In parallel with the SET, another standard has been set up in France: C-SET (Chip-Secure Electronic Transaction), using French bank microprocessor smart cards. This system was defined by the GIE Cartes Bancaires. Using a small smart card reader connected to a microcomputer, the user "signs" his purchase by entering his confidential code. C-SET is interoperable with the SET protocol.
Command and Control
Prevent effective C2 of adversary forces by denying information to, influencing, degrading or destroying the adversary C2 system.
Maintain effective command and control of own forces by turning to friendly advantage or negating adversary effort to deny information to, influence, degrade, or destroy the friendly C2 system. (Pending approval in JP 1-02).
Certificate Authority A CA is an authority in a network that issues and manages security credentials and public keys for message encryption and decryption. As part of a PKI, a CA checks with a resignation authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA then can issue a certificate.
Common Access Card
Card Accepting Device. Mechanism that communicates with smart cards during a transaction.
Card Authentication Method. A method of checking that a card is authentic such as the use of signature strips holograms.
Customised Application of Mobil Enhanced Logic
Competitive Access Provider (USA). Connects telecomms users directly with long-distance carriers for voice, data and video transmission.
To not return a card to the cardholder if an anomalous condition is encountered before a transaction is complete. A capture reader takes the smart card completely inside its physical security perimeter so that it cannot be extracted by the user before the transaction is completed.
Card base belonging to the card issuer. Usually the card base contains the issuer's general information when the card is initialized
Memory area of the card belonging to the card issuer, allocated for smart card application after the card initialization
A smart card industry association. See www.gold.net/users/ ct96.
An organisation that issues users with a card, such as a bank to its customers.
Usually four sets of digits providing identfication of the cardholder and card organization.
A mechanical device constructed to electrically contact smart cards enabling it to read/write data.
The person or entity presenting a smart card for use
An international smart card conference, Smart Card Research and Advanced Applications, held roughly every 18 months, that features academic papers on smart card research.
A North American smart card convention held twice a year.
The smart card issued by Groupement des Cartes Bancaires, a French bankcard association.
Conditional Access System
The American inventor who received U.S. Patent 3,702,464 on a smart card in 1972.
Cardholder Activated Terminal. A terminal that dispenses a product or service
Canadian Air Transport Security Authority
Common Chip Card.
a Charge Coupled Device
Cryptographic Checksum. Cryptographic checksum of data, which registers any manipulation of data during storage.
Common Desktop Environment. A desktop application used in the Solaris Operating System (OS).
Code Division Multiple Access.
Cell Broadcasting Channels
Used in GSM to broadcast the information from a Service Centre to the Mobile Centre that is listening in any given area.
Cellular Digital Packet Data Network
A packet network that uses an analogue cellular network to deliver the packets. It uses the idle time on a channel to carry the information.
A radio telephone system in which a network of transmitters links mobile users into the public phone system. Each transmitter or 'base station' serves a small area known as a cell.
Comité Européen de Normalisation, Brussels, Belgium. European Standards Organization. CEN works with all national European standards organizations and is the official institution of the EU for European standardization.
Common Electronic Purse Specification. Standards for electronic purse applications advanced by VISA.
"Legalised" document produced by a trusted third party ("Authority certification") to authenticate a public key (signed key associated with information regarding is owner). Its format (X.509) is the subject of an ISO standard. The document can also be calculated by a smart card to avoid any denial (payment, for instance) of a transaction that first required user authentication.
Common Gateway Interface - CGI is the method that Web servers use to allow interaction between servers and programs.
Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server
A random string of bytes sent from a data processing system to another system that it is trying to authenticate.
The receiving system must encrypt the challenge with an encryption key in its possession and return the encrypted challenge to the sending system. If the sending system can decrypt the encrypted challenge, it knows the receiving system possesses the key that encrypted it and this authenticates the system to which the challenge was sent.
A form of authentication whereby the smart card is loaded with a DES key used in response to a random number generated by the system and sent to the card when the card is inserted in the card reader.
Community Health Clinic
A count of the number of bits in a transmission unit so that the recipient can make sure the correct number of bits arrived and that the message is intact. See SHA-1, Cryptography.
A hacking program used for cracking VMS passwords
Also called Kamikaze Packet. A network packet that induces a broadcast storm and network meltdown. Typically an IP Ethernet datagram that passes through a gateway with both source and destination Ethernet and IP address set as the respective broadcast addresses for the subnetworks being gated between
A small, thin square piece of silicon processed to contain an electronic circuit, to store and process information. Also known as Integrated Circuit (IC).
