Smart Card Security Glossary

The information is provided as a service by the editor without any commercial purpose. Persons accessing this information assume full responsibility for the use of the information and understand and agree that the editor is not responsible or liable for any claim, loss or damage arising from the use of this information. The information published could include inaccuracies or typographical errors. Changes are periodically added to the information. If any information is not correct, please send a comment to the editor For comments, please contact : karsten.tietz@gdm.dea THE SMART CARD SECURITY GLOSSARY A5: The secret algorithm used in European cellular telephones [NCSA] Acceptance procedure: A procedure which takes objects produced during the development, producing and maintenance process for a Target of Evaluation and, as a positive act, places them under the controls of a Configuration Control. [ITSEC] Access control: A method of restricting access to resources, allowing only privileged entities access. Access control list: A list of entities, together with their access rights, which are authorised to have access to a resource. Access operation: Operation giving access to a location, to a service or to information within a card. e.g. lobby banking, inquiry services, card transaction history, etc. [INTAMIC] Account: A relationship between a financial institution and a customer. [INTAMIC] Accreditation: Has two definitions according to circumstances: The procedure for accepting an IT system for use within a particular environment The procedure for recognising both the technical competence and the impartiality of a test laboratory to carry out its associated tasks. [ITSEC] Acquirer: Institution (or its agent) which acquires from the card acceptor the financial data relating to the card transaction. [INTAMIC] Activation: A process which gives a card the required operational capability for the cardholder. Administration documentation: The information about a target evaluation supplied by the developer for use by an administrator. [ITSEC] Administrator: A person in contact with the target of evaluation who is responsible for maintaining its operational capability. [ITSEC] Algorithm: A specified mathematical process for computation; a set of rules which, if followed, will give a prescribed result. Anonymity: Of unknown or undeclared origin or authorship, concealing an entityís identification. [NCSA] Application: The protocol between the card and the terminal and its related set of data. [EMV] Application area: The activity in which a card can be used, e.g. Banking, Medical etc. [INTAMIC] Application area code: A code that identifies an application area. [INTAMIC] Application data field key: Key, only known to the ADF issuer and stored in an IC card for the purpose of authentication. [INTAMIC] Application data field type code: A code that denotes a specific type of instrument e.g. electronic cheque book, electronic purse, electronic wallet, electronic token facility, etc. [INTAMIC] Architectural design: A phase of the Development Process wherein the top level definition and design of a target of evaluation is specified. [ITSEC] Assets: Information or resources to be protected by the countermeasures of a TOE. [CC] Assignment: The specification of an identified parameter in a component. [CC] Assurance: Confidence that an entity meets its security objectives. [CC] Assurance profile: An assurance requirement for a TOE whereby different levels of confidence are required in different security enforcing functions. [ITSEC] Asymmetric: Do not need the same key on each end of a communication link. [NCSA] Asymmetric algorithm: This type of cryptographic operations uses one key for encryption of plain text and another key for decryption of associated cipher text. These two keys are related to each other and are called a Ñkey pairì. Asymmetric keys: A separate but integrated user key pair comprised of one publickey and one private key. Each key is one way, meaning that a key used to encrypt information can not be used to decrypt the same information. [NCSA] Asynchronous: Character-by-character or cell-by-cell or data unit-by-data unit transfer. Data units from any one source need not be periodically spaced within the overall data unit stream. [NCSA] Augmentation: The addition of one or more assurance component(s) from Part 3 to an EAL or assurance package. [CC] Authentication: The process of ensuring the identity of the connecting user or participants exchanging electronic data. Makes sure the person or server at either end of a connection is who they/it claim to be and not an impostor. [NCSA] Authentication data: Information used to verify the claimed identity of a user. [CC] Authorisation: A security process to decide whether a service can be given or not. [INTAMIC] Authorisation centre: A facility where authorisation can be carried out in case it cannot be done locally. [INTAMIC] Authorisation