In the corporate environment, contactless technology is used in access control (physical), network logon (logical) and for authenticating a document, an email, a file or any form of written communication with a digital signature, certificate, password or cryptographic key (Public & Private Key Infrastructure).
In secure identification applications, contactless technology is often married with biometric identifiers storing the template of a fingerprint, facial image, blood veins pattern of a hand or iris scan in the memory of the RFID chip. For example, at security checkpoints in an airport, contactless smart cards can be used to enable faster passage of “registered travelers” or “frequent travelers” through special security lanes. The biometric kiosks equipped with an RFID reader compare the image presented by the traveler to data stored on the contactless smart card to verify that the traveler is the same person.
In a move towards greater border control, travel documents need to be tamper-proof machine—readable passports (MRP) that incorporate contactless IC chips, as well as biometric identifiers that comply with standards established by ICAO (International Civil Aviation Organization).
Chip-based contactless smart cards and keychain fobs loaded with payment applications are used by commuters in mass transit to pay fares. To conduct the transaction the commuter simply taps their contactless card on a reader which deducts the price of the ticket or fare from the stored value in the memory of the RFID chip. This Tap-and-Go technology is also used in convenience stores, cafes, pharmacies and movie theaters to make low-value purchases that don't require a cardholder signature. Contactless electronic payment applications also include vending, ticketing, parking, toll collection and redemption of vouchers, points or coupons earned from a merchant loyalty program.
In another example, a consumer can load cash to the electronic purse of the contactless smart card via Internet banking, and while still connected to the PC use the stored value to pay for online products or services. Equally, a consumer can load electronic cash to the contactless smart card and use the e-cash at participating merchants to pay for goods and services.
NFC (Near Field Communication) enabled devices, including mobile phones, have contactless chips that can function like payment cards and download ticketing and other information from chip embedded “smart posters”. Mobile telephones are also used for small value purchases, to pay for parking meters, taxi fares and vending machine items.
Contactless chip card technology is based on two standards: ISO/IEC 14443 Type A and Type B (for proximity cards), and ISO/IEC 15693 (for vicinity cards). Cards that comply with these standards operate at the 13.56 MHz frequency. ISO/IEC 14443 products have a range of up to 10 cm (centimeters), while ISO/IEC 15693 products can operate at a range between 50 and 70 cm.
In the above applications the contactless smart card or fob is a passive device and a separate entity to the RFID reader. In standard use, the reader is a stationary device connected to a PC or integrated into a terminal or kiosk.
Portable mobile handheld readers with multiple interfaces are known. See, for example, standard POS terminals from Hypercom (www.hypercom.com) and Ingenico (www.ingenico.com).
For example, conventional POS (Point of Sale) terminals are used by merchants to charge an amount owed on purchases by swiping a credit card or inserting a contact/contactless smart card and by entering a PIN (personal identification number) into the reader, then seeking clearance of payment by communicating in wireless mode with the network which dials up the respective payment clearing center or trust center for acceptance of the purchase amount. These devices are handheld and portable, but are not well suited for carrying around in your pocket, because of their weight (approximately 700 grams) and size (bulky, because of their requirement for battery power). The wireless interface is for communicating with a central server over the Wi-Fi network in a store, for authorization of a credit card payment.
Handheld readers are also used for ID verification in mobile applications such as;                Employee ID in large restricted areas (e.g. airports, seaports, military bases and ships) and attended access control gates        Cross border control to authenticate travel documents (e-Passport and Visa) from a citizen of any nation        National ID to verify a holder of a government ID card        
These handheld readers support several types of cards; contact (ISO 7816), contactless (ISO 14443 type A/B, MIFARE, DESFire) and incorporate a biometric fingerprint sensor (3-D capacitive) to authenticate the employee's or citizen's fingerprint against the fingerprint template stored on the card and to display his/her credentials along with results. Using the wireless communication interface (via a standard access point), the reader obtains constant access to updated information on the database servers. The reader can also communicate with the servers through cellular technologies like GSM (GPRS) or CDMA.
The company Labcal in Canada is working in this area. See http://www.labcal.com/. For example, Labcal's Be.U Mobile SMC-800 MCW is a handheld unit for checking the identity of an employee in large restricted areas. The employee's credentials, including a biometric template of his or her fingerprint is stored in the memory of the ID chip card or contactless card. The access control guard simply inserts the card into the handheld unit and all information pertaining to the individual is shown on the display. The guard can also scan a live fingerprint and compare it with the template stored in the memory of the chip card. This handheld unit has also a wireless interface and can communicate with a central server to check the current status of his or her contract and areas of admission or restriction in the facility. It can also be used for cross border control.
Labcal's new rugged mobile reader is algorithm agnostic and can be used with existing AFIS systems. Moreover, the Be.U Mobile performs 1:1 matching with an ID document, contact or contactless card and 1:N matching by storing the fingerprint templates and the credentials in the reader or on a server. The reader communicates wirelessly with the server via Wi-Fi, GSM or CDMA. The Be.U Mobile is also available with an embedded bar code scanner which allows 1D and 2D bar code decoding.
In these remote ID verification applications, the mobile handheld readers are held by access control guards, law enforcement personnel & police, and not by the citizen nor by the employee. The handheld readers are only used to check the credentials of the individual. The contactless smart card carried by the person in question is not an integral part of the handheld reader. The individual is in no position to authorize a transaction using the biometric identifier in the handheld, nor can the individual download e-money, value or content from an Internet-connected PC to the contactless smart card. In short, the handheld readers with multiple interfaces for identification verification and point-of-sale are not pocket size devices, nor do they allow the consumer, citizen or employee to have control over identification, authentication, memory storage and “pay-as-you-go” applications.
Pay-By-Touch
“Pay-By-Touch” technology allows consumers the option of paying for groceries using a finger scan linked to their bank account. The “Pay-By-Touch” system scans customers' fingerprints at the point of sale terminal and links the image with an electronic wallet which holds financial and loyalty program data, eliminating the need to carry cards, cash or a check book.
Vehicle Immobilizers
Most vehicles today have an electronic immobilizer for protecting a vehicle against unauthorized use. In such devices, the inductive key/steering-column lock communication channel constitutes a very short-range radio transmission link operating at around 125 KHz (low frequency) which deactivates the immobilizing function when the electronic key is inserted into the steering-column lock. The ensuing check of a use authorization code stored in the key transponder confirms that the key is the one authorizing the use of the vehicle. The communication is between an RFID reader mounted in the steering-column lock and the vehicle key with transponder constituting the electronic immobilizer, moreover with the additional function of remote control. The transponder device is often packaged in a glass tube or plastic brick for integration in the vehicle key housing.
