The authenticity of the data means that they are. How to check the accuracy of information

Letter of credit is a conditional monetary obligation accepted by the bank on behalf of the payer, which allows payments to be made in favor of the recipient of funds. The bank may make payments to the seller or authorize another bank to make such payments if the terms of the letter of credit are met.

Authentication

Authentication is the process of determining the identity of a client from the information provided to them. Authentication is done in the following ways:

Data authenticity

The property of data to be authentic and the property of systems to be capable of ensuring the authenticity of data.

The authenticity of the data means that it was created by legitimate participants in the information process and was not subjected to accidental or deliberate distortion.

The ability of the system to ensure the authenticity of the data means that the system is able to detect all cases of data corruption with a probability of error not exceeding a predetermined value.

Private key

Private key - private (secret) part of a pair of cryptographic keys. Serves to create electronic signatures, which can then be verified with, and to decrypt messages that have been encrypted.

The private key is stored only by its owner, in no case disclosing it to anyone. Loss of a private key means the possibility of disclosure by third parties of any information encrypted for its owner, as well as the possibility of counterfeiting the electronic signature of its owner by third parties. In any cryptographic system, the private key is always the most important secret, which is why it must be kept secret.

Public key

A public key is a public (unclassified) part of a cryptographic key pair. Serves for verification of electronic signatures created with the help of its counterpart, and for encrypting messages, which will then be decrypted.

The public key is sent for registration to a certification center - an organization engaged in registering public keys and their owners, as well as issuing electronic ones confirming the ownership of public keys to specific individuals. In the certification center, certificates of all public keys of subscribers are placed in a database, from where they can be provided upon request to any person who contacts the center.

Passport of the transaction under the contract

Passport of a transaction under a contract - a document that is drawn up when carrying out a currency transaction under a contract.

Passport of the transaction under the loan agreement

Passport of a transaction under a loan agreement - a document that is drawn up when carrying out a foreign exchange operation under a loan agreement or a loan agreement.

SSL protocol

SSL (Secure Sockets Layer) was developed by Netscape. It allows you to identify the parties exchanging data on the basis of electronic certificates, to carry out the transmitted data and to ensure that the data is not distorted during the transfer.

Note! The possibility of using the SSL protocol is determined by the presence of a checkbox in the field SSL 2.0 or SSL 3.0 installed when setting up your Internet browser.

Resident

Resident - a legal or natural person permanently registered or permanently residing in a given country.

Certificate

A certificate is a document (possibly in electronic form) containing, which belongs to the certificate holder, together with additional information about its owner (for example, name and organization name, email address, etc.), signed by the Certificate Authority ...

The main task of a certificate is to associate a public key with the identity of its owner (the owner of its paired private key).

Certificates have a validity period, after which they become invalid. The validity period is reflected in the content of the certificate.

Certificates are stored in the Windows registry or on other media of key information. Certificates registered in the Windows registry can be accessed from Internet Explorer, which has a Certificate and Private Key Import / Export Wizard.

Encryption

Encrypting information is a way to prevent unauthorized viewing or use of information. For encryption, special mathematical algorithms (cryptoalgorithms) are used. Encryption guarantees the protection of sensitive information from unauthorized access by third parties. To restore encrypted information, the reverse transformation is carried out - decryption. To decrypt information, you must have a corresponding secret (private) key.

In modern systems, a pair of encryption keys is used: a public key, which can be known to anyone, and its paired private key, known only to the owner of this key. A pair of corresponding keys can be used for encryption, as well as for creating and verifying an electronic signature (ES), and at the same time has the following properties:

• A message encrypted with a public key can only be decrypted using its paired private key.
• Electronic signature created using a private key can be checked for compliance with its paired public key.

Electronic signature

An electronic signature is used to sign electronic documents. An electronic signature (ES) is a requisite of an electronic document designed to protect this electronic document from counterfeiting and allowing to identify the owner of the signature key certificate, as well as to establish the absence of distortion of information in an electronic document.

An electronic signature is generated with a help that can be stored on a floppy disk, in the system registry, on smart cards, etc.

The ES can be checked using a pair of the private key with which this ES was formed. Thus, knowing the user's public key, it is possible to determine with certainty who signed the document.

