| glossary
of terms
The following glossary provides definitions of terms commonly
used in the manufacturing, technology, data processing,
security and personalization processes we employ.
| A | B | C
| D | E | F
| G | H | I
| J | K | L
| M | N | O
| P | Q | R
| S | T | U
| V | W | X
| Y | Z |
A
ABS (Acrylonitrile Butadiene Styrene)
The plastic used to make molded (or injected) card bodies
for certain cards.
Access Card
A machine-readable card used to achieve computer access,
physical entry, or passage.
40-bit and 128-bit
The length of a cryptographic encryption key. Each bit doubles
the amount of time it would take to break the encryption
code.
Algorithm
Rules specifying the procedure for a computation; a mathematical
routine used to perform computations (often used in the
practice of cryptography).
Analog
Information presented in the form of a continuously varying
signal.
APDU (Application Protocol Data Unit)
The basic command unit for a Smart Card. An APDU contains
either a command message or a response message, sent from
the interface device to the Smart Card or from the card
to the device.
API (Application Programming Interface)
A definition of calling conventions by which an application
program accesses other services such as the operating system,
drivers, databases, or middleware layers.
ANSI (American National Standard Institute)
Asynchronous Password Generation
A method of generating a unique one-time password for a
computer user based on a challenge-response sequence between
a host and a device possessed by the user.
ATM (Automated Teller Machine)
Bank services, such as cash withdrawal and deposit, are
offered by these machines after checking the user identity
by any method (e.g., a financial card).
ATR (Answer To Reset)
A message that is returned by a Smart Card when it is powered
up or when its reset pin is activated. The ATR indicates
the card type, communication, and other basic information.
Authenticate
To validate a user; provide proof of identity or origin.
Authentication
The process whereby a card, terminal or person proves who
they are. A fundamental part of many cryptography systems.
(External) Authentication
The procedure used to authenticate the external world (e.g.,
terminal) to the card.
(Internal) Authentication
The procedure used to prove that the card is genuine by
means of an algorithm, a random value and a secret key.
The authentication process can be further distinguished
between passive authentication in which the same values
are used each time (e.g., PIN) and active authentication
in which an algorithm and variable values are used.
Authorization
A card issuer’s guarantee to a card acceptor that
he will honour a transaction.
Automated Clearing House
An organization that handles automated payments, e.g., direct
debits, standing order payments, direct payroll deposits
and other electronic credit transfers, and to consolidate
provider billings.
Top of page
B
Band Width
The amount of data that can be sent through a connection.
Band width is usually measured in bits per second (bps).
A normal page of hypertext ranges from 6,000 to 20,000 bits
(not counting graphics).
Baud
A unit of signalling speed. The speed in baud is the number
of discrete conditions or signal elements per second. It
is now largely obsolete and has been replaced by bits per
second (bps).
Benday Print
To the eye, it is a gray area. It is made up of a uniform
series of dots equally spaced apart. The size of the dot
reflects the intensity of the tine (per cent Benday). The
different values are 5%, 10%, 20%, 30%, 40%, 50%, 60%, 70%
and 90%.
Biometrics
The ability to automatically identify an individual using
biological features such as fingerprints, voiceprints, and
retinal scans.
Bit
Unit of binary storage – a single-digit number in
binary numbering, in other words, either a 1 or a zero.
Used in computers and integrated circuit (IC) cards.
BPS (bits per second)
Data transmission speed, the number of pieces of information
transmitted per second.
Byte
Memory space required for one character of data. Most cards
use an 8 bit byte, although some use 4, 5, 6, or 7 bit bytes.
This is the smallest addressable quantum of information
that can be handled by the unit.
Top of page
C
CA (Certification Authority)
The organization that issues certificates and takes liability
associated with the validity of the holder’s identity.
Often financial and institutional organizations.
CAD (Card Acceptor Device)
A hardware device used to read and write information on
a card. The term was invented by the IC (integrated circuit)
card industry, but it can be used to describe a reader/writer
device for any card technology.
Capacitive Coupling
In contactless cards, a system for interchanging data with
an external device.
Card Authentication Method
Process used to verify the authenticity of a card.
Card Read-Write
Equipment that can electronically read the information on
one or many types of cards and modify specific data fields.
CDMA (Code Division Multiple Access)
Transmission technique that uses simultaneous transmission
and reception of several messages, each with a unique identity
(e.g., CDMA can be used between a cellphone and a radio
base station).
