网际安全技术构架 基于标识鉴别的可信系统 英文版PDF电子书下载

Part One　Authentication Technique 2

Chapter 1　Basic Concepts 2

1.1　Physical World and Digital world 2

1.2 A World with Order and without Order 3

1.3 Self-assured Proof and 3rd Party Proof 4

1.4 Certification Chain and Trust Chain 6

1.5 Centralized and Decentralized Management 7

1.6 Physical Signature and Digital Signature 8

Chapter 2 Authentication Logic 11

2.1 Belief Logic 11

2.2 Standard Protocol 12

2.3 Trust Relationship 13

2.3.1 Direct Trust 13

2.3.2 Axiomatic Trust 13

2.3.3 Inference Trust 14

2.4 Trust Logic 15

2.4.1 The Requirement of Trust Logic 15

2.4.2 The Progress in Public Key 16

2.4.3 Entity Authenticity 16

2.4.4 The Characteristics of Trust Logic 18

2.5 CPK Protocol 19

2.5.1 One-way Protocol 19

2.5.2 Two-way Protocol 19

Chapter 3 Identity Authentication 21

3.1 Communication Identity Authentication 21

3.2 Software Identity Authentication 23

3.3 Electronic Tag Authentication 24

3.4 Network Management 24

3.5 Holistic Security 25

Part Two Crypto-systems 28

Chapter 4 Combined Public Key(CPK) 28

4.1 Introduction 28

4.2 ECC Compounding Feature 28

4.3 Identity-Key 29

4.3.1 Combining Matrix 29

4.3.2 Mapping from Identity to Matrix Coordinates 29

4.3.3 Computation of Identity-Key 30

4.4 Key Compounding 30

4.4.1 The Compounding of Identity-Key and Accompanying-Key(optional) 30

4.4.2 The Compounding of Identity-Key and Separating-Key 30

4.5 CPK Digital Signature 31

4.5.1 Signing with Accompanying-Key(optional) 31

4.5.2 Signing with Separating-Key 31

4.6 CPK Key Exchange 32

4.6.1 Key Exchange with Separating-Key 32

4.6.2 Key Exchange with Accompanying-Key(optional) 32

4.7 Security Analysis 32

Chapter 5 Self-assured and 3rd Party Public Key 35

5.1 New Requirements of the Crypto-System 35

5.2 Development of Crypto-Systems 36

5.3 Digital Signature Mechanism 37

5.3.1 IBC Signature Scheme 37

5.3.2 CPK Signature with Separating-Key 37

5.3.3 CPK Signature with Accompanying-Key 38

5.3.4 PKI Signature Scheme 38

5.3.5 IB-RSA Signature Scheme 39

5.3.6 mRSA Signature Scheme 40

5.3.7 Comparison of Schemes 40

5.4 Key Exchange Scheme 40

5.4.1 IBE Key Exchange 41

5.4.2 CPK Key Exchange 41

5.4.3 Other Key Exchange Schemes 42

5.4.4 Performance Comparison 43

5.5 Discussion on Trust Root 44

Chapter 6 Bytes Encryption 45

6.1 Technical Background 45

6.2 Coding Structure 47

6.2.1 Transposition Table(disk) 47

6.2.2 Substitution Table(subst) 48

6.2.3 Key Structure 49

6.2.4 Operation Flowchart 51

6.3 8-bit Operation 51

6.3.1 Assumptions 51

6.3.2 Key Derivation 52

6.3.3 Combination of Data and Keys 52

6.3.4 Left Shift Accumulation 53

6.3.5 Transposition Conversion 54

6.3.6 Single Substitution Conversion 54

6.3.7 Re-combination of Data and Keys 55

6.3.8 Right Shift Accumulation 55

6.3.9 Re-transposition 56

6.4 7-bit Operation 56

6.4.1 Given Conditions 56

6.4.2 Key Derivation 57

6.4.3 Combination of Data and Key 58

6.4.4 Left Shift Accumulation 58

6.4.5 Transposition Conversion 59

6.4.6 Single Substitution Conversion 60

6.4.7 Re-combination of Data and Key 60

6.4.8 Right Shift Accumulation 61

6.4.9 Re-composition 61

6.5 Security Evaluation 62

6.5.1 Key Granularity 62

6.5.2 Confusion and Diffusion 63

6.5.3 Multiple-level Product Conversion 63

Part Three CPK System 66

Chapter 7 CPK Key Management 66

7.1 CPK Key Distribution 66

7.1.1 Authentication Network 66

7.1.2 Communication Key 67

7.1.3 Classification of Keys 67

7.2 CPK Signature 68

7.2.1 Digital Signature and Verification 68

7.2.2 Signature Format 68

7.3 CPK Key Exchange 69

7.4 CPK Data Encryption 70

7.5 Key Protection 70

7.5.1 Password Verification 70

7.5.2 Password Change 71

Chapter 8 CPK-chip Design 72

8.1 Background 72

8.2 Main Technology 72

8.3 Chip Structure 74

8.4 Main Functions 77

8.4.1 Digital Signature 77

8.4.2 Data Encryption 78

Chapter 9 CPK ID-card 80

9.1 Background 80

9.2 ID-card Structure 81

9.2.1 The Part of Main Body 82

9.2.2 The Part of Variables 82

9.3 ID-card Data Format 83

9.4 ID-card Management 85

9.4.1 Administrative Organization 85

9.4.2 Application for ID-card 86

9.4.3 Registration Department 87

9.4.4 Production Department 88

9.4.5 Issuing Department 90

Part Four Trust Computing 92

