distinguish
Authentication is the process of verifying the subject in the network, and there are usually three ways to verify the identity of the subject. One is secrets that only the subject knows, such as passwords and keys; Second, the items carried by the subject, such as smart cards and token cards; Third, only the subject has unique features or abilities, such as fingerprints, voices, retinas or signatures.
Password mechanism: Password is a code agreed by both parties, assuming that only users and systems know it. Passwords are sometimes selected by users and sometimes assigned by the system. Usually, users first enter some logo information, such as user name and ID number, and then the system will ask the user to enter a password. If the password matches the password in the user file, the user can enter the access. There are many kinds of passwords, such as one-time passwords. The system generates a one-time password list. You must use X the first time, Y the second time, Z the third time, and so on. There are also time-based passwords, that is, the correct password for access changes with time, and this change is based on time and a secret user key. So the password changes every minute, and it's harder to guess.
Smart card: Access requires not only a password, but also a physical smart card. Check whether you are allowed to touch the system before you are allowed to enter the system. A smart card is the size of a credit card and usually consists of a microprocessor, a memory and input/output devices. The microprocessor can calculate the unique number (ID) of the card and the encrypted form of other data. The ID ensures the authenticity of the card and the cardholder can access the system. In order to prevent smart cards from being lost or stolen, many systems need smart cards and PIN. If you only have a card and don't know the PIN code, you can't get into the system. Smart card is superior to the traditional password method for authentication, but it is inconvenient to carry and the cost of opening an account is high.
Subject feature identification: The method of personal feature identification has high security. At present, the existing equipment includes: retina scanner, voice verification equipment and hand recognizer.
Data transmission security system
The purpose of data transmission encryption technology is to encrypt the data stream in transmission to prevent eavesdropping, leakage, tampering and destruction on communication lines. If the communication levels of encryption are distinguished, encryption can be realized at three different communication levels, namely link encryption (encryption below OSI network layer), node encryption and end-to-end encryption (encryption before transmission and encryption above OSI network layer).
Commonly used are link encryption and end-to-end encryption. Link encryption focuses on communication links, regardless of source and destination, and provides security protection for confidential information by using different encryption keys in each link. Link encryption is node-oriented, transparent to network high-level subjects, and encrypts high-level protocol information (address, error detection, frame header and frame tail), so data is ciphertext in transmission, but it must be decrypted at the central node to get routing information. End-to-end encryption means that information is automatically encrypted by the sender, encapsulated in TCP/IP packets, and then passed through the Internet as unreadable and unrecognizable data. Once the information reaches its destination, it will be automatically reassembled and decrypted into readable data. End-to-end encryption is an advanced subject facing the network. It does not encrypt the information of the lower protocol, and the protocol information is transmitted in plain text, so the user data does not need to be decrypted at the central node.
Data integrity authentication technology at present, for dynamic transmission of letters