公鑰基礎(chǔ)設(shè)施PKI與認(rèn)證機(jī)構(gòu)CA

上篇  公鑰基礎(chǔ)設(shè)施PKI                  
 第1章  PKI導(dǎo)論                  
     1.1  基礎(chǔ)設(shè)施的概念                  
         1.1.1  一般基礎(chǔ)設(shè)施概念                  
         1.1.2  PKI的應(yīng)用支持                  
     1.2  基礎(chǔ)設(shè)施的定義                  
     1.3  公鑰基礎(chǔ)設(shè)施的內(nèi)容                  
         1.3.1  認(rèn)證機(jī)構(gòu)                  
         1.3.2  證書庫                  
         1.3.3  證書撤消                  
         1.3.4  密鑰備份與恢復(fù)                  
         1.3.5  自動更新密鑰                  
         1.3.6  密鑰歷史檔案                  
         1.3.7  交叉認(rèn)證                  
         1.3.8  支持不可否認(rèn)性                  
         1.3.9  時(shí)間戳                  
         1.3.10  客戶端軟件                  
     1.4  電子商務(wù)的安全需求                  
         1.4.1  安全策略                  
         1.4.2  安全威脅分析                  
         1.4.3  網(wǎng)絡(luò)安全服務(wù)                  
     1.5  安全需求與PKI                  
     1.6  思考題                  
 第2章  PKI理論基礎(chǔ)                  
     2.1  密碼理論基礎(chǔ)                  
         2.1.1  保密學(xué)的基本概念                  
         2.1.2  密碼體制                  
         2.1.3  密碼分析                  
     2.2  對稱密鑰密碼技術(shù)                  
         2.2.1  分組密碼概述                  
         2.2.2  美國數(shù)據(jù)加密標(biāo)準(zhǔn)DES                  
         2.2.3  分組密碼運(yùn)行模式                  
     2.3  非對稱密鑰密碼技術(shù)                  
         2.3.1  公開密鑰密碼概述                  
         2.3.2  公鑰密碼體制                  
         2.3.3  雜湊函數(shù)                  
     2.4  PKI中常用密碼技術(shù)                  
         2.4.1  加密/解密技術(shù)                  
         2.4.2  數(shù)字簽名                  
         2.4.3  報(bào)文鑒別技術(shù)                  
         2.4.4  數(shù)字信封                  
         2.4.5  雙重?cái)?shù)字簽名                  
     2.5  思考題                  
 第3章  PKI體系及功能                  
     3.1  PKI體系結(jié)構(gòu)及各實(shí)體功能                  
         3.1.1  政策批準(zhǔn)機(jī)構(gòu)PAA                  
         3.1.2  政策PCA機(jī)構(gòu)                  
         3.1.3  認(rèn)證機(jī)構(gòu)CA                  
         3.1.4  在線證書申請ORA                  
     3.2  PKI結(jié)構(gòu)體系的組織方式                  
     3.3  PKI的功能操作                  
         3.3.1  產(chǎn)生. 驗(yàn)證及分發(fā)密鑰                  
         3.3.2  簽名和驗(yàn)證                  
         3.3.3  證書的獲取                  
         3.3.4  驗(yàn)證證書                  
         3.3.5  保存證書                  
         3.3.6  本地保存證書的獲取                  
         3.3.7  證書廢止的申請                  
         3.3.8  密鑰的恢復(fù)                  
         3.3.9  CRL的獲取                  
         3.3.10  密鑰更新                  
         3.3.11  審計(jì)                  
         3.3.12  存檔                  
     3.4  PKI體系的互操作性                  
         3.4.1  交叉認(rèn)證方式                  
         3.4.2  全球建立統(tǒng)一根方式                  
     3.5  PKI標(biāo)準(zhǔn)                  
         3.5.1  PKI標(biāo)準(zhǔn)化活動                  
         3.5.2  PKI標(biāo)準(zhǔn)化內(nèi)容                  
         3.5.3  PKI標(biāo)準(zhǔn)化現(xiàn)狀與發(fā)展                  
     3.6  PKI服務(wù)                  
         3.6.1  PKI的核心服務(wù)                  
         3.6.2  PKI的附加服務(wù)                  
     3.7  X.509標(biāo)準(zhǔn)                  
         3.7.1  綜述                  
         3.7.2  簡單鑒別                  
         3.7.3  強(qiáng)鑒別                  
     3.8  X.590證書                  
         3.8.1  證書的定義                  
         3.8.2  證書的表示                  
         3.8.3  證書的結(jié)構(gòu)                  
         3.8.4  證書主要內(nèi)容及用途                  
     3.9  證書與認(rèn)證過程                  
         3.9.1  拆封證書                  
         3.9.2  證書鏈的認(rèn)證                  
         3.9.3  序列號認(rèn)證                  
         3.9.4  有效期認(rèn)證                  