Chapter 10 SoftwareID Authentication 92

10.1 Technical Background 92

10.2 Main Technology 93

10.3 Signing Module 94

10.4 Verifying Module 95

10.5 The Feature of Code Signing 97

Chapter 11 Code Signing of Windows 98

11.1 Introduction 98

11.2 PE File 98

11.3 Mini-filter 99

11.3.1 NT I/O Subsystem 99

11.3.2 File Filter Driving 100

11.3.3 Mini-filter 101

11.4 Code Authentication of Windows 102

11.4.1 The System Framework 102

11.4.2 Characteristics Collecting 102

11.5 Conclusion 102

Chapter 12 Code Signing of Linux 103

12.1 General Description 103

12.2 ELF File 103

12.3 Linux Security Module(LSM)Framework 104

12.4 Implementation 105

Part Five Trust Connecting 108

Chapter 13 Phone Trust Connecting 108

13.1 Main Technologies 108

13.2 Connecting Procedure 109

13.3 Data Encryption 110

13.4 Data Decryption 111

Chapter 14 Socket Layer Trust Connecting 112

14.1 Layers of Communication 112

14.2 Secure Socket Layer(SSL) 113

14.3 Trusted Socket Layer(TSL) 115

14.4 TSL Working Principle 116

14.5 TSL Address Authentication 118

14.6 Comparison 120

Chapter 15 Router Trust Connecting 121

15.1 Principle of Router 122

15.2 Requirements of Trusted Connection 123

15.3 Fundamental Technology 124

15.4 Origin Address Authentication 124

15.5 Encryption Function 127

15.5.1 Encryption Process 127

15.5.2 Decryption Process 128

15.6 Requirement of Header Format 128

15.7 Trusted Computing Environment 129

15.7.1 Evidence of Software Code 129

15.7.2 Authentication of Software Code 129

Conclusion 129

Part Six Trust e-Commerce 132

Chapter 16 e-Bank Authentication 132

16.1 Background 132

16.2 Counter Business 133

16.3 Business Layer 134

16.4 Basic Technology 135

16.5 Business at ATM 136

16.6 Communication Between ATM and Portal 137

16.7 The Advantages 138

Chapter 17 e-Bill Authentication 140

17.1 Bill Authentication Network 140

17.2 Main Technologies 141

17.3 Application for Bills 141

17.4 Circulation of Bills 143

17.5 Verification of Check 143

Part Seven Trust Logistics 146

Chapter 18 e-Tag Authentication 146

18.1 Background 146

18.2 Main Technology 147

18.3 Embodiment（Ⅰ） 148

18.4 Embodiment（Ⅱ） 149

Chapter 19 The Design of Mywallet 151

19.1 Two Kinds of Authentication Concept 151

19.2 System Configuration 152

19.3 TAG Structure 153

19.3.1 Structure of Data Region 153

19.3.2 Structure of Control Region 154

19.4 TAG Data Generation and Authentication 155

19.4.1 KMC 155

19.4.2 Enterprise 155

19.4.3 Writer and Reader 155

19.5 Protocol Design 156

19.6 Conclusion 157

Part Eight File ＆ Network Management 160

Chapter 20 e-Mail Authentication 160

20.1 Main Technologies 160

20.2 Sending Process 161

20.3 Receiving Process 162

Chapter 21 Data Storage Authentication 163

21.1 Security Requirements 163

21.2 Basic Technology 164

21.3 File Uploading Protocol 164

21.4 File Downloading Protocol 166

21.5 Data Storing 167

21.5.1 Establishment of Key File 167

21.5.2 Storage of Key File 167

21.5.3 Documental Database Encryption 168

21.5.4 Relational Database Encryption 169

Chapter 22 Secure File Box 171

22.1 Background 171

22.2 System Framework 172

22.3 Features of the System 172

22.4 System Implementation 173

Chapter 23 e-Seal of Classification 176

23.1 Background Technology 176

23.2 Main Technologies 176

23.3 Working Flow 178

23.4 Embodiment 180

23.5 Explanation 181

Chapter 24 Water-wall for Intranet 187

24.1 Background 187

24.2 Working Principles 187

24.3 The diagram of Intranet Water-wall 189

24.4 Water-wall for Individual PC 191

24.5 Guarding Policy 192

Chapter 25 Digital Right Authentication 194

25.1 Technical Background 194

25.2 Main Technologies 194

25.3 Manufacturer's Digital Right 195

25.4 Enterprise's Right of Operation 197

25.5 Client's Right of Usage 198

Postscript New Trend of Information Security 200

Appendices 206

Appendix A 206

Walk Out of Mysterious"Black Chamber" 206

Appendix B 211

Identity Authentication Opening a New Land for Information Security 211

Appendix C 218

Searching for Safe"Silver Bullet" 218

Appendix D 226

"Electronic-ID Card"Attracts International Attention 226

Appendix E 231

CPK System Goes to the World 231

Appendix F 234

Identity Authentication Based on CPK System 234

Appendix G 243

CPK Cpyptosystem 243

References 247