标识鉴别

2011-6  

南相浩 电子工业出版社 (2011-06出版)  

南相浩  

284  

　　《标识鉴别：网际安全技术基础》讨论了未来“网际安全”的关键技术――基于标识鉴别的可信系统，也讨论了与此相关的自证性公钥体制、信任逻辑，以及信任逻辑在可信接入、可信计算、可信交易、可信物流。网络管理中的应用，以及在互联网和物联网构成的网际空间中建立互信的基本技术，也讨论了新一代信息安全的概念和下一代绿色网络安全的发展方向

ContentsPart OneAuthentication TechnologyChapter 1Basic Concepts11Physical World and Digital World12A World with Order and without Order 13Selfassured Proof and 3rd Party Proof14Certification Chain and Trust Chain15Centralized and Decentralized Management 16Physical Signature and Digital SignatureChapter 2Authentication Logics21Belief Logic211The Model 212The Formulae213The Characteristics of Belief Logic22Trust Logic221Direct Trust222Axiomatic Trust223Inference Trust224Behavior Based Trust225Characteristics of Trust Logic23Truth Logic231The Needs of Truth Logic232Entity Authenticity233The Characteristics of Truth Logic24Authentication Protocols241Standard Protocol242CPK Protocol25Authentication Systems251PKI Certification System252CPK Authentication SystemChapter 3Identity Authentication31Communication Identity Authentication32Software Identity Authentication33Electronic Tag Authentication34Network Management35Holistic Security Part TwoCryptosystemsChapter 4Combined Public Key (v60)41Introduction42Mapping Function43Computation of Keys431Computation of IdentityKey432Computation of Separatingkey433Computation of Generalkey434Computation of Districtkey44Digital Signature and Key Delivery441Digital Signature442Key Delivery45SecurityConclusionChapter 5Cryptosystem and Authentication51New Requirements for Cryptosystem52Development of Cryptosystems53Identity Authentication Schemes531Identity Authentication with IBC532Identity Authentication with CPK533Identity Authentication with PKI534Identity Authentication with IBRSA535Identity Authentication with mRSA536Comparison of Schemes54Key Delivery Schemes541IBE Key Delivery542CPK Key Delivery543Other Key Delivery Schemes544Performance Comparison55Related Discussions551Discussion on Trust Root552Discussion on Quantum AttackChapter 6Bytes Encryption61Coding Structure611Permutation Table (disk)612Substitution Table (subst)613Key Structure62Working Flow621Given Conditions622Key Derivation623Data Expansion624Compound of Data and Key625Left Shift Accumulation626Permutation627Right Shift Accumulation628Data Concentration629Single Substitution6210Compound of Data and Key63Security AnalysisPart ThreeCPK SystemChapter 7CPK Key Management71CPK Key Distribution711Authentication Network712Communication Key713Classification of Keys72CPK Signature721Digital Signature and Verification722Signature Format73CPK Key Delivery74CPK Data Encryption75Key Protection751Password Verification752Password ChangeChapter 8CPKchip Design81Background82Main Technology83Chip Structure84Main Functions841Digital Signature842Data EncryptionChapter 9CPK IDcard91Background92IDcard Structure921The Part of Main Body922The Part of Variables93IDcard Data Format94IDcard Management941Administrative Organization942Application for IDcard943Registration Department944Production Department945Issuing DepartmentPart FourCode AuthenticationChapter 10Software ID Authentication101Technical Background102Main Technology103Signing Module104Verifying Module105The Feature of Code SigningChapter 11Windows Code Authentication111Introduction112PE File113Minifilter1131NT I/O Subsystem1132File Filter Driving1133Minifilter114Code Authentication of Windows1141The System Framework1142Characteristics Collecting115ConclusionChapter 12Linux Code Authentication121General Description122ELF File123Linux Security Module (LSM) Framework124ImplementationPart FiveCommunication AuthenticationChapter 13Phone Authentication131Main Technologies132Connecting Procedure133Data Encryption 134Data Decryption Chapter 14SSL Communication Authentication141Layers of Communication142Secure Socket Layer (SSL)143Authenticated Socket Layer (ASL)144TSL Working Principle 145ASL Address Authentication 146ComparisonChapter 15Router Communication Authentication151Principle of Router 152Requirements of Authenticated Connection153Fundamental Technology154Origin Address Authentication155Encryption Function1551Encryption Process1552Decryption Process156Requirement of Header Format 157Computing Environment1571Evidence of Software Code1572Authentication of Software CodeConclusionPart SixeCommerce AuthenticationChapter 16eBank Authentication161Background 162Counter Business 163Business Layer 164Basic Technology 165Business at ATM166Communication Between ATM and Portal167The Advantages Chapter 17eBill Authentication171Bill Authentication Network172Main Technologies173Application for Bills174Circulation of Bills175Verification of CheckPart SevenLogistics AuthenticationChapter 18eTag Authentication181Background182Main Technology183Embodiment (Ⅰ)184Embodiment (Ⅱ)Chapter 19eWallet Authentication191Two Kinds of Authentication Concept192System Configuration193Tag Structure1931Structure of Data Region1932Structure of Control Region194Tag Data Generation and Authentication1941KMC1942Enterprise 1943Writer and Reader195Protocol Design196ConclusionPart EightStored File AuthenticationChapter 20Storage Authentication201Security Requirements202Basic Technology203File Uploading Protocol204File Downloading Protocol205Data Storing2051Establishment of Key File2052Storage of Key File2053Documental Database Encryption 2054Relational Database EncryptionChapter 21Secure File Box211Background212System Framework213Features of the System214System Implementation·ⅩⅦ·Chapter 22Classification Seal Authentication221Background Technology222Main Technologies223Working Flow 224Embodiment225ExplanationPart NineMoving Data AuthenticationChapter 23eMail Authentication231Main Technologies232Sending Process 233Receiving ProcessChapter 24Digital Right Authentication241Technical Background242Main Technologies243Manufacturer′s Digital Right 244Enterprise′s Right of Operation245Client′s Right of Usage Part TenNetwork AuthenticationChapter 25Pass Authentication251Background 252Working Principles 253The Diagram of Gateguard254Gateguard for Individual PC 255Guarding Policy·ⅩⅧ·Chapter 26Address Authentication261Background 262Main Problems 263Technical Approach 2631CPK Cryptosystem2632New Routing Protocol2633Computing Environment264New Prototype of Router PostscriptNew Trend of Information SecurityAppendices ·ⅩⅦ·Appendix AWalk Out of Mysterious "Black Chamber"Appendix BIdentity Authentication Opening a New Land for Information SecurityAppendix CSearching for Safe "Silver Bullet"Appendix D"ElectronicID Card" Attracts International AttentionAppendix ECPK System Goes to the WorldAppendix FIdentity Authentication Based on CPK SystemAppendix GCPK CryptosystemReferencesGlossaryTechnical TermsSymbols

南相浩编著的这本《标识鉴别——网际安全技术基础》讨论了未来“网际安全”的关键技术——基于标识鉴别的可信系统，也讨论了与此相关的自证性公钥体制、信任逻辑，以及信任逻辑在可信接入、可信计算、可信交易、可信物流。网络管理中的应用，以及在互联网和物联网构成的网际空间中建立互信的基本技术，也讨论了新一代信息安全的概念和下一代绿色网络安全的发展方向。

标识鉴别 PDF格式下载