To send a document to the bank, you must have at least one electronic signature. The number of electronic signatures used under each document is determined in the bank individually for each client and is established in the Service Agreement in the Internet Client for Legal Entities system.

Identification and authentication are the basis of modern software and hardware security tools, since any other services are mainly designed to serve these entities. These concepts represent a kind of first line of defense that provides the organization's space.

What it is?

Identification and authentication have different functions. The first gives the subject (a user or a process that acts on his behalf) the ability to provide his own name. With the help of authentication, the second party is finally convinced that the subject really is who he claims to be. Often, identification and authentication are replaced by the phrases "name message" and "authentication".

They themselves are subdivided into several varieties. Next, we'll look at what identification and authentication are and what they are.

Authentication

This concept provides for two types: one-way, when the client must first prove its authenticity to the server, and two-way, that is, when there is a mutual confirmation. A common example of how standard user identification and authentication is performed is the procedure for logging on to a particular system. Thus, different types can be used in different objects.

In a network environment, when identification and authentication of users are carried out on geographically dispersed sides, the service under consideration differs in two main aspects:

• what acts as an authenticator;
• how the exchange of authentication and identification data was organized and how it is protected.

To prove its authenticity, one of the following entities must be presented by the subject:

• certain information that he knows (personal number, password, special cryptographic key, etc.);
• a certain thing that he owns (a personal card or some other device with a similar purpose);
• a certain thing that is an element of himself (fingerprints, voice and other biometric means of identifying and authenticating users).

System features

In an open network environment, the parties do not have a trusted route, which suggests that, in general, the information transmitted by the subject may ultimately not match the information received and used during authentication. It is required to ensure the security of active and passive eavesdropping on the network, that is, protection against correction, interception or playback of various data. The option of transmitting passwords in clear text is unsatisfactory, and in the same way, encryption of passwords cannot save the day, since they do not provide protection from reproduction. This is why more sophisticated authentication protocols are used today.

Reliable identification has difficulties not only for various reasons, but also for a number of other reasons. In the first place, almost any authentication entity can be stolen, counterfeited, or inferred. There is also a certain contradiction between the reliability of the system used, on the one hand, and the convenience of the system administrator or user, on the other. Thus, for security reasons, it is required with some frequency to ask the user to re-enter his authentication information (since some other person may already be sitting in his place), and this not only creates additional hassle, but also significantly increases the chance of that someone might be spying on the input of the information. Among other things, the reliability of the protective equipment significantly affects its cost.

Modern identification and authentication systems support the concept of single sign-on to the network, which primarily meets the requirements in terms of user friendliness. If a standard corporate network has many information services that provide for the possibility of independent access, then multiple entry of personal data becomes too burdensome. At the moment, it cannot yet be said that the use of single sign-on to the network is considered normal, since the dominant solutions have not yet formed.

Thus, many are trying to find a compromise between affordability, convenience and reliability of the means by which identification / authentication is provided. In this case, user authorization is carried out according to individual rules.

Special attention should be paid to the fact that the service used can be chosen as the object of an accessibility attack. If it is done in such a way that, after a certain number of unsuccessful attempts, the ability to enter was blocked, then in this case, attackers can stop the work of legal users by literally a few keystrokes.

Password Authentication

The main advantage of such a system is that it is extremely simple and familiar to the majority. Passwords have long been used by operating systems and other services, and when used correctly, they provide a level of security that is acceptable to most organizations. But on the other hand, in terms of the general set of characteristics, such systems represent the weakest means by which identification / authentication can be carried out. In this case, authorization becomes quite simple, since passwords should be memorable, but simple combinations are not difficult to guess, especially if a person knows the preferences of a particular user.

Sometimes it happens that passwords, in principle, are not kept secret, since they have quite standard values ​​specified in certain documentation, and not always after the system is installed, they are changed.

When entering the password, you can see, and in some cases people even use specialized optical devices.

Users, the main subjects of identification and authentication, can often share passwords with colleagues in order for them to change the owner for a certain time. In theory, in such situations, it would be most correct to use special access controls, but in practice this is not used by anyone. And if two people know the password, this greatly increases the chances that others will eventually find out about it.

How to fix it?