Certificate
A file, digitally signed by a Certification Authority. There
are many different types of certificates (the most common
being X 509).
Checksum
A count of the number of bits in a transmission unit so
that the recipient can make sure the correct number of bits
arrived and that the message is intact. Also called Hash.
Certificate Policy (CP)
A Certificate Policy is a named set of rules that indicates
the applicability of a certificate to a particular community
and/or class of application with common security requirements.
Charge Card
A payment card that provides automatic credit within a given
invoice date (usually monthly).
Charge-Back
Issuer generated reversal of all or a portion of an amount
previously posted to a cardholder account.
Chip
A small square of thin, semiconductor material, such as
silicon, that has been chemically processed to have a specific
set of electrical characteristics such as circuits, storage,
and/or logic elements. Also known as an integrated circuit
(IC).
Ciphertext
Encrypted output of a cryptographic algorithm.
Clearing
The processing of financial transactions between the acquirer
and issuer for reconciliation, billing, and statement use.
Closed Pre-paid System
A system where the issuer and acquirer of the card is the
same party. The card is issued by the party that provides
those services which can be accessed by the card.
Closed System
A system whose use is limited to the original application
issuer(s). Typically, a card payment system where the card
issuer is also the service provider and an independent funds-clearing
function is not required. Common closed systems include
campus cards, corporate badges, etc. The opposite of an
Open System.
CMS (Card Management System)
Tools and services used to deploy and manage Smart Card-based
applications. CMS is used primarily to manage the lifecycle
of cards and applications hosted by the cards.
Coercivity
In magnetic media, the magnetic flux strength required to
de-magnetize a previously saturated material. The intrinsic
coercivity of any magnetic material is measured at the half
width of its hysteresis loop. See also “High Coercivity
Magnetic Stripe” and “Low Coercivity Magnetic
Stripe.”
Combi Card
A combination of surface pad for contact applications and
a coil/RF (radio frequency) capability for contactless applications,
both of which are connected to the same chip.
Company Card
A card issued to or by a company for use by an employee
for business-related transactions (e.g., purchases, logical
access, physical access).
Contact
Electrical connection points between a Smart Card and its
external interface device. ISO standard integrated circuit
cards have eight contact points.
Contact Smart Card
A Smart Card that operates by physical contact between the
reader and the Smart Card’s different contacts (in
comparison to contactless Smart Cards).
Contactless Card
An integrated circuit card that enables energy to flow between
the card and the interfacing device without a visible module
and without the use of contact. Instead, induction or high-frequency
transmission techniques are used through a radio frequency
(RF) interface.
COS (Chip Operated System)
A set of instructions permanently burned into the Read-Only-Memory
(ROM) of a Smart Card. Also called a “Mask.”
Coupler
An electronic system used to read the Smart Card. It is
the basis of a reader. Designed to be integrated in a machine
(e.g., gaming machine, gas meter, etc.).
CRC (Cyclic Redundancy Check)
A popular method of ensuring transmissions have not been
garbled.
Credit Card
Any card allowing its owner to spend money with no immediate
reimbursement. Credit cards in EPOS generate electronic
loans.
Cryptographic Key
Parameter used in conjunction with an algorithm for the
purpose of validation, authentication, encipherment, or
decipherment.
Cryptography
The study of mathematical methods of encoding information
to make it indiscernible to unauthorized individuals.
Top of page
D
Data Encryption Algorithm
An ANSI Standard which describes a cryptographic algorithm
for encrypting data. The algorithm is private key driven.
Also referred to as the Data Encryption Standard (DES).
Debit Card
Much like a credit card, but immediately takes the money
out of an account and transfers it to another account. In
other words, it replaces a cheque (with no delay to give
the issuer time to cover it) and does not have any credit
line associated with it.
Decryption
Converting encrypted information back into plain text (or
clear text). Also known as decipherment.
DES (Data Encryption Standard)
The U.S. standard defining a symmetric cryptosystem for
use by the U.S. Government. Often used in payment systems
with the DES algorithm.
DF (Dedicated File)
Memory organization for microprocessor cards: a DF is a
logical entity that holds a number of elementary files (EF).
In multi-purpose cards, each DF will normally correspond
to a distinct application.
Digital
Said of systems whose information is represented in binary
form. Compare analog.
Digital Optical Laser Card
A portable card that passively stores information in the
form of high-density marks or bars.
