BKL Smart Card Security Basics

3
Table of Contents
Smart Card Basics ......................................................................................................................................................... 5
Overview & Applications .............................................................................................................................................. 5
Why Smart Cards........................................................................................................................................................... 6
SIM Cards and Telecommunication ......................................................................................................................................................... 6
Loyalty and Stored Value ............................................................................................................................................................................. 6
Securing Digital Content and Physical Assets...................................................................................................................................... 6
E-Commerce ..................................................................................................................................................................................................... 6
Bank Issued Cards .......................................................................................................................................................................................... 7
Healthcare Informatics ................................................................................................................................................................................. 7
Enterprise and Network Security .............................................................................................................................................................. 7
Physical Access ................................................................................................................................................................................................ 8
Types of Chip Cards ...................................................................................................................................................... 9
Card Construction .......................................................................................................................................................................................... 9
Contact Cards ................................................................................................................................................................................................10
Memory Cards ...............................................................................................................................................................................................11
CPU/MPU Microprocessor Multifunction Cards ................................................................................................................................11
Contactless Cards .........................................................................................................................................................................................12
Multi-mode Communication Cards .......................................................................................................................................................12
Hybrid Cards .................................................................................................................................................................................................12
Dual Interface Cards ....................................................................................................................................................................................12
Multi-component Cards .............................................................................................................................................................................12
Smart Card Form Factors ............................................................................................................................................ 13
Integrated Circuits and Operating Systems ............................................................................................................. 13
Smart Card Readers/Terminals .................................................................................................................................. 15
Readers ............................................................................................................................................................................................................15
Contact ...................................................................................................................................................................................................15
Contactless .............................................................................................................................................................................................15
Interface ..................................................................................................................................................................................................15
Reader & Terminal to Card Communication .......................................................................................................................................15
Applications Development .............................................................................................................................................................16
Terminals .........................................................................................................................................................................................................16
Smart Card Standards ................................................................................................................................................ 17
ICAO ..................................................................................................................................................................................................................17
Global System for Mobile Communication (GSM) ...........................................................................................................................18
OpenCard Framework .............................................................................................................................................................................18
Global Platform .............................................................................................................................................................................................19
Common Criteria ..........................................................................................................................................................................................19
Biometric Standards ....................................................................................................................................................................................19
System Planning & Deployment ................................................................................................................................ 21
Basic Set-Up....................................................................................................................................................................................................21
Security Planning .........................................................................................................................................................................................21
Value Applications .......................................................................................................................................................................................21
General Issuance...........................................................................................................................................................................................22
Multi-Application Card Systems .............................................................................................................................................................22
4
Deployment ...................................................................................................................................................................................................23
Smart Card Security (Section 1) ................................................................................................................................. 24
What Is Security? ..........................................................................................................................................................................................24
What Is Information Security?..................................................................................................................................................................24
The Elements Of Data Security ................................................................................................................................................................24
The Mechanisms Of Data Security .........................................................................................................................................................25
Data Integrity .................................................................................................................................................................................................26
Authentication ..............................................................................................................................................................................................26
Non-Repudiation ..........................................................................................................................................................................................26
Authorization and Delegation .................................................................................................................................................................26
Auditing and Logging ................................................................................................................................................................................27
Management .................................................................................................................................................................................................27
Cryptography/Confdentiality .................................................................................................................................................................27
Data Security Mechanisms and their Respective Algorithms ......................................................................................................28
Host-Based System Security .....................................................................................................................................................................30
Card-Based System Security .....................................................................................................................................................................31
Threats To Cards and Data Security .......................................................................................................................................................31
Security Architectures ................................................................................................................................................................................32
PKI-Public Key Infrastructure ....................................................................................................................................................................33
Conclusions ................................................................................................................................................................. 34
Glossary ....................................................................................................................................................................... 35
Attributions ................................................................................................................................................................. 53
5
Smart Card Basics
Welcome to Smart Card Basics. This is a sponsored site brought to you by a number of leading manufacturers in the
smart card industry. We have tried to make this site informative with out a single perspective or a marketing pitch. It is
our belief that informed users make better choices, which in turn leads to a stronger market for all.
Smart Card or Chip card technology is fast becoming commonplace in our culture and daily lives. We hope that this
site will bring you a little closer in your understanding of this exciting technology and the benefts it can bring to your
applications.
If you have specifc questions regarding a specifc technology discussed below feel free to send us an email and the
appropriate site sponsor will respond.
Overview & Applications
A smart card, a type of chip card, is a plastic card embedded with a computer chip that stores and transacts
data between users. This data is associated with either value or information or both and is stored and processed
within the cards chip, either a memory or microprocessor. The card data is transacted via a reader that is part of a
computing system. Smart card-enhanced systems are in use today throughout several key applications, including
healthcare, banking, entertainment and transportation. To various degrees, all applications can beneft from the
added features and security that smart cards provide. According to Eurosmart, worldwide smart card shipments
will grow 10% in 2010 to 5.455 billion cards. Markets that have been traditionally served by other machine readable
card technologies such as bar-code and magnetic stripe are converting as the calculated return on investment is
revisited by the each card issuer year after year.
First introduced in Europe nearly three decades ago, smart cards debuted as a stored value tool for pay phones to
reduce theft. As smart cards and other chip-based cards advanced, people found new ways to use them, including
charge cards for credit purchases and for record keeping in place of paper.
In the U.S., consumers have been using chip cards for everything from visiting libraries to buying groceries to
attending movies, frmly integrating them into our everyday lives. Several U.S. states have chip card programs
in progress for government applications ranging from the Department of Motor Vehicles to Electronic Beneft
Transfer (EBT). Many industries have implemented the power of smart cards into their products such as GSM digital
cellular phones to TV-satellite decoders.
6
Why Smart Cards
Smart cards greatly the convenience and security of any transaction. They provide tamper-proof storage of user
and account identity. Smart card systems have proven to be more reliable than other machine-readable cards,
such as magnetic-stripe and bar-code, with many studies showing card read life and reader life improvements
demonstrating much lower cost of system maintenance. Smart cards also provide vital components of system
security for the exchange of data throughout virtually any type of network. They protect against a full range of
security threats, from careless storage of user passwords to sophisticated system hacks. The costs to manage
password resets for an organization or enterprise are very high, thus making smart cards a cost-efective solution
in these environments. Multifunction cards can also serve as network system access and store value and other
data. Worldwide, people are now using smart cards for a wide variety of daily tasks. These include:
SIM Cards and Telecommunication
The largest use application of smart card technology is in Subscriber Identity Modules (SIM) as required by the
standard for all Global System for Mobile Communication (GSM) phone systems; each phone utilizes the unique
identity as presented in the SIM to manage the rights and privileges on that network and all other networks
that are tied by agreement to roam. This use case represents over half of all smart cards consumed each year.
The Universal Subscriber Identifcation Modules (USIM) is also being used to bridge the identity gap as phones
transition between a GSM and a UTMS or 3G network operator.
Loyalty and Stored Value
Another use of smart cards is stored value, particularly loyalty programs that track and incentivize repeat customers.
Stored value is more convenient and safer than cash. For issuers, foat is realized on unspent balances and residuals
on balances that are never used.
For multi-chain retailers that administer loyalty programs across many diferent businesses and POS systems,
smart cards can centrally locate and track all data. The applications are numerous, from transportation systems,
including parking and laundry, to gaming, as well as all retail and many entertainment uses.
Securing Digital Content and Physical Assets
In addition to information security, smart cards achieve greater security of services and equipment, because the
card restricts access to all but the authorized user(s). Information and entertainment is being delivered via satellite
or cable to the home DVR player or cable box or cable-enabled PC. Home delivery of service is encrypted and
decrypted via the smart card per subscriber access. Digital video broadcast systems have already adopted smart
cards as electronic keys for protection. Smart cards can also act as keys to machine settings for sensitive laboratory
equipment and dispensers for drugs, tools, library cards, health club equipment etc. In some environments, smart
card enabled- SD and microSD cards are protecting digital content as it is being delivered to the mobile hand-sets/
phones.
E-Commerce
Smart cards make it easy for consumers to securely store information and cash for purchasing. The advantages
they ofer consumers are:
The card can carry personal account, credit and buying preference information that can be accessed with a
mouse click instead of flling out forms.
Cards can manage and control expenditures with automatic limits and reporting.
Internet loyalty programs can be deployed across multiple vendors with disparate POS systems and the card
acts as a secure central depository for points or rewards.
7
Micro Payments - paying nominal costs without transaction fees associated with credit cards, or for amounts
too small for cash, like reprint charges.
Bank Issued Cards
Around the globe the bank controlled Co-ops (Visa, MasterCard, Discover, and American Express) have rolled out
millions of smart cards under the EMV (Europay, MasterCard, VISA) standard. Often referred to as chip and PIN
cards; these are the de facto type of cards for bank issuance in most countries except the U.S. As Canada has just
recently started its regulatory shift of EMV cards the U.S. will be the sole island in North America that has not yet
made the adoption. This adoption is being driven by the increased types of fraud for both credit and debit cards.
Smart cards have been proven to secure a transaction with regularity, so much so that the EMV standard has
become the norm.
As banks enter competition in newly opened markets such as investment brokerages, they are securing transactions
via smart cards at an increased rate. This means:
Smart cards increase trust through improved security. Two-Factor Authentication insures protection of data
and value across the internet. Threats such as the Man in the middle and Trojan Horses that replay a user
name and password are eliminated
This is improving customer service. Customers can use secure smart cards for fast, 24-hour electronic funds
transfers over the internet
Costs are reduced: transactions that normally would require a bank employees time and paperwork can be
managed electronically by the customer with a smart card
Healthcare Informatics
The explosion of health care data brings up new challenges to the efciency of patient care and privacy safeguards.
Smart cards solve both challenges with secure, mobile storage and distribution of everything from emergency
data to benefts status. Many socialized countries have already adopted smart cards as credentials for their health
networks and as a means of carrying an immediately retrievable Electronic Health Record (EHR). Benefts include:
Rapid, accurate identifcation of patients; improved treatment
Reduction of fraud with authentication of provider/patient visits and insurance eligibility
A convenient way to carry data between systems or to sites without systems
Reduction of records maintenance costs
Embedded Medical Device Control
For years, embedded controllers have been in many types of machines, governing the quality and precision of
their function. In Healthcare, embedded smart cards ensure the best and safest delivery of care in devices such as
dialysis machines, blood analyzers and laser eye surgery equipment.
Enterprise and Network Security
Microsoft Windows, Sun Microsystems (a subsidiary of Oracle Corporation) and all new versions of Linux have
built-in software hooks to deploy smart cards as a replacement for user name and passwords. Microsoft has built
a complete credential platform around the Scard dll and Crypto Service Provider (CSP). With enterprises realizing
that Public Key Infrastructure (PKI)-enhanced security is what is needed for widely deployed employees, a smart
card badge is the new standard. Business-to-business Intranets and Virtual Private Networks (VPNs) are enhanced
by the use of smart cards. Users can be authenticated and authorized to have access to specifc information based
on preset privileges. Additional applications range from secure email to electronic commerce.
8
Physical Access
Businesses and universities of all types need simple identity cards for all employees and students. Most of these
people are also granted access to certain data, equipment and departments according to their status. Multifunction,
microprocessor-based smart cards incorporate identity with access privileges and can also store value for use in
various locations, such as cafeterias and stores. Many hotels have also adopted ISO7816 type card readers into the
hotel rooms for use by the staf.
All U.S. government and many corporations have now incorporated a contactless reader as an access point to
their facilities. Some companies have incorporated a biometric component to this credential as well. The older
systems deploy a simple proximity card system as the gate keeper. But as the security requirements have become
stronger and the cost of ISO14443 standard systems have become cheaper, the world is rapidly adopting this new
standard. This market shift is partially driven by the US governments adoption of the mandated Personal Identity
Verifcation (PIV) standard. There is a rich ecosystem of suppliers and integrators for this standard.
9
Types of Chip Cards
Smart cards are defned according to 1). How the card data is read and written and 2). The type of chip implanted
within the card and its capabilities. There is a wide range of options to choose from when designing your system.
Figure 3-1: Types of chip cards
Card Construction
Mostly all chip cards are built from layers of difering materials, or substrates, that when brought together properly
gives the card a specifc life and functionality. The typical card today is made from PVC, Polyester or Polycarbonate.
