A consortium of standards bodies that is writing the standards for the SIM in 3G mobile telephones.

Two cryptographic algorithms used in GSM cellular telephony and typically implemented in GSM SIM smart cards.

A common plastic material used for the manufacture of smart cards.

An attribute in a file header that allows or denies execution of certain commands based on certain security conditions, such as authentication of the entity attempting to execute the command.

The directory on a smart card that is the root directory of all the data pertaining to a particular application.

A unique number assigned to smart card applications.

A set of detailed instructions for performing a mathematical operation.

A Usenet newsgroup devoted to smart cards. The FAQ for the newsgroup is at www.scdk.com/atsfaq.htm.

An American technical standards body and the representative of the United States to the International Standards Organization (ISO).

When using a contactless smart card, the data being transmitted from the card to the reader doesn't collide or interfere with the data being transmitted from the reader to the card.

A unit of data transfer between a smart card and an application program; a smart card command or command response.

Contains calls a program can make on routines stored in a function library or implemented in the operating system.

The Japanese inventor who received a patent on smart cards in 1971.

An extension of the basic smart card operating system, often stored in the smart card EEPROM.

A method of digitally representing characters in the Latin alphabet using 1 byte or 8 bits. For example, 61₁₆ is the ASCII representation of lowercase Latin letter a.

See Also Unicode.

A mode of data transmission in which the transmission start time of a character or block of characters is arbitrary.

See Also synchronous protocol.

A data string returned by a smart card when the microprocessor in the card is physically reset. Two types of data strings are standardized: They are described as asynchronous transfer protocols T=0 and T=1.

To establish the identity of the origination or originator of a transaction or other data-processing request.

To grant privileges typically to access data, usually based on successful authentication.

A smart card manufactured by ZeitControl that supports on-card applications written in the Basic programming language.

A smart card that carries a key that enables its holder to unlock a shipment or batch of other smart cards. A batch card carries a transport key.

See Also mother card.

The use of a person's physical characteristics such as fingerprints, hand geometry, voice or signature characteristics, eye patterns, and so on for authentication.

A catalog of information used to subvert smart card security systems.

Taking provisions in a smart card's operation to defeat voltage and timing attacks. Blinding, for example, would ensure that all multiplications take the same amount of time independent of the values of the multiplier and the multiplicand.

The French publicist who coined the term smart card.

A sequence of bytes.

The French version of SET, which incorporates a smart card in its specification.

An organization or enterprise that issues digital certificates, primarily those attesting to an individual's identity.

A smart card reader.

To not return a card to the cardholder if an anomalous condition is encountered before a transaction is complete. A capture reader takes the smart card completely inside its physical security perimeter so that it cannot be extracted by the user before the transaction is completed.

A smart card industry association. See www.gold.net/users/ct96.

The person carrying and using a smart card. A cardholder does not necessarily own the card or have any rights other than holding and using the card.

An international smart card conference, Smart Card Research and Advanced Applications, held roughly every 18 months that features academic papers on smart card research.

A North American smart card convention held twice a year.

The smart card issued by Groupement des Cartes Bancaires, a French bank card association.

An annual smart card convention held in Paris.

The American inventor who received U.S. Patent 3,702,464 on a smart card in 1972.

The generalization of the APDUs of the SIM Application Toolkit that apply to all telecommunication technologies. These commands support communication between applications on the UICC and human interface and network capabilities of the mobile handset.

A European standards organization located in Brussels.

The specification for a monetary payment application for smart cards that can handle multiple currencies.

Conversational shorthand for digital certificate.

A random string of bytes sent from a data processing system to another system that it is trying to authenticate. The receiving system must encrypt the challenge with an encryption key in its possession and return the encrypted challenge to the sending system. If the sending system can decrypt the encrypted challenge, it knows the receiving system possesses the key that encrypted it and this authenticates the system to which the challenge was sent.

