7.2 Terminology

Account

A security database entry associating a principal with a key and other security-related information such as privileges.

Issuer

In this RFC series, an organization that purchases smart cards and issues them to its users for use in accessing the issuer's services or systems.

Dedicated file

A smart card file containing file control information and, optionally, memory available for allocation. It may be the parent of elementary files and/or dedicated files ISO 7816-4; roughly, a smart card ``file directory''.

EEPROM

Electrically Erasable Programmable Read-Only Memory.

Elementary file

A set of data units or records in the smart card that share the same identifier ISO 7816-4; roughly, a smart card ``file''.

File control information (FCI)

Logical, structural and security attributes of a file; a string of data bytes available in response to a SELECT FILE command ISO 7816-4.

FRAM

Ferro-Electric Random Access Memory.

GSM

Groupe Special Mobile; European digital cellular telephone standard, providing security services such as user authentication, traffic confidentiality, and key distribution.

IC

Integrated Circuit. A single circuit containing multiple transistors.

Interactive principal

A human user of a system. See ``principal''.

Key

A parameter used in conjunction with a cryptographic algorithm that determines:

• The transformation of plaintext data into ciphertext data,
• The transformation of ciphertext data into plaintext data,
• A digital signature, or
• A message authentication code.

Long-term key

A key that is used over a relatively long period of time. Compare with ``session key''. Each principal can have a unique long-term key that is used in authenticating a user or server claiming to be that principal. For interactive principals, the long-term key is derived from the user's password.

Master file

The mandatory unique dedicated file representing the root of the smart card file structure ISO 7816-4.

Message authentication code (MAC)

A cryptographic checksum, based on DES.

Noninteractive principal

A principal that is an instance of a company server, an instance of a company application server, a computer in a company cell, or a cell (more correctly, ``an Authentication Service surrogate''). See ``principal''.

Passivation layer

A layer of dielectric material covering the circuitry on a smart card that protects the chip from impurities and dust and prevents passage of radiation associated with probes, such as electron-beam microscopy. Often referred to as a ``seal''.

Password

A sequence of alphanumeric and punctuation characters entered by a user to authenticate to a computer system (including to a smart card).

PIN

Personal Identification Number; a 4 to 12 character alphanumeric code or password used to authenticate a person's identity, commonly used in banking applications. In connection with smart cards, this document uses the more general term ``password'' rather than ``PIN''.

Principal

An entity that is capable of believing that it can communicate securely with another entity. In a company Security, principals are represented as entries in the Registry database. See ``interactive principal'' and ``noninteractive principal''.

Session key

A random number generated to serve as a key for a specific transaction or set of transactions.

Smart card

A credit card-sized, tamper-resistant security device that relies on VLSI chip technology for information storage and information processing.

User

A person who attempts to access a computer system; a person who has been issued a smart card.

VLSI

Very Large Scale Integration; integration of thousands or more transitors on a single chip, enabling single-chip implementations of CPU, RAM, ROM, etc.