The card layers are printed frst and then laminated in a large press. The next step in construction is the blanking
or die cutting. This is followed by embedding a chip and then adding data to the card. In all, there may be up to 30
steps in constructing a card. The total components, including software and plastics, may be as many as 12 separate
items; all this in a unifed package that appears to the user as a simple device.
10
Contact Cards
These are the most common type of smart card. Electrical contacts located on the outside of the card connect to a
card reader when the card is inserted. This connector is bonded to the encapsulated chip in the card.
Typical smart card module
*Image Courtesty of CardLogix
VCC
CLK
GRD
I/O
NO
CONNECT
NO
CONNECT
NO
CONNECT
NO
CONNECT
Typical Module
Card Contacts
C1
C2
C3
C4
C5
C6
C7
C8
Increased levels of processing power, fexibility and memory will add cost. Single function cards are usually the
most cost-efective solution. Choose the right type of smart card for your application by determining your required
level of security and evaluating cost versus functionality in relation to the cost of the other hardware elements
found in a typical workfow. All of these variables should be weighted against the expected lifecycle of the card. On
average the cards typically comprise only 10 to 15 percent of the total system cost with the infrastructure, issuance,
software, readers, training and advertising making up the other 85 percent. The following chart demonstrates
some general rules of thumb:
Card Function Trade-Ofs
11
Memory Cards
Memory cards cannot manage fles and have no processing power for data management. All memory cards
communicate to readers through synchronous protocols. In all memory cards you read and write to a fxed address
on the card. There are three primary types of memory cards: 1). Straight, 2). Protected, and 3). Stored Value. Before
designing in these cards into a proposed system the issuer should check to see if the readers and/or terminals
support the communication protocols of the chip. Most contactless cards are variants on the protected memory/
segmented memory card idiom.
Straight Memory Cards 1)
These cards just store data and have no data processing capabilities. Often made with I2C or serial fash
semiconductors, these cards were traditionally the lowest cost per bit for user memory. This has now changed
with the larger quantities of processors being built for the GSM market. This has dramatically cut into the
advantage of these types of devices. They should be regarded as foppy disks of varying sizes without the lock
mechanism. These cards cannot identify themselves to the reader, so your host system has to know what type
of card is being inserted into a reader. These cards are easily duplicated and cannot be tracked by on-card
identifers
Protected / Segmented Memory Cards 2)
These cards have built-in logic to control the access to the memory of the card. Sometimes referred to as
Intelligent Memory cards, these devices can be set to write protect some or the entire memory array. Some
of these cards can be confgured to restrict access to both reading and writing. This is usually done through
a password or system key. Segmented memory cards can be divided into logical sections for planned multi-
functionality. These cards are not easily duplicated but can possibly be impersonated by hackers. They typically
can be tracked by an on-card identifer.
Stored Value Memory Cards 3)
These cards are designed for the specifc purpose of storing value or tokens. The cards are either disposable or
rechargeable. Most cards of this type incorporate permanent security measures at the point of manufacture.
These measures can include password keys and logic that are hard-coded into the chip by the manufacturer.
The memory arrays on these devices are set-up as decrements or counters. There is little or no memory left for
any other function. For simple applications such as a telephone card, the chip has 60 or 12 memory cells, one
for each telephone unit. A memory cell is cleared each time a telephone unit is used. Once all the memory
units are used, the card becomes useless and is thrown away. This process can be reversed in the case of
rechargeable cards.
CPU/MPU Microprocessor Multifunction Cards
These cards have on-card dynamic data processing capabilities. Multifunction smart cards allocate card memory
into independent sections or fles assigned to a specifc function or application. Within the card is a microprocessor
or microcontroller chip that manages this memory allocation and fle access. This type of chip is similar to those
found inside all personal computers and when implanted in a smart card, manages data in organized fle structures,
via a card operating system (COS). Unlike other operating systems, this software controls access to the on-card user
memory. This capability permits diferent and multiple functions and/or diferent applications to reside on the card,
allowing businesses to issue and maintain a diversity of products through the card. One example of this is a debit
card that also enables building access on a college campus. Multifunction cards beneft issuers by enabling them
to market their products and services via state-of-the-art transaction and encryption technology. Specifcally, the
technology enables secure identifcation of users and permits information updates without replacement of the
installed base of cards, simplifying program changes and reducing costs. For the card user, multifunction means
greater convenience and security, and ultimately, consolidation of multiple cards down to a select few that serve
many purposes.
There are many confgurations of chips in this category, including chips that support cryptographic PKI functions
with on-board math co-processors or JavaCard with virtual machine hardware blocks. As a rule of thumb - the
more functions, the higher the cost.
12
Contactless Cards
These are smart cards that employ a radio frequency (RFID) between card and reader without physical insertion of
the card. Instead, the card is passed along the exterior of the reader and read. Types include proximity cards which
are implemented as a read-only technology for building access. These cards function with a very limited memory
and communicate at 125 MHz. Another type of limited card is the Gen 2 UHF Card that operates at 860 MHz to
960 MHz True read and write contactless cards were frst used in transportation for quick decrementing and re-
loading of fare values where their lower security was not an issue. They communicate at 13.56 MHz, and conform
to the ISO14443 standard. These cards are often protected memory types. They are also gaining popularity in retail
stored value, since they can speed-up transactions and not lower transaction processing revenues (i.e. VISA and
MasterCard), like traditional smart cards.
Variations of the ISO14443 specifcation include A, B, and C, which specify chips from either specifc or various
manufacturers. A=NXP-(Philips) B=Everybody else and C=Sony only chips. Contactless card drawbacks include the
limits of cryptographic functions and user memory, versus microprocessor cards and the limited distance between
card and reader required for operation.
Multi-mode Communication Cards
These cards have multiple methods of communications, including ISO7816, ISO14443 and UHF gen 2. How the
card is made determines if it is a Hybrid or dual interface card.
The term can also include cards that have a magnetic-stripe and or bar-code as well.
Hybrid Cards
Hybrid cards have multiple chips in the same card. These are typically attached to each interface separately, such
as a MIFARE chip and antenna with a contact 7816 chip in the same card.
Dual Interface Cards
These cards have one chip controlling the communication interfaces. The chip may be attached to the embedded
antenna through a hard connection, inductive method or with a fexible bump mechanism.
Multi-component Cards
These types of cards are for a specifc market solution. For example, there are cards where the fngerprint sensor is
built on the card. Or one company has built a card that generates a one-time password and displays the data for
use with an online banking application. Vault cards have rewriteable magnetic stripes. Each of these technologies
is specifc to a particular vendor and is typically patented.
13
Smart Card Form Factors
The expected shape for cards is often referred to as CR80. Banking and ID cards are governed by the ISO 7810
specifcation. But this shape is not the only form factor that cards are deployed in. Specialty shaped cutouts of
cards with modules and/or antennas are being used around the world. The most common shapes are SIM. SD and
MicroSD cards can now be deployed with the strength of smart card chips. USB fash drive tokens are also available
that leverage the same technology of a card in a diferent form factor.
Integrated Circuits and Operating Systems
The two primary types of smart card operating systems: 1). Fixed File Structure and 2). Dynamic Application
System. As with card types, selection of a card operating system depends on the application the card is developed
for. The other defning diference is in the encryption capabilities of the operating system and the chip. The types
of encryption are Symmetric Key and Asymmetric Key (Public Key).
The chip selection for these functions is vast and supported by many semiconductor manufacturers. What
separates a smart card chip from other microcontrollers is often referred to as trusted silicon. The device itself is
designed to securely store data withstanding outside electrical tampering or hacking. These additional security
features include a long list of mechanisms such as no test points, special protection metal masks and irregular
layouts of the silicon gate structures. The trusted silicon semiconductor vendor list below is current for 2010.
Atmel
EM systems
Felicia
Infneon
Microchip
NXP
Renasas
Samsung
Sharp
Sony
ST Microelectronics
Many of the features that users have come to expect, such as specifc encryption algorithms, have been incorporated
into the hardware and software libraries of the chip architectures. This can often result in a card manufacturer not
future-proofng their design by having their card operating systems only ported to a specifc device. Care should
be taken in choosing the card vendor that can support your project over time as card operating system-only
vendors come in and out of the market. The tools and middleware that support card operating systems are as
important as the chip itself. The tools to implement your project should be easy to use and give you the power to
deploy your project rapidly.
See the security section of this site for more information regarding PKI.
Fixed File Structure 1)
This type treats the card as a secure computing and storage device. Files and permissions are set in advance by
the issuer. These specifc parameters are ideal and economical for a fxed type of card structure and functions that
will not change in the near future. Many secure stored value and healthcare applications are utilizing this type
of card. An example of this kind of card is a low-cost employee multi-function badge or credential. Contrary to
some biased articles, these style cards can be used very efectively with a stored biometric component and reader.
Globally, these types of microprocessor cards are the most common.
14
Dynamic Application System 2)
This type of operating system, which includes the JavaCard and proprietary MULTOS card varieties, enables
developers to build, test, and deploy diferent on card applications securely. Because the card operating systems
and applications are more separate, updates can be made. An example card is a SIM card for mobile GSM where
updates and security are downloaded to the phone and dynamically changed. This type of card deployment
assumes that the applications in the feld will change in a very short time frame, thus necessitating the need for
dynamic expansion of the card as a computing platform. The costs to change applications in the feld are high, due
to the ecosystem requirements of security for key exchange with each credential. This is a variable that should be
scrutinized carefully in the card system design phase.
15
Smart Card Readers/Terminals
Readers and terminals operate with smart cards to obtain card information and perform a transaction.
Generally, a reader interfaces with a PC for the majority of its processing requirements. A terminal is a self-contained
processing device. Both readers and terminals read and write to smart cards.
Readers
Contact
This type of reader requires a physical connection to the cards, made by inserting the card into the reader.
This is the most common reader type for applications such as ID and Stored Value. The card-to-reader
communications is often ISO 7816 T=0 only. This communication has the advantage of direct coupling to the
reader and is considered more secure. The other advantage is speed. The typical PTS Protocal Type Selection
(ISO7816-3) negotiated speed can be up to 115 kilo baud. This interface enables larger data transport without
the overhead of anti-collision and wireless breakdown issues that are a result from the card moving in and out
of the reader antenna range.
Contactless
This type of reader works with a radio frequency that communicates when the card comes close to the reader.
Many contactless readers are designed specifcally for Payment, Physical Access Control and Transportation
applications. The dominant protocol under the ISO 14443 is MIFARE, followed by the EMV standards.
Interface
A contact reader is primarily defned by the method of its interface to a PC. These methods include RS232
serial ports, USB ports, PCMCIA slots, foppy disk slots, parallel ports, infrared IRDA ports and keyboards and
keyboard wedge readers. Some readers support more than one type of card such as the tri mode insert
readers from MagTek. These readers support magnetic stripe-contact and contactless read operations all in
one device.

Reader & Terminal to Card Communication
All cards and readers that follow ISO 7816-3 standards have a standardized set of commands that enable
communication for CPU cards.
These commands, called APDUs (Application Protocol Data Units) can be executed at a very low level, or they can
be scripted into APIs which enable the user to send commands from an application to a reader.
Photo Courtesy of Precise Biometrics Photo Courtesty of Magtek
16
The reader communicates with the card where the response to the request takes place.
From a technical perspective, the key is the APIs that are chosen. These layers of software can enable efective
application communication with smart cards and readers from more than one manufacturer. Most terminal SDKs
come with a customized API for that platform. They are typically in some form of C, C++ or C # and will have the
header fles included. Many smart card readers have specifc drivers/APIs for memory cards. For ISO7816 processor
cards the PC/SC interface is often employed, but it has limitations. This is especially important if you have both
memory and microprocessor cards that can are used in the same system. Some APIs give the software designer the
ability to select readers from multiple vendors.
The following are some of the function calls provided for transporting APDUs and their functions:
Reader Select
Reader Connect
Reader Disconnect
Card Connect
Card Disconnect
Proprietary Commands for specifc readers and cards
Allow ISO Commands to be passed to cards using standard ISO format
Allow ISO Commands to be sent to cards using a simplifed or shortcut format (As in the CardLogix Winplex
API)
Applications Development
The development of PC applications for readers has been simplifed by the Personal Computer/Smart Card (PC/
SC) standard. This standard is supported by all major operating systems. The problem with the PC/SC method
is that it does not support all of the reader functions ofered by each manufacturer, such as LED control and
card latching/locking. When just using the drivers for each reader manufacturer, there is no connection to the
functions of the card.