There are several means of how identification and authentication can be secured. The information processing component can be secured by the following:

• The imposition of various technical restrictions. Most often, rules are established for the length of the password, as well as the content of certain characters in it.
• Management of the expiration date of passwords, that is, the need to periodically replace them.
• Restricting access to the main password file.
• By limiting the total number of failed attempts available at logon. Because of this, attackers only have to perform actions before identification and authentication, since the brute-force method cannot be used.
• Preliminary user training.
• Using specialized software password generators that allow you to create such combinations that are euphonious and quite memorable.

All of these measures can be used in any case, even if other means of authentication are also used along with passwords.

One-time passwords

The options discussed above are reusable, and if the combination is disclosed, the attacker is able to perform certain operations on behalf of the user. That is why one-time passwords are used as a stronger means resistant to the possibility of passive network eavesdropping, thanks to which the identification and authentication system becomes much more secure, albeit not so convenient.

At the moment, one of the most popular software one-time password generators is a system called S / KEY, released by Bellcore. The basic concept of this system is that there is a specific function F that is known to both the user and the authentication server. The following is the secret key K, which is known only to a specific user.

During the initial administration of the user, this function is used for the key a certain number of times, after which the result is saved on the server. In the future, the authentication procedure looks like this:

1. A number is sent to the user system from the server, which is 1 less than the number of times the function is used for the key.
2. The user uses the function to the existing secret key the number of times that was set in the first paragraph, after which the result is sent via the network directly to the authentication server.
3. The server uses this function to the received value, after which the result is compared with the previously saved value. If the results match, then the user is authenticated and the server stores the new value and then decrements the counter by one.

In practice, the implementation of this technology has a slightly more complex structure, but at the moment this is not so important. Since the function is irreversible, even in the case of intercepting the password or gaining unauthorized access to the authentication server, it does not provide an opportunity to obtain the secret key and in any way predict what the next one-time password will look like.

In Russia, a special state portal - "Unified Identification / Authentication System" ("ESIA") is used as a unified service.

Another approach to a reliable authentication system is to generate a new password at short intervals, which is also implemented through the use of specialized programs or various smart cards. In this case, the authentication server must accept the corresponding password generation algorithm, as well as certain associated parameters, and in addition, there must also be a synchronization of the server and client clocks.

Kerberos

For the first time, the Kerberos authentication server appeared in the mid-90s of the last century, but since then it has already managed to receive a huge number of fundamental changes. At the moment, individual components of this system are present in almost every modern operating system.

The main purpose of this service is to solve the following problem: there is a certain unprotected network, and various subjects are concentrated in its nodes in the form of users, as well as server and client software systems. Each such subject has an individual secret key, and in order for subject C to have the opportunity to prove his own identity to subject S, without which he simply will not serve him, he will need not only to name himself, but also to show that he knows a certain The secret key. At the same time, C does not have the opportunity to simply send his secret key towards S, since, first of all, the network is open, and besides this, S does not know, and, in principle, should not know it. In such a situation, a less straightforward technique is used to demonstrate knowledge of this information.

Electronic identification / authentication through the Kerberos system provides for its use as a trusted third party that has information about the secret keys of the objects being serviced and, if necessary, assists them in performing pairwise authentication.

Thus, the client first sends a request to the system, which contains the necessary information about him, as well as the requested service. After that, Kerberos provides him with a kind of ticket, which is encrypted with the server's secret key, as well as a copy of some part of the data from it, which is classified with the client's key. In case of a match, it is established that the client has decrypted the information intended for him, that is, he was able to demonstrate that he really knows the secret key. This suggests that the client is exactly the person he claims to be.

Special attention should be paid here to the fact that the transfer of secret keys was not carried out over the network, and they were used exclusively for encryption.

Authentication using biometric data

Biometrics includes a combination of automated means of identifying / authenticating people based on their behavioral or physiological characteristics. Physical means of authentication and identification include verification of the retina and cornea of ​​the eyes, fingerprints, face and hand geometry, and other individual information. Behavioral characteristics include keyboard style and signature dynamics. Combined methods are an analysis of various features of a person's voice, as well as recognition of his speech.

Such identification / authentication and encryption systems are ubiquitous in many countries around the world, but for a long time they have been extremely costly and difficult to use. Recently, the demand for biometric products has increased significantly due to the development of e-commerce, since, from the user's point of view, it is much more convenient to present oneself than to remember some information. Accordingly, demand creates supply, so relatively inexpensive products began to appear on the market, which are mainly focused on fingerprint recognition.

