Sample J2ME

n tt nghip
Dch v Mobile-wallet
Mc lc
Mc lc ........................................................................................................ 1 Danh mc cc bng ..................................................................................... 5 Danh mc cc hnh ..................................................................................... 6 Chng 1. GII THIU .......................................................................... 10 1. t vn ........................................................................................... 10 2. Pht biu bi ton ................................................................................ 10 3. Mc tiu n .................................................................................... 11 4. Phm vi n ..................................................................................... 11 Chng 2. C S L THUYT ............................................................. 12 1. Tng quan v mobile commerce ......................................................... 12 1.1 nh ngha Di ng (Mobile) v Khng dy (Wireless) ................ 12 1.2 nh ngha M-commerce............................................................... 13 1.3 Nhng c trng ca thng mi di ng...................................... 13 1.4 Tng quan cc cng ngh thng mi di ng .............................. 14 1.5 Mt s gii php M-commerce ...................................................... 18 2. Lnh vc ng dng khng dy vi cng ngh Java .............................. 21 2.1 Khi qut....................................................................................... 21 2.2 Cc phin bn Java 2 ..................................................................... 21 2.3 S cn thit ca J2ME ................................................................... 22 2.4 MIDP (Mobile Information Device Profile) .................................. 22 2.5 Cc kiu ng dng MIDP .............................................................. 23 2.6 Java 2 Enterprise Edition ............................................................... 24 2.7 Kin trc Ba-tng (Three-tier) ....................................................... 25 2.8 H tr cc thit b MIDP thng qua tng mi gii (Mediation)...... 26 3. Cc vn thit k ng dng doanh nghip khng dy p dng cng ngh Java ........................................................................................................... 28
Sinh vin thc hin: L S c - Kha K50 - Lp CNPM 1
n tt nghip
Dch v Mobile-wallet
3.1 M hnh lp trnh c bn ............................................................... 28 3.2 H tr nhiu loi client .................................................................. 29 3.3 Cc vn khi thit k v thc hin .............................................. 29 4. Bo mt trong thng mi di ng ...................................................... 35 4.1 Khi qut....................................................................................... 35 4.2 M ha i xng (Symmetric Encryption)..................................... 36 4.3 M ha bt i xng (Asymmetric Encryption) ............................. 38 4.4 M hnh Hybrid/Session key System ............................................. 40 4.5 Ch k s (Digital Signature) ......................................................... 42 4.6 Chng nhn s (Digital Certificate) v t chc chng nhn s (Certificate Authority) ................................................................................... 43 4.7 Public key infrastructure (PKI) ...................................................... 44 4.8 One time password (OTP) ............................................................. 45 5. Cc chun trong thng mi in t .................................................... 46 5.1 Chun ng gi bn tin giao tip ISO 8583 ................................... 46 5.2 Chun bo mt h thng thng tin ISO 27001 ............................... 49 5.3 PKCS ............................................................................................ 52 5.4 FIPS (Federal Information Processing Standards): Tiu chun x l thng tin lin bang. ........................................................................................ 54 Chng 3. PHN TCH H THNG ..................................................... 56 1. Chc nng ca h thng ...................................................................... 56 1.1 Chc nng ng nhp .................................................................... 57 1.2 Chc nng chuyn tin VT VT ............................................. 59 1.3 Chc nng truy vn s d .............................................................. 63 2. Kh khn trong vic trin khai dch v ................................................ 65 3. Gii php cng ngh ........................................................................... 66 3.1 Gii php cng ngh trn in thoi .............................................. 66 3.2 Gii php cng ngh pha server side ............................................ 66 4. Gii php bo mt ............................................................................... 68
