标识鉴别 网际安全技术基础PDF电子书下载

Part One Authentication Technology 2

Chapter 1 Basic Concepts 2

1.1 Physical World and Digital World 2

1.2 A World with Order and without Order 3

1.3 Self-assured Proof and 3rd Party Proof 4

1.4 Certification Chain and Trust Chain 7

1.5 Centralized and Decentralized Management 8

1.6 Physical Signature and Digital Signature 9

Chapter 2 Authentication Logics 13

2.1 Belief Logic 14

2.1.1 The Model 14

2.1.2 The Formulae 14

2.1.3 The Characteristics of Belief Logic 15

2.2 Trust Logic 15

2.2.1 Direct Trust 15

2.2.2 Axiomatic Trust 16

2.2.3 Inference Trust 16

2.2.4 Behavior Based Trust 17

2.2.5 Characteristics of Trust Logic 18

2.3 Truth Logic 19

2.3.1 The Needs of Truth Logic 19

2.3.2 Entity Authenticity 19

2.3.3 The Characteristics of Truth Logic 22

2.4 Authentication Protocols 23

2.4.1 Standard Protocol 23

2.4.2 CPK Protocol 24

2.5 Authentication Systems 25

2.5.1 PKI Certification System 26

2.5.2 CPK Authentication System 27

Chapter 3 Identity Authentication 29

3.1 Communication Identity Authentication 29

3.2 Software Identity Authentication 31

3.3 Electronic Tag Authentication 32

3.4 Network Management 33

3.5 Holistic Security 34

Part Two Cryptosystems 38

Chapter4 Combined Public Key(v6.0) 38

4.1 Introduction 38

4.2 Mapping Function 39

4.3 Computation of Keys 39

4.3.1 Computation of Identity-Key 39

4.3.2 Computation of Separating-key 40

4.3.3 Computation of General-key 40

4.3.4 Computation of District-key 40

4.4 Digital Signature and Key Delivery 41

4.4.1 Digital Signature 41

4.4.2 Key Delivery 41

4.5 Security 42

Conclusion 42

Chapter 5 Cryptosystem and Authentication 43

5.1 New Requirements for Cryptosystem 43

5.2 Development of Cryptosystems 44

5.3 Identity Authentication Schemes 45

5.3.1 Identity Authentication with IBC 45

5.3.2 Identity Authentication with CPK 46

5.3.3 Identity Authentication with PKI 47

5.3.4 Identity Authentication with IB-RSA 48

5.3.5 Identity Authentication with mRSA 48

5.3.6 Comparison of Schemes 49

5.4 Key Delivery Schemes 49

5.4.1 IBE Key Delivery 49

5.4.2 CPK Key Delivery 50

5.4.3 Other Key Delivery Schemes 51

5.4.4 Performance Comparison 52

5.5 Related Discussions 52

5.5.1 Discussion on Trust Root 52

5.5.2 Discussion on Quantum Attack 53

Chapter 6 Bytes Encryption 55

6.1 Coding Structure 55

6.1.1 Permutation Table(disk) 55

6.1.2 Substitution Table(subst) 56

6.1.3 Key Structure 57

6.2 Working Flow 58

6.2.1 Given Conditions 58

6.2.2 Key Derivation 59

6.2.3 Data Expansion 59

6.2.4 Compound of Data and Key 59

6.2.5 Left Shift Accumulation 60

6.2.6 Permutation 60

6.2.7 Right Shift Accumulation 60

6.2.8 Data Concentration 60

6.2.9 Single Substitution 61

6.2.10 Compound of Data and Key 61

6.3 Security Analysis 61

Part Three CPK System 64

Chapter 7 CPK Key Management 64

7.1 CPK Key Distribution 64

7.1.1 Authentication Network 64

7.1.2 Communication Key 65

7.1.3 Classification of Keys 65

7.2 CPK Signature 66

7.2.1 Digital Signature and Verification 66

7.2.2 Signature Format 67

7.3 CPK Key Delivery 67

7.4 CPK Data Encryption 68

7.5 Key Protection 68

7.5.1 Password Verification 69

7.5.2 Password Change 69

Chapter 8 CPK-chip Design 70

8.1 Background 70

8.2 Main Technology 70

8.3 Chip Structure 72

8.4 Main Functions 75

8.4.1 Digital Signature 75

8.4.2 Data Encryption 76

Chapter 9 CPK ID-card 78

9.1 Background 78

9.2 ID-card Structure 79

9.2.1 The Part of Main Body 80

9.2.2 The Part of Variables 80

9.3 ID-card Data Format 81

9.4 ID-card Management 83

9.4.1 Administrative Organization 83

9.4.2 Application for ID-card 84

9.4.3 Registration Department 85

9.4.4 Production Department 86

9.4.5 Issuing Department 88

Part Four Code Authentication 90

Chapter 10 Software ID Authentication 90

10.1 Technical Background 90

10.2 Main Technology 91

10.3 Signing Module 92

10.4 Verifying Module 93

10.5 The Feature of Code Signing 95

Chapter 11 Windows Code Authentication 97

11.1 Introduction 97

11.2 PE File 97

11.3 Mini-filter 98

11.3.1 NT I/O Subsystem 98

11.3.2 File Filter Driving 99

11.3.3 Mini-filter 100

11.4 Code Authentication of Windows 101

11.4.1 The System Framework 101

11.4.2 Characteristics Collecting 101