In the vast majority of cases, biometrics is used in combination with other authenticators like. Often, biometric authentication is only the first line of defense and acts as a means of activating smart cards that include various cryptographic secrets. When using this technology, the biometric template is saved on the same card.

The activity in the field of biometrics is quite high. There is already a corresponding consortium, and also quite active work is underway to standardize various aspects of the technology. Today, you can see a lot of promotional articles that present biometric technology as an ideal means of providing increased security, while still being available to the general public.

ESIA

The identification and authentication system ("ESIA") is a special service created in order to ensure the implementation of various tasks related to the verification of the authenticity of applicants and participants in interagency interaction in the event of the provision of any municipal or state services in electronic form.

In order to get access to the "Single portal of state structures", as well as to any other information systems of the infrastructure of the current electronic government, you first need to register an account and, as a result, get a PEP.

Levels

The portal provides three main levels of accounts for individuals:

• Simplified. To register it, you just need to indicate your last name and first name, as well as some specific communication channel in the form of an e-mail address or mobile phone. This is the primary level, with the help of which a person has access to only a limited list of various public services, as well as the capabilities of existing information systems.
• Standard. To obtain it, you initially need to issue a simplified account, and then provide additional data as well, including information from the passport and the number of the individual insurance personal account. The specified information is automatically checked through the information systems of the Pension Fund, as well as the Federal Migration Service, and if the check is successful, the account is transferred to the standard level, which opens the user to an extended list of public services.
• Confirmed. To obtain this level of account, a unified identification and authentication system requires users to have a standard account, as well as proof of identity, which is performed through a personal visit to an authorized service department or by receiving an activation code via a registered letter. In the event that the confirmation of identity is successful, the account will move to a new level, and the user will have access to the full list of necessary government services.

Despite the fact that the procedures may seem rather complicated, in fact, you can get acquainted with the full list of the necessary data directly on the official website, so a full-fledged registration is quite possible within a few days.

mechanisms are closely related because a mechanism or combination of mechanisms is used to provide a service. The mechanism can be used in one or more services. These mechanisms are briefly discussed below to understand their general idea. They will be discussed in more detail below.

ITU-T (X.800) has identified five services related to information security objectives and attacks, the types of which we have identified in the previous sections. Figure 1.3 shows the classification of five generic services.

Rice. 1.3.

To prevent the cyber security attacks we talked about, you just need to have one or more of the services shown above for one or more information security goals.

Data confidentiality

Data confidentiality designed to protect data from attempts to disclose it. This broad service is defined in the ITU-T X.800 recommendation. It can cover the confidentiality of a whole message or part of it, and also protects against traffic monitoring and analysis - in fact, it is designed to prevent tampering and monitor traffic.

Data integrity

Data integrity designed to protect data from modification, insertion, deletion and re-transmission of information by the enemy. It can protect the whole message or part of the message.

Authentication (authentication)

This service provides authentication (authentication) operator at the other end of the line. In a connection-oriented connection, it ensures that the transmitter or receiver is authenticated during connection establishment ( identification of objects equal level). In a connectionless connection, it authenticates the data source (data origin authentication).

Excluding message opt-out

Service exclusion of message abandonment protects against message rejection by the transmitter or receiver of the data. By excluding message rejection by the transmitter, the data receiver can then prove the origin of the message using the identification code (identifier) ​​of the transmitter. By excluding message rejection by the receiver, the transmitter can then use proof of delivery to prove that the data was delivered to the intended recipient.

Access control

Access control provides protection against unauthorized access to data. Access in this definition, the term is very broad and can include reading, writing, modifying data, starting a program, and so on.

Security mechanisms

To provide information security services, ITU-T (X.800) recommends some security mechanisms defined in the previous section. Figure 1.4 gives a classification of these mechanisms.

Rice. 1.4.

Encryption

Encryption... By declassifying or declassifying data, you can ensure confidentiality. Encryption also complements other mechanisms that provide other services. Today, two methods are used for encryption: cryptography and steganography. We will discuss them briefly later.

Data integrity

Mechanism data integrity adds at the end of the data a short check value that is generated a certain process separate from the data. The receiver receives data and audit trail. Based on the received data, it creates a new test characteristic and compares the newly created one with the received one. If these two telltale signs match, data integrity has been saved.