n tt nghip
Dch v Mobile-wallet
4.1 M hnh m ha ............................................................................ 68 4.2 MAC ............................................................................................. 68 4.3 Th vin Bouncy Castle ................................................................ 69 4.4 Phn phi public key server........................................................... 69 4.5 M ngun c th dch ngc ......................................................... 69 4.6 RMS khng an ton ....................................................................... 69 4.7 Client sinh key session .................................................................. 70 4.8 SEQUENCE.................................................................................. 70 4.9 OTP .............................................................................................. 70 Chng 4. THIT K .............................................................................. 72 1. Thit k CSDL .................................................................................... 72 1.1 Xy dng cc thc th v cc bng cho c s d liu .................... 72 1.2 Bng CUSTOMER........................................................................ 73 1.3 Bng CUST_ACCOUNT .............................................................. 74 1.4 Bng CUST_MOBILE .................................................................. 74 1.5 Bng TRANS_APP ....................................................................... 75 1.6 Bng CUST_CARD ...................................................................... 76 1.7 Bng MOBILE .............................................................................. 76 2. c t giao din kt ni ....................................................................... 77 2.1 X l giao dch.............................................................................. 77 2.2 c t bn tin tng tc................................................................. 77 Chng 5. CI T ................................................................................. 85 1. Cu hnh phn cng ............................................................................ 85 2. Cu hnh phn mm ............................................................................ 85 3. Ngn ng, mi trng ......................................................................... 85 Chng 6. TNG KT V NHN XT................................................. 86 1. Giao din ca ng dng MIDlet .......................................................... 86 2. Hiu sut ca ng dng ....................................................................... 89 2.1 Cc thng s thc thi ..................................................................... 89
n tt nghip
Dch v Mobile-wallet
2.2 B nh .......................................................................................... 89 3. Tng kt v nhn xt ........................................................................... 90 3.1 lm c .................................................................................. 90 3.2 Hn ch ......................................................................................... 91 3.3 Hng pht trin ........................................................................... 91 Ph lc ....................................................................................................... 92 Ti liu tham kho .................................................................................... 94
Sinh vin thc hin: L S c - Kha K50 - Lp CNPM
n tt nghip
Dch v Mobile-wallet
Danh mc cc bng
Bng 1. Danh mc cc t vit tt v thut ng .............................................. 9 Bng 2. Cc thut ton m ha i xng hay s dng ................................. 38 Bng 3. MIT ............................................................................................... 47 Bng 4. Message class ................................................................................ 48 Bng 5. Message function ........................................................................... 48 Bng 6. Message origin............................................................................... 48 Bng 7. Tng quan v PKCS ...................................................................... 