网际安全技术构架：基于标识鉴别的可信系统（英文版）

Contents　FOREWORD 4　CONTENTS 7　PART ONE 18　AUTHENTICATION TECHNIQUE 18　CHAPTER 1 19　BASIC CONCEPTS 19　1.1 PHYSICAL WORLD AND DIGITAL WORLD 19　1.2 A WORLD WITH ORDER AND WITHOUT ORDER 20　1.3 SELF-ASSURED PROOF AND 3RD PARTY PROOF 22　1.4 CERTIFICATION CHAIN AND TRUST CHAIN 24　1.5 CENTRALIZED AND DECENTRALIZED MANAGEMENT 25　1.6 PHYSICAL SIGNATURE AND DIGITAL SIGNATURE 27　CHAPTER 2 31　AUTHENTICATION LOGIC 31　2.1 BELIEF LOGIC 31　2.2 STANDARD PROTOCOL 32　2.3 TRUST RELATIONSHIP 33　2.3.1 Direct Trust 33　2.3.2 Axiomatic Trust 34　2.3.3 Inference Trust 35　2.4 TRUST LOGIC 36　2.4.1 The requirement of Trust Logic 36　2.3.2 The Progress in Public Key 37　2.4.3 Entity Authenticity 38　2.4.4 The Characteristics of Trust Logic 39　2.5 CPK PROTOCOL 40　2.5.1 One-way Protocol 40　2.5.2 Two-way Protocol 41　CHAPTER 3 43　IDENTITY AUTHENTICATION 43　3.1 COMMUNICATION IDENTITY AUTHENTICATION 44　3.2 SOFTWARE IDENTITY AUTHENTICATION 45　3.3 ELECTRONIC TAG AUTHENTICATION 46　3.4 NETWORK MANAGEMENT 47　3.5 HOLISTIC SECURITY 48　PART TWO 51　CRYPTO-SYSTEMS 51　CHAPTER 4 52　COMBINED PUBLIC KEY （CPK） 52　4.1 INTRODUCTION 52　4.2 ECC COMPOUND THEOREM 53　4.3 IDENTITY-KEY 53　4.3.1 Combining Matrix 53　4.3.2 Mapping from Identity to Matrix Coordinates 54　4.3.3 Computation of Identity-Key 54　4.4. KEY COMPOUNDING 54　4.4.1 The Compounding of Identity-Key and Accompanying-Key 54　4.4.2 The Compounding of Identity-Key and Separating-key 55　4.5 CPK DIGITAL SIGNATURE 55　4.5.1 Signing with Accompanying-Key 55　4.5.2 Signing with Separating-key 55　4.6 CPK KEY EXCHANGE 56　4.6.1 Key Exchange with Separating-key 56　4.6.2 Key Exchange with Accompanying-Key 56　4.7 CONCLUSION 56　CHAPTER 5 58　SELF-ASSURED AND 3RD PARTY PUBLIC KEY 58　5.1 NEW REQUIREMENTS OF THE CRYPTO-SYSTEM 58　5.2 DEVELOPMENT OF CRYPTO-SYSTEMS 59　5.3 DIGITAL SIGNATURE MECHANISM 60　5.3.1 IBC Signature Scheme 60　5.3.2 CPK Signature with Separating-key 61　5.3.3 CPK Signature with Accompanying-Key 61　5.3.4 PKI Signature Scheme 61　5.3.5 IB-RSA Signature Scheme 62　5.3.6 mRSA Signature Scheme 63　5.3.7 Comparison of Schemes 63　5.4 KEY EXCHANGE SCHEME 64　5.4.1 IBE Key Exchange 64　5.4.2 CPK Key Exchange 64　5.4.3 Other Key Exchange Schemes 65　5.4.4 Performance Comparison 65　5.5 DISCUSSION ON TRUST ROOT 66　CHAPTER 6 68　BYTES ENCRYPTION 68　6.1 TECHNICAL BACKGROUND 68　6.2 CODING STRUCTURE 70　6.2.1 Transposition Table （disk） 70　6.2.2 Substitution Table （subst） 72　6.3 8-BIT OPERATION 74　6.3.1 Assumptions 74　6.3.2 Key Derivation 75　6.3.3 Combination of Data and Keys 75　6.3.4 Left Shift Accumulation 76　6.3.5 Transposition Conversion 76　6.3.6 Single Substitution Conversion 77　6.3.7 Re-combination of Data and Keys 77　6.3.8 Right Shift Accumulation 78　6.3.9 Re-transposition 78　6.4 7-BIT OPERATION 79　6.4.1 Given Conditions 