We describe interactions between the smart card and the customer by separating the description of input and output. The security properties of both input and output can be described by the presence or absence of two attributes: privacy and trust.
Privacy means that the content of a communication cannot be observed by anyone who is neither the sender nor receiver. In our context, privacy refers to a customer - smart card communication being protected from observation by the merchant. If a communications channel is not private, we say it is public.
Trust means that a recipient has confidence in the origin and freshness of a communication. If the customer receives a trusted communication from the smart card, then he is confident that the communication originated from the smart card in the immediate past and is being received intact (for example, a multi-part message is being received unmodified by an adversary). If the customer has a trusted input channel to the smart card, the smart card can treat communications on that channel as fresh, in proper order, and having originated from the possessor of the smart card. If a communications channel is not trusted, we say it is untrusted.
If a communication is both trusted and private, we say it is secure.