Part One Authentication Technology 2
Chapter 1 Basic Concepts 2
1.1 Physical World and Digital World 2
1.2 A World with Order and without Order 3
1.3 Self-assured Proof and 3rd Party Proof 5
1.4 Certification Chain and Trust Chain 7
1.5 Centralized and Decentralized Management 8
1.6 Physical Signature and Digital Signature 10
Chapter 2 Authentication Logics 14
2.1 Belief Logic 15
2.1.1 The Model 15
2.1.2 The Formulae 16
2.1.3 The Characteristics of Belief Logic 16
2.2 Trust Logic 17
2.2.1 Direct Trust 17
2.2.2 Axiomatic Trust 17
2.2.3 Inference Trust 18
2.2.4 Behavior Based Trust 19
2.2.5 Characteristics of Trust Logic 20
2.3 Truth Logic 20
2.3.1 The Needs of "Pre-proof" 20
2.3.2 Entity Authenticity 21
2.3.3 The Characteristics of Truth Logic 24
2.4 Authentication Protocols 25
2.4.1 Standard Protocol 25
2.4.2 CPK Protocol 26
2.5 Authentication Systems 28
2.5.1 PKI Certification System 28
2.5.2 CPK Authentication System 30
Chapter 3 Identity Authentication 32
3.1 Communication Identity Authentication 33
3.2 Software Identity Authentication 34
3.3 Electronic Tag Authentication 36
3.4 Network Management 37
3.5 Holistic Security 38
Part Two Cryptosystems 42
Chapter 4 Combined Public Key(v6.0) 42
4.1 Introduction 42
4.2 Mapping Functoin 43
4.3 Computation of Keys 43
4.3.1 Computation of Identity-key 43
4.3.2 Computation of Separating-key 44
4.3.3 Computation of General-key 44
4.3.4 Computation of District-key 44
4.4 Digital Signature and Key Delivery 45
4.4.1 Digital Signature 45
4.4.2 Key Delivery 46
4.5 Security 46
4.6 Conclusion 47
Chapter 5 Cryptosystem and Authentication 48
5.1 New Requirements for Cryptosystem 48
5.2 Development of Cryptosystems 49
5.3 Identity Authentication Schemes 50
5.3.1 Identity Authentication with IBC 50
5.3.2 Identity Authentication with CPK 51
5.3.3 Identity Authentication with PKI 52
5.3.4 Identity Authentication with IB-RSA 53
5.3.5 Identity Authentication with mRSA 54
5.3.6 Comparison of Schemes 54
5.4 Key Delivery Schemes 55
5.4.1 IBE Key Delivery 55
5.4.2 CPK Key Delivery 56
5.4.3 Other Key Delivery Schemes 56
5.4.4 Performance Comparison 57
5.5 Discussion on Trust Root 58
Chapter 6 Bytes Encryption 60
6.1 Coding Structure 60
6.1.1 Permutation Table(disk) 60
6.1.2 Substitution Table(subst) 61
6.1.3 Key Structure 62
6.2 Working Flow 63
6.2.1 Given Conditions 63
6.2.2 Key Derivation 64
6.2.3 Data Expansion 64
6.2.4 Compound of Data and Key 64
6.2.5 Left Shift Accumulation 65
6.2.6 Permutation 65
6.2.7 Right Shift Accumulation 65
6.2.8 Data Concentration 66
6.2.9 Single Substitution 66
6.2.10 Compound of Data and Key 66
6.3 Security Analysis 67
Part Three CPK System 70
Chapter 7 CPK Key Management 70
7.1 CPK Key Distribution 70
7.1.1 Authentication Network 70
7.1.2 Communication Key 71
7.1.3 Classification of Keys 71
7.2 CPK Signature 72
7.2.1 Digital Signature and Verification 72
7.2.2 Signature Format 73
7.3 CPK Key Delivery 73
7.4 CPK Data Encryption 74
7.5 Key Protection 75
7.5.1 Password Verification 75
7.5.2 Password Change 76
Chapter 8 CPK-chip Design 77
8.1 Background 77
8.2 Main Technology 77
8.3 Chip Structure 79
8.4 Main Functions 82
8.4.1 Digital Signature 82
8.4.2 Data Encryption 84
Chapter 9 CPK ID-card 86
9.1 Background 86
9.2 ID-card Structure 88
9.2.1 The Part of Main Body 88
9.2.2 The Part of Variables 88
9.3 ID-card Data Format 89
9.4 ID-card Management 92
9.4.1 Administrative Organization 92
9.4.2 Application for ID-card 93
9.4.3 Registration Department 94
9.4.4 Production Department 95
9.4.5 Issuing Department 97
Part Four Software Authentication 100
Chapter 10 Software ID Authentication 100
10.1 Technical Background 100
10.2 Main Technology 101
1O.3 Signing Module 102
10.4 Verifying Module 104
10.5 The Feature of Code Signing 105
Chapter 11 Windows Code Authentication 107
11.1 Introduction 107
11.2 PE File 107
11.3 Mini-filter 108
11.3.1 NT I/O Subsystem 108
11.3.2 File Filter Driving 110
11.3.3 Mini-filter 110
11.4 Code Authentication of Windows 111
11.4.1 The System Framework 111
11.4.2 Characteristics Collecting 112
11.5 Conclusion 112
Chapter 12 Linux Code Authentication 113
12.1 General Description 113
12.2 ELF File 113
12.3 Linux Security Module(LSM)Framework 114
12.4 Implementation 115
Part Five Communication Authentication 118
Chapter 13 Phone Authentication 118
13.1 Main Technologies 118
13.2 Connecting Procedure 119
13.3 Data Encryption 120
13.4 Data Decryption 121
Chapter 14 SSL Communication Authentication 123
14.1 Layers of Communication 123
14.2 Secure Socket Layer(SSL) 124
14.3 Authenticated Socket Layer(ASL) 127
14.4 ASL Working Principle 128
