(CHUONG I: TONG QUAN VE BAO MAT 1Sw din thiét cia bio mat dir ligu trong TMDT. a. Suen thiét ‘Trrée day giao dich tryc tigp thi bén mua va bén ban gap nhau true tiép tra0 tin, gid cd, xem hang héa... Tuy tn chi phi ma mét nhieu thai gian nhung "t mii” nn rt kh xay ra hign tong Na dao ‘Nay nay, giao dich tryc tigp ngay cng wim, giao dich tir xa tang boi vi n6 thudin loi hon, tét kiém chi phi va thdi gian nhanh hon. Nhung dng nghia véi vige bén mua vi ben ban khong gap nhau true tigp, ma thung trao doi théng tin, giao dich qua ede phurong tign dign tr. Cho nén rit d& xay ra tink trang lira dio, gy mit mt thong tin va tai sin Boi vay, bao mat dit ligu trong TMDT 1a rit cdn thiét dé dam bao cho giao dich, {rao di duge thudn lgi hon va dim bao ducge sir an toan cho ngudi giao dich. . Cac hinh thite lira dio trong TMBT ~ An trom cae thong tin e4 nba nhay cam (s6 tai khoan, thé tin dung, ...) = Gia mgo cic bén giao dich ~ Lita dao trong qua trinh giao dich va thanh todn... ce. Nqin chan lira dio ~ Sir dung cic bign phép bio ve dit ligu ed nhiin ~ Bao v¢ dit ligu trong qué trinh giao dich + Sir dung chit ky s6 dé xée thye ede ben mua va bin d. Cée yeu chu ton ven (Integrity): dit figu khong bi tao ra, sita di hay x6a boi nhting ngubi khong so hiru = Tinh sdn sing (Availability): di ligu phai ludn trong trang thdi sin sing, sir dung duge & bit cit dau ‘nh tin cay (Confidentiality): thong tin nguai dling nhan duge la ding 2. Cae nguy co tn eéng trong TMDT = Tn cng, an cap thong tin tree tip trén may tinh + Xam nhdp trai phép vao he thong (str dung trxe tiép may tinh 46 hoge gin tiép thong qua dia chi IP) “+ Sur dung cée loai chong trinh nguy hiém (Virus, SpyWare) in trom thong tin = Nghe trm, gid mgo théng tin trén mang(hign nay ding nhieu) + Tn cOng thu déng (nghe trém, phan tich lu rong) + Tin cOng chu dng (sita di, gid mgo, tn eng [gp lai, tin ~ Mat sé vy tan céng dot ligu trong TMDT cee ‘ ___ + Ngiy 3/3/2006, website Vietco.com eiia c6ng ty c8 phin Vigt Co bi tin cng tr ch6i dich vu v6i mot mire 49 khung khiép. Moi bign phap chong d& déu v6 higu. Hon 40 nnhan vign cia Vigt Co *ngbi choi xoi nurée”, toan b6 hoat dong thuong mai bi dinh tr. Chi cin kéo dai trong vong 2 théng, cdng ty Viet Co sB pha sin hodn toin + Nagy 22/11/2010 bao dign tir Vietnamnet bj hacker tan céng kam cho trang web cia tis bo nay khong thé truy c&p durae va xéa di mot s6 dtr ligu Nim 2004 tai MY, e6 203,568 don khiéu kign lién quan dén gian lan Internet, chiém 53% trong téng s6 cic dom kign vé gian lin. Thigt hai tir ede vu vige lign quan dén s2ian Kin Internet len ti 265 trigu USD 3. Cée bign phaip bao mat dir ligu ing tir chi dich vu) a. Bio mat di ligu trén mangBén nhan T | Chuyén adi | T T | Chuyén aéi | T h| lignquan | h Kénh =| h | liénquan | h 6 | dénantoan | 6 théng tin | 6 | dénantoan | 6 n n n n 3| O Js) 2) Js] © |g ba ba ba ba ° | thengtin | Jy an| Théngtin | ° bi mat bi mat . Xie thye efie bén giao dich bing chi Knot uot na Sawin mr oie oe ose >} ma hoa ‘gee | Lf Gee Newer SHyenvan Gan toe Naguci nhgn ‘ren incernet Xe nhan oheky, ol, c. Cée bign phap phi ki thuat = Tang cudng ¥ thite cua nhiing