Wiki item: Glossary of Terms #368
0xRake
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
📗 Glossary of Terms for GlobalPlatformPro Wiki
ToC 🔖
AID (Application Identifier)
A unique identifier used to select applications on a smart card. It is a sequence of bytes used by GlobalPlatform to differentiate between various applets and applications stored on a card.
APDU (Application Protocol Data Unit)
A communication unit used for exchanging data between a smart card and a terminal. It consists of command and response messages, typically used for card operations like reading or writing data.
APDU-chat over Anything
A concept where APDU messages can be transmitted over various communication channels, not limited to traditional smart card readers. This allows APDUs to be exchanged over networks, USB, NFC, and more.
BIBO (Bytes in Bytes Out)
A term referring to data processing where the system outputs bytes in the same format as they were input. It emphasizes maintaining the integrity and structure of data during transmission.
BouncyCastle
An open-source cryptographic library for Java and C#. It provides implementations of cryptographic algorithms used in secure communications and smart card interactions. Often used in conjunction with Java-based tools like GlobalPlatformPro.
CAP File (Converted Applet File)
A file format used to store the bytecode of a Java Card applet after compilation. It is uploaded to the smart card to install and execute applets.
Card Manager
A GlobalPlatform application that manages the lifecycle of other applications on a smart card, such as installation, deletion, and security configurations. It acts as a control point for secure application management.
CPLC (Card Production Life Cycle) Data
Data that describes the manufacturing and personalization details of a smart card. It is used to identify a card’s origin and production status.
DAP (Data Authentication Pattern)
A mechanism for verifying the authenticity of a CAP file before installation on a smart card. It ensures that the applet code has not been altered.
DEK (Data Encryption Key)
A key used specifically for encrypting sensitive data during transmission between a smart card and an external system. It ensures that data remains confidential and cannot be read if intercepted.
DWIM (Do What I Mean)
A software design principle where the system tries to interpret the user's intentions and perform the expected action. It aims to improve usability by reducing the need for precise inputs.
Encryption Key
A cryptographic key used to convert plaintext into ciphertext to ensure that sensitive information is protected. In the context of smart cards, encryption keys are essential for maintaining the confidentiality of data during communication and storage.
FCI (File Control Information)
Information provided by a smart card in response to a SELECT command, used to describe the structure or content of a selected file or application.
GlobalPlatform (GP)
A standard and set of specifications for managing and personalizing applications on smart cards and secure elements. GlobalPlatform defines protocols and frameworks for security, card management, and interoperability.
GPcardKeys
A set of cryptographic keys used for secure interactions with GlobalPlatform-compliant smart cards. These keys manage authentication, encryption, and secure communication with the card.
HSM (Hardware Security Module)
A physical device that manages and protects digital keys for encryption, decryption, and authentication purposes. It ensures secure key storage and operations, often used in conjunction with smart cards for added security.
INS (Instruction Byte)
A part of an APDU command that specifies the action to be performed by the smart card, such as reading data or verifying a PIN.
ISD (Issuer Security Domain)
A security domain managed by the card issuer that is responsible for maintaining secure communication with external entities and managing other security domains on the card.
Key Diversification
A process that generates unique cryptographic keys for each smart card or user by applying algorithms to a master key. This enhances security by ensuring that each card has a distinct set of keys, minimizing the impact of a compromised key.
Key Set
A set of cryptographic keys used for secure communication between a card and a host system. It may include keys for encryption, decryption, and message authentication.
KISS (Keep It Simple, Stupid)
A design principle emphasizing simplicity in software and hardware systems. The idea is to avoid unnecessary complexity, making systems easier to understand, maintain, and use.
Lc (Length Command)
A field in an APDU command that specifies the length of data being sent to a smart card.
Le (Length Expected)
A field in an APDU command that indicates the length of the expected response from a smart card.
Load File
A package containing one or more applets that can be loaded onto a Java Card. It includes the CAP file and any associated metadata.
MAC (Message Authentication Code)
A code generated using a secret key and the message content to ensure the integrity and authenticity of the message. It verifies that the message has not been altered during transmission.
Maven
A build automation tool used primarily for Java projects. It manages project dependencies, builds, and deployment tasks, making it easier to manage complex Java projects like those that involve smart card development.
no-NIH (Not Invented Here)
A principle that encourages the use of existing solutions or tools rather than developing new ones from scratch. It helps avoid unnecessary work and leverages the maturity of existing technologies.
PACE (Password Authenticated Connection Establishment)
A protocol used to establish a secure channel between a smart card and a terminal using a password or PIN, enhancing communication security.
P1, P2
Parameter bytes used in APDU commands to provide additional details about the command operation. Their usage varies depending on the specific command.
PIN (Personal Identification Number)
A numerical code used for verifying the identity of a smart card holder, often required for access to certain card functionalities.
RAPDU (Response APDU)
The response message from a smart card after processing an APDU command, containing data and status words.
RSA (Rivest-Shamir-Adleman)
A cryptographic algorithm often used in smart card authentication and secure key exchange. It is part of many security protocols for smart cards.
SCP (Secure Channel Protocol)
A set of protocols defined by GlobalPlatform for establishing a secure communication channel between a card and a terminal. It ensures the confidentiality and integrity of transmitted data.
Secure Channel
A communication path that uses encryption and authentication to ensure that data exchanged between a smart card and a terminal remains private and secure. It prevents eavesdropping and unauthorized data tampering.
Security Domains
Logical areas on a smart card used to store and manage security keys, policies, and configurations. They enable secure management of different applets and applications on the card.
Supplementary Security Domains
Additional security domains on a smart card that offer enhanced management capabilities for specific applications or applets. They provide isolation between
Beta Was this translation helpful? Give feedback.
All reactions