79　6.4.2 Key Derivation 79　6.4.3 Combination of Data and Key 80　6.4.4 Left Shift Accumulation 81　6.4.5 Transposition Conversion 81　6.4.6 Single Substitution Conversion 82　6.4.7 Re-combination of Data and Key 82　6.4.8 Right Shift Accumulation 83　6.4.9 Re-composition 83　6.5 SAFETY EVALUATION 84　6.5.1 Key Granularity 84　6.5.2 Confusion and Diffusion 85　6.5.3 Multiple-level Product Conversion 85　PART THREE 86　CPK SYSTEM 86　CHAPTER 7 87　CPK KEY MANAGEMENT 87　7.1 CPK KEY DISTRIBUTION 87　7.1.1 Authentication Network 87　7.1.2 Communication Key 88　7.1.3 Classification of Keys 88　7.2 CPK SIGNATURE 89　7.2.1 Digital Signature and Verification 89　7.2.2 Signature Format 90　7.3 CPK KEY EXCHANGE 90　7.4 CPK DATA ENCRYPTION 91　7.5 KEY PROTECTION 92　7.5.1 Password Verification 92　7.5.2 Password Change 93　CHAPTER 8 94　CPK-CHIP DESIGN 94　8.1 BACKGROUND 94　8.2 MAIN TECHNOLOGY 94　8.3 CHIP STRUCTURE 96　8.4 MAIN FUNCTIONS 100　8.4.1 Digital Signature 100　8.4.2 Data Encryption 101　CHAPTER 9 104　CPK ID-CARD 104　9.1 BACKGROUND 104　9.2 ID-CARD STRUCTURE 106　9.2.1 The Part of Main Body 106　9.2.2 The Part of Variables 106　9.3 ID-CARD DATA FORMAT 107　9.4 ID-CARD MANAGEMENT 110　9.4.1 Administrative Organization 110　9.4.2 Application for ID-Card 111　9.4.3 Registration Department 112　9.4.4 Production Department 113　9.4.5 Issuing Department 115　PART FOUR 116　TRUST COMPUTING 116　CHAPTER 10 117　SOFTWAREID AUTHENTICATION 117　10.1 TECHNICAL BACKGROUND 117　10.2 MAIN TECHNOLOGY 118　10.3 SIGNING MODULE 119　10.4 VERIFYING MODULE 121　10.5 THE FEATURE OF CODE SIGNING 123　CHAPTER 11 125　CODE SIGNING OF WINDOWS 125　11.1 INTRODUCTION 125　11.2 PE FILE 125　11.3 MINI-FILTER 126　11.3.1 NT I/O Subsystem 126　11.3.2 File Filter Driving 127　11.3.3 Minifilter 128　11.4 CODE AUTHENTICATION OF WINDOWS 129　11.4.1 The System Framework 129　11.4.2 Characteristics Collecting 129　11.5 CONCLUSION 130　CHAPTER 12 131　CODE SIIGNING OF LINUX…………………………………131　12.1 GENERAL DESCRIPTION 131　12.2 ELF FILE 131　12.3 LINUX SECURITY MODULE （LSM） FRAMEWORK 132　12.4 IMPLEMENTATION 133　PART FIVE 135　TRUST CONNECTING 135　CHAPTER 13 136　PHONE TRUST CONNECTING 136　13.1 MAIN TECHNOLOGIES 136　13.2 CONNECTING PROCEDURE 137　13.3 DATA ENCRYPTION 138　13.4 DATA DECRYPTION 139　CHAPTER 14 140　SOCKET LAYER TRUST CONNECTING 140　14.1 LAYERS OF COMMUNICATION 140　14.2 SECURE SOCKET LAYER （SSL） 141　14.3 TRUSTED SOCKET LAYER （TSL） 144　14.4 TSL WORKING PRINCIPLE 145　14.5 TSL ADDRESS AUTHENTICATION 147　14.6 COMPARISON 148　CHAPTER 15 150　ROUTER TRUST CONNECTING 150　15.1 PRINCIPLE OF ROUTER 151　15.2 REQUIREMENTS OF TRUSTED CONNECTION 152　15.3 FUNDAMENTAL TECHNOLOGY 154　15.4 ORIGIN ADDRESS AUTHENTICATION 154　15.5 ENCRYPTION FUNCTION 157　15.5.1 Encryption Process 158　15.5.2 Decryption Process 158　15.6 REQUIREMENT OF HEADER FORMAT 