Glossary
C-SET
In parallel with the SET, another standard has been set up in France: C-SET (Chip-Secure Electronic Transaction), using French bank microprocessor smart cards. This system was defined by the GIE Cartes Bancaires. Using a small smart card reader connected to a microcomputer, the user "signs" his purchase by entering his confidential code. C-SET is interoperable with the SET protocol.
C2
Command and Control
C2-attack
Prevent effective C2 of adversary forces by denying information to, influencing, degrading or destroying the adversary C2 system.
C2-protect
Maintain effective command and control of own forces by turning to friendly advantage or negating adversary effort to deny information to, influence, degrade, or destroy the friendly C2 system. (Pending approval in JP 1-02).
CA
Certificate Authority A CA is an authority in a network that issues and manages security credentials and public keys for message encryption and decryption. As part of a PKI, a CA checks with a resignation authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA then can issue a certificate.
CAC
Common Access Card
CAD
Card Accepting Device. Mechanism that communicates with smart cards during a transaction.
CAM
Card Authentication Method. A method of checking that a card is authentic such as the use of signature strips holograms.
CAMEL
Customised Application of Mobil Enhanced Logic
CAP
Competitive Access Provider (USA). Connects telecomms users directly with long-distance carriers for voice, data and video transmission.
Capture
To not return a card to the cardholder if an anomalous condition is encountered before a transaction is complete. A capture reader takes the smart card completely inside its physical security perimeter so that it cannot be extracted by the user before the transaction is completed.
Card Base
Card base belonging to the card issuer. Usually the card base contains the issuer's general information when the card is initialized
Card Domain
Memory area of the card belonging to the card issuer, allocated for smart card application after the card initialization
Card Europe
A smart card industry association. See www.gold.net/users/ ct96.
Card Issuer
An organisation that issues users with a card, such as a bank to its customers.
Card Number
Usually four sets of digits providing identfication of the cardholder and card organization.
Card Reader
A mechanical device constructed to electrically contact smart cards enabling it to read/write data.
Cardholder
The person or entity presenting a smart card for use
CARDIS
An international smart card conference, Smart Card Research and Advanced Applications, held roughly every 18 months, that features academic papers on smart card research.
CardTech/Securetech
A North American smart card convention held twice a year.
Carte Bancaire
The smart card issued by Groupement des Cartes Bancaires, a French bankcard association.
CAS
Conditional Access System
Castrucci, Paul
The American inventor who received U.S. Patent 3,702,464 on a smart card in 1972.
CAT
Cardholder Activated Terminal. A terminal that dispenses a product or service
CATSA
Canadian Air Transport Security Authority
CCC
Common Chip Card.
CCD
a Charge Coupled Device
CCS
Cryptographic Checksum. Cryptographic checksum of data, which registers any manipulation of data during storage.
CDE
Common Desktop Environment. A desktop application used in the Solaris Operating System (OS).
CDMA
Code Division Multiple Access.
Cell Broadcasting Channels
Used in GSM to broadcast the information from a Service Centre to the Mobile Centre that is listening in any given area.
Cellular Digital Packet Data Network
A packet network that uses an analogue cellular network to deliver the packets. It uses the idle time on a channel to carry the information.
Cellular Radio
A radio telephone system in which a network of transmitters links mobile users into the public phone system. Each transmitter or 'base station' serves a small area known as a cell.
CEN
Comité Européen de Normalisation, Brussels, Belgium. European Standards Organization. CEN works with all national European standards organizations and is the official institution of the EU for European standardization.
CEPS
Common Electronic Purse Specification. Standards for electronic purse applications advanced by VISA.
Certificate
"Legalised" document produced by a trusted third party ("Authority certification") to authenticate a public key (signed key associated with information regarding is owner). Its format (X.509) is the subject of an ISO standard. The document can also be calculated by a smart card to avoid any denial (payment, for instance) of a transaction that first required user authentication.
CGI
Common Gateway Interface - CGI is the method that Web servers use to allow interaction between servers and programs.
CGI Scripts
Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server
Challenge
A random string of bytes sent from a data processing system to another system that it is trying to authenticate.
The receiving system must encrypt the challenge with an encryption key in its possession and return the encrypted challenge to the sending system. If the sending system can decrypt the encrypted challenge, it knows the receiving system possesses the key that encrypted it and this authenticates the system to which the challenge was sent.
Challenge-Response
A form of authentication whereby the smart card is loaded with a DES key used in response to a random number generated by the system and sent to the card when the card is inserted in the card reader.
CHC's
Community Health Clinic
Checksum(Hash)
A count of the number of bits in a transmission unit so that the recipient can make sure the correct number of bits arrived and that the message is intact. See SHA-1, Cryptography.