Contact Interfaces
As used herein, “contact interfaces” (or “mechanical interface”) refers to mechanical (wired) connections between one device and another, such as via a cable or inserting a module into a socket. The following are examples of contact interfaces and/or devices that typically connect via a contact interface.    USB Short for “Universal Serial Bus”. USB is a serial bus standard (standardized communications protocol) that enables data exchange between electronic devices. USB supports data transfer rates of up to 12 Mbps (megabits per second). A single USB port can be used to connect up to 127 peripheral devices, such as mice, modems, and keyboards. USB also supports plug-and-play installation and “hot plugging”. USB is expected to completely replace serial and parallel ports. Hi-Speed USB (USB 2.0) similar to FireWire technology, supports data rates up to 480 Mbps.    Ethernet A local-area network (LAN) architecture developed by Xerox Corporation in cooperation with DEC and Intel in 1976. Ethernet uses a bus or star topology and supports data transfer rates of 10 Mbps. The Ethernet specification served as the basis for the IEEE 802.3 standard, which specifies the physical and lower software layers. Ethernet uses the CSMA/CD access method to handle simultaneous demands. It is one of the most widely implemented LAN standards. A newer version of Ethernet, called 100Base-T (or Fast Ethernet), supports data transfer rates of 100 Mbps. And the newest version, Gigabit Ethernet supports data rates of 1 gigabit (1,000 megabits) per second.    IEEE 1394 IEEE 1394 (also known as FireWire® and iLINK™) is a high-bandwidth isochronous (real-time) interface for computers, peripherals, and consumer electronics products such as camcorders, VCRs, printers, PCs, TVs, and digital cameras. With IEEE 1394-compatible products and systems, users can transfer video or still images from a camera or camcorder to a printer, PC, or television (TV), with no image degradation.    SD Short for “Secure Digital”. SD is a technology standard for providing portable devices with non-volatile memory/storage and peripheral I/O expansion capability. On some devices this standard is implemented in the form of SD memory expansion cards, used to store digital information like applications, databases, photos, text, audio, video or MP3 music files, and an SD/SDIO expansion slot. The SD standard makes it possible to transfer information between devices that support SD expansion cards (e.g. transfer photos between a digital camera and a PDA by exchanging the SD expansion card), assuming both devices support the file format used for the transferred information (e.g. JPEG image file).    SDIO Short for “Secure Digital Input/Output”. SDIO is a part of the SD memory specification. It enables I/O (input/output) expansion for add-ons such as serial, modem, camera or GPS (global positioning system) cards. Whereas SD is only used for storage expansion cards, an SDIO capable expansion slot can also support SD expansion cards, while an SD-capable slot may not support an SDIO expansion card.    SIM Short for “Secure Identity Module” or “Subscriber Identification/Identity Module”. A SIM card inscribed with a customer's information and designed to be inserted into any mobile telephone. Usually SIM card phones work by GSM technology. The SIM card contains a user's GSM mobile account information.
SIM cards are portable between GSM devices—the user's mobile subscriber information moves to whatever device houses the SIM.    ISO 7816 ISO7816 defines specification of smart card contact interface IC chip and IC card. The main ISO standard relating to smart cards is ISO 7816: “Identification cards: integrated circuit cards with contacts”.Wireless Interfaces
As used herein, “wireless interfaces” refers to ultra-high radio frequency (RF) connections between one device and another, typically over a moderate distance, such as up to 100 meters, and in some cases (such as WiMAX) over long distances such as 50 km. The following are examples of wireless interfaces and/or devices that typically connect via a wireless interface.    Wireless Technology that allows a user to communicate and/or connect to the Internet or mobile phone networks without physical wires. Wi-Fi, Bluetooth®, CDMA and GSM are all examples of wireless technology.    Wi-Fi Short for “Wireless Fidelity”. Wireless technology, also known as 802.11b, enables you to access the Internet, to send and receive email, and browse the Web anywhere within range of a Wi-Fi access point, or HotSpot.    Bluetooth A wireless technology developed by Ericsson, Intel, Nokia and Toshiba that specifies how mobile phones, computers and PDAs interconnect with each other, with computers, and with office or home phones. The technology enables data connections between electronic devices in the 2.4 GHz range at 720 Kbps (kilo bits per second) within a 10 meter range. Bluetooth uses low-power radio frequencies to transfer information wirelessly between similarly equipped devices.    UWB is short for “Ultra Wide Band”. UWB is a wireless communications technology that transmits data in short pulses which are spread out over a wide swath of spectrum. Because the technology does not use a single frequency, UWB enjoys several potential advantages over single-frequency transmissions. For one, it can transmit data in large bursts because data is moving on several channels at once. Another advantage is that it can share frequencies, which is used by other applications because it transmits only for extremely short periods, which do not last long enough to cause interference with other signals.    WLAN Short for “wireless local-area network”. Also referred to as LAWN. A WLAN is a type of local-area network that uses high-frequency radio waves rather than wires for communication between nodes (e.g., between PCs).    IEEE 802.11 The IEEE standard for wireless Local Area Networks (LANs). It uses three different physical layers, 802.11a, 802.11b and 802.11g.    WiMAX short for Worldwide Interoperability for Microwave Access. (IEEE 802.16) WiMAX is a standards-based wireless technology that provides high-throughput broadband connections over long distances, such as several kilometers (up to 50 km with direct line-of-sight, up to 8 km without direct line-of-sight). WiMAX can be used for a number of applications, including “last mile” broadband connections, hotspots and cellular backhaul, and high-speed enterprise connectivity for business.Contactless Interfaces
As used herein, “contactless interfaces” refers to high radio frequency (RF) connections between one device and another, typically over a very short distance, such as only up to 50 cm. The following are examples of contactless interfaces and/or devices that typically connect via a contactless interface.    ISO 14443 ISO 14443 RFID cards; contactless proximity cards operating at 13.56 MHz with a read/write range of up to 10 cm. ISO 14443 defines the contactless interface smart card technical specification.    ISO 15693 ISO standard for contactless integrated circuits, such as used in RF-ID tags. ISO 15693 RFID cards; contactless vicinity cards operating at 13.56 MHz with a read/write range of up to 100 cm. (ISO 15693 is typically not used for financial transactions because of its relatively long range as compared with ISO 14443.)    NFC Short for “Near Field Communication”. NFC is a contactless connectivity technology that enables short-range communication between electronic devices.
If two devices are held close together (for example, a mobile phone and a personal digital assistant), NFC interfaces establish a peer-to-peer protocol, and information such as phone book details can be passed freely between them. NFC devices can be linked to contactless smart cards, and can operate like a contactless smart card, even when powered down. This means that a mobile phone can operate like a transportation card, and enable fare payment and access to the subway. NFC is an open platform technology standardized in ECMA (European Computer Manufacturers Association) 340 as well as ETSI (European Telecommunications Standards Institute) TS 102 190 V 1.1.1 and ISO/IEC 18092. These standards specify the modulation schemes, coding, transfer speeds, and frame format of the RF interface of NFC devices, as well as initialization schemes and conditions required for data collision-control during initialization—for both passive and active modes.    RFID Short for “Radio Frequency Identification”. An RFID device interacts, typically at a limited distance, with a “reader”, and may be either “passive” (powered by the reader) or “active” (having its own power source, such as a battery).Wireless Versus Contactless Interfaces
Wireless and Contactless are two types of radio frequency (RF) interfaces. In a most general sense, both are “wireless” in that they do not require wires, and that they use RF. However, in the art to which this invention most nearly pertains, the terms “wireless” and “contactless” have two very different meanings and two very different functionalities.
The wireless interfaces of interest in the present invention are principally WLAN, Zigbee, Bluetooth and UWB. These wireless interfaces operate at a distance of several meters, generally for avoiding “cable spaghetti” for example, Bluetooth for headsets and other computer peripherals. WLAN is typically used for networking several computers in an office.
The contactless interfaces of interest in the present invention are principally RFID contactless interfaces such as ISO 14443, 15693 and NFC. RFID operates at a maximum distance of 100 cm for the purpose of identification in applications such as access control. In a payment (financial transaction) application, the distance is restricted to 10 cm. For example, a contactless RFID smart card protocol according to ISO 14443 can be used for private, secure financial transactions in “real world” applications such as payment at a retailer.
