Part One Authentication Technology 2
Chapter 1 Basic Concepts 2
1.1 Physical World and Digital World 2
1.2 A World with Order and without Order 3
1.3 Self-assured Proof and 3rd Party Proof 4
1.4 Certification Chain and Trust Chain 7
1.5 Centralized and Decentralized Management 8
1.6 Physical Signature and Digital Signature 9
Chapter 2 Authentication Logics 13
2.1 Belief Logic 14
2.1.1 The Model 14
2.1.2 The Formulae 14
2.1.3 The Characteristics of Belief Logic 15
2.2 Trust Logic 15
2.2.1 Direct Trust 15
2.2.2 Axiomatic Trust 16
2.2.3 Inference Trust 16
2.2.4 Behavior Based Trust 17
2.2.5 Characteristics of Trust Logic 18
2.3 Truth Logic 19
2.3.1 The Needs of Truth Logic 19
2.3.2 Entity Authenticity 19
2.3.3 The Characteristics of Truth Logic 22
2.4 Authentication Protocols 23
2.4.1 Standard Protocol 23
2.4.2 CPK Protocol 24
2.5 Authentication Systems 25
2.5.1 PKI Certification System 26
2.5.2 CPK Authentication System 27
Chapter 3 Identity Authentication 29
3.1 Communication Identity Authentication 29
3.2 Software Identity Authentication 31
3.3 Electronic Tag Authentication 32
3.4 Network Management 33
3.5 Holistic Security 34
Part Two Cryptosystems 38
Chapter4 Combined Public Key(v6.0) 38
4.1 Introduction 38
4.2 Mapping Function 39
4.3 Computation of Keys 39
4.3.1 Computation of Identity-Key 39
4.3.2 Computation of Separating-key 40
4.3.3 Computation of General-key 40
4.3.4 Computation of District-key 40
4.4 Digital Signature and Key Delivery 41
4.4.1 Digital Signature 41
4.4.2 Key Delivery 41
4.5 Security 42
Conclusion 42
Chapter 5 Cryptosystem and Authentication 43
5.1 New Requirements for Cryptosystem 43
5.2 Development of Cryptosystems 44
5.3 Identity Authentication Schemes 45
5.3.1 Identity Authentication with IBC 45
5.3.2 Identity Authentication with CPK 46
5.3.3 Identity Authentication with PKI 47
5.3.4 Identity Authentication with IB-RSA 48
5.3.5 Identity Authentication with mRSA 48
5.3.6 Comparison of Schemes 49
5.4 Key Delivery Schemes 49
5.4.1 IBE Key Delivery 49
5.4.2 CPK Key Delivery 50
5.4.3 Other Key Delivery Schemes 51
5.4.4 Performance Comparison 52
5.5 Related Discussions 52
5.5.1 Discussion on Trust Root 52
5.5.2 Discussion on Quantum Attack 53
Chapter 6 Bytes Encryption 55
6.1 Coding Structure 55
6.1.1 Permutation Table(disk) 55
6.1.2 Substitution Table(subst) 56
6.1.3 Key Structure 57
6.2 Working Flow 58
6.2.1 Given Conditions 58
6.2.2 Key Derivation 59
6.2.3 Data Expansion 59
6.2.4 Compound of Data and Key 59
6.2.5 Left Shift Accumulation 60
6.2.6 Permutation 60
6.2.7 Right Shift Accumulation 60
6.2.8 Data Concentration 60
6.2.9 Single Substitution 61
6.2.10 Compound of Data and Key 61
6.3 Security Analysis 61
Part Three CPK System 64
Chapter 7 CPK Key Management 64
7.1 CPK Key Distribution 64
7.1.1 Authentication Network 64
7.1.2 Communication Key 65
7.1.3 Classification of Keys 65
7.2 CPK Signature 66
7.2.1 Digital Signature and Verification 66
7.2.2 Signature Format 67
7.3 CPK Key Delivery 67
7.4 CPK Data Encryption 68
7.5 Key Protection 68
7.5.1 Password Verification 69
7.5.2 Password Change 69
Chapter 8 CPK-chip Design 70
8.1 Background 70
8.2 Main Technology 70
8.3 Chip Structure 72
8.4 Main Functions 75
8.4.1 Digital Signature 75
8.4.2 Data Encryption 76
Chapter 9 CPK ID-card 78
9.1 Background 78
9.2 ID-card Structure 79
9.2.1 The Part of Main Body 80
9.2.2 The Part of Variables 80
9.3 ID-card Data Format 81
9.4 ID-card Management 83
9.4.1 Administrative Organization 83
9.4.2 Application for ID-card 84
9.4.3 Registration Department 85
9.4.4 Production Department 86
9.4.5 Issuing Department 88
Part Four Code Authentication 90
Chapter 10 Software ID Authentication 90
10.1 Technical Background 90
10.2 Main Technology 91
10.3 Signing Module 92
10.4 Verifying Module 93
10.5 The Feature of Code Signing 95
Chapter 11 Windows Code Authentication 97
11.1 Introduction 97
11.2 PE File 97
11.3 Mini-filter 98
11.3.1 NT I/O Subsystem 98
11.3.2 File Filter Driving 99
11.3.3 Mini-filter 100
11.4 Code Authentication of Windows 101
11.4.1 The System Framework 101
11.4.2 Characteristics Collecting 101