Check_Password
A hacking program used for cracking VMS passwords
Chernobyl Packet
Also called Kamikaze Packet. A network packet that induces a broadcast storm and network meltdown. Typically an IP Ethernet datagram that passes through a gateway with both source and destination Ethernet and IP address set as the respective broadcast addresses for the subnetworks being gated between
Chip
A small, thin square piece of silicon processed to contain an electronic circuit, to store and process information. Also known as Integrated Circuit (IC).
Chip Card
Also known as an integrated circuit card (ICC) or smart card. A chip is embedded in the surface of the plastic card.
CHV
Card Holder Value (PIN).
Cipher Text
Text that has been encrypted
Ciphering
Encryption technique based on keys, algorithms and protocols to transform a non-coded text into a coded text (ciphered), unusable and incomprehensible to anyone who does not have the key to turn it back into its initial non-coded form.
Circuit Level Gateway
One form of a firewall. Validates TCP and UDP sessions before opening a connection. Creates a handshake, and once that takes place passes everything through until the session is ended.
CIS Card
Information Structure: A data structure written on every card that complies with the PCMCIA standard containing information about the formatting and organisation of the data on the card.
Clearing The process of transmitting, reconciling and in some cases, confirming payment orders prior to settlement. Sometimes the term is used (imprecisely) to include settlement.
CLA
The first data field in an ISO 7816-4 command that gives the class of the command.
Clearing
The process of transmitting, reconciling and in some cases, confirming payment orders prior to settlement. Sometimes the term is used (imprecisely) to include settlement.
Clipper Chip
A tamper-resistant VLSI chip designed by NSA for encrypting voice communications. It conforms to the Escrow Encryption Standard (EES) and implements the Skipjack encryption algorithm.
CLK
The contact or pad on a smart card module through which clock signals are provided to run the smart card processor.
Clock Rate
The rate at which the clock signal provided to a smart card processor changes; typically, 5 MHz or 5,000,000 pulses per second. Smart card processors divide this by 2 and take on the average of 4 or 5 “clocks” per instruction and so run at about 1⁄2 MIP or 500,000 instructions per second.
Closed Stored Value
A prepaid debit card single function such as a travel card.
CMOS
Complementary Metal-Oxide Semiconductor (transistor type) OR
Cellular Management Operation System (telecommunications)
CMS(Card Management System)
(Card Management System) Tools and services used to deploy and manage smart card-based applications. CMS is used primarily to manage the lifecycle of cards and applications hosted by the cards.
CNP
Chip and Pin
COAST
Computer Operations, Audit, and Security Technology - is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers in major companies and government agencies. Its research is focused on real-world needs and limitations, with a special focus on security for legacy computing systems.
Coercivity
A measure of the strength of a magnetic field. Fields are expressed as low or high by the terms LoCo and HiCo.
Combi-card
Dual-interface card. A smart card holding both contact and contactless technology for transferring data to and from the card. Memory card or micro-circuit card equipped with an antenna to communicate without a contact, which also has 8 physical contacts like conventional smart cards. Applications: physical access control for the contactless function, electronic wallet or debit-credit or logical access control for the contact function.
Command and Control Warfare (C2W):
The integrated use of operations security, military deception, psychological operations, electronic warfare, and physical destruction, mutually supported by intelligence, to deny information to, influence, degrade, or destroy adversary command and control capabilities, while protecting friendly command and control capabilities against such actions. Command and control warfare is an application of information operations in military operations and is a subset of information warfare. C2W is both offensive and defensive.
Common Air Interface
The interface between the mobile user and the mobile network, It is defined in terms of signalling, electrical characteristics, modulation and speech transmission.
Common Criteria
Set of concepts, rules and methodologies defines since June 1999 as an ISO standard (15408) to be used as models for the evaluation of assurance levels (EAL standing for Evaluation Assurance Level) offered in the area of security by software, hardware or hardware and software packages such as the smart card. EAL7 is the highest level.
COMP128
An authentication algorithm popular in telecommunications and often found on GSM SIM cards
Comp128-1
The proprietary algorithm that was initially used by default in SIM cards. The GSM Association formally recommends against using Comp128-1, as it has been proven unsecure.
Confidentiality Guarantee that a message will be legible to no-one other than the intended recipient. Confidentiality is an essential role of cryptography systems
Compromise:
An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred
Computer Abuse
The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation.
Computer Fraud
Computer-related crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value
Computer Network Attack
Operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (DODD S-3600.1 of 9 Dec 96).
Computer Security
Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system.
Computer Security Incident
Any intrusion or attempted intrusion into an automated information system (AIS). Incidents can include probes of multiple computer systems
Computer Security Intrusion
Any event of unauthorized access or penetration to an automated information system (AIS).
Confidentiality
Feature of information to be kept for unauthorised third parties (people, entities or systems). Result of a ciphering transaction.
Connector/Contact
A point of electrical connection between a smart card/integrated circuit card and its external interface device.
Console Pane
The pane in the Smartcard Console that contains icons for various management tasks.
Contact Card
A card that must be inserted into a card reader where information is transferred via a series of connector/contact points located on the card.