         3.9.5  證書作廢列表查詢                  
         3.9.6  證書使用策略的認(rèn)證                  
         3.9.7  最終用戶實(shí)體證書的確認(rèn)                  
     3.10  思考題                  
 中篇  認(rèn)證機(jī)構(gòu)CA系統(tǒng)                  
 第4章  中國電子商務(wù)的基礎(chǔ)建設(shè)                  
     4.1  需求分析                  
         4.1.1  全球電子商務(wù)市場的發(fā)展概況                  
         4.1.2  中國電子商務(wù)發(fā)展的需求                  
         4.1.3  金融電子商務(wù)應(yīng)用需求                  
     4.2  建設(shè)認(rèn)證機(jī)構(gòu)的必要性                  
     4.3  CA的建設(shè)原則                  
     4.4  中國金融CA的特點(diǎn)                  
     4.5  思考題                  
 第5章  CA系統(tǒng)目標(biāo)                  
     5.1  總體目標(biāo)                  
     5.2  SET系統(tǒng)目標(biāo)                  
     5.3  NON—SET系統(tǒng)目標(biāo)                  
     5.4  思考題                  
 第6章  CA系統(tǒng)功能                  
     6.1  證書的申請                  
         6.1.1  證書申請的前提條件                  
         6.1.2  證書的申請方式                  
     6.2  證書的審批                  
         6.2.1  在線審核方式                  
         6.2.2  離線審核方式                  
     6.3  證書的頒發(fā)(下載)                  
         6.3.1  離線方式發(fā)放                  
         6.3.2  在線方式發(fā)放                  
     6.4  證書的歸檔(密鑰歷史檔案)                  
     6.5  證書的撤消                  
         6.5.1  執(zhí)行人工密鑰更新                  
         6.5.2  實(shí)現(xiàn)自動密鑰更新                  
     6.6  證書的更新                  
         6.6.1  執(zhí)行人工密鑰更新                  
         6.6.2  實(shí)現(xiàn)自動密鑰更新                  
         6.6.3  用戶密鑰的備份與恢復(fù)                  
     6.7  密鑰的備份和恢復(fù)                  
         6.7.1  根CA的密鑰備份和恢復(fù)                  
         6.7.2  CA的密鑰備份和恢復(fù)                  
         6.7.3  用戶的密鑰備份和恢復(fù)                  
     6.8  證書廢止列表                  
         6.8.1  證書廢止的原因                  
         6.8.2  CRL的產(chǎn)生與發(fā)布                  
         6.8.3  企業(yè)證書及CRL的在線服務(wù)功能                  
         6.8.4  作為其他CA的上級或下級                  
     6.10  CA自身的密鑰管理功能                  
     6.11  思考題                  
 第7章  CA的系統(tǒng)結(jié)構(gòu)                  
     7.1  總體結(jié)構(gòu)                  
         7.1.1  PKI non SET CA總體結(jié)構(gòu)                  
         7.1.2  SET CA總體結(jié)構(gòu)                  
         7.1.3  CA與RA結(jié)構(gòu)                  
     7.2  根CA(ROOT CA)                  
         7.2.1  制定CA總政策                  
         7.2.2  管理二級CA                  
         7.2.3  與其他CA的交叉認(rèn)證                  
         7.2.4  證書的管理                  
     7.3  二層CA                  
         7.3.1  指定具體運(yùn)營政策和操作規(guī)范                  
         7.3.2  第二層CA的管理功能                  
     7.4  三層CA                  
         7.4.1  管理職責(zé)                  
         7.4.2  證書管理                  
     7.5  證書注冊申請機(jī)構(gòu)RA                  
         7.5.1  RA構(gòu)成                  
         7.5.2  RA的操作功能                  
     7.6  業(yè)務(wù)受理點(diǎn)LRA                  
         7.6.1  LRA的構(gòu)成                  
         7.6.2  LRA的操作功能                  
     7.7  不同CA之間的互通                  
         7.7.1  non SET CA之間的互通                  
         7.7.2  SET系統(tǒng)之間的互通                  
         7.7.3  non SET與SET系統(tǒng)之間的互通                  
     7.8  CA的網(wǎng)絡(luò)結(jié)構(gòu)                  
         7.8.1  CA網(wǎng)絡(luò)總體結(jié)構(gòu)                  
         7.8.2  根CA—二級CA—三級CA網(wǎng)絡(luò)結(jié)構(gòu)                  
         7.8.3  證書申請注冊中心RA—LRA網(wǎng)絡(luò)結(jié)構(gòu)                  
     7.9  思考題                  
 第8章  CA的安全體系                  
     8.1  安全策略                  
         8.1.1  安全管理策略                  
         8.1.2  數(shù)據(jù)安全策略                  
         8.1.3  系統(tǒng)安全策略                  
         8.1.4  證書運(yùn)作聲明                  
     8.2  物理安全                  