Wireless and contactless use different communications protocols with different capabilities and are typically used for very different purposes. Note, for example, that 100 cm (ISO 15693, an RFID contactless protocol) is considered to be too great a distance to provide appropriate security for (contactless) financial transactions. But 100 cm would not be enough to provide a (wireless) network between office computers! Additionally, generally, contactless technology is primarily passive (having no power source of its own), deriving power to operate from the electromagnetic field generated by a nearby reader. Also, contactless technology, using the smart card protocol, is used for secure identification, authentication and payment. Wireless technologies, on the other hand, generally require their own power source (either batteries, or plugged in) to operate. Contactless is different than wireless; different protocol, different signal characteristics, different utility, different energy requirements, different capabilities, different purposes, different advantages, different limitations.
Further Distinctions between Wireless Interfaces
A distinction has been made between contactless interfaces operating at very short distances (such as only up to 10 cm, 50 cm or 100 cm) such as for secure financial transactions, and wireless interfaces operating at moderate distance, such as up to 100 m. Further distinctions between wireless interfaces may be made as follows.    802.11 (Wi-Fi) typically has a range of up to 100 meters, and is typically intended for connectivity to an Internet-capable appliance at a hot-spot. Wi-Fi bandwidth is specified at up to 54 Mbps (802.11 a—5.0 GHz or 802.11 b/g—2.4 GHz).    Bluetooth typically has a range of up to 10 meters, and is typically intended for private/personal communications such as connecting a user's mobile phone with his computer, or with a Bluetooth headset. Bluetooth bandwidth is specified at 720 Kbps.    UWB short for ultra wideband. UWB is a signaling technique using very short pulses to achieve very high transfer speeds. UWB it is not limited to wireless communication, UWB can also use mains-wiring, coaxial cable or twisted-pair cables to communicate. In a wireless mode, UWB may be similar in range to Bluetooth (typically up to 10 meters), but with a much greater bandwidth. Theoretically, WAN can achieve transfer speeds of up to 1 Gbit/s, versus only up to 3 Mbps for Bluetooth.    WAN short for wireless area network. Using a WAN connection such as 802.11, a WAN has a range of up to approximately 100 meters.    PAN short for private area network. Using a wireless connection such as Bluetooth, a PAN has a range of only several meters, such as up to 10 meters.    WiMAX short for Worldwide Interoperability for Microwave Access. (IEEE 802.16) WiMAX is a standards-based wireless technology that provides high-throughput broadband connections over long distances, such as several kilometers (up to 50 km with direct line-of-sight, up to 8km without direct line-of-sight). WiMAX can be used for a number of applications, including “last mile” broadband connections, hotspots and cellular backhaul, and high-speed enterprise connectivity for business.
Therefore, a distinction can be made within the definition of wireless (short distances, such as up to 10 meters) between wireless connections for a private area network (PAN) operating at close range of only several meters (and ensuring a reasonable level of privacy), and wireless connections for a wireless area network (WAN) operating at a medium/moderate range of up to 100 meters to provide public access to the Internet, at hot spots, or to set up a wireless LAN within an office environment.
Thus, for purposes of this disclosure there are identified (and defined) 4 different “levels” (or types) of communication interfaces using radio frequency (RF) for transferring data between compatible devices, as follows:                “contactless”, for very short distances, up to 100 cm (less than one meter), such as for performing secure applications such as access control, or financial transactions. (When carrying a smart card, a user needs to feel confident that the contents of the card cannot be snooped or skimmed from a nearby stranger wielding a laptop.) Within contactless, a further distinction can be made between extremely short distances (such as ISO 14443 operating at up to 10 cm distance, and useful for secure financial transactions) and moderately short distances (such as ISO 15693 having a read/write range of up to 100 cm, and useful for RFID used to collect tolls electronically).        “PAN wireless”, effective at short distances, up to several meters (such as 10 meters), for providing a personal network, generally for a single user (telephone, computer, Bluetooth headset, computer peripherals), and providing a small measure of privacy based on the limited range of the signal. Also, Infrared (optical transmission), Zigbee, Bluetooth and UWB are used in private area networks.        “WAN wireless”, effective at moderate distances, such as up to 100 meters, such as for networking computers in an office environment.        “WiMax wireless”, effective at long distances, such as up to 50 kilometers, for providing broadband access to the public (simultaneously to many users), which can hardly be considered to be private, without accompanying encryption of data/signal packets.Glossary & Definitions        
Unless otherwise noted, or as may be evident from the context of their usage, any terms, abbreviations, acronyms or scientific symbols and notations used herein are to be given their ordinary meaning in the technical discipline to which the disclosure most nearly pertains. The following terms, abbreviations and acronyms may be used throughout the descriptions presented herein and should generally be given the following meaning unless contradicted or elaborated upon by other descriptions set forth herein. Some of the terms set forth below may be registered trademarks (®).
ADSL
Asymmetric Digital Subscriber Line (ADSL) is a form of DSL, a data communications technology that enables faster data transmission over copper telephone lines than a conventional modem can provide. ADSL has the distinguishing characteristic that the data can flow faster in one direction than the other, i.e., asymmetrically. Providers usually market ADSL as a service for people to connect to the Internet in a relatively passive mode: able to use the higher speed direction for the “download” from the Internet but not needing to run servers that would require bandwidth in the other direction.
There are both technical and marketing reasons why ADSL is in many places the most common type offered to home users. On the technical side, there is likely to be more crosstalk from other circuits at the DSLAM end (where the wires from many local loops are close together) than at the customer premises. Thus the upload signal is weakest at the noisiest part of the local loop, while the download signal is strongest at the noisiest part of the local loop. It therefore makes technical sense to have the DSLAM transmit at a higher bit rate than does the modem on the customer end. Since the typical home user in fact does prefer a higher download speed, the telcos chose to make a virtue out of necessity, hence ADSL.
For conventional ADSL, downstream rates start at 256 Kbits/s and typically reach 8 Mbits/s within 1.5 km (5000 ft) of the DSLAM equipped central office or remote terminal. Upstream rates start at 64 kbit/s and typically reach 256 kbit/s but can go as high as 1024 Kbit/s. The name ADSL Lite is sometimes used for the slower versions. Note that distances are only approximations. Signal attenuation and Signal to Noise Ratio (SNR) are defining characteristics, and can vary completely independently of distance (e.g. non-copper cabling, cable diameter). Real world performance is also dependent on the line impedance, which can change dynamically either dependent on weather conditions (very common for old overhead lines) or on the number and quality of joints or junctions in a particular cable length.
A newer variant called ADSL2 provides higher downstream rates of up to 12 Mbit/s for spans of less than 2.5 kilometers (8000 feet). Higher symbol rates and more advanced noise shaping are responsible for these increased speeds. ADSL2+, also referred to as ITU G.992,5, boosts these rates to up to 24 Mbit/s for spans of less than 1.5 kilometers (5000 feet). ADSL2+ also offers seamless bonding options, allowing lines with higher attenuation or lower signal to noise (SNR) ratios to be bonded together to achieve theoretically the sum total of the number of lines (i.e. up to 50 Mbit/s for two lines, etc), as well as options in power management and seamless rate adaptation—changing the data rate used without requiring to resynchronize.
Because of the relatively low data-rate (compared to optical backbone networks) ATM is an appropriate technology for multiplexing time-critical data such as digital voice with less time-critical data such as web traffic; ATM runs widely over ADSL technology to ensure that this remains a possibility.
ADSL service providers may offer either static or dynamic IP addressing. Static addressing is preferable for people who may wish to connect to their office via a virtual private network, for some Internet gaming, and for those wishing to use ADSL to host a Web server.