Contact Smart Card
A smart card that operates by physical contact between the reader and the smart card's different contacts (in comparison to Contactlesssmart cards).
Contactless Card
Smart card/IC card that works with a read/write unit without physical connection. Also known as a proximity card. Data is transferred without contact using radio frequency technology via a transmitter and receiver. Memory card or microcircuit card equipped with an antenna to communicate at distances of a few centimetres, through radiofrequency (125 kHz, 13.56 MHz, 860-915 MHz, 2,45 GHz) with a coupler used as a reader. Main applications : transport and access control.
Controls Data Date
A date of MULTOS enablement data (initialization data) generation. The number is assigned monthly incremented from 0 for January 1998
Cookie
A special text file that records your behaviour when using a particular website.
COPS
Computer Oracle and Password System - A computer network monitoring system for Unix machines. Software tool for checking security on shell scripts and C programs. Checks for security weaknesses and provides warnings
Core
The instruction set used by a smart card; for example, an 8051 core implements the Intel 8051 instruction set. It is called the core because the integrated circuit that implements the instructions is the core of the smart card integrated circuit.
COS
Card Operating System.
COTS Software
Commercial Off the Shelf - Software acquired by government contract through a commercial vendor. This software is a standard product, not developed by a vendor for a particular government project.
Countermeasures:
Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security.
Coupler
An electronic system used to read the smart card. It is the basis of a reader. Designed to be integrated in a machine (e.g., gaming machine, gas meter...).
CPU
Central Processing Unit.
CQL
Card Query Language.
Crack:
A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of the AIS.
Cracker
One who breaks security on an AIS
Cracking:
Cracking:The act of breaking into a computer system
Crash
A sudden, usually drastic failure of a computer system.
Credit Card
Card which is not prepaid. An amount of credit is attached to the card account.
CRL
Certificate Revocation List CRL - Certificate Revocation List, (also known as Black List), list of digital certificates that have been revoked and are no longer valid.
CRT
Chinese remainder theorem.
A theorem about the unique factorization of integers that is used in some cryptographic algorithms.
Cryptanalysis
1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext. 2) Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption
CryptoAPI
(Cryptographic Application Programming Interface) A Microsoft API that offers system-level access to common cryptographic functions.
Cryptogram
To enable chip data exchange in a secure manner
cryptographic coprocessor
Special integrated circuits for quickly doing calculations, particularly modular arithmetic and large integer calculations, associated with cryptographic operations and algorithms. These circuits are added to a standard processor core and therefore are called coprocessors.
Cryptographic Hash Function
A process that computes a value (referred to as a hashword) from a particular data unit in a manner that, when a hashword is protected, manipulation of the data is detectable
Cryptographic Key
Used to encrypt or decrypt a message
Cryptographic Smart Card
A credit card-sized card that stores information on an integrated circuit (IC) or microprocessor chip contained in the card. A cryptographic smart card is designed to perform complex computations for functions such as encryptions using a math co-processor embedded in the chip. Private keys are generated directly on the crypto-smart card and encryption/digital signature functions take place on the card for greater security.
Cryptography
The science of applying mathematical theory in developing and advancing new algorithms and security procedures.
CryptoKI
See PKCS#11.
Cryptology
The science which deals with hidden, disguised, or encrypted communications.
Cryptoprocessor
Hardware part of some microcontrollers dedicated to complex encryption calculation (including exponential calculation). Essential for carrying out RSA calculations in a smart card. Not required with DES or AES calculations.
CSC
Contactless Smart Card.
CSH
Card Security Handler.
CSIS
Canadian Security Intelligence Service OR
Canadian Society for Industrial Security
CSM
Chip Security Module.
CSP
Cryptographic Service Provider.
CT2
Second-generation cordless telephone, also a wireless standard for short-range communication using low-powered portable handsets; it can be used for domestic purposes. business use (cordless PABX) and telepoint applications.
CUB
Card Block/Unblock Code) CUB is a card block/unblock data requesting process between the issuer and the MULTOS KMA. When the issuer requests CUB data (card block and/or unblock), the MULTOS KMA replies with CUB response data, which includes the Card Block MAC and/or Card Unblock MAC.
The card operator requires these MACs when he wishes to send Card Block command supported in MULTOS primitive. The blocked card will not respond to any application select command, until it is unblocked
CUB response data
Which includes the Card Block MAC and/or Card Unblock MAC. The card operator requires these MACs when he wishes to send Card Block command supported in MULTOS primitive. The blocked card will not respond to any application select command, until it is unblocked
CVC
Card Verification Code.
CVM
Cardholder Verification Method. The means to verify the authenticity of a cardholder
CVV2
Card Verification Value (credit card fraud prevention mechanism)
Cyberspace:
Describes the world of connected computers and the society that gathers around them. Commonly known as the INTERNET.
Cyclic file
A type of file on a smart card that contains records such that the first record is returned when a read next command is issued on the last record; thus, the records form a ring and cycle from one to the next.