The better choice is Application Programming Interfaces (APIs) that are part of readily available in Software
Development Kits (SDKs) that support specifc manufacturers card families. Check these kits for a variety of
reader manufacturers supported. M.O.S. T. and Smart Toolz from CardLogix are good examples of a well
rounded Smart Card SDK.
Terminals
Unlike readers, terminals are more similar to a self contained PC, with most featuring operating systems and
development tools. Terminals are often specifc to the use case such as Security, Health Informatics or POS.
Connectivity in the terminals is typically via Transmission Control Protocol/Internet Protocol (TCP-IP) or GSM
network. Many terminals today feature regular OSs making deployment easier such as Datastrip with windows CE
or Exadigm with Linux.
17
Smart Card Standards
Primarily, smart card standards govern physical properties, communication characteristics, and application
identifers of the embedded chip and data. Almost all standards refer to the ISO 7816-1,2 & 3 as a base reference.
The International Organization For Standardization (ISO) facilitates the creation of voluntary standards through
a process that is open to all parties. ISO 7816 is the international standard for integrated-circuit cards (commonly
known as smart cards) that use electrical contacts on the card, as well as cards that communicate with readers and
terminals without contacts, as with radio frequency (RF/Contactless) technology. Anyone interested in obtaining a
technical understanding of smart cards needs to become familiar with what ISO 7816 and 14443 does NOT cover
as well as what it does. Copies of these standards can be purchased through ANSI American National Standards
Institute: www.ansi.org . Copies of ISO standards are for sale at www.iso.org.
Application-specifc properties are being debated with many large organizations and groups proposing their
standards. Open system card interoperability should apply at several levels: 1). To the card itself, 2). The cards access
terminals (readers), 3). The networks and 4). The card issuers own systems. Open system card interoperability will
only be achieved by conformance to international standards.
This sites sponsors are committed to compliance with ISO and ITSEC security standards as well as industry initiatives
such as EMV, the Global Platform and PC/SC specifcations.
These organizations are active in smart card standardization: The following standards and the organizations that
maintain them are the most prevalent in the smart card industry:
ISO/IEC is one of the worldwide standard-setting bodies for technology, including plastic cards. The primary
standards for smart cards are ISO/IEC 7816, ISO/IEC 14443, ISO/IEC 15693 and ISO/IEC 7501.
ISO/IEC 7816 is a multi-part international standard broken into fourteen parts. ISO/IEC 7816 Parts 1, 2 and 3
deal only with contact smart cards and defne the various aspects of the card and its interfaces, including the
cards physical dimensions, the electrical interface and the communications protocols. ISO/IEC 7816 Parts 4, 5,
6, 8, 9, 11, 13 and 15 are relevant to all types of smart cards (contact as well as contactless). They defne the card
logical structure (fles and data elements), various commands used by the application programming interface
for basic use, application management, biometric verifcation, cryptographic services and application naming.
ISO/IEC 7816 Part 10 is used by memory cards for applications such as pre-paid telephone cards or vending
machines. ISO/IEC 7816 Part 7 defnes a secure relational database approach for smart cards based on the SQL
interfaces (SCQL).
ISO/IEC 14443 is an international standard that defnes the interfaces to a close proximity contactless smart
card, including the radio frequency (RF) interface, the electrical interface, and the communications and anti-
collision protocols. ISO/IEC 14443 compliant cards operate at 13.56 MHz and have an operational range of up
to 10 centimeters (3.94 inches). ISO/IEC 14443 is the primary contactless smart card standard being used for
transit, fnancial, and access control applications. It is also used in electronic passports and in the FIPS 201 PIV
card.
ISO/IEC 15693 describes standards for vicinity cards. Specifcally, it establishes standards for the physical
characteristics, radio frequency power and signal interface, and anti-collision and transmission protocol for
vicinity cards that operate to a maximum of 1 meter (approximately 3.3 feet).
ISO/IEC 7501 describes standards for machine-readable travel documents and has made a clear
recommendation on smart card topology.
ICAO
The International Civil Aviation Organization (ICAO) issues guidance on the standardization and specifcations for
Machine Readable Travel Documents (MRTD) such as passports, visas, and travel documents. ICAO has published
the specifcation for electronic passports using a contactless smart chip to securely store traveler data.
FIPS (Federal Information Processing Standards) Developed by the Computer Security Division within the National
Institute of Standards and Technology (NIST). FIPS standards are designed to protect federal assets, including
18
computer and telecommunications systems. The following FIPS standards apply to smart card technology and
pertain to digital signature standards, advanced encryption standards, and security requirements for cryptographic
modules.
FIPS 140 (1-3): The security requirements contained in FIPS 140 (1-3) pertain to areas related to the secure
design and implementation of a cryptographic module, specifcally: cryptographic module specifcation;
cryptographic module ports and interfaces; roles, services, and authentication; fnite state model; physical
security; operational environment; cryptographic key management; electromagnetic interference/
electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.
FIPS 201: This specifcation covers all aspects of multifunction cards used in identity management systems
throughout the U.S. government.
EMV - Europay, MasterCard and Visa formed EMV Company, LLC and created the Integrated Circuit Card
Specifcations for Payment Systems. These specifcations are related to ISO7816 and create a common technical
basis for card and system implementation of a stored value system. Integrated Circuit Card Specifcations for
Payment Systems can be obtained from a Visa, MasterCard or Europay member bank.
PC/SC - A globally implemented standard for cards and readers, called the PC/SC specifcation. This standard only
applies to CPU contact cards. Version 2.0 also dictates PIN pad to card communications. Apple, Oracle-Sun, Linux
and Microsoft all support this standard.
Microsoft has built PC/SC into their smart card services as a framework that supports many security mechanisms
for cards and systems. PC/SC is now a fairly common middleware interface for PC logon applications. The standard
is a highly abstracted set of middleware components that allow for the most common reader card interactions.
CEN (Comite Europeen de Normalisation) and ETSI (European Telecommunications Standards Institute) is focused
on telecommunications, as with the GSM SIM for cellular telephones. GSM 11.11 and ETSI300045. CEN can be
contacted at Rue de Stassart, 36 B-1050 Brussels, Belgium, attention to the Central Secretariat.
HIPAA - The Health Insurance Portability and Accountability Act adopts national standards for implementing
a secure electronic health transaction system in the U.S. Example transactions afected by this include claims,
enrollment, eligibility, payment and coordination of benefts. Smart cards are governed by the requirements of
HIPAA pertaining to data security and patient privacy.
IC Communications Standards - These existed for non-volatile memories before the chips were adopted for smart
card use. This specifcally applies to the I2C and SPI EEPROM interfaces.
Global System for Mobile Communication (GSM)
The GSM standard is dominant in the cell phone industry and uses smart cards called Subscriber Identifcation
Modules (SIMs) that are confgured with information essential to authenticating a GSM-compliant mobile phone,
thus allowing a phone to receive service whenever the phone is within coverage of a suitable network. This
standard is managed by the European Telecommunication Standards Institute. The two most common standards
for cards are 11.11 and 11.14.
OpenCard Framework
(Obsolete standard: for information only)
The OpenCard Framework was a set of guidelines announced by IBM, Netscape, NCI, and Sun Microsystems for
integrating smart cards with network computers. The guidelines were based on open standards and provided
an architecture and a set of application program interfaces (APIs) that enable application developers and service
providers to build and deploy smart card solutions on any OpenCard-compliant network computer. Through the
use of a smart card, an OpenCard-compliant system should have enabled access to personalized data and services
from any network computer and dynamically download from the Internet all device drivers that are necessary
to communicate with the smart card. By providing a high-level interface which can support multiple smart card
19
types, the OpenCard Framework was intended to enable vendor-independent card interoperability. The system
incorporated Public Key Cryptography Standard (PKCS) - 11 and was supposed to be expandable to include other
public key mechanisms.
Global Platform
GlobalPlatform (GP) is an international, non-proft association. Its mission is to establish, maintain and drive
adoption of standards to enable an open and interoperable infrastructure for smart cards, devices and systems
that simplifes and accelerates development, deployment and management of applications across industries. The
GP standard has been adopted by virtually all the banks worldwide for JavaCard-based loading of cryptographic
data. The standard establishes mechanisms and policies that enable secure channel communications with a
credential.
Common Criteria
Common Criteria (CC) is an internationally approved security evaluation framework providing a clear and reliable
evaluation of the security capabilities of IT products, including secure ICs, smart card operating systems, and
application software. CC provides an independent assessment of a products ability to meet security standards.
Security-conscious customers, such as national governments, are increasingly requiring CC certifcation in making
purchasing decisions. Since the requirements for certifcation are clearly established, vendors can target very
specifc security needs while providing broad product oferings.
Biometric Standards
Many new secure ID system implementations are using both biometrics and smart cards to improve the security
and privacy of an ID system.
ANSI-INCITS 358-2002, BioAPI Specifcation - (ISO/IEC 19784-1). BioAPI is intended to provide a high-level
generic biometric authentication modelone suited for any form of biometric technology. It covers the
basic functions of enrollment, verifcation, and identifcation, and includes a database interface to allow a
biometric service provider (BSP) to manage the technology device and identifcation population for optimum
performance. It also provides primitives that allow the application to separately manage the capture of
samples on a client workstation, and the enrollment, verifcation, and identifcation functions on a server. The
BioAPI framework has been ported to Win32, Linux, UNIX, and WinCE. Note that BioAPI is not optimum for a
microcontroller environment such as might be embedded within a door access control reader unit or within a
smart card processor. BioAPI is more suitable when there is a general-purpose computer available.
ANSI-INCITS 398, Common Biometric Exchange Formats Framework (CBEFF) - (ISO/IEC 19785-1). The Common
Biometric Exchange Formats Framework (CBEFF) describes a set of data elements necessary to support
biometric technologies and exchange data in a common way. These data can be placed in a single fle used
to exchange biometric information between diferent system components or between systems. The result
promotes interoperability of biometric-based application programs and systems developed by diferent
vendors by allowing biometric data interchange. This specifcation is a revised (and augmented) version of
the original CBEFF, the Common Biometric Exchange File Format, originally published as NISTIR 6529.
ANSI-INCITS Biometric Data Format Interchange Standards. ANSI-INCITS has created a series of standards
specifying the interchange format for the exchange of biometric data. These standards specify a data record
interchange format for storing, recording, and transmitting the information from a biometric sample within a
CBEFF data structure. The ANSI-INCITS published data interchange standards are shown below. There are ISO
equivalents to each standard listed here.
ANSI-INCITS 377-2004 - Finger Pattern Based Interchange Format
ANSI-INCITS 378-2004 - Finger Minutiae Format for Data Interchange
ANSI-INCITS 379-2004 - Iris Interchange Format
20
ANSI-INCITS 381-2004 - Finger Image Based Interchange Format
ANSI-INCITS 385-2004 - Face Recognition Format for Data Interchange
ANSI-INCITS 395-2005 - Signature/Sign Image Based Interchange Format
ANSI-INCITS 396-2004 - Hand Geometry Interchange Format
ISO/IEC 19794 series on biometric data interchange formats. Part 1 is the framework, Part 2 defnes the fnger
minutiae data, Part 3 defnes the fnger pattern spectral data, Part 4 defnes the fnger image data, Part 5
defnes the face image data, Part 6 defnes the iris image data, and still in development, Part 7 will defne the
signature/sign time series data, Part 8 will defne the fnger pattern skeletal data and Part 8 will defne the
vascular image data.
21
System Planning & Deployment
Smart card system design requires advance planning to be successful and to avoid problems. It is highly
recommended that you graphically diagram the fow of information for your new system. The frst question to
consider is will the card and system transact information, or value, or both? If it stores keys or value (i.e. gift
certifcates or sports tickets), greater design detail is required than in data-only systems. When you combine
information types on a single card, other issues arise. The key to success is not to overrun the system with features
that can confuse users and cause problems in management. It is recommended that you phase-in each feature
set as each one is working. To properly implement a functional smart card system, you should be able to answer
the following questions. NOTE: These are only general guidelines, provided as a basis for your individual planning.
Many other steps may be involved and are not mentioned here. For more extensive planning information regarding
identity management and national IDs, we recommend that you review the GSA Smart Card Handbook. For bank-
issued cards, we recommend that you visit the Global Platform website.