Digital Signature
A mathematical technique to “sign” a message
by a sender. It is generated using an asymmetric cryptographic
algorithm and information that identifies the sender.
Digital Signature Standard (DSS)
A standard for generating a non-repudiatable electronic
code linking the user to a specific transaction. The standard
specifies an algorithm called the digital signature algorithm
(DSA).
Display Card
Smart Cards that also contain a keyboard and display plus
battery.
Top of page
E
e-Cash
Digital money, typically in the form of downloadable “digital
coins,” that can be stored in a bank account, on a
PC, or on a Smart Card.
e-com/e-Commerce (Electronic Commerce)
Business that is conducted electronically (up to and including
payment) and usually over the Internet.
e-Purse
See “Electronic Purse.”
e-Wallet
See “Electronic Wallet.”
EBT (Electronic Benefits Transfer)
EEPROM (Electronically Erasable Programmable Read Only
Memory)
A non-volatile memory where data can be erased electronically
and rewritten many times.
EF (Elementary File)
Memory organization for microprocessor cards. The smallest
logical entity that can be secured in the operating system.
File containing data.
EFTPOS (Electronic Funds Transfer at Point of Sale)
Any payment by a user at an acceptor that is processed electronically.
Electronic Purse
A stored value application in a chip on a card where units
may be spent with money. It may or may not be rechargeable.
Electronic Wallet
Generally refers to integrated circuit card or super Smart Card capable of executing a variety of financial transactions
and identification functions. More sophisticated than an
electronic purse, a wallet may include debit, credit, cash
card and other functions.
Embedding
The operation that consists in placing the module or Smart Card chip in the cavity of the card body.
Embossing
A technique of depressing the back surface of the card in
order to raise the front surface of the card with alphanumeric
information. The height of the embossed characters is approximately
.018 inches.
EMEA (Europe, Middle East, Africa)
Acronym for the geographic area covering Europe, the Middle
East, and Africa.
EMV (EuroPay, MasterCard, Visa)
Acronym for the collaboration of the EuroPay, MasterCard,
and Visa systems.
EMV Specifications
Specifications developed cooperatively by EuroPay, MasterCard
and Visa (EMV) to ensure global interoperability of chip
cards and terminals, including international debit/credit
and Smart Card.
Encoding
Machine-readable codes placed on the cards for use with
automatic readers, such as automatic tellers, cash dispensers,
and point-of-sale terminals. The most common form of encoding
is on a magnetic stripe. Other types include OCR-A printing,
Hollerith, bar codes, and telephone codes. Encoded information
on the card allows it to access automatic electronic reading
devices.
Encryption
The use of cryptographic algorithms to encode clear text
data (e.g., PINs) to ensure that the clear text data cannot
be learned.
Enrollment
The certification of an individual in a program, (e.g., healthcare,
welfare).
EPROM (Electronically Programmable Read Only Memory)
Memory which can be written to only once and can only be
reset using UV light when accessible.
ETSI (European Telecommunications Standards Institute)
The E.U. organization in charge of defining European telecommunications
standards. The most known European telecom standard is GSM.
Expiration Date
The date after which a card, account, or application ceases
to be valid for transaction use, unless an exception process
is used to gain permission. Also known as expiry date.
Top of page
F
Fab (short for Fabrication)
In the semiconductor industry, a facility that makes integrated
circuits from semiconductor wafers.
FeRAM (Ferroelectric RAM)
An emerging non-volatile memory technology (i.e., it does
not lose its data if the power is shut off). FeRAM can read
data thousands of times faster at far lower voltage than
other non-volatile memory devices.
Firmware
Low-level software that is similar to hardware features.
This software operates by exchanging commands directly with
an external device or with specific software loaded in the
product.
Foundry
A wafer production and processing plant. Usually referring
to a facility that is available on a contract basis.
FSTC (Financial Services Technology Consortium)
Top of page
G
GSM (Global System for Mobile Communications)
A European standard for digital cellular telephones that
has now been widely adopted throughout the world. Under
the ETSI standard, GSM telephones contain a SIM Smart Card
that identifies the individual subscriber. The phone number
and user identity are not associated with a specific telephone.
GSM handsets employ plug-in Smart Cards.
GSM 1800 (also DCS 1800 or PCN) network working at a frequency
of 1800 MHz. Used notably in Europe, Asia-Pacific and Australia.
