Part One Authentication Technique 2
Chapter 1 Basic Concepts 2
1.1 Physical World and Digital world 2
1.2 A World with Order and without Order 3
1.3 Self-assured Proof and 3rd Party Proof 4
1.4 Certification Chain and Trust Chain 6
1.5 Centralized and Decentralized Management 7
1.6 Physical Signature and Digital Signature 8
Chapter 2 Authentication Logic 11
2.1 Belief Logic 11
2.2 Standard Protocol 12
2.3 Trust Relationship 13
2.3.1 Direct Trust 13
2.3.2 Axiomatic Trust 13
2.3.3 Inference Trust 14
2.4 Trust Logic 15
2.4.1 The Requirement of Trust Logic 15
2.4.2 The Progress in Public Key 16
2.4.3 Entity Authenticity 16
2.4.4 The Characteristics of Trust Logic 18
2.5 CPK Protocol 19
2.5.1 One-way Protocol 19
2.5.2 Two-way Protocol 19
Chapter 3 Identity Authentication 21
3.1 Communication Identity Authentication 21
3.2 Software Identity Authentication 23
3.3 Electronic Tag Authentication 24
3.4 Network Management 24
3.5 Holistic Security 25
Part Two Crypto-systems 28
Chapter 4 Combined Public Key(CPK) 28
4.1 Introduction 28
4.2 ECC Compounding Feature 28
4.3 Identity-Key 29
4.3.1 Combining Matrix 29
4.3.2 Mapping from Identity to Matrix Coordinates 29
4.3.3 Computation of Identity-Key 30
4.4 Key Compounding 30
4.4.1 The Compounding of Identity-Key and Accompanying-Key(optional) 30
4.4.2 The Compounding of Identity-Key and Separating-Key 30
4.5 CPK Digital Signature 31
4.5.1 Signing with Accompanying-Key(optional) 31
4.5.2 Signing with Separating-Key 31
4.6 CPK Key Exchange 32
4.6.1 Key Exchange with Separating-Key 32
4.6.2 Key Exchange with Accompanying-Key(optional) 32
4.7 Security Analysis 32
Chapter 5 Self-assured and 3rd Party Public Key 35
5.1 New Requirements of the Crypto-System 35
5.2 Development of Crypto-Systems 36
5.3 Digital Signature Mechanism 37
5.3.1 IBC Signature Scheme 37
5.3.2 CPK Signature with Separating-Key 37
5.3.3 CPK Signature with Accompanying-Key 38
5.3.4 PKI Signature Scheme 38
5.3.5 IB-RSA Signature Scheme 39
5.3.6 mRSA Signature Scheme 40
5.3.7 Comparison of Schemes 40
5.4 Key Exchange Scheme 40
5.4.1 IBE Key Exchange 41
5.4.2 CPK Key Exchange 41
5.4.3 Other Key Exchange Schemes 42
5.4.4 Performance Comparison 43
5.5 Discussion on Trust Root 44
Chapter 6 Bytes Encryption 45
6.1 Technical Background 45
6.2 Coding Structure 47
6.2.1 Transposition Table(disk) 47
6.2.2 Substitution Table(subst) 48
6.2.3 Key Structure 49
6.2.4 Operation Flowchart 51
6.3 8-bit Operation 51
6.3.1 Assumptions 51
6.3.2 Key Derivation 52
6.3.3 Combination of Data and Keys 52
6.3.4 Left Shift Accumulation 53
6.3.5 Transposition Conversion 54
6.3.6 Single Substitution Conversion 54
6.3.7 Re-combination of Data and Keys 55
6.3.8 Right Shift Accumulation 55
6.3.9 Re-transposition 56
6.4 7-bit Operation 56
6.4.1 Given Conditions 56
6.4.2 Key Derivation 57
6.4.3 Combination of Data and Key 58
6.4.4 Left Shift Accumulation 58
6.4.5 Transposition Conversion 59
6.4.6 Single Substitution Conversion 60
6.4.7 Re-combination of Data and Key 60
6.4.8 Right Shift Accumulation 61
6.4.9 Re-composition 61
6.5 Security Evaluation 62
6.5.1 Key Granularity 62
6.5.2 Confusion and Diffusion 63
6.5.3 Multiple-level Product Conversion 63
Part Three CPK System 66
Chapter 7 CPK Key Management 66
7.1 CPK Key Distribution 66
7.1.1 Authentication Network 66
7.1.2 Communication Key 67
7.1.3 Classification of Keys 67
7.2 CPK Signature 68
7.2.1 Digital Signature and Verification 68
7.2.2 Signature Format 68
7.3 CPK Key Exchange 69
7.4 CPK Data Encryption 70
7.5 Key Protection 70
7.5.1 Password Verification 70
7.5.2 Password Change 71
Chapter 8 CPK-chip Design 72
8.1 Background 72
8.2 Main Technology 72
8.3 Chip Structure 74
8.4 Main Functions 77
8.4.1 Digital Signature 77
8.4.2 Data Encryption 78
Chapter 9 CPK ID-card 80
9.1 Background 80
9.2 ID-card Structure 81
9.2.1 The Part of Main Body 82
9.2.2 The Part of Variables 82
9.3 ID-card Data Format 83
9.4 ID-card Management 85
9.4.1 Administrative Organization 85
9.4.2 Application for ID-card 86
9.4.3 Registration Department 87
9.4.4 Production Department 88
9.4.5 Issuing Department 90
Part Four Trust Computing 92
Chapter 10 SoftwareID Authentication 92