number: Specific number added to a card transaction in the authorisation process for audit trail purposes. [INTAMIC] Authorised administrator: A user to whom authorisation has been granted to perform administrative operation which may affect the enforcement of the TSP. [CC] Authorised user: A user who may, in accordance with the TSP, perform an operation. [CC] Authority keys: A key pair used in a public key system. [CC] Automatic signature checking: An automated means of checking the visual appearance of a signature, rather than the way in which it is written. Base: The carrier material used in the manufacture or identification cards. [INTAMIC] Bit: A binary digit. The smallest possible unit of information in a digital code. [Card World User Guide] Blind signature: The ability to sign documents without the knowledge of content; notary public. [NCSA] Block algorithms: See block cipher. Block: A string or group of bits that a block algorithm operates on; typical values are 40, 50, 64, 128, 512, 1024, Ö [NCSA] Block cipher: Algorithms that operate on plain text in blocks (strings or groups) of bits. [NCSA] Breach: A breakthrough in a wall of defence. Brute-force attack: Trying every possible key and checking whether the resulting plain text is meaningful. Byte: A sequence of eight bits usually operated on as a unit. [Card World User Guide] CA: See certification authority CAD: See Card Acceptor Device. CAPI: Cryptographic application programming interface Card: Medium according to ISO 7810, ISO 7811, ISO 7812 (ID-1) or GSM 11.11 (Plugin) used to carry information. Card acceptor: Party accepting the card after identification and authorisation for the provision of goods or services. [INTAMIC] Card acceptor device (CAD): The mechanism, a key component of reader/writer, into which an Integrated Circuit (IC) card is inserted. [Smart Card Forum] Card acceptor key: A key specific for each card acceptorí s card, only known to the acquirer and stored in the card acceptorís card. [INTAMIC] Card authentication: A security process which verifies the genuineness of a card. Card data integrity: A security process which authenticates changeable data together with fixed physical data, and in an additional step checks against unauthorised resetting to a former status. [INTAMIC] Card embedder: A manufacturer who assembles a card and integrated circuit. [INTAMIC] Card issuer: Institution which issues cards to cardholders. Card life cycle: The stages for a card from initial manufacturing to usage completion and destruction. [Smart Card Forum] Card management control: Auxiliary card handling by legitimated institutions (card system, card issuer, etc.) during the life cycle of the card.[INTAMIC] Card number: A number that uniquely identifies a card after issuing. Card production number: A number that uniquely identifies a card after embedding, and before issuing, it is the concatenation of the card embedder id and the integrated circuit serial number. Card reader: A machine capable of reading and/or writing to a card, such as Magnetic Stripe Card or Smart Card. Card recognition: The process of checking whether the card has the correct physical and electrical characteristics. [INTAMIC] Card supplier: A manufacturer of cards Card system code: A code used to identify a card system. [INTAMIC] Card system: A body establishing a set of rules for the issuance and usage of cards carrying its mark. [INTAMIC] Card transaction: A set of related data originated by card usage. [INTAMIC] Card transaction amount: The funds transferred between two parties in a transaction. [INTAMIC] Card transaction journal: A record of card transactions and relevant events. [INTAMIC] Card transaction limit: The maximum amount of a single card transaction that can be authorised within a given application data field. [INTAMIC] Card transaction sequence number: A consecutive number in a collection of card transaction. [INTAMIC] Card transaction type: A code defining the type of a card transaction. [INTAMIC] Card transfer key: A key used to protect the transport of cards. [INTAMIC] Cardholder: A person who legitimately holds a card to whom it has been issued. Cardholder identification: The process of checking whether the person presenting the card to the system is the legitimate holder. [INTAMIC] Cardholder identifier: Data defined by the card issuer, uniquely identifying a cardholder. [INTAMIC] CC: See Common Criteria CCITT: Consultative Committee for International Telegraphy and Telephony [NCSA] Central processing unit (CPU): The part of a computer which performs arithmetic and other computing functions (as opposed to the I/O or storage). [Card World User Guide] Certificate: Authentication information that may be stored in a file or conveyed during authentication procedures. The certificate will be provided by the certification authority. Certification: The issue of a formal statement confirming the results of an evaluation, and that the