GSM 1900 (PCS 1900) network working a frequency of 1900
MHz. used notably in the U.S. and Canada. GSM 900 (also
GSM) Used in over 100 countries, particularly in Europe
and Asia Pacific.
See ETSI, ITU, VAS.
Top of page
H
Handshake
A process between two devices such as a card, terminal,
or modem to establish a common dialog. Parameters of the
dialog may include speed, parity, number of bits, stop bits,
and other basic information.
Hardwired
Said of electronic circuits that perform fixed logical operations,
rather than a stored program. See “Masked.”
Health Card
A card used to store information about medical history or
insurance coverage. May be of any technology.
High Coercivity Magnetic Stripe
Magnetic tape that requires more than 2,750 oersted to encode,
change, or erase.
Hologram
Unique photographic printing that gives the image a three-dimensional
effect.
Home Banking
System that allows customers to access banking services
from home (e.g., inquiries, transfers) via devices such as
telephones, televisions, personal computers, and screen
phones.
Host System
A computer or intelligent terminal sometimes used to authorize
card transactions by checking hot-card lists and account
balances.
Hybrid Cards
Cards which support more than one technology, such as an
IC (integrated circuit) card with a magnetic stripe.
Top of page
I
IEC (International Electrotechnical Commission)
Initialization
Setting data fields on card. First stage of the card issuing
process. This process loads all the data common to one application
into the Smart Card’s EEPROM. See “Personalization.”
Internet
An open external electronic network based on the TCP/IP
protocol.
Interoperability
The ability of products manufactured by different companies
to operate correctly with one another.
ISO (International Organization for Standardization)
The main international standards organization. ISO works
to ensure that chip-makers, software developers, and Smart Card companies comply with the same specifications.
ISO 10202
Financial transaction cards – secure architecture
of financial transaction systems using integrated circuit
cards. Consists of multiple parts dealing with the card
life cycle, the transaction process, cryptographic key relationships,
secure application modules, algorithms, and key management.
ISO 10373
Identification cards – test methods.
ISO 10536
Identification cards – contactless integrated circuit(s)
cards. Consists of several parts dealing with the physical
dimensions of the cards, the dimensions and location of
the coupling area, optical properties, and logical data
structure.
ISO 11693
Optical cards – general characteristics.
ISO 11694
Optical cards – physical characteristics, dimensions,
and location of accessible optical area, optical properties,
and logical data structure.
ISO 7810
Identification cards – physical characteristics. Specifies
the nominal dimensions of identification cards.
ISO 7811
Identification cards – recording technique. Consists
of several parts specifying the location of embossing areas
as well as magnetic track locations.
ISO 7812
Identification cards – identification of issuers.
Consists of two elements - numbering system and applications
and registration procedures for card issuer identifiers.
ISO 7813
Identification cards – financial transaction cards.
Specifies the dimensions of financial cards (specific option
of 7810) as well as the structure of the data stored in
magnetic tracks 1 and 2.
ISO 7816
Identification cards – integrated circuit(s) cards
with contacts. Consists of several parts dealing with the
physical dimensions of the cards, the dimensions and the
contacts location, the electronic signals and the transmission
protocols, the inter-industry commands and responses, a
numbering system, registration procedure for application
identifiers, data for interchange and, in the future, of
the advanced commands as well as the security architecture.
ISO 9992
Financial transaction cards – messages between the
integrated circuit card and the card-accepting device. Specifies
the functions, messages, data elements as well as the structures
of multi-application financial cards built for interchange.
Issuer
An entity that issues cards.
ITSEC (Information Technology Security Evaluation Certification)
A set of criteria adopted by Europe and Australia used to
evaluate the security of software and computer components.
ITU (International Telecommunications Union)
The international agency in charge of telecommunications
coordination. Successor to CCITT. See “ETSI.”
Top of page
J
Java
An operating system developed by Sun Microsystems –
standards-based architecture designed to deliver cross-platform
portability.
Java Card
A set of specifications for running a subset of Java on
a Smart Card. See “Java” and “Open OS.”
JCF (Java Card Forum)
An industry association devoted to the advancement of the
Java Card specifications to serve the markets for Java Card.
Journal
A listing of all pertinent payment transactions and the
account(s) to which they apply.
Top of page
K
Key
A parameter used in conjunction with a cryptographic algorithm
that is computationally infeasible to deduce from the input
and output data. See also Public Key, Private Key, Symmetric
Key, and Cryptographic Key.