10.1 Technical Background 92
10.2 Main Technology 93
10.3 Signing Module 94
10.4 Verifying Module 95
10.5 The Feature of Code Signing 97
Chapter 11 Code Signing of Windows 98
11.1 Introduction 98
11.2 PE File 98
11.3 Mini-filter 99
11.3.1 NT I/O Subsystem 99
11.3.2 File Filter Driving 100
11.3.3 Mini-filter 101
11.4 Code Authentication of Windows 102
11.4.1 The System Framework 102
11.4.2 Characteristics Collecting 102
11.5 Conclusion 102
Chapter 12 Code Signing of Linux 103
12.1 General Description 103
12.2 ELF File 103
12.3 Linux Security Module(LSM)Framework 104
12.4 Implementation 105
Part Five Trust Connecting 108
Chapter 13 Phone Trust Connecting 108
13.1 Main Technologies 108
13.2 Connecting Procedure 109
13.3 Data Encryption 110
13.4 Data Decryption 111
Chapter 14 Socket Layer Trust Connecting 112
14.1 Layers of Communication 112
14.2 Secure Socket Layer(SSL) 113
14.3 Trusted Socket Layer(TSL) 115
14.4 TSL Working Principle 116
14.5 TSL Address Authentication 118
14.6 Comparison 120
Chapter 15 Router Trust Connecting 121
15.1 Principle of Router 122
15.2 Requirements of Trusted Connection 123
15.3 Fundamental Technology 124
15.4 Origin Address Authentication 124
15.5 Encryption Function 127
15.5.1 Encryption Process 127
15.5.2 Decryption Process 128
15.6 Requirement of Header Format 128
15.7 Trusted Computing Environment 129
15.7.1 Evidence of Software Code 129
15.7.2 Authentication of Software Code 129
Conclusion 129
Part Six Trust e-Commerce 132
Chapter 16 e-Bank Authentication 132
16.1 Background 132
16.2 Counter Business 133
16.3 Business Layer 134
16.4 Basic Technology 135
16.5 Business at ATM 136
16.6 Communication Between ATM and Portal 137
16.7 The Advantages 138
Chapter 17 e-Bill Authentication 140
17.1 Bill Authentication Network 140
17.2 Main Technologies 141
17.3 Application for Bills 141
17.4 Circulation of Bills 143
17.5 Verification of Check 143
Part Seven Trust Logistics 146
Chapter 18 e-Tag Authentication 146
18.1 Background 146
18.2 Main Technology 147
18.3 Embodiment(Ⅰ) 148
18.4 Embodiment(Ⅱ) 149
Chapter 19 The Design of Mywallet 151
19.1 Two Kinds of Authentication Concept 151
19.2 System Configuration 152
19.3 TAG Structure 153
19.3.1 Structure of Data Region 153
19.3.2 Structure of Control Region 154
19.4 TAG Data Generation and Authentication 155
19.4.1 KMC 155
19.4.2 Enterprise 155
19.4.3 Writer and Reader 155
19.5 Protocol Design 156
19.6 Conclusion 157
Part Eight File & Network Management 160
Chapter 20 e-Mail Authentication 160
20.1 Main Technologies 160
20.2 Sending Process 161
20.3 Receiving Process 162
Chapter 21 Data Storage Authentication 163
21.1 Security Requirements 163
21.2 Basic Technology 164
21.3 File Uploading Protocol 164
21.4 File Downloading Protocol 166
21.5 Data Storing 167
21.5.1 Establishment of Key File 167
21.5.2 Storage of Key File 167
21.5.3 Documental Database Encryption 168
21.5.4 Relational Database Encryption 169
Chapter 22 Secure File Box 171
22.1 Background 171
22.2 System Framework 172
22.3 Features of the System 172
22.4 System Implementation 173
Chapter 23 e-Seal of Classification 176
23.1 Background Technology 176
23.2 Main Technologies 176
23.3 Working Flow 178
23.4 Embodiment 180
23.5 Explanation 181
Chapter 24 Water-wall for Intranet 187
24.1 Background 187
24.2 Working Principles 187
24.3 The diagram of Intranet Water-wall 189
24.4 Water-wall for Individual PC 191
24.5 Guarding Policy 192
Chapter 25 Digital Right Authentication 194
25.1 Technical Background 194
25.2 Main Technologies 194
25.3 Manufacturer's Digital Right 195
25.4 Enterprise's Right of Operation 197
25.5 Client's Right of Usage 198
Postscript New Trend of Information Security 200
Appendices 206
Appendix A 206
Walk Out of Mysterious"Black Chamber" 206
Appendix B 211
Identity Authentication Opening a New Land for Information Security 211
Appendix C 218
Searching for Safe"Silver Bullet" 218
Appendix D 226
"Electronic-ID Card"Attracts International Attention 226
Appendix E 231
CPK System Goes to the World 231
Appendix F 234
Identity Authentication Based on CPK System 234
Appendix G 243
CPK Cpyptosystem 243
References 247