Information security is a major concern relating to information processing systems. Many approaches have been conceived to prevent unauthorized access to sensitive, confidential, or proprietary data, programs, or operations.
These approaches range from simple, physical control to complex and highly sophisticated electronic implementations of mathematical techniques. A summary of prior art techniques follows; these are shown in order of generally increasing complexity:
physical control PA0 electronic lock PA0 identification PA0 transmission coordination PA0 transmission security
mechanically locked enclosure or facility PA1 key-operated switch PA1 user must have proper program or data media PA1 plug-in access module PA1 key-pad whose keys must be depressed in specific sequence PA1 computer queries device for electrical identification code PA1 user enters personal name, code name, or password PA1 access card with magnetic or optical card identification PA1 computer verifies user's physical characteristic (e.g., fingerprint, voice, typing pattern) PA1 transmitting or receiving device signals or requests data transfer PA1 receiving device confirms receipt for transmission to continue PA1 data encoding: received data must be decoded (e.g., conversion of ASCII codes to alphanumeric characters) PA1 data encryption: received data must be decrypted (e.g., character substitution) PA1 data scrambling received data must be filtered and re-assembled (e.g., data manipulation and removal of extraneous data) PA1 input devices (keyboards, terminals, card readers, etc.) PA1 output devices (printers, plotters, displays, monitors, etc.) PA1 storage devices (disk units, tape units, etc.) PA1 other computers (work stations, remote computers, etc.) PA1 communication devices connected to other slave devices
Physical control, electronic locks, identification, and transmission coordination restrict access to the devices, data, programs, or operations. Transmission security does not necessarily preclude access to information, but data is not meaningful unless processed properly.
It has been demonstrated that no single nor combination of approaches or implementations can provide total security; at best, the amount of time, effort, or cost to gain unauthorized access is so great that it provides an effective deterrent.