Key Escrow (or trusted third party)
A scheme whereby an authorized body keeps a copy of all
private keys, which can be revealed only upon court order.
See “Public Key.”
Key Management
The process by which cryptographic keys are provided for
use between authorized communicating parties and whereby
those keys are subject to secure procedures until they have
been destroyed.
Top of page
L
Lamination
A clear plastic (usually about .0015" thick) is placed
on the front and/or back of a card and fused to the printed
core with heat and pressure over a period of time (15-25
minutes). Its purpose is to protect the printing on the
card from being scratched off. Lamination finishes are available
in “polish” (P) or “matte” (M).
The polish or matte finish can be applied to either or both
sides of the card.
Legacy System
An information system that is outdated yet which still provides
useful service (e.g., punch card system).
Lifecyle
The time between the issuance of a Smart Card and its cancellation
or expiration.
Litho Printing (Lithographic Printing)
An aluminum plate is coated with one colour of oil base
ink that sticks only to the desired image on the plate.
The image coated with ink is then transferred (offset) onto
a rubber blanket. From the blanket, the image is transferred
onto the plastic sheet. Registration and detail, process
work, and cost are three benefits of litho printing.
Low Coercivity Magnetic Stripe
Regular magnetic stripes made of gamma ferric oxide are
called low-coercivity stripes, as opposed to new, high-coercivity
materials. Low-coercivity stripes are magnetized with 300
oersted magnetic fields.
Top of page
M
MAC (Message Authentication Code)
A digital code generated using a cryptographic algorithm
that shows that a message has not been altered.
Magnetic Stripe Card
A card that has a strip of magnetic tape material attached
to its surface. This is the standard technology used for
bank cards (ATM, credit, and debit cards), transportation
(subways, etc.), and for other applications. Generally requires
a reader that interfaces with a computer.
Mapping (also called Memory Map)
A functional representation of the different blocks in the
memory of a chip.
Mask
A set of instructions permanently stored into the ROM of
a Smart Card. See COS.
Master Key
Main secret code of a Smart Card. Depending on the card
model, this key may have some privileges, such as card reactivation
or erasing. The master key is usually owned by the card
issuer.
M-Commerce (Mobile Commerce)
The process of enabling mobile transactions via wireless
terminals, wireless Internet applications, etc. Mobile commerce
expands secure payment methods for retailers such as mobile
merchants, taxis, stadiums and vending machines.
Memory Card
A Smart Card containing a memory chip with read/write capability
and, in some cases, hardwired security functions. Some people
do not consider memory cards as Smart Cards.
Microprocessor
A microcomputer with all of its processing facilities on
a single chip, including registers and possible cache memory.
Also called microprocessor-on-a-chip. A microcomputer or
micro-controller also has data and program memory on the
same chip.
Module (also called Micro-Module)
The unit formed of a chip and a contact plate, with fine
connecting wires that are encapsulated in a drop of epoxy
resin. The module is embedded in a cavity in the card body.
Mondex
Re-loadable card-to-card multi-currency electronic purse.
It is unique in enabling person-to-person transactions and
in featuring no audit beyond the parties involved in the
transaction.
MPU (Microprocessor Unit)
See “Smart Card.”
Multi-Application Card
A Smart Card offering several services or applications (usually
from the same issuer) in the same chip.
MULTOS
A Smart Card open operating system developed by MAOSCO,
notably for financial transactions. See “Open OS.”
Top of page
N
Non-Repudiation
The originator cannot deny participation in a transaction
or transmission.
Non-Volatile Memory
A semiconductor memory that retains its content when power
is removed.
Top of page
O
Oersted
A unit of magnetic coercive force. A measure of how much
record current is necessary to write or erase encoded data.
Off-Line
A transaction during which no direct connection is made
to a central computer facility. See “On-Line.”
On-Line
A transaction during which a direct connection is made to
a central computer facility (usually via the public telephone
network or computer networks).
Offset
A condition which occurs when print from one card is transferred
onto another. This most often happens if the ink is still
wet or a silk-screened signature panel is pressed against
the front of another card, as in packing. If offset is visible,
it may cause the card to be rejected.
Also, a method of printing or engraving in which ink is
transferred from a newly printed surface to another surface
so that the final impression is in the same sense as the
plate or type.
Open OS (Operating System)
A card system that involves multiple issuers of cards that
can be used to access services or purchase products as multiple
services providers. An open system requires the processing
of interchange transactions, usually by an independent “system
operator.”