Also known as an integrated circuit card (ICC) or smart card. A chip is embedded in the surface of the plastic card.
Card Holder Value (PIN).
Text that has been encrypted
Encryption technique based on keys, algorithms and protocols to transform a non-coded text into a coded text (ciphered), unusable and incomprehensible to anyone who does not have the key to turn it back into its initial non-coded form.
Circuit Level Gateway
One form of a firewall. Validates TCP and UDP sessions before opening a connection. Creates a handshake, and once that takes place passes everything through until the session is ended.
Information Structure: A data structure written on every card that complies with the PCMCIA standard containing information about the formatting and organisation of the data on the card.
Clearing The process of transmitting, reconciling and in some cases, confirming payment orders prior to settlement. Sometimes the term is used (imprecisely) to include settlement.
The first data field in an ISO 7816-4 command that gives the class of the command.
The process of transmitting, reconciling and in some cases, confirming payment orders prior to settlement. Sometimes the term is used (imprecisely) to include settlement.
A tamper-resistant VLSI chip designed by NSA for encrypting voice communications. It conforms to the Escrow Encryption Standard (EES) and implements the Skipjack encryption algorithm.
The contact or pad on a smart card module through which clock signals are provided to run the smart card processor.
The rate at which the clock signal provided to a smart card processor changes; typically, 5 MHz or 5,000,000 pulses per second. Smart card processors divide this by 2 and take on the average of 4 or 5 “clocks” per instruction and so run at about 1⁄2 MIP or 500,000 instructions per second.
Closed Stored Value
A prepaid debit card single function such as a travel card.
Complementary Metal-Oxide Semiconductor (transistor type) OR
Cellular Management Operation System (telecommunications)
CMS(Card Management System)
(Card Management System) Tools and services used to deploy and manage smart card-based applications. CMS is used primarily to manage the lifecycle of cards and applications hosted by the cards.
Chip and Pin
Computer Operations, Audit, and Security Technology - is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers in major companies and government agencies. Its research is focused on real-world needs and limitations, with a special focus on security for legacy computing systems.
A measure of the strength of a magnetic field. Fields are expressed as low or high by the terms LoCo and HiCo.
Dual-interface card. A smart card holding both contact and contactless technology for transferring data to and from the card. Memory card or micro-circuit card equipped with an antenna to communicate without a contact, which also has 8 physical contacts like conventional smart cards. Applications: physical access control for the contactless function, electronic wallet or debit-credit or logical access control for the contact function.
Command and Control Warfare (C2W):
The integrated use of operations security, military deception, psychological operations, electronic warfare, and physical destruction, mutually supported by intelligence, to deny information to, influence, degrade, or destroy adversary command and control capabilities, while protecting friendly command and control capabilities against such actions. Command and control warfare is an application of information operations in military operations and is a subset of information warfare. C2W is both offensive and defensive.
Common Air Interface
The interface between the mobile user and the mobile network, It is defined in terms of signalling, electrical characteristics, modulation and speech transmission.
Set of concepts, rules and methodologies defines since June 1999 as an ISO standard (15408) to be used as models for the evaluation of assurance levels (EAL standing for Evaluation Assurance Level) offered in the area of security by software, hardware or hardware and software packages such as the smart card. EAL7 is the highest level.
An authentication algorithm popular in telecommunications and often found on GSM SIM cards
The proprietary algorithm that was initially used by default in SIM cards. The GSM Association formally recommends against using Comp128-1, as it has been proven unsecure.
Confidentiality Guarantee that a message will be legible to no-one other than the intended recipient. Confidentiality is an essential role of cryptography systems
An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred
The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation.
Computer-related crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value
Computer Network Attack
Operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (DODD S-3600.1 of 9 Dec 96).
Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system.
Computer Security Incident
Any intrusion or attempted intrusion into an automated information system (AIS). Incidents can include probes of multiple computer systems
Computer Security Intrusion
Any event of unauthorized access or penetration to an automated information system (AIS).
Feature of information to be kept for unauthorised third parties (people, entities or systems). Result of a ciphering transaction.
A point of electrical connection between a smart card/integrated circuit card and its external interface device.
The pane in the Smartcard Console that contains icons for various management tasks.
A card that must be inserted into a card reader where information is transferred via a series of connector/contact points located on the card.