53 Bng 8. Bng CUSTOMER ........................................................................ 74 Bng 9. Bng CUST_ACCOUNT............................................................... 74 Bng 10. Bng CUST_MOBILE................................................................. 75 Bng 11. Bng TRANS_APP ..................................................................... 76 Bng 12. Bng CUST_CARD..................................................................... 76 Bng 13. Bng MOBILE ............................................................................ 77 Bng 14. nh ngha cc tham s ca bn tin .............................................. 79 Bng 15. Danh sch cc chc nng ............................................................. 81 Bng 16. Cc tham s cho tng chc nng .................................................. 82 Bng 17. Cc thng s thc nghim ng dng ............................................ 89 Bng 18. Bng m li dch v ..................................................................... 93
n tt nghip
Dch v Mobile-wallet
Danh mc cc hnh
Hnh 1. Mi lin h gia Di ng v Khng dy ......................................... 12 Hnh 2. S pht trin cng ngh truyn thng v tuyn ............................... 16 Hnh 3. S pht trin ca cng ngh v tuyn ............................................. 17 Hnh 4. H thng WAP ............................................................................... 17 Hnh 5. Cc mc t chc J2ME .................................................................. 23 Hnh 6. Trin khai h thng J2ME .............................................................. 23 Hnh 7. Kin trc three-tier ......................................................................... 25 Hnh 8. M hnh mu kin trc three-tier .................................................... 26 Hnh 9. V tr ca tng mi gii .................................................................. 27 Hnh 10. Mi gii ca tng domain ............................................................. 27 Hnh 11. Mi gii ca tng trnh din ......................................................... 27 Hnh 12. Kin trc mc cao ca mt ng dng doanh nghip Java khng dy .............................................................................................................................. 28 Hnh 13. Kin trc mc cao ca mt ng dng J2EE h tr client J2ME v client Brower ......................................................................................................... 29 Hnh 14. M ha i xng .......................................................................... 37 Hnh 15. M ha bt i xng..................................................................... 39 Hnh 16. M hnh Hybrid system ................................................................ 40 Hnh 17. M hnh Hybrid System vi MAC ............................................... 41 Hnh 18. M hnh session key ..................................................................... 42 Hnh 19. Cch to ch k s ........................................................................ 43 Hnh 20. Chng nhn s ............................................................................. 44 Hnh 21. M hnh phn r chc nng trn in thoi ................................... 57 Hnh 22 Lung x l chc nng ng nhp ................................................. 58 Hnh 23. Lung x l chc nng chuyn tin VT VT .......................... 60 Hnh 24. Lung x l chc nng truy vn s d .......................................... 63 Hnh 25. M hnh tng th h thng Mobile wallet ..................................... 65
n tt nghip
Dch v Mobile-wallet
Hnh 26. Cc module mc thp ca mobilegateway .................................... 67 Hnh 27. S mi quan h gia cc bng trong CSDL ............................. 73 Hnh 28. Mn hnh Splash........................................................................... 87 Hnh 29. Mn hnh ng nhp ..................................................................... 87 Hnh 30. Mn hnh chnh ............................................................................ 87 Hnh 31. Mn hnh nhp PIN ...................................................................... 88 Hnh 32. Chc nng tra cu TK .................................................................. 87 Hnh 33. Mn hnh ch ............................................................................... 88 Hnh 34. Mn hnh kt qu.......................................................................... 88 Hnh 35. Mn hnh nhp OTP ..................................................................... 88 Hnh 36. th b nh khi thc thi ng dng ............................................. 90
n tt nghip
Dch v Mobile-wallet
Thut ng Mobile wallet
nh ngha ng dng cho php khch hng thc hin cc giao dch in t (chuyn tin, thanh ton hng ha dch v) Java 2 for micro edition