         8.2.1  基礎(chǔ)設(shè)施安全控制                  
         8.2.2  環(huán)境安全控制                  
         8.2.3  設(shè)備安全控制                  
         8.2.4  應(yīng)急計(jì)劃與災(zāi)難恢復(fù)                  
     8.3  網(wǎng)絡(luò)安全                  
         8.3.1  網(wǎng)點(diǎn)合法性管理                  
         8.3.2  網(wǎng)絡(luò)隔離                  
         8.3.3  網(wǎng)絡(luò)運(yùn)行監(jiān)控管理                  
     8.4  證書服務(wù)應(yīng)用系統(tǒng)與數(shù)據(jù)安全                  
         8.4.1  操作系統(tǒng)安全操作                  
         8.4.2  證書處理軟件安全控制                  
         8.4.3  義務(wù)數(shù)據(jù)安全                  
     8.5  人員安全控管                  
         8.5.1  維護(hù)人員安全控制                  
         8.5.2  管理人員安全控制                  
         8.5.3  系統(tǒng)開發(fā)人員安全控制                  
     8.6  密鑰安全管理                  
         8.6.1  CA密鑰管理                  
         8.6.2  用戶密鑰管理                  
     8.7  思考題                  
 第9章  證書運(yùn)作聲明——CPS                  
     9.1  前言部分                  
     9.2  概論部分                  
         9.2.1  概述內(nèi)容                  
         9.2.2  參與方及適用性                  
         9.2.3  相關(guān)細(xì)節(jié)                  
     9.3  一般規(guī)定                  
         9.3.1  義務(wù)                  
         9.3.2  責(zé)任                  
         9.3.3  經(jīng)濟(jì)責(zé)任                  
         9.3.4  費(fèi)用                  
         9.3.5  審計(jì)                  
         9.3.6  知識產(chǎn)權(quán)                  
     9.4  鑒別與授權(quán)                  
         9.4.1  CA與RA的初始注冊                  
         9.4.2  最終實(shí)體初始注冊                  
     9.5  運(yùn)作要求                  
         9.5.1  證書申請                  
         9.5.2  證書發(fā)放                  
         9.5.3  證書撤消                  
         9.5.4  安全審計(jì)                  
         9.5.5  記錄存檔                  
         9.5.6  密鑰更新                  
         9.5.7  災(zāi)難恢復(fù)及密鑰安全計(jì)劃                  
         9.5.8  CA與RA的終止                  
     9.6  物理. 程序及人員安全控制                  
         9.6.1  物理安全                  
         9.6.2  程序控制                  
         9.6.3  人員控制                  
     9.7  技術(shù)安全控制                  
         9.7.1  密鑰對的安全及安裝                  
         9.7.2  私鑰保護(hù)                  
         9.7.3  網(wǎng)絡(luò)安全控制                  
     9.8  證書及CRL結(jié)構(gòu)                  
     9.9  CPS管理                  
     9.10  思考題                  
 下篇  電子商務(wù)應(yīng)用                  
 第10章  安全電子交易協(xié)議——SET                  
     10.1  SET協(xié)議總述                  
         10.1.1  SET協(xié)議介紹                  
         10.1.2  基本概念                  
         10.1.3  證書發(fā)行                  
         10.1.4  購物類型                  
     10.2  SET協(xié)議信息結(jié)構(gòu)                  
         10.2.1  交易初始化                  
         10.2.2  購買指令                  
         10.2.3  授權(quán)                  
         10.2.4  付款信息                  
         10.2.5  持卡人查詢                  
         10.2.6  持卡人及商戶注冊                  
     10.3  SET協(xié)議的擴(kuò)展                  
         10.3.1  銀行卡簡介                  
         10.3.2  SET協(xié)議對借記卡的擴(kuò)展                  
         10.3.3  SET協(xié)議在線PIN擴(kuò)展                  
         10.3.4  SET協(xié)議支持IC卡擴(kuò)展                  
     10.4  思考題                  
 第11章  SET購物——B2C電子商務(wù)                  
     11.1  支付信用卡                  
         11.1.1  信用卡                  
         11.1.2  借記卡                  
     11.2  電子錢包                  
         11.2.1  電子錢包概念                  
         11.2.2  電子錢包購物過程                  
         11.2.3  電子錢包高級功能                  
     11.3  支付網(wǎng)關(guān)                  
         11.3.1  支付網(wǎng)關(guān)概念                  
         11.3.2  支付網(wǎng)關(guān)功能                  
         11.3.3  支付網(wǎng)關(guān)構(gòu)成                  