ngudi hogt dong trong finh vye thuong mai dign tir ~ Ban hanh céc luat dé ngan chan cdc hin vi tan e6ng dit ligu CHUONG Ii: Xée Thye Va Chi Ki ign Tir1.Van dé xéc thyre = Tai sao phai xie the + Xéic minh durge nguén gée thing bio | + Noi dung théng bio toan ven khéng bi thay déi ++ Thong bio duge wii ding trinh ty va tho diém = Muc dich dé chdng lai hinh thite tan cng chit ding (xuyén tac dtr ~ Cae phurong php xée thyc thong bio + Ma héa thing bio + Sur dung mai xic the thing bio (MAC) + Sur dung ham bam f ~ Trong thuromg mai din ti, xe thye ki mt yeu cdu die bigt quan trong + Tranh vige gid mao cée bén giao dich . + Trinh bi thay déi ede thong tin giao dich trong qua trinh truyén dir ligu 2. Cée phuong php xe thye = Xée thye bing ma hé: - Str dung ma héa doi xitng z + Dam bao thang bsio duge giti ding ngudn do chi bén gir biét khéa bi mat + Khong thé bi thay déi basi bén thit ba do khong biét khéa bi mat ~ Str dung ma héa khéa céng khai + Khdng nhting xée thye ma edn tgo ra durge chit ky sb + Tuy mhién, phire tap va tn thoi gian hom ma d6i xing ~ Xée thy bling ml hoa 6 nhuge diém: + Ton thoi gian d& ma héa cing nhu gii ma todn bg thong bio + Nhigu khi chi can xéc thye ma khdng can bao mat théng bio (cho phép ai cing ¢6 thé biét ndi dung, chi can khong durge sia di) = Ma xac thu thang bio (MAC - Message Authentication Code) ~ La mot khdi dit ligu 66 kich thuée nho, c6 dinh, “+ Dirge to ra tir thong béo va khéa bi mat v6i mot giai thugt cho trade: MAC =CK(M) + Binh kém vio thing béo = Lamu yf Tir mat xde thye, khing xée dinh nguge Iai duge thong bio (tinh mot chigu ~ Ma xée thu thong bdo thuc chat li két hop gitta ed him bam inh chat ciia ma héa vi + 6 kich thude nhd, dic trung cho théng béo (Tinh chit ctia him bam) + Tao ra bing khéa bi mat (Tinh chit cia ma hia) - Phuong phap xac thye bang MAC - Ben nhiin thuc hign cing giai thudt cia bén gir trén thong bio va khda bf mt va so sinh gid tri thu duge vi MAC trong thong bio A fae eel * | Sosanh ‘Ghép vio thing Bo ‘Tao ma xée thue ~ Uudiém ctia MAC4+ MAC chi hé tro xe thy, khong hé try bio mat -> c6 loi trong nhidu tnudmg hop (cdc thong bio cOng cong, ..) + Cé kich thude nho, thd gian tao ra nhanh hon so vii ma héa toan b} thong béo + Chii fz MAC khong phai la chit ky dign tir 3. Chit ki ign tir . ue ding dé xée nhan tinh hop php cia | van ban hay hyp ding trong eée giao dich dign tir Theo luat giao dich dign ti: “CKDT " durge tgo lip dudi dang tt, chi, s6, ki higu, 4m thanh va moi hinh thire khac khae bang phurong tign dign tr, gan lign va két hgp 1 céch logic véi thong digp dtr ligu, c6 kha nang xe nhiin ngucdi Ki thong digp dit ligu va xc nhén sy chip thuin cia ngudi dé di véi thong digp dit ligu dirge ki(Dieu21/Khoan!) inh chit, chite nang “+ Chimg minh duige tinh tin e@y eta thong tin + Co kha ning kigm tra dure ngudi ki vi thoi gian ki + C6 kha nang xe thie eae nOi dung tai thoi diém ki, nghia la e6 thé cho phép kiém dinh duge théng tin ding li do | nguis gti chir khdng phai nguii thir 3 mao dank vi thong tin khéng bi sia d64 . ~ Cac thinh vign thir 3 c6 thé kiém tra chi i dé giai quyét cde tranh chip néu co Nir vay, CDT