Ghi ch
J2ME
ng dng mobie wallet vit trn nn tng J2ME, nn khi gi ng dng J2ME cng l m ch ng dng Mobile wallet Cn gi l m-commerce khi Data
Mobile commerce DES AES RSA Private key Public key Session key
Thng mi di ng Thut ton m ha Encryption Standard
Thut ton m ha khi Advanced Encryption Standard Thut ton m ha bt i xng Kha b mt trong gii thut m ha bt i xng Kha cng khai trong gii thut m ha bt i xng Kha b mt, ch c hiu dng trong mt khong thi gian, dng trong mi phin lm vic One time - password Chun nh dng thng ip trong trao i thng tin ti chnh, ngn hng Pre- Thu bao in thoi tr trc Mt khu dng 1 ln
OTP ISO 8583 Mobile Paid
Mobile Post- Thu bao in thoi tr sau Paid

n tt nghip
Dch v Mobile-wallet
ADSL HomePhone VT API ASCII CLDC CPU EJB GPRS GSM HTTP JAD JAR MIDlet MIDP OTA RMS
Asymmetric Digital Subscriber Line Thu bao c nh ca viettel V in t Application Program Interface American Standard Information Interchange Connected Configuration Limited Code for Device Ch s in thoi ng k dch v mobile wallet
Central Processing Unit Enterprise Java Beans General Packet Radio Service Global System Communications for Mobile
Hyper-Text Transfer Protocol Java Application Descriptor Java Application Archive MIDP applet Mobile Information Device Profile Over The Air Record Management System
Bng 1. Danh mc cc t vit tt v thut ng
n tt nghip
Dch v Mobile-wallet
Chng 1. GII THIU

1. t vn
Tin b trong cng ngh v tuyn lm tng s lng ngi s dng thit b di ng v dn n s pht trin nhy vt ca thng mi in t s dng cc thit b ny. Loi giao dch thng mi in t mi, thc hin giao dch thng qua cc thit b di ng s dng mng vin thng v tuyn v cc cng ngh thng mi in t hu tuyn khc, c gi l thng mi di ng (mobile commerce) (cn c gi l mobile E-commerce hay M-commerce). Thng mi di ng cho php mt phng thc trao i v mua bn thng tin mi, v n a ra mt lnh vc cha c khai ph. i vi khch hng, n mang n s thun tin; i vi cc nh kinh doanh n l mt tim nng kim tin rt ln; i vi nh cung cp dch v xem n l mt th trng ln cha c khai thc; i vi chnh ph xem n l mt gii php gim ti gnh nng cho nn ti chnh tin t. Ni ngn gn li, thng mi di ng ha hn nhiu c hi kinh doanh hn l thng mi in t truyn thng. Bi v cc c tnh ring v s rng buc ca cc thit b di ng v mng v tuyn, thng mi di ng hot ng trong mt mi trng rt khc bit so vi thng mi in t trn Internet hu tuyn. Vi nhng li ch to ln m M-commerce em li, vic trin khai p dng vo thc t th trng ca Vit Nam mt sn phm c th l nhu cu tt yu, khi m cc nc pht trin th M-commerce pht trin rt mnh. ti nghin cu ny i su tm hiu, nghin cu cc cng ngh mi nht v cc gii php bo mt v mcommerce, t khai thc u im sn c, xy dng mt sn phm c tnh thc tin cao. Nhng kh khn cn tr ln nht cho vic pht trin th trng thng mi di ng chnh l phng thc thanh ton. Nhm tip cn cc cng ngh v gii php cho vn ny, ng dng Mobile Wallet V in t p dng cng ngh Java s l knh thanh ton thun tin, p ng nhu cu thanh ton khng dng tin mt trong thng mi di ng cng nh cc giao dch thng mi khc.
2. Pht biu bi ton

Xy dng dch v Mobile Wallet cho php khch hng:
n tt nghip
Dch v Mobile-wallet
Thanh ton v tra cu thng tin thanh ton cc dch v vin thng (ADSL, HomePhone, Mobile Post-Paid, Mobile Pre-Paid, Mua hng) thng qua in thoi di ng. Np tin vo ti khon, Chuyn tin t ti khon ngn hng ny sang ti khon ngn hng khc, t s thu bao in thoi ny sang s thu bao in thoi khc.
3. Mc tiu n
Xy dng demo dch v M-wallet vi mc tiu cui cng l nhm to thun tin cho ngi s dng khi thanh ton mt s dch v, gim ti cho h thng tin t, gp phn pht trin mt nn ti chnh khng phi tin mt.
4. Phm vi n
Lnh vc lp trnh ng dng khng dy l mt lnh vc kh tip cn vi nhng rng buc cht ch, cc nh sn xut v nh pht trin c gng a ra cc tiu chun v cng ngh c th h tr tt nht cho lnh vc ny. ng dng khng dy, ngoi bn thn ng dng, cn phi c h tr rt nhiu t pha server v nh cung cp dch v. ng dng m-wallet trn thit b di ng p dng cc cng ngh mi v ti u ha cho thit b di ng nh J2ME, servlet. ng thi, gii php bo mt chnh l trng tm ca h thng thanh ton in t di ng. Trong thi i cng ngh thng tin pht trin rt nhanh n chng mt th cng vi l nn la o, gi mo, hack cng pht trin v gia tng l vn nn ca x hi v n e da n vic pht trin mt h thng thanh ton in t. H thng M-wallet p dng cc gii php bo mt nh m ha i xng, bt i xng, ch k s, hybrid system m bo cc giao dch l tuyt mt v an ton. Trong thi gian thc tp tt nghip v thi gian lm n, em c gng tm hiu v thng mi di ng c th l thanh ton di ng v cc m hnh, kin trc cng nh cc cng c c th xy dng mt dch v phc v cho thit b di ng m c th trong n ny l dch v m-wallet v em xin c trnh by nhng ni dung sau trong n: Cc khi nim c bn v h thng thng mi di ng. Lnh vc ng dng khng dy vi cng ngh Java. Bo mt trong trao i thng tin. Cc chun c p dng trong thng mi in t. Xy dng dch v M-wallet.