     11.4  SET虛擬電子商城                  
         11.4.1  SET虛擬電子商城概況                  
         11.4.2  SET虛擬電子商城的構(gòu)成                  
         11.4.3  SET虛擬電子商城的功能                  
     11.5  SET購物流程                  
         11.5.1  持卡人注冊                  
         11.5.2  商戶注冊                  
         11.5.3  購買請求                  
         11.5.4  支付認(rèn)證                  
         11.5.5  支付                  
     11.6  SET應(yīng)用實(shí)例                  
         11.6.1  三峽電信商城概況                  
         11.6.2  三峽SET電信商城                  
 第12章  安全套接層協(xié)議——SSL                  
     12.1  SSL協(xié)議總述                  
         12.1.1  SEL協(xié)議概述                  
         11.1.2  SSL的工作原理                  
     12.2  SSL記錄層協(xié)議                  
         12.2.1  SSL記錄頭格式                  
         12.2.2  SSL記錄數(shù)據(jù)格式                  
     12.3  SSL握手協(xié)議                  
         12.3.1  握手階段                  
         12.3.2  握手報(bào)文                  
     12.4  對協(xié)議的安全性分析                  
         12.4.1  SSL采用的加密算法及認(rèn)證算法                  
         12.4.2  SSL安全優(yōu)勢                  
         12.4.3  SSL協(xié)議存在的問題                  
     12.5  SSL代理協(xié)議PROXY                  
         12.5.1  問題的提出                  
         12.5.2  ENTRUST/PROXY原理                  
     12.6  SET協(xié)議與SSL協(xié)議的比較                  
         12.6.1  SET與SSL的特點(diǎn)                  
         12.6.2  SSL與SET性能及費(fèi)用的比較                  
     12.7  思考題                  
 第13章  網(wǎng)上銀行                  
     13.1  網(wǎng)上銀行概述                  
         13.1.1  什么是網(wǎng)上銀行?                  
         13.1.2  網(wǎng)上銀行的目標(biāo)                  
         13.1.3  網(wǎng)上銀行的功能                  
         13.1.4  網(wǎng)上銀行的特點(diǎn)                  
     13.2  網(wǎng)上銀行的結(jié)構(gòu)                  
         13.2.1  網(wǎng)上銀行的總體邏輯結(jié)構(gòu)                  
         13.2.2  網(wǎng)上銀行的物理結(jié)構(gòu)                  
         13.2.3  網(wǎng)上銀行的用戶流程及交易流程                  
     13.3  網(wǎng)上銀行的安全                  
         13.3.1  網(wǎng)絡(luò)層安全                  
         13.3.2  應(yīng)用層安全                  
     13.4  網(wǎng)上銀行實(shí)例                  
     13.5  思考題                  
         13.4.1  中國建設(shè)銀行網(wǎng)上銀行概述                  
         13.4.2  中國建設(shè)銀行網(wǎng)上銀行功能                  
         13.4.3  中國建設(shè)銀行網(wǎng)上銀行案例                  
 第14章  電子商務(wù)                  
     14.1  電子商務(wù)的基本概念                  
         14.1.1  什么是電子商務(wù)?                  
         14.1.2  電子商務(wù)的發(fā)展                  
         14.1.3  電子商務(wù)的分類與特點(diǎn)                  
     14.2  電子商務(wù)的電子交易市場                  
         14.2.1  電子交易市場的功能                  
         14.2.2  電子交易市場的開發(fā)工具——XML                  
         14.2.3  電子交易市場結(jié)構(gòu)                  
     14.3  電子商務(wù)的支付與結(jié)算                  
         14.3.1  單一網(wǎng)關(guān)結(jié)算方式                  
         14.3.2  多網(wǎng)關(guān)結(jié)算方式                  
         14.3.3  集中支付和結(jié)算方式                  
     14.4  電子商務(wù)物B2B實(shí)例                  
         14.4.1  漢高食品電子交易市場概況                  
         14.4.2  漢高食品電子交易市場功能                  
         14.4.3  漢高食品電子交易市場案例                  
     14.5  思考題                  
 第15章  網(wǎng)上證券                  
     15.1  證券電子商務(wù)概述                  
         15.1.1  網(wǎng)上證券的意義                  
         15.1.2  證券電子商務(wù)的基本內(nèi)容                  
     15.2  網(wǎng)上證券交易系統(tǒng)                  
         15.2.1  網(wǎng)上證券交易系統(tǒng)結(jié)構(gòu)                  
         15.2.2  網(wǎng)上證券交易案例                  
         15.2.3  移動網(wǎng)上證券交易系統(tǒng)                  
     15.3  銀證轉(zhuǎn)賬                  
         15.3.1  銀證轉(zhuǎn)賬系統(tǒng)結(jié)構(gòu)                  
         15.3.2  銀證轉(zhuǎn)賬系案例                  
     15.4  思考題