Digital signature

Digital signature- a means by which the sender can electronically sign the data, and the receiver can verify the signature using a computer. The sender uses a process that can indicate that this signature has a private key chosen from public keys that have been publicly announced for public use. The receiver uses the sender's public key to prove that the message is indeed signed by the sender who claims to have sent the message.

Messaging for authentication

At messaging to identify the two objects exchange some messages to prove that the objects are known to each other. For example, one legal entity can prove that it knows a secret feature that only it can know (say, the last meeting place with a partner).

Traffic filling

Traffic filling means the ability to insert some dummy data into the data traffic in order to thwart the attempts of attackers to use it for analysis.

Routing management

Routing management means choosing and continuously changing the various available routes between the sender and the receiver in order to prevent an adversary from intercepting information on a specific route.

Power of attorney

Power of attorney means the choice of a third party in order to entrust it with the control of the exchange between two objects. This can be done, for example, to prevent the message from being abandoned. The receiver can involve a third party that can be trusted to store the sender's requests, thereby preventing the sender from later denying that the message has been transmitted.

Access control

Access control uses methods to prove that the user has the right to access data or resources belonging to the system. Examples of such proof are passwords and

Commercial two-factor authentication solutions are often expensive and difficult to deploy and manage. However, you can create your own two-factor authentication solution using the user's IP address, beacon file, or digital certificate.

Various commercial solutions provide Web site security that goes beyond traditional authentication methods using a single factor (that is, a combination of username and password). The second factor is geographic location, user behavior, image requests, and more familiar smart cards, devices, and fingerprints. For more information on two-factor commercial solutions, see the articles listed in the "Further Reading" sidebar.

But commercial solutions are not the only option. You can prepare the two-factor authentication procedure yourself. This article provides some guidelines for designing two-factor authentication for Web applications, and provides some source code examples to help you start your own project.

Two-factor verification overview

Let's return to a brief overview of two-factor authentication, that is, the use of two different forms of identification of potential users. Authenticity can be verified using three forms:

Something famous;

Some kind of user characteristics;

Something that the user has.

Most applications use only one of these forms, usually the first. The username and password are known data.

This level of security is acceptable for most Web sites and applications. However, given the significant increase in identity theft and other types of online fraud, some Web sites are introducing two-factor authentication. In accordance with the new legislation, starting in 2007, all electronic banking sites must apply two-factor verification. Soon, these requirements may be extended to recruiting, medical, government and other sites where personal data can be accessed.

As noted above, there are many commercial two-factor verification products. Their prices are very different, although the entry level is quite high. Not every company has the funds for a major solution. And some companies use highly specialized programs that are poorly compatible with commercial products. In any case, it's helpful to think about your own two-factor solution. The guidelines in this article will help you get on the right design path.

IP address application

The article "Protect your site from attacks" published in. Provides a brief description of the use of an IP address for additional user identification. This method is categorized as “some kind of user characteristic”. Many commercial solutions use biological characteristics (such as fingerprints or iris patterns). With decreasing hardware costs and improved software, this option has become more practical, but the prices are still quite high.

In addition, some users object to keeping their biometric data in the company. It's one thing if someone else finds out your Social Security card number, and it's quite another to steal your fingerprints!

It is easier and cheaper to use a code-based solution. Naturally, its reliability is inferior to physical solutions, but for many applications it provides sufficient accuracy. Each user has an IP address that can be used as a second verification factor.

The essence of the method boils down to the fact that when trying to register, the user's IP address is retrieved from the logs of the Web server or other source. The address is then subjected to one or more checks. If successful, and if the registration name and password are correct, the user is granted access. If the user does not pass this level of validation, the request is rejected or directed to a deeper level of analysis. In particular, the user may be asked additional personal questions (for example, what is the mother's maiden name) or asked to contact an authorized representative by phone for an off-network verification.

There are several ways to validate an IP address, each of which provides a certain level of confidence in identifying a user. The simplest test is to compare the user's IP address to a list of known unwanted addresses outside of the service area. For example, if users are located mainly in one country, then you can compare with a list of unwanted addresses outside that country. Given that a significant proportion of identity theft attempts originate from outside a particular country, blocking dangerous addresses outside of a country will most likely prevent a large number of fraudulent attempts.