Optical Memory Card
Also known as laser cards, because a low-intensity laser
is used to burn holes on several microns in diameter into
a reflective material exposing a substratum of lower reflectivity.
The presence or absence of a burned hole represents bits.
The area of high and low reflectivity are read using a precision
light source.
OTA (Over the Air)
Transmission using microwave channels. This acronym is used
in the world of wireless telecommunications.
Top of page
P
Padding
One or more bits appended to a message in order to ensure
that it contains the required number of bits or bytes.
PC Card
Standard architecture-independent extension device. These
cards are typically used in laptop computers (formerly called
“PCMCIA”).
PCMCIA Card
A high-capacity, rigid, battery-powered card defined by
the Personal Computer Memory Card International Association.
It is generally used instead of more conventional floppy
disk drives in portable computers. The interface of the
reader is made by edge contacts on the card.
Personalization
The process of initializing a card with data that ties it
uniquely to a given cardholder and account.
The Smart Card is modified to contain the information for
one person. Graphical personalization modifies the visual
aspect of the card (holder’s name, photograph). Electrical
personalization modifies the information in the card’s
chip.
Pilot
Small-scale deployment of a smart technology solution in
the final customer’s environment. A pilot application
allows issuers to determine whether or not the solution
meets specific requirements.
PIN (Personal Identification Number)
In magnetic stripe cards, the secret number entered by the
card user for performing transactions. In Smart Cards, the
term is applied by extension to the principal secret code
of the user.
PIN Pad
A key pad for entering PIN values.
PKCS (Public-Key Cryptography Standards)
Informal inter-vendor standards developed in 1991 under
the impetus of RSA.
PKI (Public Key Infrastructure)
The software and/or hardware components necessary to manage
and enable the effective use of public key encryption technology,
particularly on a large scale. See “Public Key”
and “Cryptography.”
PKI Operations and Administration
The practices, procedures, tools, and technical insights
of how to support the day-to-day management (operations
and administration) of a high performance PKI environment
in an effective and secure manner.
Plastic Migration
Occurs over time when plastic materials are placed on top
of each other, causing them to lose their plasticizer (makes
plastic soft and pliable). For example, a plastic card becomes
brittle when placed in a wallet made of plasticized nylon
Plug or Plug-In Card
Preliminary cutout for SIM cards. See “SIM.”
Plug-In
A piece of software that adds features to a browser (or
other software package).
PMS Number (Pantone Matching System Number)
Ink colour mix number. Matching system used for matching
the ink on the plastic card to the colour chip. This is available
from Pantone, Inc., 55 Knickerbocker Road, Moonachie, N.Y.
07074 U.S.A.
Point of Sale (POS)
The location at which electronic payment transactions occur
for the exchange of value for goods or services. Many times
used to reference the hardware and/or terminal used for
the transaction.
Polyvinyl Chloride (PVC)
Material used to make plastic cards, including Smart Cards.
Pre-paid Card
A card used to store monetary value. It is used instead
of cash to pay for a single service such as pay telephone
or public transportation and, in some cases, may be reloaded
with additional value. It can be of any technology –
from paper with a magnetic stripe to a card with a combined
microprocessor and memory. Those which cannot have additional
value reloaded are typically a throw-away.
Private Key
In asymmetric cryptography, the key which is held only by
the user, either in hardware or software authentication
and encryption.
PROM (Programmable Read-Only Memory)
A read-only memory that can be written to only once. See
“EEPROM” and “Non-Volatile.”
Proof
A sample or prototype of the art instructions that the customer
has supplied the card manufacturer. There are four types
of proofs:
1) Colour Key
Most often used. It does not indicate exact colours; it merely
indicates colour break-up and demonstrate the graphics and
graphics position desired.
2) Black and White
Used normally when there are multiple backs being used
with the same front. It allows the customer to verify that
the copy in each case is correct.
3) Blue Line
It is the least desirable because it does not show colour
break-up. Used when faxing a proof to a customer or when
very fast turnaround on a proof is needed.
4) Press Proof
An exact sample that is produced on one of the printing
presses, laminated, and processed under actual manufacturing
conditions. This is very expensive since the press has to
be completely set up for this prototype run.
Protocol
The procedure for interchange of information between two
or more communicating parties. A set of rules and procedures
governing interchange of information between a Smart Card
and a reader. The ISO defines several protocols, including
T=0, T=1, and T=14.