A single numeric value computed from a large body of text or data that can be quickly recomputed by the recipient of the text and data to check if any characters in the body have been changed during transmission. Unlike a hash value, similar bodies of text may yield equal checksums. Checksums guard against random transmission errors, not deliberate attempts to alter the content of a message.

A secret number or password, known only to the cardholder, which is required to access certain services on a smart card. Also known as personal identification number (PIN).

The first data field in an ISO 7816-4 command that gives the class of the command.

The contact or pad on a smart card module through which clock signals are provided to run the smart card processor.

The rate at which the clock signal provided to a smart card processor changes, typically 5 MHz or 5,000,000 pulses per second. Smart card processors divide this by 2 and take on the average of 4 or 5 “clocks” per instruction and so run at about ½ MIP or 500,000 instructions per second.

A collection of testing standards for the security aspects of information technology systems, including smart cards.

An authentication algorithm popular in telecommunications and often found on GSM SIM cards.

A smart card that is activated by being inserted into a smart card reader, which presses contacts against the contact pads of the smart card module.

See Also contactless card.

A smart card that is activated by being held near the smart card reader rather than being put into the reader, as with contact cards. Power is provided to the card through inductance coils and communication occurs via radio frequency signals and a capacitive plate antenna.

See Also contact card.

The instruction set used by a smart card; for example, an 8051 core implements the Intel 8051 instruction set. It is called the core because the integrated circuit that implements the instructions is the core of the smart card integrated circuit.

The program contained in the smart card ROM that is used for communicating with the smart card, managing security, and managing data in the smart card file system.

The integrated circuitry on a smart card that executes the program stored on the card.

A theorem about the unique factorization of integers that is used in some cryptographic algorithms.

Special integrated circuits for quickly doing calculations, particularly modular arithmetic and large integer calculations, associated with cryptographic operations and algorithms. These circuits are added to a standard processor core and therefore are called a coprocessor.

A type of file on a smart card that contains records such that the first record is returned when a READ NEXT command is issued on the last record; thus, the records form a ring and cycle from one to the next.

A smart card operating system developed in Denmark and used in the VisaCash card. See www.iccard.dk.

One of a batch or shipment of cards that is unlocked with a mother card.

Synonym for DES.

A secret key cryptographic algorithm defined and promoted by the U.S. government.

The German co-inventor of the smart card in 1968.

See Also Gröttrupp, Helmut.

A smart card directory file that holds other files.

A digital message that contains the public key of an individual together with a guarantee from a certificate authority that the public key belongs to the individual.

A digital technique that authenticates the user's transaction. A digital signature can, for example, be the encryption of a hash of the transaction with the individual's private key.

A smart card key that is computed from a smart card's serial number and a master key. Diversified key techniques let every card in a large set of cards be accessed with a unique key without the necessity of maintaining a record of which key is on which card. Both the master key and the calculation program are kept in a highly secure environment.

A cryptographic algorithm approved by the U.S. government for use in creating digital signatures.

The U.S. standard that defines DSA and its use.

A stored-value smart card that contains money in digital form in one or more national currencies such as kroner, francs, yen, marks, or dollars. When you spend money from the card, the host application decrements a currency value; when you add more money to the card, the host application increments a currency value. Don't try this at home.

Memory in a smart card that holds its contents when power is removed, that is, when the card is removed from the card reader. Unlike with ROM, new values can be written to EEPROM by the smart card CPU. EEPROM is used to store smart card values that are set during personalization, such as account numbers or values that can change, such as the amount of value stored on the card.

An elementary file is part of the smart card file system that contains application data.

See Also DF (dedicated file), MF (master file).

A funds transfer that is sent electronically, either by telecommunication or written on magnetic media, such as tape, cassette, or disk.

Similar to an e-purse, with added functions such as credit and debit account access capability.

See Also EP or E-purse (electronic purse).

A computer program plus special hardware that enables a program developer to run a smart card program on the actual smart card chip but still be able to control and analyze the execution of the program. An emulator, for example, typically allows the developer to single-step the smart card processor and examine the smart card processor's registers and memory.

