CPK公钥体制与标识鉴别 英文PDF电子书下载

Part One Authentication Technology 2

Chapter 1 Basic Concepts 2

1.1 Physical World and Digital World 2

1.2 A World with Order and without Order 3

1.3 Self-assured Proof and 3rd Party Proof 5

1.4 Certification Chain and Trust Chain 7

1.5 Centralized and Decentralized Management 8

1.6 Physical Signature and Digital Signature 10

Chapter 2 Authentication Logics 14

2.1 Belief Logic 15

2.1.1 The Model 15

2.1.2 The Formulae 16

2.1.3 The Characteristics of Belief Logic 16

2.2 Trust Logic 17

2.2.1 Direct Trust 17

2.2.2 Axiomatic Trust 17

2.2.3 Inference Trust 18

2.2.4 Behavior Based Trust 19

2.2.5 Characteristics of Trust Logic 20

2.3 Truth Logic 20

2.3.1 The Needs of "Pre-proof" 20

2.3.2 Entity Authenticity 21

2.3.3 The Characteristics of Truth Logic 24

2.4 Authentication Protocols 25

2.4.1 Standard Protocol 25

2.4.2 CPK Protocol 26

2.5 Authentication Systems 28

2.5.1 PKI Certification System 28

2.5.2 CPK Authentication System 30

Chapter 3 Identity Authentication 32

3.1 Communication Identity Authentication 33

3.2 Software Identity Authentication 34

3.3 Electronic Tag Authentication 36

3.4 Network Management 37

3.5 Holistic Security 38

Part Two Cryptosystems 42

Chapter 4 Combined Public Key(v6.0) 42

4.1 Introduction 42

4.2 Mapping Functoin 43

4.3 Computation of Keys 43

4.3.1 Computation of Identity-key 43

4.3.2 Computation of Separating-key 44

4.3.3 Computation of General-key 44

4.3.4 Computation of District-key 44

4.4 Digital Signature and Key Delivery 45

4.4.1 Digital Signature 45

4.4.2 Key Delivery 46

4.5 Security 46

4.6 Conclusion 47

Chapter 5 Cryptosystem and Authentication 48

5.1 New Requirements for Cryptosystem 48

5.2 Development of Cryptosystems 49

5.3 Identity Authentication Schemes 50

5.3.1 Identity Authentication with IBC 50

5.3.2 Identity Authentication with CPK 51

5.3.3 Identity Authentication with PKI 52

5.3.4 Identity Authentication with IB-RSA 53

5.3.5 Identity Authentication with mRSA 54

5.3.6 Comparison of Schemes 54

5.4 Key Delivery Schemes 55

5.4.1 IBE Key Delivery 55

5.4.2 CPK Key Delivery 56

5.4.3 Other Key Delivery Schemes 56

5.4.4 Performance Comparison 57

5.5 Discussion on Trust Root 58

Chapter 6 Bytes Encryption 60

6.1 Coding Structure 60

6.1.1 Permutation Table(disk) 60

6.1.2 Substitution Table(subst) 61

6.1.3 Key Structure 62

6.2 Working Flow 63

6.2.1 Given Conditions 63

6.2.2 Key Derivation 64

6.2.3 Data Expansion 64

6.2.4 Compound of Data and Key 64

6.2.5 Left Shift Accumulation 65

6.2.6 Permutation 65

6.2.7 Right Shift Accumulation 65

6.2.8 Data Concentration 66

6.2.9 Single Substitution 66

6.2.10 Compound of Data and Key 66

6.3 Security Analysis 67

Part Three CPK System 70

Chapter 7 CPK Key Management 70

7.1 CPK Key Distribution 70

7.1.1 Authentication Network 70

7.1.2 Communication Key 71

7.1.3 Classification of Keys 71

7.2 CPK Signature 72

7.2.1 Digital Signature and Verification 72

7.2.2 Signature Format 73

7.3 CPK Key Delivery 73

7.4 CPK Data Encryption 74

7.5 Key Protection 75

7.5.1 Password Verification 75

7.5.2 Password Change 76

Chapter 8 CPK-chip Design 77

8.1 Background 77

8.2 Main Technology 77

8.3 Chip Structure 79

8.4 Main Functions 82

8.4.1 Digital Signature 82

8.4.2 Data Encryption 84

Chapter 9 CPK ID-card 86

9.1 Background 86

9.2 ID-card Structure 88

9.2.1 The Part of Main Body 88

9.2.2 The Part of Variables 88

9.3 ID-card Data Format 89

9.4 ID-card Management 92

9.4.1 Administrative Organization 92

9.4.2 Application for ID-card 93

9.4.3 Registration Department 94

9.4.4 Production Department 95

9.4.5 Issuing Department 97

Part Four Software Authentication 100

Chapter 10 Software ID Authentication 100

10.1 Technical Background 100

10.2 Main Technology 101

1O.3 Signing Module 102

10.4 Verifying Module 104

10.5 The Feature of Code Signing 105

Chapter 11 Windows Code Authentication 107

11.1 Introduction 107

11.2 PE File 107

11.3 Mini-filter 108

11.3.1 NT I/O Subsystem 108

11.3.2 File Filter Driving 110

11.3.3 Mini-filter 110

11.4 Code Authentication of Windows 111

11.4.1 The System Framework 111

11.4.2 Characteristics Collecting 112

11.5 Conclusion 112

Chapter 12 Linux Code Authentication 113

12.1 General Description 113

12.2 ELF File 113

12.3 Linux Security Module(LSM)Framework 114

12.4 Implementation 115

Part Five Communication Authentication 118

Chapter 13 Phone Authentication 118

13.1 Main Technologies 118

13.2 Connecting Procedure 119

13.3 Data Encryption 120

13.4 Data Decryption 121

Chapter 14 SSL Communication Authentication 123

14.1 Layers of Communication 123

14.2 Secure Socket Layer(SSL) 124

14.3 Authenticated Socket Layer(ASL) 127

14.4 ASL Working Principle 128