Access Point (AP)
In computer networking, a wireless access point (WAP or AP) is a device that “connects” wireless communication devices together to create a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows “roaming”. (In contrast, a network where the client devices manage themselves—without the need for any access points—becomes an ad-hoc network)
One IEEE 802.11 WAP can typically communicate with 30 client systems located within a radius of 100 m. However, communication range can vary a lot, depending on such variables as indoor or outdoor placement, height above ground, nearby obstructions, type of antenna, the current weather, operating radio frequency, and the power output of devices. Network designers can extend the range of WAPs through the use of repeaters and reflectors, which can bounce or amplify radio signals that ordinarily would go un-received. In experimental conditions, wireless networking has operated over distances of several kilometers.
A typical corporate use of a WAP involves attaching it to a wired network, and then providing wireless client adapters for users who need them. Within the range of the WAP, the wireless end-user has a full network connection with the benefit of mobility. In this instance, the WAP functions as a gateway for clients to access the wired network. Another use involves bridging two wired networks in conditions inappropriate for cable: for example, a manufacturer can wirelessly connect a remote warehouse's wired network with a separate (though with inline of sight) office's wired network.
Authentication
One familiar example of authentication is in access control. A computer system supposed to be used only by those authorized must attempt to detect and exclude the unauthorized. Access to it is therefore usually controlled by insisting on an authentication procedure to establish with some established degree of confidence the identity of the user, hence granting those privileges as may be authorized to that identity.
The methods by which a human can authenticate themselves are generally classified into three cases:                Something about the user is (e.g., fingerprint or retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), voice pattern (again several definitions), signature recognition or other biometric identifier)        Something the user has (e.g., ID card, security token, software token or cell phone)        Something the user knows (e.g., a password, a pass phrase or a personal identification number (PIN))        
Sometimes a combination of methods is used, e.g., a bank card and a PIN, in which case the term “two factor authentication” is used.
In a computer data context, cryptographic methods have been developed (digital signature and challenge-response authentication) which are currently not spoofable if (and only if) the originator's key has not been compromised.
Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically.
The term asymmetric key cryptography is a synonym for public key cryptography. In public key cryptography, the private key is generally kept secret, while the public key may be widely distributed. In a sense, one key “locks” a lock; while the other is required to unlock it. It should not be possible to deduce the private key of a pair given the public key.
There are many forms of public key cryptography, including:                Public key encryption—keeping a message secret from anyone that does not possess a specific private key.        Public key digital signature—allowing anyone to verify that a message was created with a specific private key.        Key agreement—generally, allowing two parties that may not initially share a secret key to agree on one.        
Typically, public key techniques are much more computationally intensive than purely symmetric algorithms, but the judicious use of these techniques enables a wide variety of applications.
Bits Per Second (bps)
A measurement of the speed at which data is sent over transmission lines. A bit is the smallest unit of information on a computer. See also: bytes per second (BPS).
Bit Rate
The average number of bits that one second of audio data will consume. Standard MP3 bit rates are 64 kbps (kilobits per second), 96 kbps, 128 kbps, and 160 kbps. The higher the bit rate, the better the sound quality. MP3 files at 128 kbps are considered to be “CD-quality”.
Bluetooth
Bluetooth wireless technology supports ad hoc networking, enables devices from many different manufacturers to pair with each other and establishes secure connections “on the fly”. It is good at real-time data in synchronous connected oriented mode, but requires relatively high power, so unsuitable for extremely small battery-powered applications.
BPS
Short for bytes per second. BPS (upper case) is a rate of data transfer, not to be confused with bits per second (bps, lower case). A byte is a number of bits that are usually treated as a unit. Bytes of eight bits usually represent either one letter or two numerals.
Challenge/Response
A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). Most security systems that rely on smart cards are based on challenge-response. A user is given a code (the challenge) which he or she enters into the smart card. The smart card then displays a new code (the response) that the user can present to log in.
CBR
Short for constant bit rate. CBR is a type of encoding that maintains a fixed bit rate throughout a file, so that data is sent in a steady stream. But because more complex passages may be encoded with fewer than necessary bits, and relatively simple passages may be encoded with more bits than are necessary, CBR can potentially result in lower-quality sound. See also: variable bit rate (VBR).
Data Transmission Rates
                Zigbee devices have a radio bit rate of 250 kbps as specified by IEEE 802.15.4        Near Field Communication (NFC) has a data exchange speed up to 424 kbps        Bluetooth 2.0 devices operate at data rates below 3 megabits per second        WiFi can deliver data rates of up to 54 megabits per second using a shared, unlicensed radio band at 2.4 GHz        Ultra-Wideband (UWB) technology supports up to 480 megabits per second with a roadmap to 1 gigabit per second over short distanceDHCP        
In the context of computer networking, Dynamic Host Configuration Protocol (DHCP) is a client-server networking protocol. A DHCP server provides configuration parameters specific to the DHCP client host requesting, generally, information required by the client host to participate on an IP network. DHCP also provides a mechanism for allocation of IP addresses to client hosts.
DNS
The Domain Name System or DNS is a system that stores information associated with domain names in a distributed database on networks, such as the Internet. The domain name system associates many types of information with domain names, but most importantly, it provides the IP address associated with the domain name. It also lists mail exchange servers accepting e-mail for each domain.
DNS is useful for several reasons. Most well known, the DNS makes it possible to attach hard-to-remember IP addresses (such as 207.142.131.206) to easy-to-remember domain names (such as “wikipedia.org.”) Humans take advantage of this when they recite URLs and e-mail addresses. Less recognized, the domain name system makes it possible for people to assign authoritative names, without needing to communicate with a central registrar each time.
Dongle
A mechanical device used by software developers to prevent unlicensed use of their product. Typically, a Dongle is a small connector plug, supplied with the original software package, which fits into a socket on a PC—usually a parallel port, also known generally as the LPT1 Printer port. Without the Dongle present, the software will not run. Some older Dongles act as a terminator, effectively blocking the port for any other use, but later versions have a pass-through function, allowing a printer to be connected at the same time. Even though the PC can still communicate with the printer, there have been problems with more recent printers which use active two-way communications with the PC to notify printing status, ink levels, etc.
EMV (Europay, MasterCard, Visa) Standard
EMV is the industry abbreviation for the consortium of three companies who created a joint working group in 1994 (Europay International, MasterCard International, Visa International) jointly sponsoring the global standard for electronic financial transactions. It also refers to the technical specifications produced by that consortium and adopted by all three companies designed to ensure the global interoperability of chip cards, chip terminals, financial messages and related services.
ExpressCard—PC Card
A PC Card is a card that goes into a personal computer and allows it to take on extra functions. A revision of the PC Card is known as CardBus. The PCMCIA is also developing a new notebook peripheral specification called Newcard or ExpressCard.
The first PC cards (PCMCIA) were Type I, and supported actual Memory Cards (e.g. ATA Type I Flash Memory Cards), such as DRAM or Flash memories. Type II cards added I/O support in addition to memory applications, and type III expanded on this. The ports role as I/O for various devices has largely superseded its role as a Memory Card, but this role did spawn a generation of flash memory cards that set out to improve on the size and features of ATA Type I cards (CompactFlash, MiniCard and SSFDC (Smartmedia)).
Fingerprint Authentication
This refers to the automated method of verifying a match between two human fingerprints. Fingerprints are one of many forms of biometrics used to identify an individual and verify their identity. There are two major classes of algorithms (minutia and pattern) and four sensor designs (optical, ultrasonic, passive capacitance, and active capacitance).