An alliance of bank card associations that generated a smart card standard for payment (credit and debit) smart cards called EMV 2000.

A standard for smart cards and terminals for telecommunication use. The standard is the technical basis for smart cards in Europe

A standard for the contacts for cards and devices used in Europe. New edition specifies the format used for the GSM subscriber identity module (SIM).

A smart card that stores small amounts of currency, usually less than $1,000. Some electronic purses can be reloaded; some cannot, and are discarded when empty.

A smart card convention held regularly at the beginning of September.

A European standards body that writes the standards governing the SIM in GSM mobile telephones.

A U.S. federal standard titled “Security Requirements for Cryptographic Modules” that concerns physical security of smart cards when used as cryptographic devices. For more information, go to www.csrc.ncsl.nist.gov/fips/fips140-1.txt.

A type of nonvolatile memory that can be written much faster than EEPROM memory. Although usually written in all capital letters, FLASH is not an acronym, but rather refers to the fact that the memory can be bulk erased (i.e., electronically “flashed” as PROM memory of yore was flashed with UV light).

A type of nonvolatile memory based on electric field orientation with nearly an infinite write capability as opposed to normal EEPROM memory, which can only be written on the order of 10,000 times.

A U.S. government smart card users group that promulgates standards and specifications for the use of smart cards in government data processing functions.

A consortium formed to own, support, and further develop the GlobalPlatform specifications for secure smart card application systems, originally developed by Visa International.

The ground contact or pad on a smart card module.

The German co-inventor of the smart card in 1968.

See Also Dethloff, Jürgen.

A smart card consulting service. For more information, go to www.gscas.com.

A European cellular telephone standard. GSM telephones use smart cards called SIM cards to store subscriber account information.

A protocol between two devices, such as a smart card and a personal computer, to establish a common dialog.

See mask.

A string of bytes of a fixed length that is effectively a unique representation of a longer document. Effectively unique means that it is difficult to find another document that produces the same hash value and that any slight change in the long document will produce a different hash value.

A smart card operating system created by Fujitsu for its FRAM smart cards.

A smart card that can function as more than one kind of card (e.g., a smart card that can function as both a contact and a contactless card, or a smart card that also has a magnetic stripe or a barcode).

The input/output contact or pad on a smart card module though which messages are passed to and received from the microprocessor in the card.

A small electronic device made from metallic and semiconductor materials that contains all the functional components and connections of the circuit, integrated into a single device package.

Another name for a smart card.

A smart card industry trade association. For more information, go to www.icma.com.

A cryptographic algorithm commonly thought of as the European equivalent of DES.

An international standards body based in Geneva, Switzerland.

Another name for a smart card reader.

An attack on a smart card's security system that causes the CPU to perform erroneous calculations; errors are induced in the smart card's CPU by subjecting the card to unusual environmental conditions such as temperature, voltage, microwaves, radiation, and so on.

The first bit of a string of bits presented to an input device. The device will group the series into blocks of, say, 8 bits to make a byte string. It is important to specify if the initial bit is the highest or lowest byte in its byte.

The process during which the basic data that are common to all chip cards in a manufacturing batch are loaded into the chip.

The second field of an ISO 7816-4 smart card command, which contains the instruction to be executed by the smart card.

A memory card that contains some additional features—typically, security features—which limit access to the memory.

A communication convention wherein signal-positive is to be interpreted as 0 and signal-zero is to be interpreted as 1; this is the inverse of the usual translation of these states into binary digits.

A UICC application that provides digital rights management services for the IP Messaging Service on 3G networks.

The penultimate technical standards body based in Geneva, Switzerland. With representation on its working committees from almost all countries, the ISO defines technical standards for worldwide interoperability of hardware and software. For more information, go to www.iso.org.

The ISO standard for magnetic card format for electronic banking data. Some smart cards have magnetic strips on them and others support magnetic stripe communication protocols.

The ISO standard for the physical characteristics of an identification card.

The ISO standard for identification card recording techniques.

The ISO standard encoding for identifying issuers of financial smart cards.