n tt nghip
Dch v Mobile-wallet
Chng 2. C S L THUYT
1. Tng quan v mobile commerce
1.1 nh ngha Di ng (Mobile) v Khng dy (Wireless) nh ngha di ng v khng dy khc nhau ty ngi v ty t chc. Trong nhiu trng hp, thut ng di ng v khng dy c th c dng thay th cho nhau, mc d chng l hai khi nim khc nhau. Hy bt u vi thut ng di ng. Di ng l kh nng di chuyn. Mt thit b di ng l bt k th g c th c dng trong khi di chuyn, t laptop n in thoi di ng. Min l v tr khng c nh, th n s c xem l di ng. Khng dy cp n vic giao tip m truyn t thng tin t ni ny n ni khc m khng s dng bt k cc dy dn no. Khong cch y c th ngn (vi mt nh trong iu khin tivi) hoc di (hng ngn kilomet trong giao tip sng radio). N cho php nhn vin lin lc vi d liu doanh nghip m khng cn phi kt ni vt l n mng. Cc thit b khng dy bao gm cc thit b s dng mt mng khng dy gi hay nhn d liu. Mng khng dy, chnh n li c th c truy xut t cc nhn vin di ng, cng nh v tr c nh. Hnh 1 m t mi lin h gia di ng v khng dy. Nh ta thy, trong hu ht trng hp, khng dy l mt tp con ca di ng; nhng trong nhiu trng hp, mt ng dng c th l di ng m khng cn phi khng dy.
Hnh 1. Mi lin h gia Di ng v Khng dy
Mt ng dng c xem l di ng hoc khng dy, n phi c xt tng ng vi cc c tnh ca thit b m n chy trn . Ti nguyn hn ch, bng thng thp, v kt ni khng lin tc l cc yu t ph hp vi cc ng dng di ng.
12
n tt nghip
Dch v Mobile-wallet
1.2 nh ngha M-commerce nh ngha v m-commerce cng c nhiu, nhng y c hiu n gin l loi giao dch thng mi in t, thc hin giao dch thng qua cc thit b di ng s dng mng vin thng v tuyn v cc cng ngh thng mi in t hu tuyn khc, c gi l thng mi di ng (mobile commerce). 1.3 Nhng c trng ca thng mi di ng Bn cht ca thng mi di ng l khng nm ngoi tng tip xc vi khch hng, nh cung cp v nhn vin m khng cn quan tm n vic h ang u. Thng mi di ng l s cung cp ng thng tin n ng ch v vo ng thi im. N mang n cho ngi dng kh nng truy xut Internet bt k u v bt k lc no, mang n kh nng nh v ngi dng s dng thit b di ng c nhn, tnh nng truy xut thng tin vo lc cn thit, v kh nng cp nht thng tin/d liu da theo yu cu. Thng mi di ng c cc c trng m thng mi in t thng thng khng c, ta xt mt s c trng sau y: Tnh rng khp (Ubiquity) Tnh rng khp l u im chnh ca thng mi di ng. Ngi dng c th ly bt k thng tin no h thch, bt k khi no h mun khng cn quan tm n v tr ca h, thng qua cc thit b di ng kt ni Internet. Trong cc ng dng thng mi di ng, ngi dng vn c th hot ng bnh thng, chng hn nh gp g mi ngi hay i li, trong khi thc hin giao dch hay nhn thng tin. Vi kh nng ny, thng mi di ng lm cho dch v hay ng dng c th p ng bt k u v bt k lc no khi ny sinh nhu cu. Kh nng tip xc (Reachability) Thng qua thit b di ng, cc nh kinh doanh c