14.5 ASL Address Authentication 130
14.6 Comparison 132
Chapter 15 Router Communication Authentication 134
15.1 Principle of Router 135
15.2 Requirements of Authenticated Connection 136
15.3 Fundamental Technology 137
15.4 Origin Address Authentication 138
15.5 Encryption Function 141
15.5.1 Encryption Process 142
15.5.2 Decryption Process 142
15.6 Requirement of Header Format 142
15.7 Computing Environment 143
15.7.1 Evidence of Software Code 143
15.7.2 Authentication of Software Code 143
15.8 Conclusion 144
Part Six e-Commerce Authentication 146
Chapter 16 e-Bank Authentication 146
16.1 Background 146
16.2 Counter Business 147
16.3 Business Layer 148
16.4 Basic Technology 149
16.5 Business at ATM 151
16.6 Communication Between ATM and Portal 151
16.7 The Advantages 153
Chapter 17 e-Bill Authentication 155
17.1 Bill Authentication Network 155
17.2 Main Technologies 156
17.3 Application for Bills 156
17.4 Circulation of Bills 158
17.5 Verification of Check 158
Part Seven Logistics Authentication 162
Chapter 18 e-Tag Authentication 162
18.1 Background 162
18.2 Main Technology 163
18.3 Embodiment(Ⅰ) 165
18.4 Embodiment(Ⅱ) 166
Chapter 19 The Design of Mywallet(v1.0) 168
19.1 Two Kinds of Authentication Concept 168
19.2 System Configuration 170
19.3 Tag Structure 171
19.3.1 Structure of Data Region 171
19.3.2 Structure of Control Region 172
19.4 Tag Data Generation and Authentication 172
19.4.1 KMC 173
19.4.2 Enterprise 173
19.4.3 Writer and Reader 173
19.5 Protocol Design 174
19.6 Conclusion 175
Part Eight Stored File Authentication 178
Chapter 20 Storage Authentication 178
20.1 Security Requirements 178
20.2 Basic Technology 179
20.3 File Uploading Protocol 180
20.4 File Downloading Protocol 181
20.5 Data Storing 182
20.5.1 Establishment of Key File 183
20.5.2 Storage of Key File 183
20.5.3 Documental Database Encryption 184
20.5.4 Relational Database Encryption 185
Chapter 21 Secure File Box 187
21.1 Background 187
21.2 System Framework 188
21.3 Features of the System 189
21.4 System Implementation 190
Chapter 22 Classification Seal Authentication 193
22.1 Background Technology 193
22.2 Main Technologies 194
22.3 Working Flow 196
22.4 Embodiment 197
22.5 Explanation 198
Part Nine Moving Data Authentication 206
Chapter 23 e-Mail Authentication 206
23.1 Main Technologies 206
23.2 Sending Process 208
23.3 Receiving Process 208
Chapter 24 Digital Right Authentication 210
24.1 Technical Background 210
24.2 Main Technologies 211
24.3 Manufacturer's Digital Right 212
24.4 Enterprise's Right of Operation 213
24.5 Client's Right of Usage 215
Part Ten Network Authentication 218
Chapter 25 Pass Authentication 218
25.1 Background 218
25.2 Working Principles 219
25.3 The Diagram of Gate-guard 220
25.4 Gate-guard for Individual PC 223
25.5 Guarding Policy 224
Chapter 26 Address Authentication 225
26.1 Background 225
26.2 Main Problems 226
26.3 Technical Approach 226
26.3.1 CPK Cryptosystem 226
26.3.2 New Routing Protocol 227
26.3.3 Computing Environment 228
26.4 New Prototype of Router 228
Part Eleven New Progress 230
Chapter 27 Measures against Exhaustion Attack 230
27.1 Exhausting Capability 230
27.2 Basic Analysis 231
27.3 Main Objectives 232
27.4 Technical Approach 233
27.5 Module Design 234
Chapter 28 CPK Cryptosystem 236
28.1 Introduction 236
28.2 Identity-key 237
28.3 Separating-key 238
28.4 Compound-key 238
28.5 Public and Private Network Key 239
28.6 Digital Signature Protocol 239
28.7 Key Delivery Protocol 240
28.8 Security 241
28.9 Summary 243
Chapter 29 On-line Key Distribution Protocol 244
Chapter 30 The Design of Mywallet(v2.0) 247
Abstract 247
30.1 Technical Requirements 247
30.1.1 Two Kinds of Authentication Concept 247
30.1.2 Two Kinds of Authentication Networks 248
30.1.3 Two Kinds of Business Requirements 249
30.2 System Structure 249
30.2.1 Key Distribution 250
30.2.2 Data Structure 251
30.2.3 Controller Structure 251
30.3 Protocol Design 252
30.3.1 Authentication Protocol 252
30.3.2 Decryption and Verification Protocol 253
30.3.3 Encryption and Signature Protocol 254
Summary 255
Postscript From Information Security to Gyber Security 257
Appendices 264
Appendix A 264
Walk Out of Mysterious "Black Chamber" 264
Appendix B 270
Identity Authentication Opening a New Land for Information Security 270
Appendix C 278
Searching for Safe "Silver Bullet" 278
Appendix D 288
"Electronic-ID Card" Attracts International Attention 288
Appendix E 293
CPK System Goes to the World 293
Appendix F 297
Identity Authentication Based on CPK System 297
Appendix G 308
CPK Cryptosystem 308
References 313
Glossary 315
Technical Terms 315
Symbols 317