The ISO standard that defines the specifics of financial transaction identification cards.

The basic set of international standards covering smart cards. There are currently fifteen parts to the ISO 7816 standard:

The ISO standard for financial transaction messages.

The ISO standard that describes the method of communication between card and reader for financial transaction cards.

The ISO standard for access control.

The ISO standard for the architecture of the systems that utilize financial transaction cards.

The ISO standard for testing smart cards.

The basic ISO standard for contactless smart cards.

The ISO standing committee responsible for smart card standards. For more information, go to www.iso.ch/meme/JTC1SC17.html.

The institution or organization that creates, provides, and typically owns a smart card.

A smart card that includes a Java interpreter in its operating system. For more information, go to www.javasoft.com.

An organization of smart card manufactures that offer Java smart cards. For more information, go to www.javacardforum.org.

A cryptographic algorithm that ensures data confidentiality and integrity in 3G mobile telephone networks.

One thousand lines of code.

The organization of dedicated and elementary files in the smart card's EEPROM.

A type of file in an ISO 7816-4 smart card file system that contains records. The records in a linear file may be fixed length or variable length.

A product marketing scheme that entices customers to purchase the product repeatedly by offering rewards based on the frequency of purchase. Also known as frequent buyer programs or, from its airline origin, frequent flyer programs.

A cryptographic checksum used to detect whether text or data in the message has been modified.

A smart card operation system licensed by MAOSCO that is also known as MULTOS. For more information, go to www.multos.com.

The program written into a smart card chip's ROM during its manufacture, typically, the smart card's operating system and manufacturer's data.

A plastic card with a simple memory chip with read and write capability.

A memory card in which access to the data in the EEPROM is controlled by security logic.

See Also wired logic card.

The root directory of a smart card's file system. An MF can contain dedicated files (other directories) and elementary files (data files). The master file on an ISO 7816–compliant smart card has the file identifier 3F00₁₆.

A smart card that contains more than one application.

Million instructions per second.

The metal carrier into which a smart card chip is placed before it is embedded into a plastic body to make a smart card. The module provides mechanical protection for the chip and contains the contacts or pads that a smart card reader connects to in order to activate and communicate with the chip.

A smart card operating system developed by NatWest in the U.K. and also an e-cash smart card that supports direct transfer of value from one card to another. For more information, go to www.mondex.com.

An efficient way to do binary multiplication based on shifting and adding. Montgomery multiplication is particularly useful in multiplying the arbitrarily large integers used in some cryptographic algorithms on the 8-bit micro-controller in a smart card.

The French journalist who received a patent on smart cards in 1974.

A smart card holding a transport key and used to unlock all the cards in a batch or shipment of cards.

See Also daughter card, batch card.

The multiapplication smart card operating system on the MONDEX card and licensable from MAOSCO to be the foundation for any multiapplication smart card. For more information, go to www.multos.com.

A North American smart card industry group. For more information, go to www.naccu.org.

An application that is compiled to the instruction set of the smart card's processor rather that to byte codes that are interpreted by an interpreter on the smart card.

An American standards body particularly for the use of information processing technology by the federal government. For more information, go to www.nist.gov.

A generic term for the memory in a smart card that can be written but still holds its contents after power has been removed; PROM, EPROM, EEPROM, FLASH, and FRAM are examples of NVM.

The state in which a smart card is not connected to a computer network and must rely on the information stored in its own file system to, for example, approve or deny a transaction.

The state in which a smart card is connected to a computer network and can be instructed to, for example, accept or deny a transaction based on information it sends to computers on the network.

A set of specifications that provide an infrastructure for the secure deployment and operation of post-issuance programmable smart cards, originally developed by Visa International.

A memory card that can be written once but read many times and can hold between 1 MB and 40 MB of data. Reading and writing uses laser optical technology.

The smallest number of bytes in EEPROM memory that can be written with one write operation. Page sizes in smart cards vary between 1 and 32 bytes.

The location of a file with respect to the root directory.