A fingerprint sensor is an electronic device used to capture a digital image of the fingerprint pattern. The captured image is called a live scan. This live scan is digitally processes to create a biometric template (a collection of extracted features) which is stored and used for matching.
Optical fingerprint imaging involves capturing a digital image of the print using visible light. This type of sensor is, in essence, a specialized digital camera. The top layer of the sensor, where the finger is placed, is known as the touch surface. Beneath this layer is a light-emitting phosphor layer which illuminates the surface of the finger. The light reflected from the finger passes through the phosphor layer to an array of solid state pixels (a charge coupled device) which captures a visual image of the fingerprint. A scratched or dirty touch surface can cause a bad image of the fingerprint. A disadvantage of this type of sensor is the fact that the imaging capabilities are affected by the quality of skin on the finger. For instance, a dirty or marked finger is difficult to image properly. Also, it is possible for an individual to erode the outer layer of skin on the fingertips to the point where the fingerprint is no longer visible. However, unlike capacitive sensors, this sensor technology is not susceptible to electrostatic discharge damage.
Ultrasonic sensors make use of the principles of medical ultrasonography in order to create visual images of the fingerprint. Unlike optical imaging, ultrasonic sensors use very high frequency sound waves to penetrate the epidermal layer of skin. The sound waves are generated using piezoelectric transducers and reflected energy is also measured using piezoelectric materials. Since the dermal skin layer exhibits the same characteristic pattern of the fingerprint, the reflected wave measurements can be used to form an image of the fingerprint. This eliminates the need for clean, undamaged epidermal skin and a clean sensing surface.
Capacitance sensors utilize the principles associated with capacitance in order to form fingerprint images. The two equations used in this type of imaging are:
      C    =          Q      V            C    =                  ε        0            ⁢              ε        r            ⁢              A        d            
where                C is the capacitance in farads        Q is the charge in coulombs        V is the potential in volts        ε0 is the permittivity of free space, measured in farad per meter        εr is the dielectric constant of the insulator used        A is the area of each plane electrode, measured in square meters        d is the separation between the electrodes, measured in meters        
In this method of imaging, the sensor array pixels each act as one plate of a parallel-plate capacitor, the dermal layer (which is electrically conductive) acts as the other plate, and the non-conductive epidermal layer acts as a dielectric.
A passive capacitance sensor uses the principle outlined above to form an image of the fingerprint patterns on the dermal layer of skin. Each sensor pixel is used to measure the capacitance at that point of the array. The capacitance varies between the ridges and valleys of the fingerprint due to the fact that the volume between the dermal layer and sensing element in valleys contains an air gap. The dielectric constant of the epidermis and the area of the sensing element are known values. The measured capacitance values are then used to distinguish between fingerprint ridges and valleys.
Active capacitance sensors use a charging cycle to apply a voltage to the skin before measurement takes place. The application of voltage charges the effective capacitor. The electric field between the finger and sensor follows the pattern of the ridges in the dermal skin layer. On the discharge cycle, the voltage across the dermal layer and sensing element is compared against a reference voltage in order to calculate the capacitance. The distance values are then calculated mathematically, using the above equations, and used to form an image of the fingerprint. Active capacitance sensors measure the ridge patterns of the dermal layer like the ultrasonic method. Again, this eliminates the need for clean, undamaged epidermal skin and a clean sensing surface.
Algorithms
Matching algorithms are used to compare previously stored templates of fingerprints against candidate fingerprints for authentication purposes. In order to do this either the original image must be directly compared with the candidate image or certain features must be compared.
Pattern-based (or Image-based) algorithms compare the basic fingerprint patterns (arch, whorl, and loop) between a previously stored template and a candidate fingerprint. This requires that the images be aligned in the same orientation. To do this, the algorithm finds a central point in the fingerprint image and centers on that. In a pattern-based algorithm, the template contains the type, size, and orientation of patterns within the aligned fingerprint image. The candidate fingerprint image is graphically compared with the template to determine the degree to which they match.
Minutia based algorithms compare several minutia points (ridge ending, bifurcation, and short ridge) extracted from the original image stored in a template with those extracted from a candidate fingerprint. Similar to the pattern-based algorithm, the minutia-based algorithm must align a fingerprint image before extracting feature points. This alignment must be performed so that there is a frame of reference. For each minutia point, a vector is stored into the template in the form:mi=(type,xi,yi,θi, W)where                mi is the minutia vector        type is the type of feature (ridge ending, bifurcation, short ridge)        xi is the x-coordinate of the location        yi is the y-coordinate of the location        θi is the angle of orientation of the minutia        W is a weight based on the quality of the image at that location        
It is important to note that an actual image of the print is not stored as a template under this scheme. Before the matching process begins, the candidate image must be aligned with the template coordinates and rotation. Features from the candidate image are then extracted and compared with the information in the template. Depending on the size of the input image, there can be 10-100 minutia points in a template. A successful match typically only requires 7-20 points to match between the two fingerprints.
GPRS
Short for General Packet Radio Service, a standard for wireless communications which runs at speeds up to 115 kilobits per second, compared with current GSM (Global System for Mobile Communications) systems' 9.6 kilobits. GPRS, which supports a wide range of bandwidths, is an efficient use of limited bandwidth and is particularly suited for sending and receiving small bursts of data, such as e-mail and Web browsing, as well as large volumes of data.
Hertz (Hz)
The frequency of electrical vibrations (cycles) per second. One Hz is equal to one cycle per second.
Hotspot
A specific geographic location in which an access point provides public wireless broadband network services to mobile visitors through a WLAN. Hotspots are often located in heavily populated places such as airports, train stations, libraries, marinas, conventions centers and hotels. Hotspots typically have a short range of access.
Internet
A global network connecting millions of computers for the exchange of data, news and opinions. Unlike online services, which are centrally controlled, the Internet is decentralized by design. Each Internet computer, called a host, is independent. Its operators can choose which Internet services to use and which local services to make available to the global Internet community. Remarkably, this anarchy by design works exceedingly well. There are a variety of ways to access the Internet. Most online services, such as America Online, offer access to some Internet services. It is also possible to gain access through a commercial Internet Service Provider (ISP).
ISO 15693
Is an ISO standard for “Vicinity Cards”, i.e. cards which can be read from a greater distance as compared to Proximity cards. ISO 15693 systems operate at the 13.56 MHz frequency, and offer maximum read distance of 1-1.5 meters. An example of this being the Radio Identification tags (RFID) used to collect toll electronically these days. As the vicinity cards have to operate at a greater distance, the necessary magnetic field is less (0.15 to 5 A/m) than that for a proximity card (1.5 to 7.5 A/m).
ITSEC
Information Technology Security Evaluation Criteria
LAN
Short for “Local Area Network”. A computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a wide-area network (WAN).
Multiple Input Multiple Output
MIMO stands for multiple-input multiple-output, an abstract mathematical model for some systems. In radio communications if multiple antennas are employed, the MIMO model naturally arises. MIMO exploits phenomena such as multi-path propagation to increase throughput, or reduce bit error rates, rather than attempting to eliminate effects of multi-path. MIMO can also be used in conjunction with OFDM and it will be part of the IEEE 802.11n High-Throughput standard, which is expected to be finalized in early 2007.
Near Field Communication
Near Field Communications (NFC) technology addresses the need to simplify and expand the consumer's connectivity, content and commerce experiences in consumer electronics, digital media and personal wireless communications.