bao ham cd edng vie xée thu a. Yeu clu + Phy thuge vio thong bio duge ky (dam bao kiém tra tinh xée thye cua thong bio) + Vie tao ra CKDT phai don gin, thudn tign, dé dang ++ D8 ding cho vige kiém tra, ngurbi nhan ¢6 thé dB ding kim dinh chit ki dé xée xnh§n tinh hop Ig cia thong tin nhiin due : + Vige gia mao chit ki li rt khd xiy ra, Kho o6 thé lim gia chit ki dign tr bing céich tao ra 1 thong béo méi cho 1 chit ki hign ¢6 va tgo ra mt chir ki gia cho 1 thong béo cho true “+ Phai lum git duuge mot ban sao ciia CKDT . Phan logis : = Chir ky dign we gin tigp + Clin tham gia cha bén trong ti + Kim tra tinh bgp Iécta cht ky sé; gi quyét trong trang hyp 66 tranh + An todn phu thuge chi yéu vio trong tai: edn due ed bén nhdn va bén git tin wong +6 thé cai dat véi ca ma hoa KS thudt tao chit ky dign tir gin tiép. bi xieng va ma hoa cng khai (a) Ma héa déi ximg, trong tai théy thong bao (1) X > A= M | EKXATIDX |] Hep] _Q)A>Y: EKAY[IDX |] M || EXXA[IDX || HOM] |] T) (b) Ma ha déi ximmg, trong tai khong thay théng bio (1) XA: IDX |] EKXY[M] || EKXA[IDX |] H(EKXY[M))} (2) A> Y : EKAY[IDX |] EKXY[M] || EKXATIDX |] H(EKXY[M))] || T) Kyhigu: X= Ben giti M=Théng bio Y= Bén nan T=Nhan thoiA= Trong tai = Chir ky din wr tre tgp : * Chi fign quan dén bén giri va bén nbn (khdng edn sy tham gia cia trong tai) + Sur dung mat ma khda Ong khai dé tgo chit ky + Phai dim bio an toan cho khéa bi mat cia ben gir Tao chit ky dign tir true tgp: + Sur dung ham bm dé tao ra mot,chudi bam tir thong digp ban a ddung la ham I chiéu va la him c6 tinh chat song anh + Ditng kia bi mat cia minh dé ma héa chudi bam nay, két qua dat durge chinh Ia chit ky dign tir cua doan thong bo |. Him bam sit Chusdi bam || Ma héa vai khoa bi mat ¢. Xée thye = Giai ma chit ky bing khéa c6ng khai ~ Tao ra chudi bam tir théng tin nhiin duroe = So sé hai két qua Théng tin cin trao || Ham bam dai Chir ky Chuéi bam 4. Gi mao CKDT ~ Trong nhigu truémg hep, nguéi nhn khéng biét khéa céng khai ciia ngudi giti - Ke tan cOng 06 thé loi dung dé gia mao khda cong khai cha ngubi git, tir d6 tao ra chit ky gid mao : - Can cde phurong phip phan phéi an toan dé chéng gid mao khéa cong khai ~ Phan phoi kinéa cng khai bang mot trong cae phurong php sau+Thong bio cOng khai: thong bo rng rai cho moi ngudi théng qua email hose cée news groups. Dé bi gid mo + Thur myc khéa cOng khai: ngudi ding dng ky khéa trén mot th myc c6ng_ hai. Thur mue phai duuge quan ly boi mot t6 chite dng tin ey. An toan hon nbung vin 6 thé bi gi mao + Co quan chimg thye khéa céng khai(C): sir dung mot co quan ching thure 48 quan ly cae khéa cng khai. Nguoi ding phai lay true tiép khéa cong khai tir co quan chimg thye, Nguoi diing phai biét khéa cong khai ciia co quan chimg thye 4. Ching thye dign tir - Ching thy dign tir gitip chimg thy danh tinh va ede thong tin ctia nhiing nguoi tham. ia vio vige truyén tin : ~ Chimng thye din tir drge cép boi mot co quan chimg thure 6 uy tin trén thé gid = Mot ching thye dign tr bao gm: “+ Kha eng khai ctia nau so hu ching thye dign te + Cae thong tin riéng cia ngudi sé hitu chimng thue. + Han strung. +Tén eo quan ep chimng thye dign