It is not difficult to obtain lists of dangerous addresses. Bob's Block List at http://www.unixhub.com/block.html starts with blocks of addresses in Asia, Latin America and the Caribbean. Mapping to it can be useful if the company does not have users in those regions. It should be noted that the listings obtained from free sites need to be modified in order not to block useful sites. Commercial listings are more accurate, such as MaxMind at http://www.maxmind.com. Listing 1 shows a sample pseudocode for implementing this approach.

However, if you do not want to block users by region, or you want more selectivity, you can record the user's IP address when registering during the first visit, provided that the registration process has a means of verifying the user. In particular, you can ask the user to answer one or two questions (for example, ask for the number of the school in which he studied) or ask him to enter the registration code that was previously sent to him by e-mail. Once the IP address has been obtained and validated, you can use that address to evaluate subsequent registration attempts.

If all users will only apply for access from corporate sites with known and fixed IP addresses, then a very effective method is a comparison with a list of pre-approved addresses. In this case, users from unknown sites are deprived of their access rights. However, if users come from sites whose addresses are unknown in advance, for example from home, where there is usually no static IP address, then the accuracy of the determination is drastically reduced.

A less reliable solution is to compare "fuzzy" IP addresses. Home users' Internet service providers (ISPs) assign IP addresses from a range of their own, usually class C or B subnets. Therefore, only the first two or three octets of the IP address can be used for authentication. For example, if the address 192.168.1.1 is registered for a user, then later it may be necessary for him to accept addresses from 192.168.1.1 to 192.168.254.254. This approach carries some risk of attack from an attacker using the services of the same provider, but nevertheless it gives good results.

In addition, users can be verified using IP addresses to determine their location. You need to buy a commercial database containing all known IP address scopes and their approximate location, for example from a company such as MaxMind or Geobytes (http://www.geobytes.com). If the user's registered location is Houston and subsequently tries to access the site from Romania or even New York, then access can be denied, or at least a deeper check can be performed. This method solves the problem of the provider changing the block of addresses. However, an attacker still has a chance to access from a location where there are registered users.

You can authenticate with a double second factor, starting with excluding all IP addresses that match the block list or matching against the whitelist. If a whitelist is used and there is no verifiable IP address in it, then the user may be asked an additional question. If the IP address is finally approved, the user can be prompted to add the current IP address to the whitelist (users should be advised that only regularly used computers can be added to the list). Listing 2 shows pseudocode for matching against a block list and a whitelist.

IP authentication is inadequate when multiple mobile users are accessing a site from hotel rooms and elsewhere in the country and abroad, constantly changing IP addresses, ISPs, and locations. For such users, the Denied IP Address List cannot be applied. These users will not appear on the list of allowed IP addresses either. However, they can still answer the security question during authentication.

To provide better protection for "roaming users," you can deepen the scan by taking into account the browser version (which usually changes infrequently), the operating system, and even the MAC address of the network card. However, when using such methods, you usually need to run a special program on the client to access the required parameters. True, MAC addresses and browser and operating system versions can be spoofed, and this method of protection is not flawlessly reliable.

Use of beacons and certificates

An alternative is to use one of the other two forms of validation: "something the user has." Hardware verification systems ask for a special device. In self-designed software systems, you can use beacon files or a certificate stored on users' computers. This approach is similar to security certificates on e-commerce Web sites, which certify that order information is passed to the correct site.

The easiest way is to use beacon files. Many companies use them to track session keys and other information for users. You just need to create a permanent "beacon" file and save it on the user's computer for future identification. You can go beyond simple beacon files and encrypt part of the file to make it harder for a fraudster to forge it.

Digital certificates provide a higher level of security. They require some preparation on the part of the user: the certificate must be created internally or obtained from a Certificate Authority (CA). The latter method is more reliable because it is more difficult to forge an external certificate. However, the ongoing cost of maintaining a certificate is comparable to the cost of a two-factor authentication device solution.

Of course, beacon files and certificates are only applicable to employees' home computers and other computers registered with the authentication system. An alternative method is needed to identify users who are using computers that do not belong to them. One such method is the security questions mentioned above and shown in Listing 2. However, consider whether giving access to critical applications from public computers is justified given the threat from keystroke loggers, spyware, and other malware.