th tip xc vi khch hng bt k lc no. Mt khc, vi mt thit b di ng, ngi dng c th giao tip vi ngi khc bt k u v bt k lc no. Hn na, ngi dng c th gii hn kh nng tip xc ca h vi mt s ngi c bit v ti cc thi gian c bit. S nh v (Localization) Kh nng bit c v tr vt l ca ngi dng ti mt thi im c th cng lm tng gi tr ca thng mi di ng. Vi thng tin v nh v, ta c th cung cp cc ng dng da trn v tr. V d, khi bit c v tr ca ngi dng, dch v di ng s nhanh chng thng bo cho h bit khi no bn b hay ng nghip ca h
13
n tt nghip
Dch v Mobile-wallet
s gn. N cng s gip ngi dng nh v mt nh hng hay mt my rt tin t ng gn nht. Tnh c nhn ha (Personalization) Mt s lng thng tin, dch v v ng dng khng l tn ti trn Internet, v tnh thch ng (relevant) ca thng tin ngi dng nhn c l rt quan trng. Bi v ngi s dng thit b di ng thng yu cu cc tp ng dng v dch v khc nhau, cc ng dng thng mi di ng c th c c nhn ha biu din thng tin hay cung cp dch v mt cch thch ng n ngi dng chuyn bit. Tnh ph bin (Dissemination) Mt s h tng v tuyn h tr vic cung cp d liu ng thi n tt c ngi dng di ng trong mt vng a l xc nh. Tnh nng ny cung cp mt phng tin hiu qu ph bin thng tin n mt s lng ln ngi tiu dng. 1.4 Tng quan cc cng ngh thng mi di ng Thng mi di ng c xy dng bi s kt hp ca cc cng ngh nh mng, cc h thng nhng, c s d liu, bo mt. Phn cng di ng, phn mm v mng v tuyn gip cc h thng thng mi di ng truyn d liu nhanh chng hn, nh v v tr ca ngi dng chnh xc hn v giao dch kinh doanh bo mt v tin cy hn. Sau y s gii thiu cc cng ngh chnh lm cho thng mi di ng tr thnh hin thc, cc cng ngh ang v s nng cao hiu qu v tnh nng ca n trong tng lai gn. 1.4.1 Cng ngh truyn thng (Communication Technology) GSM Global System for Mobile Communications (GSM) cn c gi l mng s th h th hai (2G-second generation), hot ng bng tn 900 MHz v 1800 MHz. L mt dch v chuyn mch knh, ngi dng phi quay s duy tr kt ni khi cn truyn thng d liu, l chun di ng thnh hnh chu u v hu ht vng chu Thi Bnh Dng. GPRS v EDGE GPRS (General Packet Radio Service) v EDGE (Enhanced Data GSM Environment) cn c gi l cc cng ngh 2,5 G. GPRS s dng h tng mng c sn nhng n c gii thiu l cung cp tc kiu ISDN. Thay v gi mt lung d liu lin tc trn mt kt ni thng xuyn, h thng chuyn mch gi ca GPRS ch s dng mng khi c d liu c truyn. Ngi dng c th gi v nhn
n tt nghip
Dch v Mobile-wallet