Specifications:
                Works by magnetic field induction and operates within the globally available and unregulated 13.56 MHz frequency band        Maximum working distance: 1.5-2 meters        Speed: 106 kbit/s, 212 kbit/s or 424 kbit/s        Passive Communication Mode: The Initiator device provides a carrier field and the target device answers by modulating existing field. In this mode, the Target device may draw its operating power from the Initiator-provided electromagnetic field.        Active Communication Mode: Both, Initiator and Target device communicate by generating their own field. In this mode, both devices typically need to have a power supply.        
NFC can be used to configure and initiate other wireless network connections such as Bluetooth or WiFi. NFC is extremely low power, and one end can operate parasitically, that is, without battery and does not require complicated pairing, simply touch and go. NFC technology and enhanced NFC (ISO 14443 A, B, FeliCa, ISO 15693) offers the capability to communicate either like a contactless reader or transponder.
NTP
Short for Network Time Protocol, an Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Based on UTC, NTP synchronizes client workstation clocks to the U.S. Naval Observatory Master Clocks in Washington, D.C. and Colorado Springs Colo. Running as a continuous background client program on a computer, NTP sends periodic time requests to servers, obtaining server time stamps and using them to adjust the client's clock.
OFDM
Short for Orthogonal Frequency Division Multiplexing, an FDM modulation technique for transmitting large amounts of digital data over a radio wave. OFDM works by splitting the radio signal into multiple smaller sub-signals that are then transmitted simultaneously at different frequencies to the receiver. OFDM reduces the amount of crosstalk in signal transmissions.802.11a WLAN, 802.16 and WiMAX technologies use OFDM.
PC
Short for “Personal Computer”. A PC is a single-user computer based on a microprocessor. In addition to the microprocessor, a personal computer has a keyboard for entering data, a monitor for displaying information, and a storage device for saving data.
Router
A router is a computer networking device that forwards data packets across an Internet work toward their destinations, through a process known as routing. Routing occurs at layer 3 (the Network layer) of the OSI seven-layer model.
In non-technical terms, a router acts as a junction between two networks to transfer data packets among them. A router is essentially different from a switch that connects devices to form a Local Area Network (LAN). One easy illustration for the different functions of routers and switches is to think of switches as neighborhood streets, and the router as the intersections with the street signs. Each house on the street has an address within a range on the block. In the same way, a switch connects various devices each with their own IP address(es) on a LAN. However, the switch knows nothing about IP addresses except its own management address.
Routers connect networks together the way that onramps or major intersections connect streets to both highways and freeways, etc. The street signs at the intersection (routing table) show which way the packets need to flow.
Routers are also now being implemented as Internet gateways, primarily for small networks like those used in homes and small offices. This application is mainly where the Internet connection is an always-on broadband connection like cable modem or DSL. These are routers in the true sense because they join two networks together—the WAN and the LAN—and have a routing table. Often these small routers support the RIP protocol, although in a home application the routing function does not serve much purpose since there are only two ways to go—the WAN and the LAN. In addition, these routers typically provide DHCP, NAT, DMZ and Firewall services. Sometimes these routers can provide content filtering and VPN. Typically they are used in conjunction with either a cable modem or DSL modem, but that function can also be built-in.
Single Sign-on
Single sign-on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
There are at least five major types of SSO or reduced sign-on systems in common use:                Enterprise single sign-on (E-SSO), also called legacy single sign-on, after primary user authentication, intercepts login prompts presented by secondary applications, and automatically fills in fields such as a login ID or password. E-SSO systems allow for interoperability with applications that are unable to externalize user authentication, essentially through “screen scraping”        Web single sign-on (Web-SSO), also called Web access management (Web-AM) works strictly with applications and resources accessed with a web browser. Access to web resources is intercepted, either using a web proxy server or by installing a component on each targeted web server. Unauthenticated users who attempt to access a resource are diverted to an authentication service, and returned only after a successful sign-on. Cookies are most often used to track user authentication state, and the Web-SSO infrastructure extracts user identification information from these cookies, passing it into each web resource.        Kerberos is a popular mechanism for applications to externalize authentication entirely.        
Users sign into the Kerberos server, and are issued a ticket, which their client software presents to servers that they attempt to access.                Federation is a new approach, also for web applications, which uses standards-based protocols to enable one application to assert the identity of a user to another, thereby avoiding the need for redundant authentication. Standards to support federation include SAML and WS-Security.        Light-Weight Identity and Open ID, under the YADIS umbrella, offer distributed and decentralized SSO, where identity is tied to an easily-processed URL which can be verified by any server using one of the participating protocols.Software        
Computer instructions or data. Anything that can be stored electronically is software. Software is typically stored in binary form (ones and zeros, represented by two distinctive states) on a storage medium, such as a floppy disc, hard drive, memory device, or the like, all of which may generally and broadly be referred to as “hardware”. The apparatus or system or device which responds to software instructions or manipulates software data may generally and broadly be referred to as a “computer”. Software is sometimes abbreviated as “S/W”. Software is often divided into the following two categories:                systems software: includes the operating system and all the utilities that enable the computer to function.        applications software: includes programs that do real work for users. For example, word processors, spreadsheets, and database management systems fall under the category of applications software.TCP/IP        
Short for “Transmission Control Protocol/Internet Protocol”. TCP/IP has become the basic protocol that defines how information is exchanged over the Internet. IP software sets the rules for data transfer over a network, while TCP software ensures the safe and reliable transfer of data. The abbreviation TCP/IP is commonly used to represent the whole suite of internetworking software.
T-Money
T-money is a passive contactless transportation card or fob used in public transportation in Seoul Korea. The “T” in T-Money stands for “top, touch, total, travel, and technology”. T-Money can also be used to pay admission at amusement parks or spectator facilities, as well as for pay parking fees, and other charges. Mileage points accumulated can be transferred to the T-Money card. T-Money services come with some credit cards. They can be used without pre-charging the cards. The ticket cost for using public transportation is charged to the holder's credit card bill, just like any purchases. Mobile Phone T-Money services come with some mobile phones. Users can charge the amounts online using their mobile phone and will be charged through the bank account that the user registered when they bought the mobile phone.
UTC
Coordinated Universal Time (UTC) is a time scale that couples Greenwich Mean Time, which is based solely on the Earth's inconsistent rotation rate, with highly accurate atomic time. When atomic time and Earth time approach a one second difference, a leap second is calculated into UTC. UTC was devised on Jan. 1, 1972 and is coordinated in Paris by the International Bureau of Weights and Measures. UTC, like Greenwich Mean Time, is set at 0 degrees longitude on the prime meridian.
UWB
Ultra wideband usually refers to a radio communications technique based on transmitting very-short-duration pulses, often of duration of only nanoseconds or less, whereby the occupied bandwidth goes to very large values. This allows it to deliver data rates in excess of 100 Mbit/s, while using a small amount of power and operating in the same bands as existing communications without producing significant interference. However it is not limited to wireless communication, UWB can also use mains-wiring, coaxial cable or twisted-pair cables to communicate - with potential to deliver data faster than 1 gigabit per second.
There are a number of competing standards which makes universally compatible UWB products problematic in the short-term. Recently, however, both Wireless USB and 1394 have standardized on the WiMedia (MB-ODFM) radio. In addition, Bluetooth stakeholders have expressed an interest in using UWB at the core of their next-generation standards. UWB signaling is being considered a potential candidate for the alternate physical layer protocols for the high data rate IEEE 802.15.3a standard as well as the low data rate IEEE802.15a “Zigbee” wireless personal area network (WPAN) standards. The IEEE 802.15.4a standard aims at providing a physical layer wireless communication protocol with ranging capabilities for low-power applications such as sensor networks. The narrow duration of the UWB pulses enable in achieving stringent (<1 m) ranging requirements.
