User identification

Identification in information systems is a procedure as a result of which, for an identification subject, its identifier is identified that uniquely identifies this subject in the information system. To perform the identification procedure in the information system, the subject must first be assigned an appropriate identifier (that is, the subject is registered in the information system). The identification procedure is directly related to the authentication: the subject goes through the authentication procedure, and if the authentication is successful, then the information system determines the subject identifier based on the authentication factors. In this case, the accuracy of identification is completely determined by the level of reliability of the authentication procedure performed. --------------------------------------------- Authentication (English authentication; from the Greek. Αὐθεντικός [authentikos] - real, authentic; from αὐθέντης [authentes] - author) - authentication procedure, for example: - User authentication by comparing the password entered with the password stored in the user database; - confirmation of the authenticity of the e-mail by checking the digital signature of the letter using the public key of the sender; - checking the checksum of the file for compliance with the amount claimed by the author of this file. Given the degree of trust and security policies of the systems, authentication can be one-way or mutual. Usually it is carried out using cryptographic methods. Authentication should not be confused with authorization (the procedure for granting certain rights to a subject) and identification (the procedure for recognizing a subject by its identifier). --------------------------------------------- Authorization (eng. Authorization - permission, authorization) - the granting of rights to a certain person or group of persons to perform certain actions; as well as the process of checking (confirming) these rights when attempting to perform these actions [1] [2] [3]. You can often hear the expression that a person is “authorized” to perform this operation - this means that he has a right to it. Authorization should not be confused with authentication: authentication is a procedure for checking the legality of a user or data, for example, checking whether a password entered by a user for an account matches a password in a database, or checking a digital signature of a letter using an encryption key, or checking the checksum of a file for compliance with the author’s this file. Authorization, on the other hand, controls access of legitimate users to system resources after they successfully pass authentication. Often, authentication and authorization procedures are combined.

766 questions

1 2 3 4 77 Next