158　15.7 TRUSTED COMPUTING ENVIRONMENT 159　15.7.1 Evidence of Software Code 159　15.7.2　Authentication of Software Code 159　PART SIX 161　TRUST E-COMMERCE 161　CHAPTER 16 162　E-BANK AUTHENTICATION 162　16.1 BACKGROUND 162　16.2 COUNTER BUSINESS 163　16.3 BUSINESS LAYER 164　16.4 BASIC TECHNOLOGY 166　16.5 BUSINESS AT ATM 167　16.6 COMMUNICATION BETWEEN ATM AND PORTAL 167　16.7 THE ADVANTAGES 169　CHAPTER 17 171　E-BILL AUTHENTICATION 171　17.1 BILL AUTHENTICATION NETWORK 171　17.2 MAIN TECHNOLOGIES 172　17.3 APPLICATION FOR BILLS 173　17.4 CIRCULATION OF BILLS 174　17.5 VERIFICATION OF CHECK 174　PART SEVEN 176　TRUST LOGISTICS 176　CHAPTER 18 177　E-TAG AUTHENTICATION 177　18.1 BACKGROUND 177　18.2 MAIN TECHNOLOGY 178　18.3 EMBODIMENT （Ⅰ） 180　18.4 EMBODIMENT （Ⅱ） 181　CHAPTER 19 183　THE DESIGN OF MYWALLET 183　19.1 TWO KINDS OF AUTHENTICATION CONCEPT 183　19.2 SYSTEM CONFIGURATION 185　19.3 TAG STRUCTURE 186　19.3.1 Structure of Data Region 186　19.3.2 Structure of Control Region 186　19.4 TAG DATA GENERATION AND AUTHENTICATION 187　19.4.1 KMC 187　19.4.2 Enterprise 187　19.4.3 Writer and Reader 188　19.5 PROTOCOL DESIGN 188　19.6 CONCLUSION 190　PART EIGHT 191　FILE & NETWORK MANAGEMENT 191　CHAPTER 20 192　E-MAIL AUTHENTICATION 192　20.1 MAIN TECHNOLOGIES 192　20.2 SENDING PROCESS 193　20.3 RECEIVING PROCESS 194　CHAPTER 21 196　DATA STORAGE AUTHENTICATION 196　21.1 SECURITY REQUIREMENTS 196　21.2 BASIC TECHNOLOGY 197　21.3 FILE UPLOADING PROTOCOL 198　21.4 FILE DOWNLOADING PROTOCOL 199　21.5 DATA STORING 200　21.5.1 Establishment of Key File 201　21.5.2 Storage of Key File 201　21.5.3 Documental Database Encryption 202　21.5.4 Relational Database Encryption 202　CHAPTER 22 205　SECURE FILE BOX 205　22.1 BACKGROUND 205　22.2　SYSTEM FRAMEWORK 206　22.3 FEATURES OF THE SYSTEM 207　22.4 SYSTEM IMPLEMENTATION 208　CHAPTER 23 211　E-SEAL OF CLASSIFICATION 211　23.1 BACKGROUND TECHNOLOGY 211　23.2 MAIN TECHNOLOGIES 212　23.3 WORKING FLOW 214　23.4 EMBODIMENT 215　23.5 EXPLANATION 216　CHAPTER 24 223　WATER-WALL FOR INTRANET 223　24.1 BACKGROUND 223　24.2 WORKING PRINCIPLES 224　24.3 THE DIAGRAM OF INTRANET WATER-WALL 225　24.4 WATER-WALL FOR INDIVIDUAL PC 228　24.5 GUARDING POLICY 229　CHAPTER 25 230　DIGITAL RIGHT AUTHENTICATION 230　25.1 TECHNICAL BACKGROUND 230　25.2 MAIN TECHNOLOGIES 231　25.3 MANUFACTURER’S DIGITAL RIGHT 232　25.4 ENTERPRISE’S RIGHT OF OPERATION 233　25.5 CLIENT’S RIGHT OF USAGE 234　REFERENCES 242　APPENDICES 244　APPENDIX A 245　WALK OUT OF MYSTERIOUS “BLACK CHAMBER” 245　APPENDIX B 251　IDENTITY AUTHENTICATION OPENING A NEW LAND FOR INFORMATION SECURITY 251　APPENDIX C 259　SEARCHING FOR SAFE “SILVER BULLET” 259　APPENDIX D 269　“ELECTRONIC ID CARD” ATTRACTS INTERNATIONAL ATTENTION 269　APPENDIX E 274　CPK SYSTEM GOES TO THE WORLD 274　APPENDIX F 278　IDENTITY AUTHENTICATION BASED ON CPK SYSTEM 278