A computer program system that is supposed to be used only by those authorized must attempt to detect and exclude the unauthorized. Access to it is therefore usually controlled by insisting on an authentication procedure to establish with some degree of confidence the identity of the user, thence granting those privileges as may be authorized to that identity. Common examples of access control involving authentication include: * A captcha is a means of asserting that a user is a human being and not a computer program. * A computer program using a blind credential to authenticate to another program * Entering a country with a passport
* Logging in to a computer
* Using a confirmation E-mail to verify ownership of an e-mail address * Using an Internet banking system
* Withdrawing cash from an ATM
In some cases, ease of access is balanced against the strictness of access checks. For example, the credit card network does not require a personal identification number for authentication of the claimed identity; and a small transaction usually does not even require a signature of the authenticated person for proof of authorization of the transaction. The security of the system is maintained by limiting distribution of credit card numbers, and by the threat of punishment for fraud. Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. The term computer system security means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. The strategies and methodologies of computer security often differ from most other computer technologies because of its somewhat elusive objective of preventing unwanted computer behavior instead of enabling wanted computer behavior. Certain concepts recur throughout different fields of security: * Assurance - assurance is the level of guarantee that a security system will behave as expected * Countermeasure - a countermeasure is a way to stop a threat from triggering a risk event * Defense in depth - never rely on one single security measure alone * Exploit - a vulnerability that has been triggered by a threat - a risk of 1.0 (100%) * Risk - a risk is a possible event which could cause a loss * Threat - a threat is a method of triggering a risk event that is dangerous * Vulnerability - a weakness in a target that can potentially be exploited by a threat security The following terms used in engineering secure systems are explained below. * Authentication techniques can be used to ensure that communication end-points are who they say they are. * Automated theorem proving and other verification tools can enable critical algorithms and code used in secure systems to be mathematically proven to meet their specifications. * Capability and access control list techniques can be used to ensure privilege separation and mandatory access control. This section discusses their use. * Chain of trust techniques can be used to attempt to ensure that all software loaded has been certified as authentic by the system's designers. * Cryptographic techniques can be used to defend data in transit between systems, reducing the probability that data exchanged between systems can be intercepted or modified. * Firewalls can provide some protection from online intrusion Access authorization restricts access to a computer to group of users through the use of authentication systems. These systems can protect either the whole computer – such as through an...