Basic Set-Up
Is there a clear business case? Including fnancial and consumer behavior factors? 1)
Will the system be single or multi-application? 2)
What type of information do I want to store in the cards (ie; data or value)? 3)
How much memory is required for each application? 4)
If multi-application, how will I separate diferent types of data? 5)
Will card data be obtained from a database? Or loaded every time? 6)
Will this data concurrently reside on a database? 7)
How many cards will be needed? 8)
Are card/infrastructure vendors identifed? What are the lead times? 9)
Security Planning
What are the security requirements? 1)
Does all, or only some of the data need to be secure? 2)
Who will have access to this information? 3)
Who will be allowed to change this information? 4)
In what manner shall I secure this data i.e. encryption, Host passwords, card passwords/PINs or all of these? 5)
Should the keys/PINs be customer or system-activated? 6)
What form of version control do I want? 7)
Value Applications
Should the value in the cards be re-loadable or will the cards be disposable? 1)
How will I distribute the cards? 2)
How will cards be activated and loaded with value? 3)
What type of card traceability should I implement? 4)
What is the minimum and maximum value to store on each card? 5)
Will there be a refund policy? 6)
22
General Issuance
How many types of artwork will be included in the issuance? 1)
Who will do the artwork? 2)
What is needed on the card? For example signature panels, Magnetic-Stripe, Embossing etc. 3)
Multi-Application Card Systems
It is highly recommended that you graphically diagram the fow of information as shown. Large distributed
multifunction systems require lots of advance planning to make them efective. Smart cards often act as the glue
between disparate software applications and use cases. Below is an example of a multifunction card that is issued
by a large enterprise or government. Everywhere you see a CD is a separate and distinct software application that
interacts with the data and service from the card.
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
2
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
7
?
6
5
9
3
1
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
10
8
4
16
17
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
11
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
S
o
f
t
w
are Ap
p
lic
a
t
i o
n
12
13
14
15
*Image Courtesy of CardLogix

23
The critical frst step in this type of planning is to understand the data requirements on the card as it relates to each
disparate software application that your project will deploy.
Building a smart card system that stores value i.e. gift certifcates, show tickets, redemption points or cash
equivalents requires an attention to detail not necessary in other information management systems. The most
important detail of a successful stored value card is that the card and program are perceived by users as being
compelling, justifying the switch from other payment options.
User information and system wide training should be part of your budget. It is recommended that you phase-in
each feature set after the frst one is working. Here is a list of some questions that are pertinent to these systems
in addition to the above questions.
Deployment
As the minimum steps in deploying a stored value or multi-application system, establish clear achievable program
objectives;
Make sure the organization has a stake in the projects success and that management buys into the project 1)
Set a budget 2)
Name a project manager 3)
Assemble a project team and create a team vision 4)
Graphically create an information - card and funds-fow diagram 5)
Assess the card and reader options 6)
Write a detailed specifcation for the system 7)
Set a realistic schedule with inch-stones and mile-stones 8)
Establish the security parameters for both people and the system 9)
Phase-in each system element, testing as you deploy 10)
Reassess for security leaks 11)
Deploy the frst phase of cards and test, test 12)
Train the key employees responsible for each area 13)
Set-up a system user manual 14)
Check the reporting structures 15)
Have contingency plans should problems arise 16)
Deploy and announce 17)
Advertise and market your system 18)
24
Smart Card Security (Section 1)
Smart cards provide computing and business systems the enormous beneft of portable and secure storage of
data and value. At the same time, the integration of smart cards into your system introduces its own security
management issues, as people access card data far and wide in a variety of applications.
The following is a basic discussion of system security and smart cards, designed to familiarize you with the
terminology and concepts you need in order to start your security planning.
What Is Security?
Security is basically the protection of something valuable to ensure that it is not stolen, lost, or altered. The term
data security governs an extremely wide range of applications and touches everyones daily life. Concerns over
data security are at an all-time high, due to the rapid advancement of technology into virtually every transaction,
from parking meters to national defense.
Data is created, updated, exchanged and stored via networks. A network is any computing system where users
are highly interactive and interdependent and by defnition, not all in the same physical place. In any network,
diversity abounds, certainly in terms of types of data, but also types of users. For that reason, a system of security
is essential to maintain computing and network functions, keep sensitive data secret, or simply maintain worker
safety. Any one company might provide an example of these multiple security concerns: Take, for instance, a
pharmaceutical manufacturer:
Type of Data Security Concern Type of Access
Drug Formula Basis of business income. Competitor spying Highly selective list of executives
Accounting, Regulatory Required by law Relevant executives and departments
Personnel Files Employee piracy Relevant executives and departments
Employee ID Non-employee access. Inaccurate payroll,
benefts assignment
Relevant executives and departments
Facilities Access Authorization Individuals per function and clearance such
as customers, visitors, or vendors
Building safety, emergency response All employees Outside emergency response
What Is Information Security?
Information security is the application of measures to ensure the safety and privacy of data by managing its
storage and distribution. Information security has both technical and social implications. The frst simply deals
with the how and how much question of applying secure measures at a reasonable cost. The second grapples
with issues of individual freedom, public concerns, legal standards and how the need for privacy intersects them.
This discussion covers a range of options open to business managers, system planners and programmers that will
contribute to your ultimate security strategy. The eventual choice rests with the system designer and issuer.
The Elements Of Data Security
In implementing a security system, all data networks deal with the following main elements:
Hardware 1) , including servers, redundant mass storage devices, communication channels and lines, hardware
tokens (smart cards) and remotely located devices (e.g., thin clients or Internet appliances) serving as interfaces
between users and computers
Software 2) , including operating systems, database management systems, communication and security
application programs
Data 3) , including databases containing customer - related information.
25
Personnel 4) , to act as originators and/or users of the data; professional personnel, clerical staf, administrative
personnel, and computer staf
The Mechanisms Of Data Security
Working with the above elements, an efective data security system works with the following key mechanisms to
answer:
Has My Data Arrived Intact? 1) (Data Integrity) This mechanism ensures that data was not lost or corrupted
when it was sent to you
Is The Data Correct And Does It Come From The Right Person? 2) (Authentication) This proves user or system
identities
Can I Confrm Receipt Of The Data And Sender Identity Back To The Sender? 3) (Non-Repudiation)
Can I Keep This Data Private? 4) (Confdentiality) - Ensures only senders and receivers access the data. This is
typically done by employing one or more encryption techniques to secure your data
Can I Safely Share This Data If I Choose? 5) (Authorization and Delegation) You can set and manage access
privileges for additional users and groups
Can I Verify The That The System Is Working? 6) (Auditing and Logging) Provides a constant monitor and
troubleshooting of security system function
Can I Actively Manage The System? 7) (Management) Allows administration of your security system
26
Data Integrity
This is the function that verifes the characteristics of a document and a transaction. Characteristics of both
are inspected and confrmed for content and correct authorization. Data Integrity is achieved with electronic
cryptography that assigns a unique identity to data like a fngerprint. Any attempt to change this identity signals
the change and fags any tampering.
Authentication
This inspects, then confrms, the proper identity of people involved in a transaction of data or value. In authentication
systems, authentication is measured by assessing the mechanisms strength and how many factors are used to
confrm the identity. In a PKI system a Digital Signature verifes data at its origination by producing an identity
that can be mutually verifed by all parties involved in the transaction. A cryptographic hash algorithm produces
a Digital Signature.
Non-Repudiation
This eliminates the possibility of a transaction being repudiated, or invalidated by incorporating a Digital Signature
that a third party can verify as correct. Similar in concept to registered mail, the recipient of data re-hashes it,
verifes the Digital Signature, and compares the two to see that they match.
Authorization and Delegation
Authorization is the processes of allowing access to specifc data within a system. Delegation is the utilization of a
third party to manage and certify each of the users of your system. (Certifcate Authorities).
27
Authorization and Trust Model
Auditing and Logging
This is the independent examination and recording of records and activities to ensure compliance with established
controls, policy, and operational procedures, and to recommend any indicated changes in controls, policy, or
procedures.
Management
Is the oversight and design of the elements and mechanisms discussed above and below. Card management also
requires the management of card issuance, replacement and retirement as well as polices that govern a system.
Cryptography/Confdentiality
Confdentiality is the use of encryption to protect information from unauthorized disclosure. Plain text is turned
into cipher text via an algorithm, and then decrypted back into plain text using the same method.
Cryptography is the method of converting data from a human readable form to a modifed form, and then back to
its original readable form, to make unauthorized access difcult. Cryptography is used in the following ways:
28
Ensure data privacy, by encrypting data
Ensures data integrity, by recognizing if data has been manipulated in an unauthorized way
Ensures data uniqueness by checking that data is original, and not a copy of the original. The sender
attaches a unique identifer to the original data. This unique identifer is then checked by the receiver of the
data.
The original data may be in a human-readable form, such as a text fle, or it may be in a computer-readable form,
such as a database, spreadsheet or graphics fle. The original data is called unencrypted data or plain text. The
modifed data is called encrypted data or cipher text. The process of converting the unencrypted data is called
encryption. The process of converting encrypted data to unencrypted data is called decryption.
Data Security Mechanisms and their Respective Algorithms

In order to convert the data, you need to have an encryption algorithm and a key. If the same key is used for both
encryption and decryption that key is called a secret key and the algorithm is called a symmetric algorithm. The
most well-known symmetric algorithm is DES (Data Encryption Standard).
The Data Encryption Standard (DES) was invented by the IBM Corporation in the 1970s. During the process of
becoming a standard algorithm, it was modifed according to recommendations from the National Security
Agency (NSA). The algorithm has been studied by cryptographers for over 30 years. During this time, no methods
have been published that describe a way to break the algorithm, except for brute-force techniques. DES has a 56-
bit key, which ofers 256 or 7 x 1016 possible variations. There are a very small numbers of weak keys, but it is easy
to test for these keys and they are easy to avoid.
Triple-DES is a method of using DES to provide additional security. Triple-DES can be done with two or with three
keys. Since the algorithm performs an encrypt-decrypt-encrypt sequence, this is sometimes called the EDE mode.
This diagram shows Triple-DES three-key mode used for encryption:
29
The Advanced Encryption Standard (AES) is the newest symmetric-key encryption standard adopted by the U.S.
government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger
collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192
and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was
the case with its predecessor, the Data Encryption Standard (DES).
AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on
November 26, 2001 after a 5-year standardization process in which ffteen competing designs were presented
and evaluated before Rijndael was selected as the most suitable. It became efective as a Federal government
standard on May 26, 2002 after approval by the Secretary of Commerce. It is available in many diferent encryption
packages. AES is the frst publicly accessible and open cipher approved by the NSA for top secret information.
If diferent keys are used for encryption and decryption, the algorithm is called an asymmetric algorithm. The
most well-known asymmetric algorithm is RSA, named after its three inventors (Rivest, Shamir, and Adleman).
This algorithm uses two keys, called the private key. These keys are mathematically linked. Here is a diagram that
illustrates an asymmetric algorithm:
Asymmetric algorithms involve extremely complex mathematics typically involving the factoring of large prime
numbers. Asymmetric algorithms are typically stronger than a short key length symmetric algorithm. But because
of their complexity they are used in signing a message or a certifcate. They not ordinarily used for data transmission
encryption.
30
As the card issuer, you must defne all of the parameters for card and data security. There are two methods of using
cards for data system security, host-based and card-based. The safest systems employ both methodologies.
Public Key Keep (Asymmetric Card)
Avg. cost per seat* $55 - $200
Digital Signature/Signed Receipts
Closed multi-session encryption (Symmetric Key Card)
Mutual authentication (SHA 1, SHA 256)
OTP (One Time Password) encryption
(Symmetric Key Card)
Avg. cost per seat* $14
Biometric Password Card
(Match on card or biometric database)
Token Number randomizers
(Security Dynamics) (RSA)
Avg. cost per seat* $45
User name & password
Avg. cost
per seat $5
Avg. reset cost
$12 - $18
*Seat Cost Can Include
|ssued Token
Dlgltal Certlcate
Slngle Slgn On M|ddleware
Card Peader
Host-Based System Security
A host-based system treats a card as a simple data carrier. Because of this, straight memory cards can be used very
cost-efectively for many systems. All protection of the data is done from the host computer. The card data may
be encrypted but the transmission to the host can be vulnerable to attack. A common method of increasing the
security is to write in the clear (not encrypted) a key that usually contains a date and/or time along with a secret
reference to a set of keys on the host. Each time the card is re-written the host can write a reference to the keys. This
way each transmission is diferent. But parts of the keys are in the clear for hackers to analyze. This security can be
increased by the use of smart memory cards that employ a password mechanism to prevent unauthorized reading
of the data. Unfortunately the passwords can be snifed in the clear. Access is then possible to the main memory.
