Sample tasks on information protection, which can be solved by the system kernel
Files or folders encryption on the local PC. In the hierarchically built organization it is possible to organize a domain with the administrator participation, which allows applying update of the protected files in case of emergency or private key loss. When protected files are being copied onto the data mediums or network disc, the files remain encrypted on the private key of the owner.
Note: Using a domain requires using a separate schedule in terms of establishing the confidential information protection in the whole institution.
Digital signature of e-documents, created in Adobe Acrobat (PDF-files), Microsoft Office (MS Excel, MS Word, MS PowerPoint). The recipients of the documents can check the authorship of the document (which official has signed the document) and the integrity (any changes made after signing the document can be revealed). This allows switching from the paper documentation to the e-documentation including their archive storing in the unchanged graphical format (i.e. the paper document features remain).
The most acceptable for archive storing are the documents in format Adobe Acrobat (PDF), in which it is also possible to store scanned paper documents that can be signed by the scanning person and registrar (as the controlling person). This technology is very helpful for spreading e-orders, instructions, letters and other norms that are signed by the e-signature of the officials (more than one signature is possible).
Digital signature and/or electronic mail encryption Microsoft Outlook, Novell GroupWise and others, which support the international standard of digital certificates и.509. This allows confirming the authorship of the message (if it is signed by the definite person) and its integrity (any changes made after signing the document can be revealed), moreover, it allows realizing the address encryption. a message is encrypted on the public key of the recipient and only this recipient can decrypt it with his private key.
Protection from the unauthorized access to the WEB-site and/or encryption of the data stream between the WEB-site of a company and a user.s PC. You can create an internal WEB-site (separate pages), assigned for a company employees only (a special group of users), for example, having placed some orders, instructions and other special documents, in other words, information that has to be available for the employees or special groups of employees only. Using digital certificates allows protecting this information from the unauthorized access (to ensure the strict 2-level authentication of the users that are trying to get the access), it also allows encrypting the data in the communication channels (to establish the encrypted connection using the standard SSL protocol).
Data protection in the communication channels using a standard protocol IPSec. Using the IPSec standard with the digital certificates of the hosts (PC, servers, routers etc) allows protecting communication connections and data traffic between PC and PC, PC and server, PC and Router, Router and Router, etc.
At the same time while connecting, protection from the unauthorized access is carried out (strict authentication of the host, server and other telecommunication devices) and the encrypted channel for data transfer on the session key is established. The IPSec protocol has the following advantages: connection is established on the level of the operating system, so it does not require any revision of the application software of the automated systems.