Validation
Validation is the process of checking if something satisfies a certain criterion.
VBR
Short for variable bit rate. VBR specifies the sound quality level but allows the bit rate to fluctuate. During complex passages, VBR uses a higher-than-average bit rate but during simple passages uses a lower-than-average bit rate. The result is that VBR produces an overall higher, more consistent sound quality compared to CBR (constant bit rate) at similar bit rates. VBR allows users to specify a throughput capacity (i.e., a peak rate) and a sustained rate but data is not sent evenly. VBR is often used when transmitting compressed packetized voice and video data, such as videoconferencing.
WHQL
Short for Windows Hardware Quality Labs, a Microsoft facility that tests and certifies third-party hardware and driver products for compatibility with Windows operating systems. Products that meet the compatibility requirements are then allowed to display Windows logos on product packaging, advertising and collateral and other marketing materials, indicating that the product has met the standards of Microsoft and that the product has been designed to work with the Windows operating systems. Once a product has received the WHQL logo it is listed on the Microsoft Hardware Compatibility List.
WiFi, Wireless LAN or IEEE 802.11
Short for wireless fidelity and is meant to be used generically when referring to any type of 802.11 network, whether 802.11b, 802.11a, dual band, etc. The term is promulgated by the Wi-Fi Alliance. Any products tested and approved as “Wi-Fi Certified” (a registered trademark) by the Wi-Fi Alliance are certified as interoperable with each other, even if they are from different manufacturers. A user with a “Wi-Fi Certified” product can use any brand of access point with any other brand of client hardware that also is certified. Typically, however, any Wi-Fi product using the same radio frequency (for example, 2.4 GHz for 802.11b or 11g, 5 GHz for 802.11a) will work with any other, even if not “Wi-Fi Certified.”
Formerly, the term “Wi-Fi” was used only in place of the 2.4 GHz 802.11b standard, in the same way that “Ethernet” is used in place of IEEE 802.3. The Alliance expanded the generic use of the term in an attempt to stop confusion about wireless LAN interoperability.
Wi-Fi is poor at real-time data, until 802.11e is deployed. It requires relatively high power, so it is generally unsuitable for small battery-powered applications.
WiMAX
WiMAX, an acronym that stands for Worldwide Interoperability for Microwave Access, is a certification mark for products that pass conformity and interoperability tests for the IEEE 802.16 standards. IEEE 802.16 is working group number 16 of IEEE 802, specializing in point-to-multipoint broadband wireless access.
Early products are likely to be aimed at network service providers and businesses, not consumers. It has the potential to enable millions more to have wireless Internet connectivity, cheaply and easily. Proponents say that WiMAX wireless coverage will be measured in square kilometers while that of Wi-Fi is measured in square meters. According to WiMAX promoters, each WiMAX node or “base station” would enable high-speed Internet connectivity for homes and businesses in a radius of up to 50 km (31 miles); these base stations will eventually cover an entire metropolitan area, making that area into a WMAN and allowing true wireless mobility within it, as opposed to hot-spot hopping required by Wi-Fi. Its proponents are hoping that the technology will eventually be used in notebook computers and PDAs. True roaming cell-like wireless broadband, however, will require 802.16e.
It should be noted that claims of 50 km (31 miles) range, especially claims that such distances can be achieved without line of sight, represent, at best, a theoretical maximum under ideal circumstances. The technical merit of these claims has yet to be tested in the real world.
The original WiMAX standard, IEEE 802.16, specifies WiMAX in the 10 to 66 GHz range. 802.16a added support for the 2 to 11 GHz range, of which many parts are already unlicensed internationally and only few still require domestic licenses. Most business interest will probably be in the 802.16a standard, as opposed to the higher frequencies. The WiMAX specification improves upon many of the limitations of the Wi-Fi standard by providing increased bandwidth and stronger encryption.
It also aims to provide connectivity to network endpoints without direct line of sight in some circumstances. The details of performance under near-line of sight (NLOS) circumstances are unclear, as they have yet to be demonstrated. It is commonly considered that spectrum under 5-6 GHz is needed to provide reasonable NLOS performance and cost effectiveness for PtM (point to multi-point) deployments. WiMAX makes clever use of multi-path signals but does not defy the laws of physics.
Wireless USB
It is based on WiMedia's ultra-wideband common radio platform, enabling products from the PC, CE and mobile industries to connect using a common interface at up to 480 Mbps at 3 meters and 110 Mbps at 10 meters.
802.11i
IEEE 802.11i is an amendment to the 802.11 standard specifying security mechanisms for wireless networks (see Wi-Fi). The draft standard was ratified on 24 Jun. 2004, and supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have severe security weaknesses. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implemented a subset of 802.11i. The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2. 802.11i makes use of the Advanced Encryption Standard (AES) block cipher; WEP and WPA use the RC4 stream cipher. The 802.11i architecture contains the following components: 802.11X for authentication (entailing the use of EAP and an authentication server), RSN for keeping track of associations, and AES-based CCMP to provide confidentiality, integrity and origin authentication.
802.11n
In January 2004, IEEE announced that it will develop a new standard for wide-area wireless networks. The real speed would be 100 Mbit/s (even 250 Mbit/s in PHY level), and so up to 4-5 times faster than 802.11g, and perhaps 50 times faster than 802.11b. As projected, 802.11n will also offer a better operating distance than current networks. The standardization progress is expected to be completed by the end of 2006. 802.11n builds upon previous 802.11 standards by adding MIMO (multiple-input multiple-output). The additional transmitter and receiver antennas allow for increased data throughput through spatial multiplexing and increased range by exploiting the spatial diversity through coding schemes like Alamouti coding.
802.15.4/ZigBee
The ZigBee specification is a combination of HomeRF Lite and the 802.15.4 specification. The spec operates in the 2.4 GHz (ISM) radio band—the same band as 802.11b standard, Bluetooth, microwaves and some other devices. It is capable of connecting 255 devices per network. The specification supports data transmission rates of up to 250 Kbps at a range of up to 30 meters. ZigBee's technology is slower than 802.11b (11 Mbps) and Bluetooth (1 Mbps), but it consumes significantly less power.
IEEE 802.15.4/ZigBee is intended as a specification for low-powered networks for such uses as wireless monitoring and control of lights, security alarms, motion sensors, thermostats and smoke detectors.
802.15.4/Zigbee is part of the IEEE 802.15 wireless personal area network standard and specifies the media access control (MAC) and physical (PHY) layers. It is a simple (28K byte) packet-based radio protocol aimed at very low-cost, battery-operated widgets and sensors (whose batteries last years, not hours) that can intercommunicate and send low-bandwidth data to a centralized device.
802.15.4/ZigBee networks are slated to run in the unlicensed frequencies, including the 2.4-GHz band as well as the 915 MHz band in the US and 868 MHz in Europe.