These methodologies are often used when a network can batch up the data regularly and compare values and
card usage and generate a problem card list.
31
Card-Based System Security
These systems are typically microprocessor card-based. A card or token-based system treats a card as an active
computing device. The interaction between the host and the card can be a series of steps to determine if the card
is authorized to be used in the system. The process also checks if the user can be identifed, authenticated and if the
card will present the appropriate credentials to conduct a transaction. The card itself can also demand the same
from the host before proceeding with a transaction. The access to specifc information in the card is controlled by
A). The cards internal Operating System and B). The preset permissions set by the card issuer regarding the fles
condition. The card can be in a standard CR80 form factor or be in a USB dongle or it could be a GSM SIM Card.
Threats To Cards and Data Security
Efective security system planning takes into account the need for authorized users to access data reasonably
easily, while considering the many threats that this access presents to the integrity and safety of the information.
There are basic steps to follow to secure all smart card systems, regardless of type or size.
Analysis: Types of data to secure; users, points of contact, transmission. Relative risk/impact of data loss
Deployment of your proposed system
Road Test: Attempt to hack your system; learn about weak spots, etc.
Synthesis: Incorporate road test data, re-deploy
Auditing: Periodic security monitoring, checks of system, fne-tuning
When analyzing the threats to your data an organization should look closely at two specifc areas: Internal attacks
and external attacks. The frst and most common compromise of data comes from disgruntled employees. Knowing
this, a good system manager separates all back-up data and back-up systems into a separately partitioned and
secured space. The introduction of viruses and the attempted formatting of network drives is a typical internal
attack behavior. By deploying employee cards that log an employee into the system and record the time, date and
machine that the employee is on, a company automatically discourages these type of attacks.
External attacks are typically aimed at the weakest link in a companys security armor. The frst place an external
hacker looks at is where they can intercept the transmission of your data. In a smart card-enhanced system this
starts with the card.
32
The following sets of questions are relevant to your analysis. Is the data on the card transmitted in the clear or is
it encrypted? If the transmission is snifed, is each session secured with a diferent key? Does the data move from
the reader to the PC in the clear? Does the PC or client transmit the data in the clear? If the packet is snifed, is
each session secured with a diferent key? Does the Operating System have a back door? Is there a mechanism to
upload and download functioning code? How secure is this system? Does the OS provider have a good security
track record? Does the card manufacturer have precautions in place to secure your data? Do they understand the
liabilities? Can they provide other security measures that can be implemented on the card and or module? When
the card is subjected to Diferential Power attacks and Diferential Thermal attacks does the OS reveal any secrets?
Will the semiconductor utilized meet this scrutiny? Do your suppliers understand these questions?
Other types of problems that can be a threat to your assets include:
Improperly secured passwords (writing them down, sharing)
Assigned PINs and the replacement mechanisms
Delegated Authentication Services
Poor data segmentation
Physical Security (the physical removal or destruction of your computing hardware)
Security Architectures
When designing a system a planner should look at the total cost of ownership this includes:
Analysis
Installation and Deployment
Delegated Services
Training
Management
33
Audits and Upgrades
Infrastructure Costs (Software and Hardware)
Over 99% of all U.S.- based fnancial networks are secured with a Private Key Infrastructure. This is changing
over time, based on the sheer volume of transactions managed daily and the hassles that come with private
key management. Private Key-based systems make good sense if your expected user base is less than 500,000
participants.
Public Key Systems are typically cost efective only in large volumes or where the value of data is so high that it is
worth the higher costs associated with this type of deployment. What most people dont realize is that Public Key
systems still rely heavily on Private Key encryption for all transmission of data. The Public Key encryption algorithms
are only used for non-repudiation and to secure data integrity. Public Key infrastructures as a rule employ every
mechanism of data security in a nested and coordinated fashion to insure the highest level of security available
today.
PKI-Public Key Infrastructure
How it works. Typical System (example)

34
Conclusions
Smart cards can add convenience and safety to any transaction of value and data; but the choices facing todays
managers can be daunting. We hope this site has adequately presented the options and given you enough
information to make informed evaluations of performance, cost and security that will produce a smart card system
that fts todays needs and those of tomorrow. It is our sincere belief that informed users make better choices,
which leads to better business for everybody.
35
Glossary
Wondering what an Ankle Biter is? Looking for arcane information on smart cards? Youve come to the right
place. Click on the letter corresponding to the term youre wondering about. This glossary is an amalgamation of
information from many sources, the primary two being the U.S. government NIST website on security terms and
the CardLogix Corporation Smart Card Glossary. This list is always growing...so if you dont fnd your answer, check
back with us soon.
Access Management: The processes and technologies for controlling and monitoring access privileges to
resources, consistent with governing policies. Access management includes authentication, authorization, trust,
and security auditing.
Active Attack: An attack which results in an unauthorized state change, such as the manipulation of fles, or the
adding of unauthorized fles.
Administrative Security: The management constraints and supplemental controls established to provide an
acceptable level of protection for data.
Advanced Encryption Standard (AES): also known as Rijndael. A block cipher adopted as an encryption standard
by the U.S. government.
Automated Information System (AIS): Any equipment of an interconnected system or subsystems of equipment
that is used in the automatic acquisition, storage, manipulation, control, display, transmission, or reception of data
and includes software, frmware, and hardware.
Alert: A formatted message describing a circumstance relevant to network security. Alerts are often derived from
critical audit events.
Ankle-Biter: A person who aspires to be a hacker/cracker but has very limited knowledge or skills. Usually
associated with young teens that collect and use simple malicious programs obtained from the Internet.
Anomaly Detection Model: A model where intrusions are detected by looking for activity that is diferent from
the users or systems normal behavior.
Application Level Gateway (Firewall): A frewall system in which service is provided by processes that maintain
complete TCP connection state and sequencing. Application level frewalls often re-address trafc so that outgoing
trafc appears to have originated from the frewall, rather than the internal host.
Application programming interface (API): A source code interface that a computer system or program library
provides in order to support requests for services to be made of it by other computer programs, and/or to allow
data to be exchanged.
Assessment: Surveys and Inspections: an analysis of the vulnerabilities of an AIS. Information acquisition and
review process designed to assist a customer to determine how best to use resources to protect information in
systems.
Assurance: A measure of confdence that the security features and architecture of an AIS accurately mediate and
enforce the security policy.
Asymmetric Cryptography: Cryptography that uses two related operations: a public operation defned by public
numbers or by a public key and a private operation defned by private numbers or by a private key (the two
operations have the property that, given the public operation, it is computationally infeasible to derive the private
operation).
Asymmetric Keys: Two related keys, a public key and a private key, that are used to perform complementary
operations, such as encryption and decryption or signature generation and signature verifcation.
36
Attack: An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether
an attack will succeed depends on the vulnerability of the computer system and the efectiveness of existing
countermeasures.
Audit: The independent examination of records and activities to ensure compliance with established controls,
policy, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures.
Audit Trail: In computer security systems, a chronological record of system resource usage. This includes user login,
fle access, other various activities, and whether any actual or attempted security violations occurred, legitimate
and unauthorized.
Authenticate: To establish the validity of a claimed user or object.
Authentication: To positively verify the identity of a user, device, or other entity in a computer system, often as a
prerequisite to allowing access to resources in a system.
Authentication Header (AH): A feld that immediately follows the IP header in an IP datagram and provides
authentication and integrity checking for the datagram.
Automated Security Incident Measurement (ASIM): Monitors network trafc and collects information on
targeted unit networks by detecting unauthorized network activity.
Automated Security Monitoring: All security features needed to provide an acceptable level of protection for
hardware, software, and classifed, sensitive, unclassifed or critical data, material, or processes in the system.
Authorization: The assignment of a privilege or privileges (e.g., access to a building or network) verifying that
a known person or entity has the authority to perform a specifc operation. Authorization is provided after
authentication. In the payments industry, authorization is the approval from the fnancial institution that issued
the cardholders card to accept a transaction for a given amount.
Availability: Assuring information and communications services will be ready for use when expected.
Biometric: A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or
verify the claimed identity, of an individual. Facial images, fngerprints, and iris scan samples are all examples of
biometrics.
Back Door: A hole in the security of a computer system deliberately left in place by designers or maintainers.
Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls.
Bell-La Padula Security Model: Formal-state transition model of computer security policy that describes a formal
set of access controls based on information sensitivity and subject authorizations.
Biba Integrity Model: A formal security model for the integrity of subjects and objects in a system.
Bomb: A general synonym for crash, normally of software or operating system failures.
Breach: The successful defeat of security controls which could result in a penetration of the system. A violation
of controls of a particular information system such that information assets or system components are unduly
exposed.
Breeder Document: A document used as an original source of identity to apply for (or breed) other forms of
identity credentials
Bufer Overfow: This happens when more data is put into a bufer or holding area, then the bufer can handle.
This is due to a mismatch in processing rates between the producing and consuming processes. This can result in
system crashes or the creation of a back door leading to system access.
Bug: An unwanted and unintended property of a program or piece of hardware, especially one that causes it to
malfunction.
37
C2: Command and Control.
C2-attack: Prevent efective C2 of adversary forces by denying information to, infuencing, degrading or destroying
the adversary C2 system.
C2-protect: Maintain efective command and control of own forces by turning to friendly advantage or negating
adversary efort to deny information to, infuence, degrade, or destroy the friendly C2 system. (Pending approval
in JP 1-02).
Card issuer: The organization or entity that issues cards.
Certifcate Authority (CA): A trusted third party that is responsible for issuing and revoking digital certifcates
within the public key infrastructure.
CGI: Common Gateway Interface - CGI is the method that Web servers use to allow interaction between servers
and programs.
CGI Scripts: Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable
part of a web server.
Check_Password: A hacking program used for cracking VMS passwords.
Chernobyl Packet: Also called Kamikaze Packet. A network packet that induces a broadcast storm and network
meltdown. Typically an IP Ethernet datagram that passes through a gateway with both source and destination
Ethernet and IP address set as the respective broadcast addresses for the sub networks being gated between.
Circuit Level Gateway: One form of a frewall. Validates TCP and UDP sessions before opening a connection.
Creates a handshake, and once that takes place passes everything through until the session is ended.
Clipper Chip: A tamper-resistant VLSI chip designed by NSA for encrypting voice communications. It conforms to
the Escrow Encryption Standard (EES) and implements the Skipjack encryption algorithm.
COAST: Computer Operations, Audit, and Security Technology - is a multiple project, multiple investigator
laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions
with close ties to researchers and engineers in major companies and government agencies. Its research is focused
on real-world needs and limitations, with a special focus on security for legacy computing systems.
Command and Control Warfare (C2W): The integrated use of operations security, military deception,
psychological operations, electronic warfare, and physical destruction, mutually supported by intelligence, to
deny information to, infuence, degrade, or destroy adversary command and control capabilities, while protecting
friendly command and control capabilities against such actions. Command and control warfare is an application
of information operations in military operations and is a subset of information warfare. C2W is both ofensive and
defensive.
Common Access Card (CAC): The identifcation card issued by the Department of Defense to all employees and
contractors
Compromise: An intrusion into a computer system where unauthorized disclosure, modifcation or destruction of
sensitive information may have occurred.
Computer Abuse: The willful or negligent unauthorized activity that afects the availability, confdentiality,
or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage,
unauthorized use, denial of service, and misappropriation.
Computer Fraud: Computer-related crimes involving deliberate misrepresentation or alteration of data in order
to obtain something of value.
Computer Network Attack: Operations to disrupt, deny, degrade, or destroy information resident in computers
and computer networks, or the computers and networks themselves. (DODD S-3600.1 of 9 Dec 96).
38
Computer Security: Technological and managerial procedures applied to computer systems to ensure the
availability, integrity and confdentiality of information managed by the computer system.
Computer Security Incident: Any intrusion or attempted intrusion into an automated information system (AIS).
Incidents can include probes of multiple computer systems.
Computer Security Intrusion: Any event of unauthorized access or penetration to an automated information
system (AIS).
Confdentiality: Assuring information will be kept secret, with access limited to appropriate persons.
COPS: Computer Oracle and Password System - A computer network monitoring system for UNIX machines.
Software tool for checking security on shell scripts and C programs. Checks for security weaknesses and provides
warnings.
COTS Software: Commercial Of the Shelf - Software acquired by government contract through a commercial
vendor. This software is a standard product, not developed by a vendor for a particular government project.
Countermeasures: Action, device, procedure, technique, or other measure that reduces the vulnerability of an
automated information system. Countermeasures that are aimed at specifc threats and vulnerabilities involve
more sophisticated techniques as well as activities traditionally perceived as security.