ti + $6 higu eta ching thye. + Chit ky eva nha cung cfp. Céc théng tin due ghi dudi dang ma sé. = Quy trinh cp ching thye din ta +(1) Tgo ra m@t ep khéa cng khai va khéa bi m@t eta riéng minh + (2) Guti yéu cau xin cap ching thye dign tr + (3) CA nhgn va kiém tra su chinh xéc cia théng tin nbn duge + (4) CA se tgo ra mot chime thige dig +(5) CA chia thinh cae dogn bim => tién hanh mé héa bing khéa bi mat cia minh => gui tro lai cho dom vi ding ky ching thye dign tr . + (6) Chimg thyc duge sao mt bin va chuyén t6i thué bao, c6 thé théng béo lai 161 CA 1a da nhdn durge + (7) CA cf thé hum git ban sao cia ehimg thre dign tit +(8) CA ghi lai cée chi tigt ctia qua trinh tao chimg chi vao nhat ky kiém toan. ‘TrtGe khi trao d0i théng tin, ben gti phai cho bén nhdn chimg thyc dign tir cia minh, Bén nin sé kiém tra ching the, lay ra kh6a céng khai cua bén git. Nhé 48, khéa cong khai méi khong bj gia mao CHUONG III: CAC UNG DUNG XAC THYC 1. Mye tiéu f = Hé tra cée dich vw xi thue vi chit ky 36 mie img dung ~ Cung cap cic m6 hinh dé xay dung ede ting dung thye té 2. Phan loai ~ Dua trén ma héa d6i xiing, + M6 hinh Kerberos + Giao thire Needham-Schroeder = Dya trén kh6a ong khai duge ching thye : mo hinh X.509 3. Mo hinh Kerberos = HG thdng dich wy xc thie phat trién boi MIT (Hye vign cong nghé Massachusets) ~ Giao thite da durge phat trign dudi nhieu phién ban, trong dé cae phign ban tir | dén 3 chi ding trong ndi bo MIT. - Diing dé xc thye cae méy tinh trude khi cho phép sir dung dich vw= Nhim 46i phé véi cae hiém hoa sau + Neuiti ding gia dan la ngurdi khe + Newt ding thay déi dia chi mang ctia client + Ngudi diing xem trdm thong tin trao di va thye hign kiéu tin céng Kip lai ic dinh trong cae hé dieu hanh Windows (2000, XP, 2003), Mac OS {Mts phan mm st dung Kerberos: OpenSSH, Apache Mé hinh tng quan cia Kerberos: = Giao thite xdy dyng trén hé mt ma di xing : = Xée thure qua mot bén thir ba duge tin tung, cdn goi li "trun tém phan phéi ko: + Méy chit xéc thye (authentication server - AS) + May chit cung cép the (ticker granting server - TGS) - Dich vu duige eung edp qua cde server dich vu phan tin :gidi phong chive nang xxv thie khdi cde server dich vy va client Giao thite xc thye dom gin (1) CAS: IDC || PC |] IDV (Q)AS > C: The (@)C>V: IDC |] The Thé=FKV[IDC |] ADC J] IDV] Han ché: + Mgt khau truyén tir C dén AS khong duge béo mat + Néu the chi sir dung due mt Hin thi phai cp thé méi cho mdi lin truy hap cling mot dich vu “+ Néu thé sir dung durge nh in thi cd thé bj ip de sr dung truéc ki hét han + Cin thé méi cho mdi dich vu khée nhaw Kerberos dura ra gino thite xc thye an toan hon, bang eich sit dung 2 logi may chit: -+May chi xée thy: hru danh sch va khéa bi mat cia nguoi ding. Xéec thye newt ding true Ki cho phép sir dung, may chit ep thé +May chit cung cép the: cung eéip cho ngudi sir dung cde thé dich vu Giao thite xac thye trong Kerberos 4: (a) Trao déi véi dich vy xdc thy : dé c6 thé xc thye (1) CAS: De | Des || TS: Q)AS— Ce ExctKeags [| Was | TS: |] Hans | The They, = ExislKeygs | IDe |] ADe |] Dy. ‘TS: || Hans} (b) Trao déi véi dich vy eép the : dé e6 the djch vy @)C4TGS: IDy || Thég, || Déuc (A) TGS > C: ExcssfKey |] Iv |] TSs || Thevd Théy = ExvlKey |] 1De || ADe || Dy |] TS. || Hand) Diuc = Excsss[ID¢ | ADe || TSs] (©) Trao doi xic thye client/server : 48 c6 dich vu (CV: They | Diuc (VC: ExcyITSs+ 1] Dac = Exev{IDe |] ADc || TSs) C: Client AS : Server xc thure V: Server dich vy IDC : Danh tinh ngudi ding trén C IDV : Danh tinh cia V PC : Mat khéu ciia nguoi ding trén C ia chi mang cia C KV : Khéa bi mit chia sé boi AS va V TGS : Server cap theTS : Nhan thoi gian Phan hg Kerberos : ___ Mé hinh Kerberos 06 thé duge cai dat & nhigu ving riéng bigt e6 lién hé v6i nhau, ‘MBi viing duge goi IA mot phn ‘Mét phan hg Kerberos bao gbm : - Mét server Kerberos chita trong CSDL dank tinh va mat khéu bam ciia céic than vign = Mot sb ngudi dine dang ky lim thanh vign - Mét sb server dich vu, mbi server e6 mét khéa bi mat riéng chi chia sé véi server Kerberos Hai phan hg e thé tong tie véi nhau néu 2 server chia sé 1 khda bi mat va dang ky véi nhau -diéu kign la phai tin tung Hin nhaw nh X.509 : ‘Nim trong Joat Khuyén nghj X.500 eita TTU-T nhiim chun héa dich vu thur mye khéa cng khai. Céng bé ln dau tién vao nim 1988, ‘Sur dyng mét ma khéa céng khai va chit ky sé: khong chudn héa giai thugt nhung nghj RSA, Dinh ra mot co ci cho dich vu xée thye + Danh ba chita cée ching thyc khéa cng kha + MGi chieng thye bao gm khéa cOng Khai ciia ngui ding Ky bai mot ben chuyén tréch chimg thye dang tin ura ra cc giao thite xée thye Dye diém : + Xéc minh chimg thuc bing kh6a céng khai cia CA “+ Chi CA méi 6 thé thay d0i ching thye :chig thye ¢6 thé dat trong mot the mye cng kha + Sir dung cdu trie phan ep CA. ‘Neguisi diing duge chim thyc bai CA da dang ky Moi CA c6 hai loai ching thie Ching thye thuiin : Chime thye CA hign tai boi CA edp trén Chimg thie nghjeh : Chimg thye CA cap trén boi CA hign tai + Cu trie phan cip CA cho phép ngwei ding xée minh ching thyre boi bit ky CAnio 5. Thu hoi chimg thye MBi ching thuc c@ mot théi han hop 1é C6 thé edn thu hoi chimg thye trade Khi ht han + Khoa rigng ciia ngucsi diing bi tit 16 + Nguii dling khong edn durge CA chting thye __ + Ching the eta CA bi xém pham ; Mi CA phai duy tri danh sich ede chiing thye bi thu hoi (CRL) Khi nhan duge chimg thy, nguéi diing phai kiém tra xem né c6 trong CRL khong (CHUONG IV: AN TOAN THU’ DIEN TU 4.1. GiGi thigu: = Thu dign ti la dich vp mang phé dung nhat hign nay = Tuy nhign vige git va nhan thy hau hét déu khéng dege bio mat = Neuy eo 1: thu bj dge trdm trong qua trinh di chuyén trén mang - Nguy co 2: thy dé dang bi gid mao bai | nguéi khac = Neuy eo 3: tinh toa ven ca ndi dung thu khong duuge dam bio cn cae phuong phap dé xac thye va bao mat- Cée phuong phap thuong ding: -PGP (Pretty Good Privacy) -S/MIME (Secure/Multipurpose Intemet Mail Extensions) 4.2: PGP: -Do Phil Zimmermann phat trign vao nam 1991 : -Chuzong trinh mign phi, chay trén nhigy moi trung khie nhau (phin eimmg,hé di han) -Cé phién ban thong mai néw ean ho tro ky thuat -Cé dé an toan rat cao néu duge sir dung ding cich -Durgc sir dung trong mot sé chucmg trinh thir dign tir (Outlook Express, ..) a.Xée thye cia PGP > Nguin Am Exe IHD) hong bio gbe EP =Ma hoa kia cOng khai H=Ham bam DP = Giai ma khoa céng khai | =Gnép KRa=Khéa riéng cua A Zz KUa = Khéa cng khai cia A Z-1 = Coinén b.Bao mat cia PGP mae >Nguén A———-> > Dich B——————-> ExulKl kK, M D-rfec EC = Ma héa déi ximg DC = Giai ma di xing Ks=Khéa phién ¢. Xée thye va bao mit ctia PGP > Ngudn A——->.Nén cita PGP : -PGP nén thong béo sir dung gid thudt ZIP -Nén théng bio gitip giam dung lvgng goi tin truyén trén mang, -Ky true kh nén : H Thuan tign twa tri va kiém tra, néu ky’ sau khinén thi :Cn nén Tai thong béo ‘mdi fin muén kiém tra : -Cic phign ban khde nhaw ctia giai thuat nén khdng cho két qua duy hit : Mi phign ban cai dat o6 tc d6 va ty Ié nén khéc nhau -Ma héa sau khi nén it dor ligu sé khién vige mai héa nhanh hon. ~Thdng béo nén khé phé ma hon théng bio thd e.Tuong t -PGP bao gity cling phi giri da’ Higu nhj phan -Nhigu hé thong thr dign tir chi chap nhan van ban ASCH (cée ky te doe duge) : -Thur dign tir von chi chita van ban doc duge -PGP diing gia thust co s 64 chuyén doi dir ligu nhi phan sang cae ky ty ASCIT doc -Higu ting phy cia thao tée nén bit Iai[obit value character [Obi value character] Obit value character [@bI value character encoding encoding encoding odin a 16 a @ es © {Phan va ghép ea PGP: -Cée giao thie thu dign tr thuémg han ché 46 di t6i da cia thong bio ‘Vi du thing la 50 KB : -PGP phan thong bio qua lén thanh nhiéu thong bio dit nho -Vige phin doan thing bio thy hign sau tit ca eée céng doan khéc -Bén nhiin sé ghép ede théng bo nho true khi thye hign cde eéng doan khiéc g.Danh tinh kh6a PGP: : -Voi mot thong bio nhat dinh can xde dinh sir dung khéa nao trong niga khéa cong kkhai / kha rigng Co thé gui khéa cng khsi khong can thigt -Gan cho mdi khéa mot danh tinh riéng : Gém 64 bit bén phai cua khéa : ‘Xée suat cao la mdi khda c6 mpt danh tinh duy nhat -Sit dung danb tinh khéa trong, chit ky h.Quam If khéa PGP : Thay vi dya trén cde CA (co quan chimng thy), d6i véri PGP mi ngs diing la mot CA :C6 the chimg thye cho nhimg ngudi ding quen biét Tao nén mot mang ludi tin edy : Tin ede khéa da duge chitng thye -M&i kha o6 mot chi s6 tin cdy -Nauéi diing c6 thé thu hoi khéa eta ban than 4.3 :S/MIME -Nang cp tir chusin khu6n dang thu dign tir MIME e6 thém tinh nang an toan thang, tin -MIME khiie phue nhirng han ché ciia SMTP (Simple Mail Transfer Protocol) Khéng truyén due file nh phan (chyong trinh, anh,..) Chi guti drge ede ky tw ASCII 7 bit cing voi thong béo nhung Hing phi duéng ruyénKhong nhan thong bio vugt qua kich thuée cho phép -S/MIME e6 xu hung tré thanh chudn cng nghigp sir dung trong thong mai va hinh chinh :PGP ding cho ea nhdn a. Cée chite ning cia S/MIME : -Bao boc dit lign : Ma héa ndi dung thong bao va cée khéa lién quan -Ky dari -Chit ky s6 tao thanh nh ma héa thong tin tng hgp thing bao sir dung khéa ring cia ngudi ky : ~Thdng bio va chit ky s6 durge chuyén di co s6 64 -Ky va dé nguyén dtr ligu : Chi chit ky s6 duro chuyén di co 6 64 -Ky va bao boc dit liu : Két hop ky vi bao boe dig b.Xirly ehiimg thye S/MIME: S/MIME sir dung efc chimg thye kha cbng khai theo X.509 v3 -Phutong thife quan ly