This article discusses two ways to organize simple two-factor authentication for Web applications: one using "some user characteristic" (IP address), the other using "something that the user has" (files are "beacons" or certificates). It should be remembered that these solutions do not provide the very high level of security required, for example, in the financial sector, for which hardware is more suitable. But the solutions outlined in this article work well with other methods to better protect corporate networks and e-commerce sites.

Paul Hensarling ([email protected]) is a security analyst at a consulting company. Certified by CSSA;

Tony Howlett ([email protected]) - President of the network consulting firm Network Security Services. Certified by CISSP and CSNA

Data authenticity

"... Data authenticity is the state of data, the origin of which can be verified and which can be uniquely attributed to certain dimensions ..."

A source:

"GENERAL REQUIREMENTS FOR SOFTWARE MEASURING INSTRUMENTS. RECOMMENDATION. MI 2891-2004"

(approved by FSUE VNIIMS Rostekhregulirovanie 07.12.2004)

Official terminology... Academic.ru. 2012.

See what "Data authenticity" is in other dictionaries:

Data authenticity- the state of data, the origin of which can be verified and which can be unambiguously attributed to certain measurements. Source: MI 2891 2004: Recommendation. GSOEE. General requirements for software of measuring instruments ...

Authenticity- 3.5. Authenticity is the determining factor in the value of a cultural heritage site. Understanding the meaning of authenticity plays a fundamental role in all scientific research on cultural heritage issues and is determined by four main parameters: ... ... Dictionary-reference book of terms of normative and technical documentation

SPKM- (English The Simple Public Key GSS API Mechanism is a simple GSS API mechanism based on a public key infrastructure) a network protocol that has an infrastructure with a public, not a symmetric key. The protocol applies to ... ... Wikipedia

MI 2891-2004: Recommendation. GSOEE. General requirements for software of measuring instruments- Terminology MI 2891 2004: Recommendation. GSOEE. General requirements for software of measuring instruments: These are measuring information presented in a form suitable for transmission, interpretation or processing. Definitions of the term from ... ... Dictionary-reference book of terms of normative and technical documentation

Shang- (Shang) (c. 16-11 centuries BC), the first reliably established whale. dynasty. The authenticity of her data was confirmed in the 1920s. fortune-telling bones (dragon bones) found near Anyang. Waging wars, hunting, the kings of Sh. ... ... The World History

UniCERT is a PKI (Public Key Infrastructure) system for private and public trust types. The term PKI can be deciphered as a collection of hardware and software, people and procedures needed to manage, store, ... ... Wikipedia

Electronic money- (Electronic money) Electronic money is the issuer's monetary obligations in electronic form Everything you need to know about electronic money history and development of electronic money, transfer, exchange and withdrawal of electronic money in various payment systems ... Investor encyclopedia

JOHN DUNS CATTLE- [lat. Ioannes (Johannes) Duns Scotus] († 8.11.1308, Cologne), medieval. philosopher and theologian, Catholic. priest, member of the Franciscan monastic order; in catholic. Church glorified in the face of the blessed (commemoration of the West. Nov. 8). Life. John Duns Scot. 1473 ... ... Orthodox encyclopedia

Biblical criticism- that is, criticism of the books of the sacred Old Testament Jewish and New Testament Christian. It has as its subject: 1) the study of their authenticity, that is, belonging to the authors to whom they are attributed by tradition, and in general their circumstances ... ... Encyclopedic Dictionary of F.A. Brockhaus and I.A. Efron

PAUL ST. THE APOSTLE'S MESSAGE- section novozav. * canon, consisting of 14 epistles. In each of them, except for Heb, the Apostle Paul calls himself by name in his opening words. P.a.p. it is customary to divide into 4 groups: 1) Early Epistles (1–2 Thess; sometimes Gal is added to them); 2) Large ... ... Bibliological dictionary

Books

• Velesov book. Vedas about the way of life and the origin of the faith of the Slavs, Maksimenko Georgy Zakharovich. This unique edition presents the text of the Veles book and its decipherment in comparison with the latest scientific discoveries. Here you will find answers to the most difficult questions related to ... Buy for 1404 rubles
• Velesov's book Veda about the way of life and the origin of the faith of the Slavs, Maksimenko G. This unique publication presents the text of the Veles book and its decipherment in comparison with the latest scientific discoveries. Here you will find answers to the most difficult questions related to ...