Crack: A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to
assess weak passwords by novice users in order to enhance the security of the AIS.
Cracker: One who breaks security on an AIS.
Cracking: The act of breaking into a computer system.
Crash: A sudden, usually drastic failure of a computer system.
Credential: Evidence attesting to ones rights, privileges or evidence of authority, Also, in FIPS 201, the PIV card
and data elements associated with an individual that authoritatively binds an identity (and, optionally, additional
attributes) to that individual. A smart card can store multiple digital credentials.
Cryptanalysis: 1.) The analysis of a cryptographic system and/or its inputs and outputs to derive confdential
variables and/or sensitive data including cleartext. 2.) Operations performed in converting encrypted messages to
plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption.
Cryptographic Hash Function: A process that computes a value (referred to as a hashword) from a particular data
unit in a manner that, when a hashword is protected, manipulation of the data is detectable.
Cryptography: The art of science concerning the principles, means, and methods for rendering plain text
unintelligible and for converting encrypted messages into intelligible form.
Cryptology: The science which deals with hidden, disguised, or encrypted communications.
Cyberspace: Describes the world of connected computers and the society that gathers around them. Commonly
known as the Internet.
Dark-side Hacker: A criminal or malicious hacker.
DARPA: Defense Advanced Research Projects Agency.
Data Driven Attack: A form of attack that is encoded in innocuous seeming data which is executed by a user or a
process to implement an attack. A data driven attack is a concern for frewalls, since it may get through the frewall
in data form and launch an attack against a system behind the frewall.
Data Encryption Standard (DES): 1.) An unclassifed crypto algorithm adopted by the National Bureau of
Standards for public use. 2.) A cryptographic algorithm for the protection of unclassifed data, published in Federal
39
Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards
and Technology (NIST), is intended for public and government use.
Defense Information Infrastructure (DII): The shared or interconnected system of computers, communications,
data applications, security, people, training and other support structures serving DoD local, national, and
worldwide information needs. DII connects DoD mission support, command and control, and intelligence
computers through voice, telecommunications, imagery, video, and multimedia services. It provides information
processing and services to the subscribers over the Defense Information Systems Network and includes command
and control, tactical, intelligence, and commercial communications systems used to transmit DoD information.
(Pending approval in JP 1-02).
Defensive Information Operations: A process that integrates and coordinates policies and procedures,
operations, personnel, and technology to protect information and defend information systems. Defensive
information operations are conducted through information assurance, physical security, operations security,
counter-deception, counter-psychological operations, counter-intelligence, electronic protect, and special
information operations. Defensive information operations ensure timely, accurate, and relevant information access
while denying adversaries the opportunity to exploit friendly information and information systems for their own
purposes. (Pending approval in JP 1-02).
Demon Dialer: A program which repeatedly calls the same telephone number. This is benign and legitimate for
access to a BBS or malicious when used as a denial of service attack.
Denial of Service: Action(s) which prevent any part of an AIS from functioning in accordance with its intended
purpose.
Derf: The act of exploiting a terminal which someone else has absent mindedly left logged on.
DES: See Data Encryption Standard
Digital certifcate (or public key certifcate): Digital documents (e.g., information such as the name of the person
or an organization and their address) attesting to the binding of a public key to an individual or other entity. Digital
certifcates allow verifcation of the claim that a specifc public key does in fact belong to a specifc individual.
DNS Spoofng: Assuming the DNS name of another system by either corrupting the name service cache of a
victim system, or by compromising a domain name server for a valid domain.
Dual interface card: A smart card that has a single smart card chip with two interfaces a contact and a contactless
interface using shared memory and chip resources.
Electronic Attack (EA): That division of EW involving the use of electromagnetic, directed energy, or antiradiation
weapons to attack personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying
enemy combat capability. EA includes actions taken to prevent or reduce an enemys efective use of the
electromagnetic spectrum, such as jamming and electromagnetic deception and employment of weapons that
use either electromagnetic or directed energy as their primary destructive mechanism (lasers, radio frequency,
particle beams).
Electronic Protection (EP): That division of EW involving actions taken to protect personnel, facilities, and
equipment from any efects of friendly or enemy employment of EW that degrade, neutralize, or destroy friendly
combat capability.
Electronic Warfare (EW): Any military action involving the use of electromagnetic and directed energy to control
the electromagnetic spectrum or to attack the enemy. The three major subdivisions within electronic warfare are
electronic attack, electronic protection, and electronic warfare support.
Electronic Warfare Support (ES): That division of EW involving actions tasked by, or under direct control of,
an operational commander to search for, intercept, identify, and locate sources of intentional and unintentional
radiated electromagnetic energy for the purpose of immediate threat recognition. Thus, electronic warfare support
provides information required for immediate decisions involving EW operations and other tactical actions such as
threat avoidance, targeting and homing. ES data can be used to produce signals intelligence. (JP 1-02).
40
Encapsulating Security Payload (ESP): A mechanism to provide confdentiality and integrity protection to IP
datagrams.
Encryption: The process of translating information into a code that can only be read if the reader has access to
the key that was used to encrypt it. There are two main types of encryption asymmetric (or public key) and
symmetric (or secret key).
EEPROM: Electrically erasable programmable
EPROM: Erasable programmable read-only memory. A type of memory that can only be changed once.
Ethernet Snifng: This is listening with software to the Ethernet interface for packets that interest the user. When
the software sees a packet that fts certain criteria, it logs it to a fle. The most common criteria for an interesting
packet is one that contains words like login or password.
Europay MasterCard Visa (EMV): Specifcations developed by Europay, MasterCard and Visa that defne a set of
requirements to ensure interoperability between payment chip cards and terminals.
False Negative: Occurs when an actual intrusive action has occurred but the system allows it to pass as non-
intrusive behavior.
False Positive: Occurs when the system classifes an action as anomalous (a possible intrusion) when it is a
legitimate action.
Fault Tolerance: The ability of a system or component to continue normal operation despite the presence of
hardware or software faults.
Federated Identity: In information technology (IT), federated identity has two general meanings:
a. The virtual reunion, or assembled identity, of a persons user information (or principal), stored across multiple
distinct identity management systems. Data is joined together by use of the common token, usually the user
name.
b. The process of a users authentication across multiple IT systems or even organizations
FIPS 140-2 / FIPS 140-3: Security Requirements for Cryptographic Modules. The U.S. government security standard
for cryptographic modules.
FIPS 201: Federal Information Processing Standard Publication 201, Personal Identity Verifcation (PIV) of Federal
Employees and Contractors. FIPS 201 is the standard that defnes the identity vetting, enrollment, and issuance
requirements for a common government identity credential and the technical specifcations for a U.S. government
Executive Branch employee and contractor ID cardthe PIV card.
Firewall: A system or combination of systems that enforces a boundary between two or more networks. Gateway
that limits access between networks in accordance with local security policy. The typical frewall is an inexpensive
micro-based Unix box kept clean of critical data, with many modems and public network ports on it, but just one
carefully watched connection back to the rest of the cluster.
Fishbowl: To contain, isolate and monitor an unauthorized user within a system in order to gain information
about the user.
Flash Memory: A type of EEPROM that is erased and programmed in large blocks.
Fork Bomb: Also known as Logic Bomb - Code that can be written in one line of code on any Unix system; used
to recursively spawn copies of itself, explodes eventually eating all the process table entries and efectively locks
up the system.
G - No entries.
Hacker: A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious
41
or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the
details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to
learn on the minimum necessary.
Hacking: Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information
system or network.
Hacking Run: A hack session extended long outside normal working times, especially one longer than 12 hours.
Health Insurance Portability and Accountability Act of 1996 ( HIPAA): This was passed to protect health
insurance coverage for workers and their families and to encourage the development of a health information
system by establishing standards and requirements for the secure electronic transmission of certain health
information. HIPAA mandates that the design and implementation of the electronic systems guarantee the privacy
and security of patient information gathered as part of providing health care.
Homeland Security Presidential Directive 12 (HSPD-12): The primary objective of HSPD-12 is the development
and deployment of a Federal government-wide common and reliable identifcation verifcation system that will be
interoperable among all government agencies and serve as the basis for reciprocity among those agencies.
Host: A single computer or workstation; it can be connected to a network.
Host Based: Information, such as audit data from a single host which may be used to detect intrusions.
IDEA (International Data Encryption Algorithm): A private key encryption-decryption algorithm that uses a key
that is twice the length of a DES key.
IDIOT: Intrusion Detection In Our Time. A system that detects intrusions using pattern-matching.
Indicators & Warnings (I & W): I & W refers to how an event or series of events can provide enough information
to classify it as an incident.
Information Assurance (IA): Information Operations that protect and defend information and information
systems by ensuring their availability, integrity, authentication, confdentiality, and non-repudiation. This includes
providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
(DODD S-3600.1 of 9 Dec 96).
Information Operations (IO): Actions taken to afect adversary information and information systems while
defending ones own information and information systems. (DODD S-3600.1 of 9 Dec 96).
Information Security: The result of any system of policies and/or procedures for identifying, controlling, and
protecting from unauthorized disclosure, information whose protection is authorized by executive order or
statute.
Information Superiority: The capability to collect, process, and disseminate an uninterrupted fow of information
while exploiting or denying an adversarys ability to do the same. (DODD S-3600.1 of 9 Dec 96).
Information Warfare (IW): 1.) Actions taken to achieve information superiority by afecting adversary information,
information based processes, and information systems, while defending our own information, information based
processes, and information systems. Any action to deny, exploit, corrupt, or destroy the enemys information and
its functions, protect themselves against those actions; and exploiting their own military information functions. 2.)
Information Operations conducted during time of crisis or confict to achieve or promote specifc objectives over
a specifc adversary or adversaries. (DODD S-3600.1 of 9 Dec 96).
Integrity: Assuring information will not be accidentally or maliciously altered or destroyed.
International Civil Aviation Organization (ICAO): This body governs standards for Machine Readable Travel
Documents (MRTDs). An MRTD is an international travel document (e.g., a passport or visa) containing eye- and
machine-readable data. ICAO Document 9303 is the international standard for MRTDs.
International Organization for Standardization (ISO): An agency of the United Nations concerned with
42
international standardization, including stored value and other bank cards. Some of the pertinent standards for
contactless payment cards are ISO/IEC 7810, 7811, 7816, 9992, 10202, and 14443.
Internet Worm: A worm program (see: Worm) that was unleashed on the Internet in 1988. It was written by Robert
T. Morris as an experiment that got out of hand.
Intrusion: Any set of actions that attempt to compromise the integrity, confdentiality or availability of a
resource.
Intrusion Detection: Pertaining to techniques which attempt to detect intrusion into a computer or network
by observation of actions, security logs, or audit data. Detection of break-ins or attempts either manually or via
software expert systems that operate on logs or other information available on the network.
IP Splicing / Hijacking: An action whereby an active, established, session is intercepted and co-opted by the
unauthorized user. IP splicing attacks may occur after an authentication has been made, permitting the attacker
to assume the role of an already authorized user. Primary protections against IP splicing rely on encryption at the
session or network layer.
IP Spoofng: An attack whereby a system attempts to illicitly impersonate another system by using IP network
address.
J - No entries.
Key: A symbol or sequence of symbols (or electrical or mechanical correlates of symbols) applied to text in order
to encrypt or decrypt.
Key Escrow: The system of giving a piece of a key to each of a certain number of trustees such that the key can be
recovered with the collaboration of all the trustees.
Keystroke Monitoring: A specialized form of audit trail software, or a specially designed device, that records
every key struck by a user and every character of the response that the AIS returns to the user.
LAN (Local Area Network): A computer communications system limited to no more than a few miles and using
high-speed connections (2 to 100 megabits per second). A short-haul communications system that connects
ADP devices in a building or group of buildings within a few square kilometers, including workstations, front-end
processors, controllers, switches, and gateways.
Leapfrog Attack: Use of user id and password information obtained illicitly from one host to compromise another
host. The act of TELNETing through one or more hosts in order to preclude a trace (a standard cracker procedure).
Letterbomb: A piece of email containing live data intended to do malicious things to the recipients machine or
terminal. Under UNIX, a letter bomb can also try to get part of its contents interpreted as a shell command to the
mailer. The results of this could range from silly to denial of service.
Logic Bomb: Also known as a Fork Bomb - A resident computer program which, when executed, checks for a
particular condition or particular state of the system which, when satisfed, triggers the perpetration of an
unauthorized act.