11.5 Conclusion 101
Chapter 12 Linux Code Authentication 102
12.1 General Description 102
12.2 ELF File 102
12.3 Linux Security Module(LSM)Framework 103
12.4 Implementation 104
Part Five Communication Authentication 108
Chapter 13 Phone Authentication 108
13.1 Main Technologies 108
13.2 Connecting Procedure 109
13.3 Data Encryption 110
13.4 Data Decryption 111
Chapter 14 SSL Communication Authentication 112
14.1 Layers of Communication 112
14.2 Secure Socket Layer(SSL) 113
14.3 Authenticated Socket Layer(ASL) 115
14.4 TSL Working Principle 116
14.5 ASL Address Authentication 118
14.6 Comparison 120
Chapter 15 Router Communication Authentication 121
15.1 Principle of Router 122
15.2 Requirements of Authenticated Connection 123
15.3 Fundamental Technology 124
15.4 Origin Address Authentication 125
15.5 Encryption Function 127
15.5.1 Encryption Process 128
15.5.2 Decryption Process 128
15.6 Requirement of Header Format 128
15.7 Computing Environment 129
15.7.1 Evidence of Software Code 129
15.7.2 Authentication of Software Code 129
Conclusion 130
Part Six e-Commerce Authentication 132
Chapter 16 e-Bank Authentication 132
16.1 Background 132
16.2 Counter Business 133
16.3 Business Layer 134
16.4 Basic Technology 135
16.5 Business at ATM 136
16.6 Communication Between ATM and Portal 137
16.7 The Advantages 138
Chapter 17 e-Bill Authentication 140
17.1 Bill Authentication Network 140
17.2 Main Technologies 141
17.3 Application for Bills 141
17.4 Circulation of Bills 142
17.5 Verification of Check 143
Part Seven Logistics Authentication 146
Chapter 18 e-Tag Authentication 146
18.1 Background 146
18.2 Main Technology 147
18.3 Embodiment(Ⅰ) 148
18.4 Embodiment(Ⅱ) 150
Chapter 19 e-Wallet Authentication 151
19.1 Two Kinds of Authentication Concept 151
19.2 System Configuration 153
19.3 Tag Structure 154
19.3.1 Structure of Data Region 154
19.3.2 Structure of Control Region 154
19.4 Tag Data Generation and Authentication 155
19.4.1 KMC 155
19.4.2 Enterprise 155
19.4.3 Writer and Reader 156
19.5 Protocol Design 156
19.6 Conclusion 158
Part Eight Stored File Authentication 160
Chapter 20 Storage Authentication 160
20.1 Security Requirements 160
20.2 Basic Technology 161
20.3 File Uploading Protocol 162
20.4 File Downloading Protocol 163
20.5 Data Storing 164
20.5.1 Establishment of Key File 164
20.5.2 Storage of Key File 165
20.5.3 Documental Database Encryption 165
20.5.4 Relational Database Encryption 166
Chapter 21 Secure File Box 168
21.1 Background 168
21.2 System Framework 169
21.3 Features of the System 169
21.4 System Implementation 171
Chapter 22 Classification Seal Authentication 173
22.1 Background Technology 173
22.2 Main Technologies 173
22.3 Working Flow 175
22.4 Embodiment 177
22.5 Explanation 178
Part Nine Moving Data Authentication 186
Chapter 23 e-Mail Authentication 186
23.1 Main Technologies 186
23.2 Sending Process 187
23.3 Receiving Process 188
Chapter 24 Digital Right Authentication 190
24.1 Technical Background 190
24.2 Main Technologies 190
24.3 Manufacturer's Digital Right 191
24.4 Enterprise's Right of Operation 193
24.5 Client's Right of Usage 194
Part Ten Network Authentication 198
Chapter 25 Pass Authentication 198
25.1 Background 198
25.2 Working Principles 198
25.3 The Diagram of Gate-guard 200
25.4 Gate-guard for Individual PC 202
25.5 Guarding Policy 203
Chapter 26 Address Authentication 205
26.1 Background 205
26.2 Main Problems 206
26.3 Technical Approach 206
26.3.1 CPK Cryptosystem 206
26.3.2 New Routing Protocol 207
26.3.3 Computing Environment 207
26.4 New Prototype of Router 208
Postscript New Trend of Information Security 209
Appendices 216
Appendix A Walk Out of Mysterious""Black Chamber"" 216
Appendix B Identity Authentication Opening a New Land for Information Security 221
Appendix C Searching for Safe""Silver Bullet"" 228
Appendix D ""Electronic-ID Card""Attracts International Attention 237
Appendix E CPK System Goes to the World 242
Appendix F Identity Authentication Based on CPK System 246
Appendix G CPK Cryptosystem 255
References 259
Glossary Technical Terms 261
Symbols 263