evaluation criteria used were correctly applied. [ITSEC] Certification authority (CA): An trusted authority to create and assign certificates. Certification body: An independent and impartial national organisation that performs certification. [ITSEC] Chip: A small square of thin, semiconductor material, such as silicon, that has been processed to have a specific set of electrical characteristics such as circuits, storage, and/or logic elements. Cipher system: See cryptosystem. Cipher: A system of secret writing based on a key, or set of predetermined rules or symbols [Webster] Clearing: The exchange of mutual claims by financial institutions with settlement of the net balance. [INTAMIC] Command: A message sent by a master to a slave that initiates an action and solicits a response from the slave. [EMV] Common criteria (CC): Common criteria for information technology security evaluation. Component: The smallest selectable set of elements that may be included in a PP, an ST, an EAL or a package. [CC] Confidentiality: The prevention of the unauthorised disclosure of information. [INTAMIC] Connection integrity: Assurance that the connection is not modified by unauthorised entities. [NCSA] Contactless card: An integrated circuit card that enables energy to flow between the card and the interface device without the use of contact. Instead, induction or highfrequency transmission techniques are used. [Smart Card Forum] Country code: Code as defined in ISO 3166. [INTAMIC] CPU: See central processing unit. CRC: See cyclic redundancy code. Credit transaction: A card transaction that increases the availability of funds to the cardholder. [INTAMIC] Cryptoanalysis: The science to investigate the possibilities to break cryptosystems. Can also be used to test the strength of an cryptographic method. Cryptogram: Result of a cryptographic operation. [EMV] Cryptography: The science of cryptographic operations. Cryptographic algorithm: An algorithm that transforms data in order to hide or reveal its information content. [EMV] Cryptographic key: A sequence of symbols that controls cryptographic operations. Cryptographic operation: Typical cryptographic operations include data encryption and/or decryption, digital signature generation and/or verification, cryptographic checksum generation for integrity and/or verification of checksum, secure hash (message digest), cryptographic key encryption and/or decryption, and cryptographic key agreement. [CC] Cryptology: Cryptography + Cryptoanalysis Cryptosystem: Systems using cryptography to ensure security of an application (i.e. confidentiality, integrity, authenticity, ...). Cryptosystems consist of cryptographic functions, sets of keys, which are the parameters for these functions and protocols. Currency code: The ISO code identifying the currency (ref. ISO 4217).[INTAMIC] Cyclic redundancy code (CRC): Error prevention technique based on the 'polynomial' Data: Digital information or just information depending on the context. [NCSA] Data encryption algorithm (DEA): A symmetric cryptographic algorithm for encrypting data that is an ANSI standard. The algorithm is a key driven and reversible process. Also referred to as the Data Encryption Standard (DES) [Smart Card Forum] Data encryption standard (DES): See data encryption algorithm. Data integrity: The property that data has not been altered or destroyed in an unauthorised manner. [EMV] DEA: See data encryption algorithm. Debit transaction: A card transaction that decreases the availability of funds to the cardholder. [INTAMIC] Decipherment: The reversal of a previous reversible encipherment, rendering cipher text intelligible. (limited to security aspects) [INTAMIC] Decoding: See decipherment. (limited to security aspects) Decryption: See decipherment. Derived key: Key generated by a defined algorithm from a given key. [INTAMIC] DES: See data encryption standard. Developer: The person or organisation that manufactures a Target of Evaluation. [ITSEC] Developer security: The physical, procedural and personnel security controls imposed by a developer on his Development Environment. [ITSEC] Development environment: The organisation measures, procedures and standards used whilst constructing a Target of Evaluation. [ITSEC] Development process: The set of phase and tasks whereby a Target of Evaluation is constructed, translating requirements into actual hardware and software. [ITSEC] Dictionary attacks: A calculated brute force attack to reveal a secret by trying obvious and logical combinations of data. Digital signature: An asymmetric cryptographic operation of data that allows the recipient of the data to prove the origin and integrity of the data, and protect the sender and the recipient of the data against forgery by third parties, and the sender against forgery by the recipient. Digital signature algorithm (DSA): Asymmetric algorithm published by the NIST as federal information processing standard (FIPS) in 1991 and