The procedure of identification realizes the assignment problem to each object (user, terminal, file, program or its part) of concrete name for the purpose of the subsequent identification and calculation of the facts of rotation. The adopted system of identification serves as initial prerequisite for the subsequent control of the authenticity of access. The procedure of the establishment of authenticity consists in checking of user with the aid of the specific information, which makes it possible to be convinced of the truth of rotation. This in the identical measure is necessary both for the permission of turning to the files of the limited access and for the payment of the spent machine time. The establishment of authenticity usually realizes in the form of dialogue, in particular by the exchange of the passwords between the user and SOD. The exchange of passwords user introduces the line of symbols (password) from its terminal. System compares the entered password with that storing in its memory and with the agreement permits access user. For the purpose of the guarantee of safety of information the password uses usually only one time. For user it reveals the sequential list of passwords, from which it and system cross out the password used. The identification of user usually is carried out, if task or terminal session is initiated as the unit of work for the operating system. It is obvious that the methods of identification are different for the different operating systems, but, as a rule, the identification of user is achieved after task will enter from the turn the fulfillment. The program of operating system, critical for the initialization of terminal session or task as the units of work, it is called initialization. In the regime of batch processing of initialization is obtained the information for the work with the manager of map or from its equivalent, which is stored in the memory. In the interactive environment the information for the work comes from user along the communication channels. If system allows means of control of access, the codes of the identification of user, passwords and other information of providing safety are stored in the table of authorization. The table of authorization can be located in the protected zone of main memory or be stored as the file of data on the additional device. Each authorized user has its record in the table of authorization. The code of identification of user (name, either the number or that, etc.) represents index in the table of authorization. If there is no code of the identification of user, then access is forbidden. In the regime of batch processing the task is removed from the turn and from the sequence the following task for the checking and the fulfillment is selected. In the environment of the divided time the communication about the error is sent to user. Specifically, control here and is accomplished. If the incorrect code of the identification of user is introduced the specific number of times, then the line of communications with the user is separated, and operator is informed about this situation. After the correct code of identification is used for retrieval for record in the table of authorization, initialization conducts second verification, checking password or using other methods of providing safety. Second verification consists of the following. User enters into system and identifies itself. System issues to user the pseudorandom number, above which it achieves a simple conversion on the algorithm known to it. The obtained result returns to system. System on the same algorithm in turn carries out the assigned conversion.
Even in the case of hearing the lines of communications practically it is not possible to decode translation algorithm and to obtain the access into the system. Another method of checking the authenticity of user is dialogue according to the method "interrogation-response". User must answer correctly the questions, given by operating system from the list, which is stored in the computer memory. They are different depending on the degree of importance depth and duration of dialogue. Is possible also transfer by the operating system for control to the official program of user for conducting the dialogue. Second verification in the environment of the regime of batch processing is limited. However, the fact that the majority of tasks in the batch mode is processed by operator, it is already safeguard. Besides the table of authorization, for the control by access to the specific resource serves the matrix of access, which is, for example, the list of users and the list of the protected objects. The means of the realization of the safeguards of data is also the method, in which the unit of work is represented in the system. In the majority of systems the fixed storage unit, called the block of the control of task, represents the unit of work. For the active tasks these blocks are connected together in the protected zone of main memory and turning to them they can be performed only by privileged program systems. In other words, the program of user cannot produce turning to its own block of control or to the same unit of any other program. The block of control is used for storing the critical information about the task, such as priority, the classes of privileges, different codes of authorization, the information of timer, the parameters of fulfillment and control information, when task find in the no operating state. Control information must compulsorily include control point, constants of registers, information about the distribution of devices, the boundaries of memory, and also table of pages. For the purpose of providing data security the block of the control of task contains information about the control points, which the program of access to the concrete resource can determine, if user demands access to the particular object and will be obtained the appropriate authorization.
If program requires access to the macro-library, which, for example, is accessible only for the system programmers, the open program of control system of data expects testing the block of the control of user. Identification and confirmation of authenticity can be achieved in the process of work repeatedly in order to exclude the possibility of the entrance into the system of disturber, who put outs itself for the true user. System programs formulate demands to the identification and the confirmation of authenticity. In all cases of the positive checking of authenticity the user obtains the right to work with the system.
All necessary information is recorded with the negative checking and is introduced the time delay of answers to the demands of this user for the purpose of the exception of the disclosure of the mechanism of protection by the trial-and-error method. Its authorities are checked after the establishment of the authenticity of user in accordance with the demand. For fulfilling these actions the protective system must have information for each user, terminaluts or to another resource about the permissible procedures from the side of that inquiring. All attempts at the entrance into the system (as successful, tavk and rejected) must be recorded in the system periodical for the purpose of recreation if necessary for the retrospective of turnings to user, terminal, file, program or any other resource. On the established periodicity to users for the checking are shipped the extractions from the system periodical, which makes it possible to follow attempts at the disturbance of the safety of the protected resources and to take the necessary measures with the presence of threats.