11.5 Conclusion 101

Chapter 12 Linux Code Authentication 102

12.1 General Description 102

12.2 ELF File 102

12.3 Linux Security Module(LSM)Framework 103

12.4 Implementation 104

Part Five Communication Authentication 108

Chapter 13 Phone Authentication 108

13.1 Main Technologies 108

13.2 Connecting Procedure 109

13.3 Data Encryption 110

13.4 Data Decryption 111

Chapter 14 SSL Communication Authentication 112

14.1 Layers of Communication 112

14.2 Secure Socket Layer(SSL) 113

14.3 Authenticated Socket Layer(ASL) 115

14.4 TSL Working Principle 116

14.5 ASL Address Authentication 118

14.6 Comparison 120

Chapter 15 Router Communication Authentication 121

15.1 Principle of Router 122

15.2 Requirements of Authenticated Connection 123

15.3 Fundamental Technology 124

15.4 Origin Address Authentication 125

15.5 Encryption Function 127

15.5.1 Encryption Process 128

15.5.2 Decryption Process 128

15.6 Requirement of Header Format 128

15.7 Computing Environment 129

15.7.1 Evidence of Software Code 129

15.7.2 Authentication of Software Code 129

Conclusion 130

Part Six e-Commerce Authentication 132

Chapter 16 e-Bank Authentication 132

16.1 Background 132

16.2 Counter Business 133

16.3 Business Layer 134

16.4 Basic Technology 135

16.5 Business at ATM 136

16.6 Communication Between ATM and Portal 137

16.7 The Advantages 138

Chapter 17 e-Bill Authentication 140

17.1 Bill Authentication Network 140

17.2 Main Technologies 141

17.3 Application for Bills 141

17.4 Circulation of Bills 142

17.5 Verification of Check 143

Part Seven Logistics Authentication 146

Chapter 18 e-Tag Authentication 146

18.1 Background 146

18.2 Main Technology 147

18.3 Embodiment(Ⅰ) 148

18.4 Embodiment(Ⅱ) 150

Chapter 19 e-Wallet Authentication 151

19.1 Two Kinds of Authentication Concept 151

19.2 System Configuration 153

19.3 Tag Structure 154

19.3.1 Structure of Data Region 154

19.3.2 Structure of Control Region 154

19.4 Tag Data Generation and Authentication 155

19.4.1 KMC 155

19.4.2 Enterprise 155

19.4.3 Writer and Reader 156

19.5 Protocol Design 156

19.6 Conclusion 158

Part Eight Stored File Authentication 160

Chapter 20 Storage Authentication 160

20.1 Security Requirements 160

20.2 Basic Technology 161

20.3 File Uploading Protocol 162

20.4 File Downloading Protocol 163

20.5 Data Storing 164

20.5.1 Establishment of Key File 164

20.5.2 Storage of Key File 165

20.5.3 Documental Database Encryption 165

20.5.4 Relational Database Encryption 166

Chapter 21 Secure File Box 168

21.1 Background 168

21.2 System Framework 169

21.3 Features of the System 169

21.4 System Implementation 171

Chapter 22 Classification Seal Authentication 173

22.1 Background Technology 173

22.2 Main Technologies 173

22.3 Working Flow 175

22.4 Embodiment 177

22.5 Explanation 178

Part Nine Moving Data Authentication 186

Chapter 23 e-Mail Authentication 186

23.1 Main Technologies 186

23.2 Sending Process 187

23.3 Receiving Process 188

Chapter 24 Digital Right Authentication 190

24.1 Technical Background 190

24.2 Main Technologies 190

24.3 Manufacturer's Digital Right 191

24.4 Enterprise's Right of Operation 193

24.5 Client's Right of Usage 194

Part Ten Network Authentication 198

Chapter 25 Pass Authentication 198

25.1 Background 198

25.2 Working Principles 198

25.3 The Diagram of Gate-guard 200

25.4 Gate-guard for Individual PC 202

25.5 Guarding Policy 203

Chapter 26 Address Authentication 205

26.1 Background 205

26.2 Main Problems 206

26.3 Technical Approach 206

26.3.1 CPK Cryptosystem 206

26.3.2 New Routing Protocol 207

26.3.3 Computing Environment 207

26.4 New Prototype of Router 208

Postscript New Trend of Information Security 209

Appendices 216

Appendix A Walk Out of Mysterious""Black Chamber"" 216

Appendix B Identity Authentication Opening a New Land for Information Security 221

Appendix C Searching for Safe""Silver Bullet"" 228

Appendix D ""Electronic-ID Card""Attracts International Attention 237

Appendix E CPK System Goes to the World 242

Appendix F Identity Authentication Based on CPK System 246

Appendix G CPK Cryptosystem 255

References 259

Glossary Technical Terms 261

Symbols 263