revised in 1993. This algorithm only provides digital signature function. Digital signature scheme (DSS): A standard for digital signing, including the DSA, approved by the NIST, defined in NIST FIPS PUB 186, published May 1994 by the US Dept. of Commerce. Diversified key: The combination of a derived key and a given additional data. DSA: See digital signature algorithm. DSS: See digital signature scheme. EAL: See evaluation assurance level: ECC: See elliptic curve cryptosystem. EEPROM: Electrically erasable programmable read only memory. A non-volatile memory technology where data can be electrically erased and rewritten. [Smart Card Forum] EES: See escorted encryption standard. Effectiveness: A property representing how well it provides security in the context of its actual or proposed operational use. EFT: Electronic Fund Transfer. EFTPOS: Electronic fund transfer at point of sale. Any payment by a user at an Acceptor that is processed electronically. [Smart Card Forum] Electronic cheque book: An instrument represented by an application data field, for effecting post-paid card transactions. It requires cardholder identification.[INTAMIC] Electronic purse: An instrument, represented by an application data field, for effecting prepaid card transactions, normally for small amounts. Cardholder identification is not mandated. Electronic token facility: A prepaid instrument, represented by an application data field, expressed in units of consumption. [INTAMIC] Electronic wallet: An instrument, represented by an application data field, for effecting prepaid card transactions, normally for larger amounts. It requires cardholder identification. [INTAMIC] Elliptic curve cryptosystem (ECC): Public-key schemes and algorithms using elliptic curves mathematical theory. EMV: Integrated circuit card specification for payment systems by Europay MasterCard and Visa Encipherment: The rendering of plain text unintelligible by means of an encoding mechanism. (limited to security aspects) [INTAMIC] Encoding: See encipherment. (limited to security aspects) Encryption: See encipherment. Entity authentication: The corroboration that an entity is the one claimed. Escorted encryption standard (EES): A proposed US government standard for escorting private keys. Evaluation: Assessment of an IT system or product against defined criteria. [CC] Evaluation assurance level (EAL): A predefined set of assurance components from Part 3 (of the CC) that represents a point on the CC assurance scale. [CC] Evaluation authority: A body which implements the criteria for a specific community by means of an evaluation scheme and thereby sets the standards and monitors the quality of evaluation conducted by bodies within that community. [CC] Evaluation scheme: The administrative and regulatory framework under which the criteria are applied by an evaluation authority within a specific community. [CC] Expiration date: The time beyond which a card, account, or application is not available for transaction use, unless an exception process is used to gain permission. [Smart Card Forum] Family: A grouping of components which share security objectives but may differ in emphasis or rigour. [CC] Financial institution: An establishment dealing with the management and/or issuance of cash or other payment instruments. [INTAMIC] Firewall: A combination of hardware and software that protects the perimeter between objects against certain attacks, to ensure some degree of security. Floor limit: A card transaction limit beyond which an authorisation is required. [INTAMIC] Formal: Expressed in notation bases on well-established mathematical concepts. [CC] Formal model of security: An underlying model of security policy expressed in a formal language and style, an abstract statement of the important principles of security that TOE will enforce. [ITSEC] Function unit: A functionally distinct part of a basic component. [ITSEC] Functionality class: A predefined set of complementary security enforcing functions capable of being implemented in a Target of Evaluation. [ITSEC] GSM: Global system for mobile communication Hacker: Malicious user of computers and networks, who attempts to gain unauthorised access to files in various systems. Hash function: A one-way transformation that converts an arbitrary amount of data into a fixed length digest. IC: See integrated circuit. ICC: See integrated circuit card. Identification card: Card identifying its holder and issuer which may carry data required as input for the intended use of the card and for transactions based thereon. [ISO 7810] Identifier: Data which uniquely allow reference to an entity. [INTAMIC] Identity: A method for identifying the user, which can either be the real name of that user or a pseudonym. [CC] IFD: Interface Device Implementation: A phase of the Development Process wherein the detailed specification is translated into actual hardware and software. Insider attacks: Insider attacks occur when legitimate