khéa lai ghép gia ciu trite phan cp CA theo ding X.509 vi mang ld tin cay cia PGP -Méi nguai ding e6 mot danh sich ea vi danh sch thu hoi chimg thue -Chimg thye phai drge ky bai CA tin ey ic kha cila ban thin, danh sich ede khéa tin HUONG V: AN TOAN THANH TOAN DIEN TU ‘De trumg cita thank ton dign ti -hurong mai truyén théng: Tham gia béi hai bén mua va ban -hurong mai dign tir: C6 si tham gia cua bén thit 3 (Ngan hang) -Céc giao dich sir dung tién ao, thong qua hé théng ngan hing -Cin dim bao su bao mat va xée thye ciia cée bén tham gia -Céc thong tin trao d6i trong qua trinh giao dich dign ti: Ban hang (Order Information) -Bon thanh ton (Payment Information) M6 hinh giao djch dign tir don gin: 41.Khach hang lgp don hang NGUOIMUAHANG |» scém tra don hang NHA CUNG CAP DICH Vu, HANG HOA {___]. cit dom hang va don than tein faa Chip mnin dom hingvagithang sae aan xac nhén_ nhan — toan onthanh toan Ngan hang -Céc thong tin edn xée thy: -Don hang,-Don thanh ton Sir lign quan gita hai thong tin trén -Cé nhiing théng tin bi mat d6i véi ede bén tham gia: . Thong tin cé nin ctia ngudi mua can duge gitr bi mat dbi voi ngudi bin Thang tin mua ban cin duge gift bi mat di v6i ngain hang 5.2. Giao thie SET -Phat trién nam 1996 béi MasterCard, Visa, ... -Dac td mo ve ma héa vi bao mat nhim bao ve cic giao dich thé tin dung trén Internet: Khdng phai hé thong tra tién dign tir -La mot tap hgp céc dinh dang va giao thite: -Bam bao truyén tin an toan gitta cdc bén tham gia -am bao tinh tin cdy (Sit dung chieng thye X.509v3) -am bao tinh ring tur (Bi mgt gitta ede bén tham gia) Merchant Cardholder Certificate Authority Issuer Acquirer Payment Gateway A. Chir ky kép:signature ol 8 WZ PL =Payment information PIMD_ = Pl message digest (1 = Order information OIMD = Ol message digest HH = Hash function (SHA-1) POMD = Payment order message digest 1 =Concatenation E = Encryption (RSA) PR, = Cusine private sip ky Tao ra chi ky kép bing céch ma héa kt hgp cd don hing va don tanh ton agus Mesa9e EN ek maa ast os = aa) Co | a 2 ‘oyrechart Payment information b= (ede Infermaton 7 Pimessage digest aagntve Olmesage digest ‘as Enerypton (SA or asymmetric: a ES for symmetric cae Ky Temporary symmetic hey thts PU, = Banks publi oe publickeyenchangehey Yeu ciu mua B: M@ hinh giao djeh an toan: -Yéu cu mua (Purchase Request): Bon thanh toan, ma bam cia dom hing, chit ky kép duge ma ha boi khéa - cong khai cia ngdn hing (gitt bi mat véi ngudi bin) : Pam hang, mai bam cita don than todn, chir ky kép duuge gr te tiép cho gui bingues Menage © = Onderntrmaton Qimo = Ofmessage ges remnsonty «POM = rye Oder menage gest mocks OME olyon maa pemensnmey > Haaincton OHA 1 Pu, 2 Gamoma?e pute ignatur by es romo 4 o 3 4 compare mo Eos -[o a | Ls ig PUc Kiém tra yeu clu -Kiém tra yéu cu: -Lay khoa céng khai ctia nauri mua qua Certificate -Giai ma chit ky kép bang khéa cng khai (1) -Bim don hing va két hgp voi mai bim cua don thanh todin (2) -So sinh (1) vi (2) 48 kigm tra -Kiém tra tai ngén hang: Gia ma thong tin nbn duge dé tay don thanh ton, mai bam eta don hang va chit ky kép ~Xée thye chit ky kép qua cc théng tin nin duge