Mailbomb: The mail sent to urge others to send massive amounts of email to a single system or person, with the
intent to crash the recipients system. Mail bombing is widely regarded as a serious ofense.
Malicious Code: Hardware, software, of frmware that is intentionally included in a system for an unauthorized
purpose; e.g. a Trojan horse.
Metric: A random variable x representing a quantitative measure accumulated over a period.
MIFARE(TM): A proprietary contactless card, developed by Philips Semiconductor (now NXP), that has been widely
deployed in transportation. The technology meets ISO/IEC standards 14443, Type A for contactless smart cards.
Mimicking: Synonymous with Impersonation, Masquerading or Spoofng.
43
Misuse Detection Model: The system detects intrusions by looking for activity that corresponds to a known
intrusion techniques or system vulnerabilities. Also known as Rules Based detection.
Mockingbird: A computer program or process which mimics the legitimate behavior of a normal system feature
(or other apparently useful function) but performs malicious activities once invoked by the user.
Multi-factor Authentication: The use of multiple techniques to authenticate an individuals identity. This usually
involves combining two or more of the following: something the individual has (e.g., a card or token); something
the individual knows (e.g., a password or personal identifcation number); something the individual is (e.g., a
fngerprint or other biometric measurement).
Multi-host-Based Auditing: Audit data from multiple hosts may be used to detect intrusions.
Nak Attack: Negative Acknowledgment - A penetration technique which capitalizes on a potential weakness in
an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an
unprotected state during such interrupts.
National Computer Security Center (NCSC): Originally named the DoD Computer Security Center, the NCSC
is responsible for encouraging the widespread availability of trusted computer systems throughout the Federal
Government. (AF9K_JBC.TXT) (NCSC) With the signing of NSDD-145; the NCSC is responsible for encouraging the
widespread availability of trusted computer systems throughout the Federal Government. (NCSC-WA-001-85).
National Information Infrastructure (NII): The nation-wide interconnection of communications networks,
computers, databases, and consumer electronics that make vast amounts of information available to users. The NII
encompasses a wide range of equipment, including cameras, scanners, keyboards, facsimile machines, computers,
switches, compact disks, video and audio tape, cable, wire, satellites, fber-optic transmission lines, networks of all
types, monitors, printers and much more. The friendly and adversary personnel who make decisions and handle
the transmitted information constitute a critical component of the NII. (Pending approval in JP 1-02).
NCSC: See National Computer Security Center.
Network: Two or more machines interconnected for communications.
Network Based: Network trafc data along with audit data from the hosts used to detect intrusions.
Network Level Firewall: A frewall in which trafc is examined at the network protocol (IP) packet level.
Network Security: Protection of networks and their services from unauthorized modifcation, destruction, or
disclosure, and provision of assurance that the network performs its critical functions correctly and there are no
harmful side-efects. Network security includes providing for data integrity.
Network Security Ofcer: Individual formally appointed by a designated approving authority to ensure that the
provisions of all applicable directives are implemented throughout the life cycle of an automated information
system network.
Network Weaving: Another name for Leapfrogging.
National Institute of Standards and Technology (NIST): NIST, an agency of the U.S. Department of Commerce,
was founded in 1901 as the nations frst federal physical science research laboratory.
Non-Discretionary Security: The aspect of DOD security policy which restricts access on the basis of security
levels. A security level is composed of a read level and a category set restriction. For read-access to an item of
information, a user must have a clearance level greater then or equal to the classifcation of the information and
also have a category clearance which includes all of the access categories specifed for the information.
Non-Repudiation: Method by which the sender of data is provided with proof of delivery and the recipient is
assured of the senders identity, so that neither can later deny having processed the data.
Open Security: Environment that does not provide environment sufcient assurance that applications and
equipment are protected against the introduction of malicious logic prior to or during the operation of a system.
44
Open Systems Security: Provision of tools for the secure internetworking of open systems.
Operational Data Security: The protection of data from either accidental or unauthorized, intentional modifcation,
destruction, or disclosure during input, processing, or output operations.
Operations Security: 1.) The process of denying adversaries information about friendly capabilities and intentions
by identifying, controlling, and protecting indicators associated with planning and conducting military operations
and other activities. 2.) An analytical process by with the U.S. Government and its supporting contractors can deny
to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting
evidence of the planning and execution of sensitive activities and operations.
Operations Security (OPSEC): A process of identifying critical information and subsequently analyzing friendly
actions attendant to military operations and other activities to: A. Identify those actions that can be observed
by adversary intelligence systems. B. Determine indicators hostile intelligence systems might obtain that could
be interpreted or pieced together to derive critical information in time to be useful to adversaries. C. Select and
execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary
exploitation. (JP 1-02).
Orange Book: See Trusted Computer Security Evaluation Criteria.
OSI: Open Systems Interconnection. A set of internationally accepted and openly developed standards that meet
the needs of network resource administration and integrated network utility.
Packet: A block of data sent over the network transmitting the identities of the sending and receiving stations,
error-control information, and message.
Packet Filter: Inspects each packet for user defned content, such as an IP address but does not track the state of
sessions. This is one of the least secure types of frewall.
Packet Filtering: A feature incorporated into routers and bridges to limit the fow of information based on pre-
determined communications such as source, destination, or type of service being provided by the network. Packet
flters let the administrator limit protocol specifc trafc to one network segment, isolate email domains, and
perform many other trafc control functions.
Packet Snifer: A device or program that monitors the data traveling between computers on a network.
Passive Attack: Attack which does not result in an unauthorized state change, such as an attack that only monitors
and/or records data.
Passive Threat: The threat of unauthorized disclosure of information without changing the state of the system. A
type of threat that involves the interception, not the alteration, of information.
PEM (Privacy Enhanced Mail): An IETF standard for secure electronic mail exchange.
Penetration: The successful unauthorized access to an automated system.
Penetration Signature: The description of a situation or set of conditions in which a penetration could occur or of
system events which in conjunction can indicate the occurrence of a penetration in progress.
Penetration Testing: The portion of security testing in which the evaluators attempt to circumvent the security
features of a system. The evaluators may be assumed to use all system design and implementation documentation
that may include listings of system source code, manuals, and circuit diagrams. The evaluators work under the
same constraints applied to ordinary users.
Perimeter Based Security: The technique of securing a network by controlling access to all entry and exit points
of the network. Usually associated with frewalls and/or flters.
Perpetrator: The entity from the external environment that is taken to be the cause of a risk. An entity in the
external environment that performs an attack, i.e. hacker.
45
Personal Computer/Smart Card (PC/SC): The PC/SC specifcation defnes how to integrate smart card readers
and smart cards with the computing environment and how to allow multiple applications to share smart card
devices.
Personal Identifcation Number (PIN): A numeric code that is associated with an ID card and that adds a second
factor of authentication to the identity verifcation process.
Personal Identity Verifcation (PIV): The dual-interface smart card that is being issued to all U.S. Executive Branch
Federal employees and contractors and that will be used for both physical and logical access.
Personnel Security: The procedures established to ensure that all personnel who have access to any classifed
information have the required authorizations as well as the appropriate clearances.
PGP (Pretty Good Privacy): A freeware program primarily for secure electronic mail.
Phage: A program that modifes other programs or databases in unauthorized ways; especially one that propagates
a virus or Trojan horse.
PHF: Phone book fle demonstration program that hackers use to gain access to a computer system and potentially
read and capture password fles.
PHF Hack: A well-known and vulnerable CGI script which does not flter out special characters (such as a new line)
input by a user.
Phishing: A cyber attack that directs people to a fraudulent website to collect personal information for identity
theft.
Phracker: An individual who combines phone phreaking with computer hacking.
Phreak(er): An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge
of the telephone system to make calls at the expense of another.
Phreaking: The art and science of cracking the phone network.
Physical Security: The measures used to provide physical protection of resources against deliberate and accidental
threats.
Piggy Back: The gaining of unauthorized access to a system via another users legitimate connection.
Ping of Death: The use of Ping with a packet size higher than 65,507. This will cause a denial of service.
Plaintext: Unencrypted data.
Private Key Cryptography: An encryption methodology in which the encryptor and decryptor use the same key,
which must be kept secret. This methodology is usually only used by a small group.
Probe: Any efort to gather information about a machine or its users for the apparent purpose of gaining
unauthorized access to the system at a later date.
Procedural Security: See Administrative Security.
Profle: Patterns of a users activity which can detect changes in normal routines.
Promiscuous Mode: Normally an Ethernet interface reads all address information and accepts follow-on packets
only destined for itself, but when the interface is in promiscuous mode, it reads all information (snifer), regardless
of its destination.
Protocol: Agreed-upon methods of communications used by computers. A specifcation that describes the rules
and procedures that products should follow to perform activities on a network, such as transmitting data. If they
use the same protocols, products from diferent vendors should be able to communicate on the same network.
46
Prowler: A daemon that is run periodically to seek out and erase core fles, truncate administrative logfles, nuke
lost+found directories, and otherwise clean up.
Proximity cards: A generic name for contactless integrated circuit devices typically used for security access or
payment systems. It can refer to 125 kHz RFID devices or 13.56 MHz contactless smart cards. (See ISO/IEC 14443.)
Proxy: A frewall mechanism that replaces the IP address of a host on the internal (protected) network with its own
IP address for all trafc passing through it. A software agent that acts on behalf of a user, typical proxies accept a
connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the
proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote
destination.
Psychological Operations (PSYOP): Planned operations to convey selected information and indicators to foreign
audiences to infuence their emotions, motives, objective reasoning, and ultimately the behavior of foreign
governments, organizations, groups, and individuals. The purpose of psychological operations is to induce or
reinforce foreign attitudes and behavior favorable to the originators objectives. (JP 1-02).
Public Key Cryptography: Type of cryptography in which the encryption process is publicly available and
unprotected, but in which a part of the decryption key is protected so that only a party with knowledge of both
parts of the decryption process can decrypt the cipher text.
Q - No entries.
Red Book: See Trusted Network Interpretation.
Reference Monitor: A security control concept in which an abstract machine mediates accesses to objects by
subjects. In principle, a reference monitor should be complete (in that it mediates every access), isolated from
modifcation by system entities, and verifable. A security kernel is an implementation of a reference monitor for a
given hardware base.
Replicator: Any program that acts to produce copies of itself examples include; a program, a worm, a fork bomb or
virus. It is even claimed by some that UNIX and C are the symbiotic halves of an extremely successful replicator.
Retro-Virus: A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not
possible to restore the system to an uninfected state.
Rexd: This Unix command is the Sun RPC server for remote program execution. This daemon is started by inetd
whenever a remote execution request is made.
RFID Tag (labels): Simple, low-cost and disposable electronic devices that are used to identify animals, track goods
logistically and replace printed bar codes at retailers. RFID tags include an integrated circuit that typically stores a
static number (an ID) and an antenna that enables the chip to transmit the stored number to a reader. When the
tag comes within range of the appropriate RF reader, the tag is powered by the readers RF feld and transmits its
ID to the reader. There is little to no security on the RFID tag or during communication with the reader. Typical
RFID tags can be easily read from distances of several inches (centimeters) to several yards (meters) to allow easy
tracking of goods.
Risk Assessment: A study of vulnerabilities, threats, likelihood, loss or impact, and theoretical efectiveness of
security measures. The process of evaluating threats and vulnerabilities, known and postulated, to determine
expected loss and establish the degree of acceptability to system operations.
Risk Management: The total process to identify, control, and minimize the impact of uncertain events. The
objective of the risk management program is to reduce risk and obtain and maintain DAA (Designated Approving
Authority) approval.
Rootkit: A hacker security tool that captures passwords and message trafc to and from a computer. A collection
of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the
network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan
Horse software. Rootkit is available for a wide range of operating systems.
47
Router: An interconnection device that is similar to a bridge but serves packets or frames containing certain
protocols. Routers link LANs at the network layer.
Routing Control: The application of rules during the process of routing so as to chose or avoid specifc networks,
links or relays.
RSA Algorithm: RSA stands for Rivest-Shamir-Aldeman. A public-key cryptographic algorithm that hinges on the
assumption that the factoring of the product of two large primes is difcult.
Rules Based Detection: The intrusion detection system detects intrusions by looking for activity that corresponds
to known intrusion techniques (signatures) or system vulnerabilities. Also known as Misuse Detection.
Samurai: A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fghts, lawyers
pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an electronic
locksmith.