users of a system behave in unintended or unauthorised ways. Intamic: International Association. For Microcircuit Cards. [INTAMIC] Integrated circuit(s) (IC): Electronic component(s) designed to perform processing and/or memory functions contained on a single chip. Integrated circuit(s) card (IC card, ICC): A Card into which has been inserted one or more ICs. Integrated circuit manufacturer identifier: Data identifying the source of an IC embedded in a card. [INTAMIC] Integrated circuit module: The sub-assembly embedded into the ICC comprising the IC, the IC carrier and contacts. Integrated circuits serial number: A number, common to all IC in a lot, corresponding to a particular place in the mask (used in the manufacturing process). [INTAMIC] Integrity: The prevention of the unauthorised modification of information. [ITSEC] Integrity of a message flow: A message cannot be inserted or removed from a message flow without being notified. Interface device: Any terminal, communication device or machine to which the IC card is electrically connected during operation. [INTAMIC] Internal transfer: A card transaction used to transfer fund from one application data field to another within the same IC card. [INTAMIC] IT: Information technology ITSEC: Information Technology Security Evaluation Criteria. ITU-T: Previous CCITT Kerberos: A trusted-third party authentication protocol developed at MIT. Key: See cryptographic key. Key exchange: The process for getting session keys into the hands of the conversants [NCSA] Key management: The process by which cryptographic keys are provided for use between authorised communicating parties. Language code: Code denoting the preferred language to be used to communicate with the cardholder. [INTAMIC] Logical recognition: A process that verifies that a logical connection between an IC card and a terminal has been established. [INTAMIC] MAC: See message authentication code. Masquerade: A masquerade is where one party pretends to be a different party. A masquerade is usually used with some form of an active attack such as replay and modification of messages or data. Master key: Root of the derivation chain for keys. MD5 : Secure hashing function with 128-bit long digest, proposed by R. Rivest. Message: The smallest meaningful collection of information transmitted from sender to receiver. This information may consist of one or more card transactions or card transaction related information. [INTAMIC] Message authentication code (MAC): A MAC is a message digest appended to the message itself . The MAC cannot be computed or verified unless a secret is known. It is appended by the sender and verified by the receiver which is able to detect a message falsification. Multi application card: A card that can support more than one application. Multipurpose IC card: An IC card that permits the use of several application data fields for one or more issuers. [INTAMIC] Negative file: A list of identifiers used to block the corresponding cards. [INTAMIC] Non volatile memory: A semiconductor memory that retains its content when power is removed. (i. e. ROM, EEPROM) [Smart Card Forum] Non-repudiation: The author of a message cannot deny an operation Offset: A number that mathematically relates a calculated identification code to a cardholder PIN.[INTAMIC] Oktoberfest: This is not a new Smart Card attack name, but a traditional Bavarian bier party. Security terms are definitely not applicable in this context. Prost. Operating procedure: A set of rules defining correct use of a Target of Evaluation. [ITSEC] Operational documentation: The information produced by the developer of a Target of Evaluation to specify and explain how customers should use it. [ITSEC] Operational environment: The organisation measures, procedures and standards to be used whilst operating a Target of Evaluation. [ITSEC] Padding: Appending extra bits to either side of a data string up to a predefined length Payment: A card transaction that results in the transfer of funds in exchange for the provision of goods or services. Payment system: A service that moves messages among subscribers and also effects settlements for those messages that constitute funds transfer card transactions. Remark: was quoted as Ñpayment serviceì (typing error). [INTAMIC] Personal identification number (PIN): The secret code used to authenticate a cardholder. [INTAMIC]. PI: Personal identification PI data: Information related to a cardholder and used by a PI system. [INTAMIC] PIN: See personal identification number. PIN activation: The process which enables the PIN to be used within an interchange card transaction network. [INTAMIC] PIN issuer: The institution within a card transaction interchange network that issues identification and authentication information on a cardholder. [INTAMIC] PI retry count: The number of consecutive unsuccessful PI data inputs by the cardholder. [INTAMIC]. PI system: A technique used to confirm the identity