16 Gb NAND
In a press release on Sep. 12th, 2005, Samsung announced that it has developed a 16 Gigabit (Gb) NAND memory device. In the article titled “SAMSUNG Electronics Develops First 16-Gigabit NAND Memory using 50-nm Technology for Sharp Jump in Mobile Storage Capacity”, it is stipulated that the new technology is an alternative to mini-HDDs. Development of the 16 Gb NAND flash memory makes it easier to store massive amounts of data on small portable devices. Availability of Samsung's 16 Gb NAND will allow mobile and portable application designers to use memory cards with densities up to 32-Gigabytes (GBs) by combining up to 16 such devices on a single card. A 32 GB density translates into the ability to store either 200 years of an average daily newspaper, 8000 MP3 music files (680 hours) or 20 DVD resolution movies (32 hours of high-resolution video footage) on a mobile device.
Tokens and Token-Related Definitions
Tokens
A security token (or sometimes a hardware token, authentication token or cryptographic token) is a physical device that an authorized user of computer services is given to aid in authentication. Tokens are typically small enough to be carried in a pocket or purse and often are designed to attach to the user's keychain. Some may store cryptographic keys, like a digital signature, or biometric data, like a fingerprint. Some designs feature tamper resistant packaging, other may include small keypads, thus allowing entry of a PIN. Some tokens are very simple, others are complex and have embedded several other technologies. There are many vendors with different technologies. A USB token is a USB memory stick (memory device) with an encryption (cryptographic) engine on it. Tokens are generally used for encryption, or to generate passwords.
Digital Signatures
For tokens to identify the user all tokens must have some kind of number that is unique, not all of these fully qualify as digital signatures according to national laws. Tokens with no on-board keyboard or another user interface can not be used in some signing scenarios, like when confirming a bank transaction based on the bank account number that the funds are to be transferred to.
Single Sign-on Software
Some types of single sign-on solutions, like Enterprise single sign-on, use the token to store software that allows for seamless authentication and password filling.
One-Time Passwords
In short, a one-time password is a password that changes after each login, or changes after a set time interval.
Mathematical Algorithm Type One-Time Passwords
Mathematical algorithm type one-time passwords uses a complex mathematical algorithm to generate a new password based on the previous one, the first time a password is generated the algorithm typically uses a secret shared key. The open source OATH algorithm is standardized, others algorithms are US patented.
CRYPTOCard
CRYPTOCard produce a new one-time password each time its button is pressed. The computer system will accept several forward values in case the button is pressed more than once by accident, or if the client failed to authenticate.
Verisign
Verisign Unified Authentication uses the OATH standard. Verisign Unified Authentication OEM is Aladdin Knowledge Systems.
Time-Synchronized One-Time Passwords
A time-synchronized one-time password is constantly changing given a set time interval, thus to do this some sort of synchronization must exist between the client's token and the authentication server. For disconnected tokens this time-synchronization is done before the token is distributed to the client, other token types do the synchronization when the token is inserted into an input device.
Booleansoft
Booleansoft tokens synchronize with the authentication server when inserted into aninput device like a USB input device or a CD-ROM drive.
RSA Security's SecurID
RSA Security's SecurID displays a number which changes at a set interval; e.g. a time-synchronized one-time password. The client enters the one-time password along with a PIN when authenticating. US patented technology.
Vasco's DigiPass
Vasco's DigiPass series has a small keyboard where the user can enter a PIN, in addition it generates a new one-time password every 36 seconds.
Medical Definitions:
Acquired Immunodeficiency Syndrome
An epidemic disease caused by an infection by human immunodeficiency virus (HIV-1, HIV-2), a retrovirus that causes immune system failure and debilitation and is often accompanied by infections such as tuberculosis. AIDS is spread through direct contact with body fluids.
Acronym: AIDS
Angiogram
A diagnostic procedure done in the X-ray department to visualize blood vessels following introduction of a contrast material into an artery.
Angiographic
Relating to or utilizing angiography.
CAT Scan—Computed Tomography (CT)
A special radiographic technique that uses a computer to assimilate multiple X-ray images into a 2 dimensional cross-sectional image. This can reveal many soft tissue structures not shown by conventional radiography. Scans may also be dynamic in which a movement of a dye is tracked. A special dye material may be injected into the patient's vein prior to the scan to help differentiate abnormal tissue and vasculature. The machine rotates 180 degrees around the patient's body, sending out a pencil-thin X-ray beam at 160 different points. Crystals positioned at the opposite points of the beam pick up and record the absorption rates of the varying thickness of tissue and bone. These data are then relayed to a computer that turns the information into a picture on a screen. Using the same dosage of radiation as that of the conventional X-ray machine, an entire slice of the body is made visible with about 100 times more clarity.
CPR
Cardiopulmonary Resuscitation (CPR) consists of mouth-to-mouth respiration and chest compression. CPR allows oxygenated blood to circulate to vital organs such as the brain and heart. CPR can keep a person alive until more advanced procedures (such as defibrillation—an electric shock to the chest) can treat the cardiac arrest. CPR started by a bystander doubles the likelihood of survival for victims of cardiac arrest.
Dialysis
A medical procedure that uses a machine to filter waste products from the bloodstream. A necessary form of treatment in patients with end-stage renal disease. In most circumstances, kidney dialysis is administered in a fixed schedule of three times per week.
DICOM Standard
The Digital Imaging and Communications in Medicine (DICOM) standard was created by the National Electrical Manufacturers Association (NEMA) to aid the distribution and viewing of medical images, such as CT scans, MRIs, and ultrasound.
ECG—Electrocardiogram
A recording of the electrical activity of the heart on a moving strip of paper. The electrocardiogram detects and records the electrical potential of the heart during contraction.
Acronym: ECG
Echocardiography
Echocardiography is a diagnostic test, which uses ultrasound waves to make images of the heart chambers, valves and surround structures. It can measure cardiac output and is a sensitive test for inflammation around the heart (pericarditis). It can also be used to detect abnormal anatomy or infections of the heart valves.
Echocardiography, Doppler
Measurement of intra-cardiac blood flow using an m-mode and/or two dimensional (2-d) echocardiogram while simultaneously recording the spectrum of the audible Doppler signal (e.g., velocity, direction, amplitude, intensity, timing) reflected from the moving column of red blood cells.
ERCP—Endoscopic Retrograde Cholangiopancreatography
A diagnostic-therapeutic procedure that involves the X-ray of the pancreatic duct and biliary tree after the selective introduction of a contrast material into the common bile duct and pancreatic duct. In this procedure, a flexible endoscope is passed through the mouth and down into the duodenum. A catheter is then passed through the endoscope and inserted into the pancreatic and bile ducts. Therapeutic measures can often be taken at the time of ERCP to remove stones in the bile ducts or to relieve obstructions of the bile ducts, so that traditional open surgery can be avoided. Acronym: ERCP
Hepatitis Viruses
Any of the viruses that cause inflammation of the liver.
Holter Monitoring
A test, which measures the heart rhythm (ECG) over a 24-hour period of time while the patient records their symptoms and activities in a diary.
MRI—Magnetic Resonance Imaging
A special imaging technique used to image internal structures of the body, particularly the soft tissues. An MRI image is superior to a normal X-ray image. It uses the influence of a large magnet to polarize hydrogen atoms in the tissues and then monitors the summation of the spinning energies within living cells. These scans may be used for detecting some cancers or for following their progress.
Oncology
The study of diseases that cause cancer.
PACS—Picture Archiving Communication System
A filmless picture archiving communication system used with all imaging modalities including standard X-rays, CT, MRI, Ultrasound, and Nuclear Medicine. It allows images to be distributed electronically and interpreted on computer workstations.
Ultrasound
A type of imaging technique, which uses high-frequency sound waves
Ultrasound Cardiography—Echocardiography
Echocardiography is a diagnostic test, which uses ultrasound waves to make images of the heart chambers, valves and surrounding structures.