14.5 ASL Address Authentication 130

14.6 Comparison 132

Chapter 15 Router Communication Authentication 134

15.1 Principle of Router 135

15.2 Requirements of Authenticated Connection 136

15.3 Fundamental Technology 137

15.4 Origin Address Authentication 138

15.5 Encryption Function 141

15.5.1 Encryption Process 142

15.5.2 Decryption Process 142

15.6 Requirement of Header Format 142

15.7 Computing Environment 143

15.7.1 Evidence of Software Code 143

15.7.2 Authentication of Software Code 143

15.8 Conclusion 144

Part Six e-Commerce Authentication 146

Chapter 16 e-Bank Authentication 146

16.1 Background 146

16.2 Counter Business 147

16.3 Business Layer 148

16.4 Basic Technology 149

16.5 Business at ATM 151

16.6 Communication Between ATM and Portal 151

16.7 The Advantages 153

Chapter 17 e-Bill Authentication 155

17.1 Bill Authentication Network 155

17.2 Main Technologies 156

17.3 Application for Bills 156

17.4 Circulation of Bills 158

17.5 Verification of Check 158

Part Seven Logistics Authentication 162

Chapter 18 e-Tag Authentication 162

18.1 Background 162

18.2 Main Technology 163

18.3 Embodiment(Ⅰ) 165

18.4 Embodiment(Ⅱ) 166

Chapter 19 The Design of Mywallet(v1.0) 168

19.1 Two Kinds of Authentication Concept 168

19.2 System Configuration 170

19.3 Tag Structure 171

19.3.1 Structure of Data Region 171

19.3.2 Structure of Control Region 172

19.4 Tag Data Generation and Authentication 172

19.4.1 KMC 173

19.4.2 Enterprise 173

19.4.3 Writer and Reader 173

19.5 Protocol Design 174

19.6 Conclusion 175

Part Eight Stored File Authentication 178

Chapter 20 Storage Authentication 178

20.1 Security Requirements 178

20.2 Basic Technology 179

20.3 File Uploading Protocol 180

20.4 File Downloading Protocol 181

20.5 Data Storing 182

20.5.1 Establishment of Key File 183

20.5.2 Storage of Key File 183

20.5.3 Documental Database Encryption 184

20.5.4 Relational Database Encryption 185

Chapter 21 Secure File Box 187

21.1 Background 187

21.2 System Framework 188

21.3 Features of the System 189

21.4 System Implementation 190

Chapter 22 Classification Seal Authentication 193

22.1 Background Technology 193

22.2 Main Technologies 194

22.3 Working Flow 196

22.4 Embodiment 197

22.5 Explanation 198

Part Nine Moving Data Authentication 206

Chapter 23 e-Mail Authentication 206

23.1 Main Technologies 206

23.2 Sending Process 208

23.3 Receiving Process 208

Chapter 24 Digital Right Authentication 210

24.1 Technical Background 210

24.2 Main Technologies 211

24.3 Manufacturer's Digital Right 212

24.4 Enterprise's Right of Operation 213

24.5 Client's Right of Usage 215

Part Ten Network Authentication 218

Chapter 25 Pass Authentication 218

25.1 Background 218

25.2 Working Principles 219

25.3 The Diagram of Gate-guard 220

25.4 Gate-guard for Individual PC 223

25.5 Guarding Policy 224

Chapter 26 Address Authentication 225

26.1 Background 225

26.2 Main Problems 226

26.3 Technical Approach 226

26.3.1 CPK Cryptosystem 226

26.3.2 New Routing Protocol 227

26.3.3 Computing Environment 228

26.4 New Prototype of Router 228

Part Eleven New Progress 230

Chapter 27 Measures against Exhaustion Attack 230

27.1 Exhausting Capability 230

27.2 Basic Analysis 231

27.3 Main Objectives 232

27.4 Technical Approach 233

27.5 Module Design 234

Chapter 28 CPK Cryptosystem 236

28.1 Introduction 236

28.2 Identity-key 237

28.3 Separating-key 238

28.4 Compound-key 238

28.5 Public and Private Network Key 239

28.6 Digital Signature Protocol 239

28.7 Key Delivery Protocol 240

28.8 Security 241

28.9 Summary 243

Chapter 29 On-line Key Distribution Protocol 244

Chapter 30 The Design of Mywallet(v2.0) 247

Abstract 247

30.1 Technical Requirements 247

30.1.1 Two Kinds of Authentication Concept 247

30.1.2 Two Kinds of Authentication Networks 248

30.1.3 Two Kinds of Business Requirements 249

30.2 System Structure 249

30.2.1 Key Distribution 250

30.2.2 Data Structure 251

30.2.3 Controller Structure 251

30.3 Protocol Design 252

30.3.1 Authentication Protocol 252

30.3.2 Decryption and Verification Protocol 253

30.3.3 Encryption and Signature Protocol 254

Summary 255

Postscript From Information Security to Gyber Security 257

Appendices 264

Appendix A 264

Walk Out of Mysterious "Black Chamber" 264

Appendix B 270

Identity Authentication Opening a New Land for Information Security 270

Appendix C 278

Searching for Safe "Silver Bullet" 278

Appendix D 288

"Electronic-ID Card" Attracts International Attention 288

Appendix E 293

CPK System Goes to the World 293

Appendix F 297

Identity Authentication Based on CPK System 297

Appendix G 308

CPK Cryptosystem 308

References 313

Glossary 315

Technical Terms 315

Symbols 317