10.3. Means of identification and delimitation of access to information

Identification is the assignment of a unique object or subject to a unique name or image. Authentication is the authentication of an object or a subject, i.e., checking whether an object (subject) is the person it claims to be.

The ultimate goal of the identification and authentication procedures of the object (subject) is to admit it to restricted-use information in the event of a positive test or to refuse admission if the test is negative.

Identification and authentication objects include: people (users, operators); technical means (monitors, workstations, subscriber stations); documents (manual, printouts); magnetic media; information on the monitor screen.

The most common authentication methods include assigning a password to a person or another name and storing its value in a computer system. A password is a collection of characters that defines an object (subject).

Password as a means of security can be used to identify and authenticate the terminal from which the user logs in, as well as to reverse the authentication of the computer to the user.

Considering the importance of a password as a means of enhancing the security of information from unauthorized use, the following precautions should be observed:

1) do not store passwords in a computer system in an unencrypted place;

2) do not print or display passwords in clear text on the user's terminal;

3) do not use your name or the names of relatives as well as personal information (date of birth, home or business telephone number, street name) as a password;

4) not to use real words from the encyclopedia or explanatory dictionary;

5) use long passwords;

6) use a mixture of upper and lower case keyboard characters;

7) use combinations of two simple words connected by special characters (for example, +, =, <);

8) use non-existent new words (absurd or even delusional content);

9) change the password as often as possible.

To identify users, complex systems can be used in terms of technical implementation, which ensure the authenticity of the user based on the analysis of its individual parameters: fingerprints, hand lines, iris, voice tone. The most widely used are physical identification methods that use password code carriers. Such carriers can be pass in checkpoint systems; plastic cards with the name of the owner, his code, signature; plastic cards with a magnetic strip, which is read by a special reader; plastic cards containing integrated circuit; optical memory cards.

One of the most intensively developed areas for ensuring the security of information is the identification and determination of authenticity of documents based on electronic digital signature. When transmitting information via communication channels, the facsimile apparatus is used, but at the same time, the recipient does not receive the original, but only a copy of the document with a copy of the signature, which during the transmission can be re-copied to use a false document.

An electronic digital signature is an encryption method using cryptographic transformation and is a password that depends on the sender, the recipient and the content of the transmitted message. In order to prevent the reuse of a signature, it must be changed from message to message.