of a cardholder. [INTAMIC] PKI: See public key infrastructure. Plain text: Clear text. The readable data or message before it is encrypted. [NCSA] Plugin: Detachable device according to GSM 11.11. Point of payment: The place where payments are made for services or goods. [INTAMIC] Point of sale (POS): The place where two parties agree on the purchase of services or goods. It may also include a point of payment. N.B.: This term might be replaced by Ñpoint of serviceì in the near future. [INTAMIC] Portable electronic file: A portable instrument located in an IC card. Offering data storage, retrieval and control capabilities. [INTAMIC] POS: See point of sale. Positive file: A complete record of activated cards for monitoring and control purposes. [INTAMIC] Post-paid: Indicates a payment after receipt of card transaction. [INTAMIC] PP: See protection profile. Prepaid: Indicates a payment in advance. [INTAMIC] Private key: The privately held ìsecretî component of an integrated asymmetric key pair. [NCSA] Protection profile (PP): An implementation-independent set of security requirements for a category of TOEs which meet specific consumer needs. [CC] Protocol: The procedures that are used by two or more computer systems so they can communicate with each other. [NCSA] Public key: The public component of an integrated asymmetric key pair. Public key certificate: The public key information of an entity signed by the certification authority and thereby rendered unforgettable. [EMV] Public key infrastructure (PKI): A widely available and accessible certificate system for obtaining an entity's public-key, with some degree of certainty that you have the "right" key, and it has not been revoked. Public key system: A cryptographic method using pairs of keys, one of which is secret and one is public. If encipherment is done using the public key, decipherment requires application of the corresponding secret key and vice-versa. [INTAMIC] Purchasing power: The maximum amount up to which card transactions are guaranteed by the settlement institution. [INTAMIC] RAM: See random access memory. Random access memory (RAM): A volatile memory randomly accessible used in the IC that requires power to maintain data. Random number: A collection of digits that has equal probability of being selected from the total population of possibilities. [INTAMIC] Read only memory (ROM): Non volatile memory that is written once, usually during IC production. It is used to store operating systems and algorithms employed by the semiconductor in an integrated circuit card during transactions. Remote banking: Employing electronic facilities to use bankís services from a remote location. [INTAMIC] Replay attack: A replay attack occurs when a message, or a part of a message, is repeated to produce an authorised effect. Response: A message returned by the slave to the master after the processing of a command received by the slave. Revolving credit: An ability to renew a given credit. [INTAMIC] ROM: See read only memory. RSA : Asymmetric algorithm invented by Ron Rivest, Adi Shamir, and Len Adleman. It is used in public-key cryptography and is based on the fact that it is easy to multiply two large prime numbers together, but hard to factor them out of the product. Secret: Information which must be known only to authorised users and/or the TSF in order to enforce a specific SFP. [CC] Secure electronic transactions (SET): Provides for secure exchange of credit card numbers over the internet. Secure hash algorithm (SHA): Hash function developed by the NIST and published as a federal information processing standard in 1993. Secured message: A message that is protected against illegal alteration or origination. [INTAMIC] Security: The combination of confidentiality, integrity and availability. [ITSEC] Security attribute: Information associated with subjects, users and/or objects which is used for the enforcement of the TSP. [CC] Security enforcing: That which directly contributes to satisfying the security objectives of the Target of Evaluation. [ITSEC] Security field: A field added to a message to contain a special code for security. [INTAMIC] Security function (SF): A part or parts of the TOE which have to be relied upon for enforcing a closely related subset of the rules from the TSP. [CC] Security function policy (SFP): The security policy enforced by a SF. [CC] Security mechanism: The logic or algorithm that implements a particular security enforcing or security relevant function in hardware and software. [ITSEC] Security objectives: A statement of intent to counter identified threats and/or satisfy identified organisation security policies and assumptions. [CC] Security relevant: That which is not security enforcing, but must function correctly for the Target of Evaluation to enforce security. [ITSEC] Security target (ST): A set of security requirements and specifications to be used as the basis for evaluation of an identified TOE. [CC] Seed