A group of personal computer and smart card companies founded to work on open specifications to integrate smart cards with personal computers. For more information, go to www.smartcardsys.com.

The process during which individual data are loaded into the smart card chip. Typically performed together with the printing or embossing of personal data (name, ID number, picture, and so on) and an account number onto the face of the card.

A card that can be used for the payment of telephone calls, typically in a pay phone.

Typically a four-or five-digit number used by the operating system on the smart card to authenticate the cardholder.

A cryptographic algorithm that uses a pair of keys, a public key and a private key, that are different from one another. The public key is published and available to anyone wishing to send an encrypted communication to the holder of the private key.

See Also SKA (secret key algorithm).

A system of storing and distributing public keys together with their current status, typically at scale (that is, millions to billions of keys).

A type of terminal found, for example, at grocery store check-out stations.

A cryptographic key known only to the owner. Or, the secret component of an asymmetric cryptographic key.

See Also PKA (public key algorithm).

A smart card that contains a microprocessor or microcontroller that can execute a program stored in the card's memory.

See core.

A smart card operating system developed by Banksys in Belgium. Used for travel and entertainment by American Express, Hilton Hotels, and American Airlines in the U.S. and for e-cash in Sweden. For more information, go to www.proton.be.

The publicly available and distributed component of an asymmetric cryptographic key.

A type of file in a smart card's file system that is used to implement electronic purses.

Plastic material used for the body of some smart cards.

Memory used for temporary storage of data by the CPU in a smart card. RAM is volatile; its contents are lost when power is removed from the smart card.

See Also NVM (nonvolatile memory).

A U.S. federal regulation designed to protect users and issuers utilizing electronic financial transfers from fraudulent transactions. It requires users to receive a receipt of financial transactions, puts restrictions on issuance of accessible devices, establishes the conditions of this type of service, and puts limits on consumer liability.

The location of a file relative to the current file.

The length of time a smart card will hold data in its nonvolatile memory—typically, 10 years.

A method of communication without physical contact using radio frequency transmission.

A method identification without physical contact using radio frequency transmission.

A permanent memory in a smart card to which the CPU cannot write new information and that cannot be updated or changed. It is written during the manufacturing of the chip and typically contains the smart card operating system and manufacturer keys.

An asymmetric cryptographic algorithm named after its inventors, Rivest, Shamir, and Adleman. For more information, go to www.rsa.com.

The contact or pad on the smart card module that, when activated, causes a physical reset of the microprocessor in the smart card.

A standards committee of the European Telecommunications Standards Institute that is creating a suite of smart card standards.

A collection of software and software tools that is useful in building a particular kind of software application (e.g., a smart card software development kit or a graphics software development kit).

A protocol developed by Visa and MasterCard for making credit card purchases on the Internet.

The type of module used in GSM smart cards to allow personal access to the GSM network. The SIM contains the user's cellular telephone account information.

A computer program that runs on a personal computer, for example, that executes a program to eventually be executed on a smart card and provides tools to the smart card program developer to study and debug the smart card program.

See Also emulator.

A cryptographic algorithm that uses a single key that is shared by the sender and the recipient of the encrypted message. The single key is used for both encryption and decryption and must be kept a secret shared between them.

A plastic card with a microprocessor chip that provides secure access to the memory of the card and performs other data processing and communication functions. Smart cards are used to store monetary value and personal identification information.

A program typically with a graphical user interface that enables you to see and change the contents of a smart card as well as send the smart card any command it supports.

A smart card trade association. See www.smartcard.com.

Executable code typically written in machine language that is written into a smart card's nonvolatile memory after the card is manufactured. Soft-mask code can correct errors in the smart card operating system stored in ROM or it can add additional capabilities to the smart card.

A one-chip microcomputer in which one integrated circuit contains all the electronic components of the microcomputer. Smart card chips are SPOMs.

A MAC additionally containing input data.

In an asynchronous communication protocol, the start bit signals the beginning of a new message and alerts the receiver to start collecting the bits of the message. The start bit typically serves only this heads-up function and is not part of the message itself.

