In this publication, we have tried to assimilate smart card technology and applications related technical terms and general definitions to help professionals & consumer read, understand, and gain better insight of smart card functions.
A
Application Programming Interface
A source code interface that a computer system or library provides allows other applications to request services from its source code or exchange data.
Authorization
Verifying that a known entity or person has the authority to perform a specific operation by assigning a privilege or privileges (e.g., access to a building or network). An authorization is obtained after authentication.
Asymmetric key
Using a key that is different from the key used to encrypt and decrypt a message. The term technically refers to public-key cryptography.
B
Biometric template
An individual’s biometric attributes are stored in a formatted digital record. Typically, this record translates biometric attributes from an individual and is based on an algorithm.
Breeder document
A document that is used as an original source of identity when applying for (or breeding) other forms of identification.
C
Card management system (CMS)
Identity-based applications throughout an organization rely on cryptographic smart cards and PKI certificates for secure access. It is a smart card/token and digital credential management solution that issues manage personalizes and supports these identity-based applications.
Chain of trust
It is an attribute associated with a secure ID system that encompasses all its components and processes and ensures the reliability of the system as a whole. An identity chain should assure the authenticity of people, issuing organizations, equipment, networks, and other components of an ID system. In addition to ensuring information within the system is verified, authenticated, protected, and used appropriately, the chain of trust must ensure it is also protected.
D
Decryption
Encrypted data, commonly referred to as ciphertext, is decrypted back into its original, readable format.
Dual Interface Card
A smart card with only one smart card chip, use of shared memory and chips, and two interfaces – contact and contactless.
E
EMV
The EMV standard allows financial transactions to be processed using IC cards and IC card processing devices. Its name is derived from the initials of Europay, MasterCard, and Visa, the three companies that developed the standard initially. ISO 7816, which implements IC Chip card technologies, contains a portion of this standard as well.
Enrollment
A procedure for entering an individual’s identity data into a system and associating that identity with the privileges being granted.
F
Federated Identity
Federated identity has two major meanings in information technology (IT):
Firmware
An embedded piece of software is known as firmware. It is the software that runs on the hardware and is created from its source code.
G
GSM
GSM (Global System for Mobile Communications) is the most popular standard for mobile phones.
H
Hash Algorithm
Detection of intentional/unauthorized or unintentional/accidental data modification by the recipient of the data is enabled by using a software algorithm that computes a value from a particular data unit (hash).
I
Identifier
The unique data uniquely identifies and describes a person. A credit card number and a name are examples of identifiers.
Interoperability
K
Key
Data is encrypted or decrypted by combining a value with a cryptographic algorithm.
L
LCD
LCDs are electro-optical amplitude modulators that operate as thin, flat displays comprised of monochrome or color pixels arrayed in front of a light source.
Low Frequency
This radio frequency (RF) runs between 30 and 300 kHz. Typically, the low frequency used in an RF-based identification system is 125 kHz.
M
Message Authentication Code
An authentication code (MAC) is a short piece of information required to verify a message’s authenticity. MAC algorithms accept as input a secret key and an arbitrary-length message to be authenticated and generate a message authentication code.
Microprocessor
Microprocessors integrate most or all of the functions of a central processing unit (CPU) into a single integrated circuit (IC). It controls a device or a system.
N
Non-repudiation
The ability to verify and have evidence that a particular action occurred in an electronic transaction (e.g., that the sender of a message cannot deny sending it, or that the signatory of a transaction cannot deny its authenticity).
O
Off card
An ID card that doesn’t store data or perform computations due to a lack of integrated circuitry.
P
Personally Identifiable Information (PII)
Any information that can be used to identify, locate, or contact someone or steal their identity is considered information security and privacy.
Phishing
An attack on a website that collects personal information for identity theft using cyberspace.
R
Registration Authority
A body responsible for maintaining a list of codes that conform to international standards and issuing new codes to individuals wishing to register their products.
S
S/MIME
A method of exchanging encrypted and digitally-signed mail called Secure Multipurpose Internet Mail Extensions.
Symmetric Keys
Symmetric key cryptography uses a unique key shared by both sender and receiver to encrypt and decrypt a message.
T
Template
Special computer software generates a template from a fingerprint image by extracting key minutiae points.
Transponder
Communication device capable of detecting and responding to an RF signal.
U
USB
To interconnect devices, there is a universal serial bus standard.
V
Visa DPA
A calculator-sized smart card reader verifies the identity of the cardholder and the presence of their payment card through Visa Dynamic Passcode Authentication (DPA). The reader displays a unique one-time numeric response code when the correct PIN and challenge are entered. The response code can be entered on a merchant’s website or read over the phone. Response codes are valid for a single transaction only.
W
Wired Logic
It consists of a special electronic circuit designed for a specific purpose, such as security or authentication.