| Concept | Definition |
| Accelerated Revocation | A key revocation performed on a date sooner than the published key expiry date. |
| Application | The application protocol between the card and the terminal and its related set of data |
| Application Authentication Cryptogram | An Application Cryptogram generated by the card when declining a transaction |
| Application Cryptogram | A cryptogram generated by the card in response to a GENERATE AC command |
| Authorisation Request Cryptogram | An Application Cryptogram generated by the card when requesting online authorisation |
| Authorisation Response Cryptogram | A cryptogram generated by the issuer in response to an Authorisation Request Cryptogram |
| Asymmetric Cryptographic Technique | A cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. |
| Authentication | The provision of assurance of the claimed identity of an entity or of data origin. |
| Block | A succession of characters comprising two or three fields defined as prologue field, information field, and epilogue field. |
| Byte | 8 bits. |
| Card | A payment card as defined by a payment system |
| Certificate | The public key and identity of an entity together with some other information, rendered unforgeable by signing with the private key of the certification authority which issued that certificate. |
| Certification Authority | Trusted third party that establishes a proof that links a public key and other relevant information to its owner. |
| Ciphertext | Enciphered information |
| Cold Reset | The reset of the ICC that occurs when the supply voltage (VCC) and other signals to the ICC are raised from the inactive state and the reset (RST) signal is applied. |
| Combined DDA/Application Cryptogram Generation | A form of offline dynamic data authentication |
| Command | A message sent by the terminal to the ICC that initiates an action and solicits a response from the ICC. |
| Compromise | The breaching of secrecy or security |
| Concatenation | Two elements are concatenated by appending the bytes from the second element to the end of the first. Bytes from each element are represented in the resulting string in the same sequence in which they were presented to the terminal by the ICC, that is, most significant byte first. Within each byte bits are ordered from most significant bit to least significant. A list of elements or objects may be concatenated by concatenating the first pair to form a new element, using that as the first element to concatenate with the next in the list, and so on. |
| Contact | A conducting element ensuring galvanic continuity between integrated circuit(s) and external interfacing equipment. |
| Cryptogram | Result of a cryptographic operation |
| Cryptographic Algorithm | An algorithm that transforms data in order to hide or reveal its information content |
| Data Integrity | The property that data has not been altered or destroyed in an unauthorised manner. |
| Deactivation Sequence | The deactivation sequence defined in section 6.1.5 of Book 1. |
| Decipherment | The reversal of a corresponding encipherment |
| Digital Signature | An asymmetric cryptographic transformation of data that allows the recipient of the data to prove the origin and integrity of the data, and protect the sender and the recipient of the data against forgery by third parties, and the sender against forgery by the recipient. |
| Dynamic Data Authentication | A form of offline dynamic data authentication |
| Embossing | Characters raised in relief from the front surface of a card. |
| Encipherment | The reversible transformation of data by a cryptographic algorithm to produce ciphertext. |
| Epilogue Field | The final field of a block. It contains the error detection code (EDC) byte(s). |
| Exclusive-OR | Binary addition with no carry, giving the following values |
| Financial Transaction | The act between a cardholder and a merchant or acquirer that results in the exchange of goods or services against payment. |
| Function | A process accomplished by one or more commands and resultant actions that are used to perform all or part of a transaction. |
| Guardtime | The minimum time between the trailing edge of the parity bit of a character and the leading edge of the start bit of the following character sent in the same direction. |
| Hash Function | A function that maps strings of bits to fixed-length strings of bits, satisfying the following two properties It is computationally infeasible to find for a given output an input which maps to this output It is computationally nfeasible to find for a given input a second input that maps to the same output. |
| Hash Result | The string of bits that is the output of a hash function. |
| Integrated Circuit Module | The sub-assembly embedded into the ICC comprising the IC, the IC carrier, bonding wires, and contacts |
| Integrated Circuit(s) | Electronic component(s) designed to perform processing and/or memory functions. |
| Interface Device | That part of a terminal into which the ICC is inserted, including such mechanical and electrical devices as may be considered part of it. |
| Kernel | The set of functions required to be present on every terminal implementing a specific interpreter. The kernel contains device drivers, interface routines, security and control functions, and the software for translating from the virtual machine language to the language used by the real machine. In other words, the kernel is the implementation of the virtual machine on a specific real machine |