A smart card that stores nonbearer values such as electronic cash. Some stored value cards can be reloaded with more value and some cannot.

To pull the smart card completely inside the reader so that the cardholder can't remove the card from the reader during a transaction.

A smart card that contains both the SIM and WIM applications.

A cryptographic algorithm or protocol in which the same key is held by both parties and is used for both encryption and decryption. DES is a symmetric algorithm.

A cryptographic key used in a symmetric cryptographic algorithm. It is called symmetric because the same key is used to decrypt a message as was used to encrypt the message.

See Also SKA (secret key algorithm).

A communication protocol that is premised on the existence of a common clock or synchronized clocks between the sender and the receiver of the data.

A communication protocol between a smart card and a smart card reader than transfers information one byte at a time; a byte-oriented smart card communication protocol.

A communication protocol between a smart card and a smart card reader that transfers information in blocks of multiple bytes; a block-oriented smart card communication protocol.

The 3GPP technical committee that writes standards for the SIM in 3G networks.

Capabilities of a smart card such as low voltage or slow clock detection circuits that enable the card to detect an attempted unauthorized access to data it contains or to alter the calculations it performs.

Physical aspects of a smart card that, when altered, will not return to their unaltered state and thus will show that the card has been tampered with.

Properties of a smart card—both in hardware and software—that make it difficult to perform unauthorized alternations of the data stored in the smart card or to make the smart card perform unauthorized computations.

Actions such as zeroization taken by a smart card when tampering is detected.

Another name for a smart card reader.

To remove a smart card from the smart card reader in the middle of a transaction; may leave the data on the smart card in an inconsistent or incorrect state.

A cryptographic algorithm used in GSM telephony.

An attack on a smart card's security system that is based on precise measurements of how long it takes the microprocessor to perform certain functions. For example, it takes longer to multiply by one than by zero.

A way of formatting arbitrary data for transmission between a smart card and a host application.

A block of data sent from the smart card to the host application.

A business or payment event for the exchange of value for goods or services.

The amount of time between the start and finish of a transaction.

A type of file organization. The EEPROM file contains a byte string. Data is accessed using the offset length relative to the first byte within the byte string.

A key that prevents data being written into a smart card NVM when it is being transported from the chip manufacturer to the card manufacturer or from the card manufacturer to the card issuer.

The smart card application platform that is being standardized by the ETSI Smart Card Platform (SCP) committee.

A method for encoding characters from many alphabets in 2 bytes or 16 bits. For example, 03BE₁₆ is the lowercase Greek letter epsilon Σ.

See Also ASCII (American Standard Code for Information Interchange).

A set of command and response APDUs that enable an application resident on a smart card to communicate with the terminal and the network to which the terminal is attached.

An interpreter that resides on a smart card for markup language pages written in languages such as XHTML and WML.

A standard, serial bus interface available as a standard I/O port on many PC and workstation computer systems.

The application running on a UICC that implements subscriber identification in 3G networks.

The contact or pad on a smart card module through which voltage is supplied to power the smart card processor; also the voltage itself, typically 5 volts.

The contact or pad on a smart card module through which voltage is supplied to program or erase the nonvolatile memory of the smart card; also the voltage itself, typically 5 volts.

A battery-operated smart card reader for checking the current value held in a stored value card.

A stored-value smart card produced by Visa that carries U.S. cash.

An attack on a smart card's security system that is based on making very precise measurements of how much voltage the smart card draws. For example, some smart card chips draw more voltage when they are multiplying by 1 than when they are multiplying by 0.

Smart card operating system created by Microsoft.

A smart card used with a WAP mobile handset to provide security to WAP communication and transactions.

See intelligent memory card.

The amount of time it takes to write or erase a page of nonvolatile memory in a smart card. Typically on the order of 5 milliseconds for EEPROM memory.

Setting the nonvolatile memory of a smart card to all null values (zero), wiping out all data stored on the smart card; typically done in response to tamper detection.