Contact Smart Card
A smart card that operates by physical contact between the reader and the smart card's different contacts (in comparison to Contactlesssmart cards).
Smart card/IC card that works with a read/write unit without physical connection. Also known as a proximity card. Data is transferred without contact using radio frequency technology via a transmitter and receiver. Memory card or microcircuit card equipped with an antenna to communicate at distances of a few centimetres, through radiofrequency (125 kHz, 13.56 MHz, 860-915 MHz, 2,45 GHz) with a coupler used as a reader. Main applications : transport and access control.
Controls Data Date
A date of MULTOS enablement data (initialization data) generation. The number is assigned monthly incremented from 0 for January 1998
A special text file that records your behaviour when using a particular website.
Computer Oracle and Password System - A computer network monitoring system for Unix machines. Software tool for checking security on shell scripts and C programs. Checks for security weaknesses and provides warnings
The instruction set used by a smart card; for example, an 8051 core implements the Intel 8051 instruction set. It is called the core because the integrated circuit that implements the instructions is the core of the smart card integrated circuit.
Card Operating System.
Commercial Off the Shelf - Software acquired by government contract through a commercial vendor. This software is a standard product, not developed by a vendor for a particular government project.
Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security.
An electronic system used to read the smart card. It is the basis of a reader. Designed to be integrated in a machine (e.g., gaming machine, gas meter...).
Central Processing Unit.
Card Query Language.
A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of the AIS.
One who breaks security on an AIS
Cracking:The act of breaking into a computer system
A sudden, usually drastic failure of a computer system.
Card which is not prepaid. An amount of credit is attached to the card account.
Certificate Revocation List CRL - Certificate Revocation List, (also known as Black List), list of digital certificates that have been revoked and are no longer valid.
Chinese remainder theorem.
A theorem about the unique factorization of integers that is used in some cryptographic algorithms.
1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext. 2) Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption
(Cryptographic Application Programming Interface) A Microsoft API that offers system-level access to common cryptographic functions.
To enable chip data exchange in a secure manner
Special integrated circuits for quickly doing calculations, particularly modular arithmetic and large integer calculations, associated with cryptographic operations and algorithms. These circuits are added to a standard processor core and therefore are called coprocessors.
Cryptographic Hash Function
A process that computes a value (referred to as a hashword) from a particular data unit in a manner that, when a hashword is protected, manipulation of the data is detectable
Used to encrypt or decrypt a message
Cryptographic Smart Card
A credit card-sized card that stores information on an integrated circuit (IC) or microprocessor chip contained in the card. A cryptographic smart card is designed to perform complex computations for functions such as encryptions using a math co-processor embedded in the chip. Private keys are generated directly on the crypto-smart card and encryption/digital signature functions take place on the card for greater security.
The science of applying mathematical theory in developing and advancing new algorithms and security procedures.
The science which deals with hidden, disguised, or encrypted communications.
Hardware part of some microcontrollers dedicated to complex encryption calculation (including exponential calculation). Essential for carrying out RSA calculations in a smart card. Not required with DES or AES calculations.
Contactless Smart Card.
Card Security Handler.
Canadian Security Intelligence Service OR
Canadian Society for Industrial Security
Chip Security Module.
Cryptographic Service Provider.
Second-generation cordless telephone, also a wireless standard for short-range communication using low-powered portable handsets; it can be used for domestic purposes. business use (cordless PABX) and telepoint applications.
Card Block/Unblock Code) CUB is a card block/unblock data requesting process between the issuer and the MULTOS KMA. When the issuer requests CUB data (card block and/or unblock), the MULTOS KMA replies with CUB response data, which includes the Card Block MAC and/or Card Unblock MAC.
The card operator requires these MACs when he wishes to send Card Block command supported in MULTOS primitive. The blocked card will not respond to any application select command, until it is unblocked
CUB response data
Which includes the Card Block MAC and/or Card Unblock MAC. The card operator requires these MACs when he wishes to send Card Block command supported in MULTOS primitive. The blocked card will not respond to any application select command, until it is unblocked
Card Verification Code.
Cardholder Verification Method. The means to verify the authenticity of a cardholder
Card Verification Value (credit card fraud prevention mechanism)
Describes the world of connected computers and the society that gathers around them. Commonly known as the INTERNET.
A type of file on a smart card that contains records such that the first record is returned when a read next command is issued on the last record; thus, the records form a ring and cycle from one to the next.