Provider Healthcare
A person, organization, or institution that provides medical
services or services related to medical treatment.
Proximity
Contactless technology operating at a distance of approximately
10 cm. See “Reading Distance.”
Public Key
A cryptographic system that uses two different keys (public
and private) for encrypting and signing data. The most known
public key algorithm is RSA. See “Digital Signature,”
“Secret Key,” and “Certification Authority.”
Public Key Encryption
An asymmetric encryption cypher using different but mathematically
related keys for encryption and decryption. The sender and
recipient each holds a secret key known only to them, and
these are used with generally known public keys for sending
and receiving data. When either the secret or public key
is used to encrypt information, its related pair will decrypt
that information. Although both keys are mathematically
related, there is no known method to practically derive
a key's pair if that key is very large.
Public Key Infrastructure
Provides the basis for managing digital certificates/cryptographic
keys for the purpose of establishing trust between network
users through public-key cryptography protocols, standards
and services.
Public Key System
Cryptographic method using pairs of cryptographic keys,
one of which is secret and one is public. If encipherment
is done using the public key, decipherment requires application
of the corresponding secret key and vice versa.
PVC (Polyvinyl Chloride)
A type of plastic used in the production of laminated card
bodies for certain types of Smart Cards, notably those that
require embossing, signature panels or overlays. See also
“ABS.”
Top of page
R
RAD (Rapid Application Development)
An approach that relies on small teams using joint application
development and iterative-prototyping techniques to construct
interactive systems within several months.
Radio Frequency (RF)
Radio waves used by some cards and tags instead of contact
pads to communicate and provide power to the chip.
RAM (Random Access Memory)
High-speed memory used for temporary storage and an input/output
buffer in Smart Cards.
Reading Distance
The distance between the antenna of a reader and a tag over
which the read function can be effectively performed. See
“Proximity.”
Reg. “E” Registration Authority
The organization that receives individual users to verify
their credentials prior to emission of a certificate. Regulation
disseminated by the Federal Reserve Bank under the Electronic
Funds Transfer Act establishing the rights and responsibilities
of parties involved in electronic funds transfer transactions.
See “CA” and “Public Key.”
Retailer Card
Proprietary card issued by a retailer or retailing group.
RF Card
Generally a credit card size plastic which communicates
with a transceiver (transmitter and receiver), ranging in
distance up to twenty feet.
RF Illumination
Similar to regular illumination of an area with a flashlight,
but instead using low power RF energy with energy levels
equivalent to an ordinary flashlight.
RF Watermark
A design impressed, imbedded in, or printed on paper and
plastic during manufacture that is detectable when this
material is RF illuminated.
RFID (Radio Frequency Identification)
Automatic identification and data capture system comprising
readers and tags. Data is transferred using modulated inductive
or radiating electromagnetic carriers. See “Tag,”
“Reading Distance” and “Contactless.”
ROM (Read Only Memory)
Memory used to store the chip operating system (COS or MASK)
which cannot be altered once created.
RSA
A proprietary, asymmetric, paired-key algorithm named for
its creators – Rivest, Shamir and Adelman.
Top of page
S
SAM (Security Access Module)
A dedicated microprocessor unit that conducts active authentication
with a memory or microprocessor card.
Scratch Card
A card that is produced with special ink that can be scratched
away to reveal a number or message.
SDK (Software Development Kit)
A set of development utilities for writing software applications,
usually associated with specific environments.
Secret Key
The key used in a symmetric, cryptographic algorithm, where
the same key is used for encryption and decryption.
Secured Sockets Layer (SSL)
A security protocol that facilitates secure Internet transactions.
Security Features
Measures taken to achieve a reasonable freedom from accidental,
criminal, fraudulent, and vandalizing actions while maintaining
sensitivity to unexpected attacks or system failures that
cannot be distinguished from attacks.
Service Provider
An entity, such as a merchant, vending operator, or movie
theatre, that accepts cards for payment of products sold
and services rendered.
SET (Secure Electronic Transaction)
MasterCard and Visa's protocol for sending encrypted credit
card numbers over the Internet. The merchant never gets
to know the customer's card number, thus limiting fraud.
SHA-1 (Secure Hash Algorithm 1)
A hash algorithm developed by the National Institute of
Standards and Technology and the National Security Agency.
See “Certificate” and “Digital Signature.”