| Key | A sequence of symbols that controls the operation of a cryptographic transformation. |
| Key Expiry Date | The date after which a signature made with a particular key is no longer valid. Issuer certificates signed by the key must expire on or before this date. Keys may be removed from terminals after this date has passed. |
| Key Introduction | The process of generating, distributing, and beginning use of a key pair |
| Key Life Cycle | All phases of key management, from planning and generation, through revocation, destruction, and archiving |
| Key Replacement | The simultaneous revocation of a key and introduction of a key to replaced the revoked one. |
| Key Revocation | The key management process of withdrawing a key from service and dealing with the legacy of its use. Key revocation can be as scheduled or accelerated |
| Key Revocation Date | The date after which no legitimate cards still in use should contain certificates signed by this key, and therefore the date after which this key can be deleted from terminals. For a planned revocation the Key Revocation Date is the same as the key expiry date. |
| Key Withdrawal | The process of removing a key from service as part of its revocation. |
| Keypad | Arrangement of numeric, command, and, where required, function and/or alphanumeric keys laid out in a specific manner. |
| Library | A set of high-level software functions with a published interface, providing general support for terminal programs and/or applications |
| Logical Compromise | The compromise of a key through application of improved cryptanalytic techniques, increases in computing power, or combination of the two. |
| Magnetic Stripe | The stripe containing magnetically encoded information |
| Message | A string of bytes sent by the terminal to the card or vice versa, excluding transmission-control characters. |
| Message Authentication Code | A symmetric cryptographic transformation of data that protects the sender and the recipient of the data against forgery by third parties. |
| Nibble | The four most significant or least significant bits of a byte. |
| Padding | Appending extra bits to either side of a data string. |
| Path | Concatenation of file identifiers without delimitation |
| Payment System Environment | The set of logical conditions established within the ICC when a payment system application conforming to this specification has been selected, or when a Directory Definition File (DDF) used for payment system application purposes has been selected. |
| Physical Compromise | The compromise of a key resulting from the fact that it has not been securely guarded, or a hardware security module has been stolen or accessed by unauthorised persons. |
| PIN Pad | Arrangement of numeric and command keys to be used for personal identification number (PIN) entry |
| Plaintext | Unenciphered information |
| Planned Revocation | A key revocation performed as scheduled by the published key expiry date. |
| Potential Compromise | A condition where cryptanalytic techniques and/or computing power has advanced to the point that compromise of a key of a certain length is feasible or even likely |
| Private Key | That key of an entity‘s asymmetric key pair that should only be used by that entity. In the case of a digital signature scheme, the private key defines the signature function. |
| Prologue Field | The first field of a block. It contains subfields for node address (NAD), protocol control byte (PCB), and length (LEN). |
| Public Key | That key of an entity‘s asymmetric key pair that can be made public. In the case of a digital signature scheme, the public key defines the verification function. |
| Public Key Certificate | The public key information of an entity signed by the certification authority and thereby rendered unforgeable. |
| Script | A command or a string of commands transmitted by the issuer to the terminal for the purpose of being sent serially to the ICC as commands. |
| Static Data Authentication | Offline static data authentication |
| Symmetric Cryptographic Technique | A cryptographic technique that uses the same secret key for both the originator‘s and recipient‘s transformation. Without knowledge of the secret key, it is computationally infeasible to compute either the originator‘s or the recipient‘s transformation. |
| Terminal | The device used in conjunction with the ICC at the point of transaction to perform a financial transaction. The terminal incorporates the interface device and may also include other components and interfaces such as host communications. |
| Terminate Card Session | End the card session by deactivating the IFD contacts according to section 6.1.5 of Book 1 and displaying a message indicating that the ICC cannot be used to complete the transaction |
| Transaction Certificate | An Application Cryptogram generated by the card when accepting a transaction |
| Virtual Machine | A theoretical microprocessor architecture that forms the basis for writing application programs in a specific interpreter software implementation |
| Warm Reset | The reset that occurs when the reset (RST) signal is applied to the ICC while the clock (CLK) and supply voltage (VCC) lines are maintained in their active state |
