’s website or read over the phone. Response codes are valid for a single transaction only.
It consists of a special electronic circuit designed for a specific purpose, such as security or authentication.