Signature Panel
Area on a card designated for the cardholder to sign his/her
name. A signature panel can be silk-screened or hot-stamped
onto a laminated card. A non-laminated card may not require
a special signature panel application, since the raw plastic
card will absorb the ink from a ballpoint pen.
SIM (Subscriber Identification Module)
A Smart Card for GSM systems holding the subscriber’s
identification number, security information, and memory
for a personal directory of numbers, thus allowing him to
call from any GSM device.
Skimming
Fraud consisting of altering the stored information (e.g.,
credit limit) on the magnetic stripe of financial cards.
Smart Card
An integrated circuit card with a microprocessor and memory,
formed of a plastic body with a chip (or module) embedded
in a special cavity. Also called IC card, chip card or memory
card (for certain types). A card capable of calculations.
Symmetric Key Cryptography
Cryptographic processes in which encryption and decryption
rely on the same secret key.
Top of page
T
Taggent (Tag Agent)
It is generally a microscopic substance placed in a material
for secure authentication of goods.
Tags
Packages other than bank-card sized plastic cards, such
as keys, which contain an integrated circuit chip. Term
for a transponder commonly used by AIM. A contactless electronic
device that can communicate with a reader by means of a
radio frequency signal. A tag is not really a “Smart Card” but rather a “smart device.”
Tamper Resistance
Methods used may include automatic erasure of sensitive
information, automatic shutdown, and automatic physical
locking.
Telephone Card
A card that can be utilized for the payment of telephone
calls. This card may be a prepaid card, a credit card, or
one that adds the cost of the call to the standard telephone
bill.
Terminal
Any device that can communicate with a Smart Card (e.g.,
reader, coupler). Certain terminals can operate in stand-alone
mode, while others must be connected to a central information
system to access an application.
Third Party Administration
Administration of a group plan by a person or organization
other than the carrier or insurer.
Tipping
Putting a coloured foil on top of embossed characters of
a card. This is done to make the characters easier to read
and for cosmetic purposes.
Track
In magnetic stripe and optical cards, the physical band
within the active area where data are sequentially stored.
Regular magnetic stripe cards have three tracks. Optical
cards may have more than 2,500 tracks.
Transaction
A business or payment event for the exchange of value for
goods or services.
Transponder
A radio or radar transmitter-receiver activated for transmission
by reception of a predetermined signal. Transponders are
active, battery powered, or passive, powered by the RF signals
sent from the interrogator or reader.
Travel and Entertainment Card (T&E Card)
A card issued primarily for travel and entertainment expense
activity by organizations and their employees.
Top of page
U
UML (Unified Modeling Language)
A language used for modeling object-oriented systems. UML
is particularly well suited for projects in C++ and Java.
URL (Uniform Resource Locator)
An address in a standard format that identified files on
the Internet (usually beginning with http://). The most
common way to access a URL is with a browser.
User Authentication
Procedure to demonstrate the identity or privileges of a
user. Biometric techniques establish the user ID; both ID
and privileges are established by encryption techniques.
Top of page
V
VAS (Value-Added Service)
Services offered to telecom customers extending beyond the
scope of voice transmission. See “GSM.”
Verify
A process step after the magnetic stripe has been applied
to the card but before packaging where the stripe is run
through a verifier which writes the card completely, reads
it, and then erases it to make sure that the stripe can
hold information at the time of embossing. This equipment
also cleans the card of any foreign material that may have
been deposited on the magnetic stripe during manufacture.
Visa Open Platform
A comprehensive system architecture allowing fast development
of globally interoperable Smart Card systems. “Open
Platform” is a variant of this architecture that is
not restricted to the banking industry.
VOIP (Voice Over Internet Protocol)
A technology for transmitting ordinary telephone calls over
the Internet.
Volatile Memory
A memory device (e.g., RAM) that does not retain stored information
when power is switched off. See “Non-Volatile.”
Top of page
W
Wafer
A disc of semiconductor material. The chips used in Smart Cards are delivered to the card maker in wafers.
Watermark
A translucent design impressed on paper and plastic during
manufacture that is visible when the paper is held to light.
Top of page
X
XML (Extensible Markup Language)
A specialized markup language that can be used to define
many different document types, each of which uses its own
element type names.
XOR
The XOR algorithm is a very simple form of encryption that
offers little protection against intrusion.
Top of page
Z
Zones
Areas of integrated circuit storage designated for free
access, specific applications that may each have a different
level of access.
|