key: A key used to generate a key. [INTAMIC] Semiformal: Expressed in a restricted syntax language with defined semantics. [CC] Service code: Code indicating the restrictions placed on the availability of a service. [INTAMIC] Session key: Temporarily key (derived, diversified or other), which will be exchanged between two communication partners. SET: See secure electronic transactions. Settlement institution: Institution accepting responsibility for reimbursing the acquirer, card issuer or intermediate network facility for a completed card transaction. [INTAMIC] SF: See security function. SFP: See security function policy. SHA: See secure hash algorithm. SHA-1: 1994 revision to SHA which is considered more secure. [NCSA] Singlepurpose IC card: An IC card that permits the use of only one application. SIM: Subscriber identification module. A Smart Card having a shape in accordance with ISO 7812 (ID 0). Smart Card: A Smart Card is an ICC. Spoofing: Commonly used technique to break inside a network. The packets are build so that they seem to come from inside the network whereas they come from the outside. This kind of attack can be blocked by firewalls. ST: See security target. Strength of mechanisms: An aspect of the assessment of the effectiveness of a Target of Evaluation, namely the ability of its security mechanisms to withstand direct attack against deficiencies in their underlying algorithms, principles and properties. [ITSEC] Subject: An active entity, generally in the form of a person, process, or device. [ITSEC] Symmetric algorithm: This type of cryptographic operations uses the same key or set of keys for encryption of plain text and decryption of associated cipher text. System: A specific IT installation, with a particular purpose and operational environment. [ITSEC]/[CC] System security policy: The set of laws, rules and practices that regulate how sensitive information and other resources are managed, protected and distributed within a specific system. [ITSEC] Tamper resistance: The physical capability of components within a system to withstand external attack and, if necessary, to destroy any confidential information contained therein. Target of evaluation (TOE): An IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation. [CC] Technical security policy: The set of laws, rules and practices regulating the processing of sensitive information and the use of resources by the hardware and software of an IT system or product. [ITSEC] Terminal: The device used in conjunction with the CAD at the point of transaction. Third party: A security authority trusted by other entities with respect to security related activities. TOE: See target of evaluation. TOE resource: Anything useable or consumable in the TOE. [CC] TOE security functions (TSF): A set which is constituted by all parts of the TOE which have to be relied upon for enforcement of the TSP. [CC] TOE security functions interface (TSFI): A set of interfaces, whether interactive (manmachine interface) or programmatic (application programming interface), through which TOE resources are accessed, mediated by the TSF, or information is obtained from the TSF. [CC] TOE security policy (TSP): A set of rules that regulate that how assets are managed protected and distributed within a TOE. [CC] Transmission network: A set of facilities for data communication. [INTAMIC] Trapdoor: A trapdoor is a hidden unauthorised software or hardware mechanism that may be triggered to allow the system security features to be bypassed. Triple DES (3DES): An encryption configuration in which the DES algorithm is used three times. Trojan horse: When a software program that performs a legitimate function contains a hidden unauthorised function that exploits the legitimate function, the unauthorised function is called Trojan Horse. Trust: A firm belief or confidence in the honesty, integrity, justice, reliability, etc., of a person, company, etc. [NCSA] Trusted channel: A means by which two TSFs can communicate with necessary confidence to support the TSP.[CC] Trusted path: A means by which a user and a TSF can communicate with necessary confidence to support the TSP. [CC] TSF: See TOE security functions. TSFI: See TOE security functions interface. TSP: See TOE security policy. Validation: The process of proving the integrity of a message, or selected parts of a message. [INTAMIC] Volatile memory: A semiconductor memory that does not retain its content when power is removed. (i. e. RAM) [Card World User Guide] Vulnerability: A security weakness. X.509v3: ITU-T digital certificate. The internationally recognised electronic document used to prove identity and public key ownership over a communication network. It contains the iss uer's name, user's identifying information, and issuer's digital signature. [NCSA] Zero knowledge proof : Interactive protocol which allows Alice to prove to Bob that she knows a secret without giving Bob any information to discover it.