SATAN: Security Administrator Tool for Analyzing Networks - A tool for remotely probing and identifying the
vulnerabilities of systems on IP networks. A powerful freeware program which helps to identify system security
weaknesses.
Secure Hash Algorithm (SHA): One of the most popular hashing algorithms, designed for use with the Digital
Signature Standard by the National Institute of Standards and Technology (NIST) and the National Security Agency
(NSA). SHA-1 produces a 160-bit hash.
Secure Network Server: A device that acts as a gateway between a protected enclave and the outside world.
Secure Shell: A completely encrypted shell connection between two machines protected by a super long pass-
phrase.
Security: A condition that results from the establishment and maintenance of protective measures that ensure a
state of inviolability from hostile acts or infuences.
Security Architecture: A detailed description of all aspects of the system that relate to security, along with a set
of principles to guide the design. A security architecture describes how the system is put together to satisfy the
security requirements.
Security Audit: A search through a computer system for security problems and vulnerabilities.
Security Countermeasures: Countermeasures that are aimed at specifc threats and vulnerabilities or involve
more active techniques as well as activities traditionally perceived as security.
Security Domains: The sets of objects that a subject has the ability to access.
Security Features: The security-relevant functions, mechanisms, and characteristics of AIS hardware and
software.
Security Incident: Any act or circumstance that involves classifed information that deviates from the requirements
of governing security publications. For example, compromise, possible compromise, inadvertent disclosure, and
deviation.
Security Kernel: The hardware, frmware, and software elements of a Trusted Computing Base that implement
the reference monitor concept. It must mediate all accesses, be protected from modifcation, and be verifable as
correct.
Security Label: Piece of information that represents the sensitivity of a subject or object, such as its hierarchical
classifcation (CONFIDENTIAL, SECRET, TOP SECRET) together with any applicable non-hierarchical security
categories (e.g., sensitive compartmented information, critical nuclear weapon design information).
Security Level: The combination of a hierarchical classifcation and a set of non-hierarchical categories that
represents the sensitivity of information.
48
Security Ofcer: The ADP ofcial having the designated responsibility for the security of and ADP system.
Security Perimeter: The boundary where security controls are in efect to protect assets.
Security Policies: The set of laws, rules, and practices that regulate how an organization manages, protects, and
distributes sensitive information.
Security Policy Model: A formal presentation of the security policy enforced by the system. It must identify the
set of rules and practices that regulate how a system manages, protects, and distributes sensitive information.
Security Requirements: Types and levels of protection necessary for equipment, data, information, applications,
and facilities.
Security Service: A service, provided by a layer of communicating open systems, which ensures adequate security
of the systems or of data transfers.
Security Violation: An instance in which a user or other person circumvents or defeats the controls of a system to
obtain unauthorized access to information contained therein or to system resources.
Server: A system that provides network service such as disk storage and fle transfer, or a program that provides
such a service. A kind of daemon which performs a service for the requester, which often runs on a computer other
than the one which the server runs.
Signaling System 7 (SS-7): A protocol used by phone companies. Has three basic functions: Supervising, Alerting
and Addressing. Supervising monitors the status of a line or circuit to see if it is busy, idle, or requesting service.
Alerting indicates the arrival of an incoming call. Addressing is the transmission of routing and destination signals
over the network in the form of dial tone or data pulses.
Simple Network Management Protocol (SNMP): Software used to control network communications devices
using TCP/IP.
Skipjack: An NSA-developed encryption algorithm for the Clipper chip. The details of the algorithm are
unpublished.
Smart card: A device that includes an embedded secure integrated circuit that can be either a secure microcontroller
or equivalent intelligence with internal memory or a secure memory chip alone. The card connects to a reader with
direct physical contact or with a remote contactless radio frequency interface.
With an embedded microcontroller, smart cards have the unique ability to securely store large amounts of data,
carry out their own on-card functions (e.g., encryption and mutual authentication) and interact intelligently with
a smart card reader. Smart card technology conforms to international standards (ISO/IEC 7816 and ISO/IEC 14443)
and is available in a variety of form factors, including plastic cards, subscriber identifcation modules (SIMs) used
in GSM mobile phones, and USB-based tokens.
Smurfng: A denial of service attack in which an attacker spoofs the source address of an echo-request ICMP
(ping) packet to the broadcast address for a network, causing the machines in the network to respond en masse
to the victim thereby clogging its network.
Snarf: To grab a large document or fle for the purpose of using it with or without the authors permission.
Sneaker: An individual hired to break into places in order to test their security; analogous to tiger team.
Snifer: A program to capture data across a computer network. Used by hackers to capture user id names and
passwords. Software tool that audits and identifes network trafc packets. Is also used legitimately by network
operations and maintenance personnel to troubleshoot network problems.
Spam: To crash a program by overrunning a fxed-site bufer with excessively large input data. Also, to cause a
person or newsgroup to be fooded with irrelevant or inappropriate messages.
Special Information Operations (SIO): Information Operations that by their sensitive nature, due to their potential
49
efect or impact, security requirements, or risk to the national security of the United States, require a special review
and approval process. (DODD S-3600.1 of 9 Dec 96).
SPI: Secure Profle Inspector - A network monitoring tool for Unix, developed by the Department of Energy.
Spoofng: Pretending to be someone else. The deliberate inducement of a user or a resource to take an incorrect
action. Attempt to gain access to an AIS by pretending to be an authorized user. Impersonating, masquerading,
and mimicking are forms of spoofng.
SSL (Secure Sockets Layer): A session layer protocol that provides authentication and confdentiality to
applications.
Subscriber Identity Module (SIM): A SIM is the smart card that is included in GSM (Global System for Mobile
Communications) mobile phones. SIMs are confgured with information essential to authenticating a GSM mobile
phone, thus allowing a phone to receive service whenever the phone is within coverage of a suitable network.
Subversion: Occurs when an intruder modifes the operation of the intrusion detector to force false negatives to
occur.
Symmetric Cryptography: Cryptography using the same secret key for both the originators and the recipients
operation. (Without the secret key, it is computationally infeasible to compute either operation.)
Symmetric Keys: Keys that are used for symmetric (secret) key cryptography. In a symmetric cryptographic system,
the same secret key is used to perform both the cryptographic operation and its inverse (for example to encrypt
and decrypt, or to create a message authentication code and to verify the code).
SYN Flood: When the SYN queue is fooded, no new connection can be opened.
TCP/IP: Transmission Control Protocol/Internetwork Protocol. The suite of protocols the Internet is based on.
tcpwrapper: A software tool for security which provides additional network logging, and restricts service access
to authorized hosts by service.
Term Rule-Based Security Policy: A security policy based on global rules imposed for all users. These rules usually
rely on a comparison of the sensitivity of the resources being accessed and the possession of corresponding
attributes of users, a group of users, or entities acting on behalf of users.
Terminal Hijacking: Allows an attacker, on a certain machine, to control any terminal session that is in progress.
An attack hacker can send and receive terminal I/O while a user is on the terminal.
Threat: The means through which the ability or intent of a threat agent to adversely afect an automated system,
facility, or operation can be manifest. A potential violation of security.
Threat Agent: Methods and things used to exploit a vulnerability in an information system, operation, or facility;
fre, natural disaster and so forth.
Threat Assessment: Process of formally evaluating the degree of threat to an information system and describing
the nature of the threat.
Tiger: A software tool which scans for system weaknesses.
Tiger Team: Government and industry - sponsored teams of computer experts who attempt to break down the
defenses of computer systems in an efort to uncover, and eventually patch, security holes.
Tinkerbell Program: A monitoring program used to scan incoming network connections and generate alerts
when calls are received from particular sites, or when logins are attempted using certain IDs.
Token: A physical device that carries an individuals credentials. The device is typically small (for easy transport)
and usually employs a variety of physical and/or logical mechanisms to protect against modifying legitimate
credentials or producing fraudulent credentials. Examples of tokens include picture ID cards (e.g., state drivers
50
licenses), smart cards, and USB devices.
Topology: The map or plan of the network. The physical topology describes how the wires or cables are laid out,
and the logical or electrical topology describes how the information fows.
Trace Packet: In a packet-switching network, a unique packet that causes a report of each stage of its progress to
be sent to the network control center from each visited system element.
Traceroute: An operation of sending trace packets for determining information; traces the route of UDP packets
for the local host to a remote host. Normally traceroute displays the time and location of the route taken to reach
its destination computer.
Tranquillity: A security model rule stating that the security level of an active object cannot change during the
period of activity.
Triple DES: A block cipher formed from the Data Encryption Standard (DES) cipher by using it three times.
Tripwire: A software tool for security. Basically, it works with a database that maintains information about the byte
count of fles. If the byte count has changed, it will identify it to the system security manager.
Trojan Horse: An apparently useful and innocent program containing additional hidden code which allows the
unauthorized collection, exploitation, falsifcation, or destruction of data.
Trusted Computer System Evaluation Criteria (TCSEC): A system that employs sufcient hardware and software
assurance measures to allow its use for simultaneous processing of a range of sensitive or classifed information.
Trusted Computing Base (TCB): The totality of protection mechanisms within a computer system including
hardware, frmware, and software - the combination of which are responsible for enforcing a security policy. A TCB
consists of one or more components that together enforce a unifed security policy over a product or system.
Trusted Network Interpretation: The specifc security features, the assurance requirements and the rating
structure of the Orange Book as extended to networks of computers ranging from isolated LANs to WANs.
TTY Watcher: A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI
interface.
TWIC (Transportation Worker Identifcation Credential): A common smart card-based identifcation credential
for all personnel requiring unescorted access to secure areas of Maritime Transportation Security Act-regulated
facilities and vessels, and all mariners holding Coast Guard-issued credentials.
USB (Universal Serial Bus): A serial bus standard to interface devices.
Vaccines: Program that injects itself into an executable program to perform a signature check and warns if there
have been any changes.
Virus: A program that can infect other programs by modifying them to include a, possibly evolved, copy of
itself.
Vulnerability: Hardware, frmware, or software fow that leaves an AIS open for potential exploitation. A weakness
in automated system security procedures, administrative controls, physical layout, internal controls, and so forth
that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing.
Vulnerability Analysis: Systematic examination of an AIS or product to determine the adequacy of security
measures, identify security defciencies, provide data from which to predict the efectiveness of proposed security
measures, and confrm the adequacy of such measures after implementation.
WAIS: Wide Area Information Service - An Internet service that allows you to search a large number of specially
indexed databases.
WAN: Wide Area Network. A physical or logical network that provides capabilities for a number of independent
51
devices to communicate with each other over a common transmission-interconnected topology in geographic
areas larger than those served by local area networks.
War Dialer: A program that dials a given list or range of numbers and records those which answer with handshake
tones, which might be entry points to computer or telecommunications systems.
Worm: Independent program that replicates from machine to machine across network connections often clogging
networks and information systems as it spreads.
X - No entries.
Y - No entries.
Z - No entries.
52
This page is left intentionally blank.
53
Attributions
International Organization for Standardization
http://www.iso.org
CardLogix Corporation
http://www.cardlogix.com
National Institute of Standards and Technology
http://www.nist.gov
Trends-Loyalty Programs 12/03 CIO Insight by Margaret L Young and Marcia Stepanek
http://www.cioinsight.com/
GSA Smart Card Handbook
http://www.smart.gov/smartgov/information/smartcardhandbook.doc
Common Criteria Portal
http://www.commoncriteriaportal.org
International Security, Trust and Privacy Alliance
http://www.istpa.org
A Healthcare CFOs Guide To Smart Card Technology And Applications 2/09
The Smart Card Alliance
http://www.smartcardalliance.org/resources/lib/Healthcare_CFO_Guide_to_Smart_Cards_FINAL_012809.
pdf
Identifers and authentication Smart Credential Choices To Protect Digital Identity 2/09
Smart Card Alliance
http://www.smartcardalliance.org/pages/publications-identifers-and-authentication
PC/SC Workgroup
http://www.pcscworkgroup.com
Pb
Quality
CardLogix Corporation is absolutely committed to providing defect free products
and services to our customers in partnership with equally committed integration
partners and authorized resellers.
7100030
16 Hughes, Suite 100 Irvine, CA 92618 United States
Phone +1 949 380 1312 Fax +1 949 380 1428
www.smartcardbasics.com www.cardlogix.com sales@cardlogix.com
Copyright 2009 CardLogix Corporation. All rights reserved.

BKL Smart Card Security Basics

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BKL Smart Card Security Basics

Uploaded by

Copyright:

Available Formats

3

You might also like