d liu ln n 115 kbit/giy vi GPRS. EDGE, l mt phin bn nhanh hn ca GSM, c thit k cho php truyn d liu multimedia v cc ng dng bng rng khc. N s s dng k thut iu bin (modulation) mi cho php tc d liu ln n 384 kbit/giy trn h tng sn c ca GSM. UMTS Universal Mobile Technology System (UMTS), cn c gi l cng ngh th h th 3 (3G), nhm vo truyn thng vn bn, thoi, video, v multimedia da trn gi, c bng thng cao h tr cc ng dng cn nhiu d liu. Mt khi UMTS c trin khai y , my tnh v ngi dng in thoi c th kt ni Internet lin tc v truy xut dch v ton cu. Tch hp chc nng ca cc thit b a dng khc nhau, in thoi di ng th h 3G c th c dng nh mt in thoi, mt my tnh, mt TV, mt t giy, mt trung tm hi tho video, mt tp ch, mt s ghi nh, hay thm ch l mt th tn dng. Cc cng ngh th h th t Mc d cc cng ngh 3G ch mi xut hin nc ta, nhng trn th gii, ngi ta cng bt u nghin cu cc cng ngh th h th t (4G). Cc nghin cu ny nhm gii quyt hon thin cc giao din v tuyn a dng v thm ch l h tng truy xut v tuyn hon ton mi. Cc phng thc iu bin tt hn v cng ngh ng-ten thng minh l hai lnh vc nghin cu chnh cho php h thng v tuyn th h th t tt hn mng v tuyn th h th ba.
15
n tt nghip
Dch v Mobile-wallet
Cng ngh 4G
Cng ngh 3G
UMTS
Cng ngh 2.5G
EDGE
GPRS
Cng ngh 2G
GSM
Cng ngh 1G
in thoi tng t
Hnh 2. S pht trin cng ngh truyn thng v tuyn
Bluetooth Bluetooth l mt cng ngh v tuyn nng lng thp dng cho truyn thng v trao i d liu. S dng mt chip n vi mch truyn v tuyn gn sn, Bluetooth l mt chun v tuyn sng ngn r tin h tr cho mng cc b (LAN). N c pht trin thay th cp v kt ni hng ngoi trong vng bn knh 10m. Bluetooth c th c dng kt ni cc thit b in t, v d nh my vi tnh, my in, thit b di ng v PDA, vi mng d liu v tuyn. Nh m t trong hnh 3, cng ngh v tuyn th h th nht l in thoi t bo tng t (cellcular phone). Cng ngh v tuyn th h th hai, bao gm in thoi t bo s, bng tn thp hin ti c s dng rng ri. Cng ngh v tuyn th h th ba cung cp bng thng cao h tr cc ng dng cn nhiu d liu.
16
n tt nghip
Dch v Mobile-wallet
Th h th nht in thoi t bo
Th h th hai in thoi t bo s & v.v
Th h th ba in thoi t bo 3G
Hnh 3. S pht trin ca cng ngh v tuyn
WAP Wireless Application Protocol (WAP) l mt chun m ton cu cho gii php di ng, thit k ring bit cho phn pht thng tin Web n thit b di ng. L mt giao thc ng dng end-to-end, n cung cp gii php cho vic pht trin cc ng dng di ng, chng hn nh kt ni cc thit b di ng vo Internet v lm cho cc thit b di ng tr thnh cc thit b truyn thng c kh nng truyn thng vi cc thit b khc trn mng v tuyn. N cng cho php thit k cc dch v di ng tng tc v thi gian thc. Mobile Client Request WAP Gateway Request Response Web Server
Response
Response
Mng hu tuyn Mng v tuyn
Mobile Portal
Hnh 4. H thng WAP
J2ME J2ME (Java 2 Platform Micro Edition) l nn tng Java, phin bn thu nh ca Sun Microsystems. J2ME c xy dng nhm mang n kh nng pht trin ng dng a dng, phong ph cho cc thit b di ng. Vi u th ca ngn ng Java, da trn h tng mng c sn ca WAP, J2ME c th dng xy dng cc ng dng t n gin n phc tp nu kt hp vi cc cng ngh pha server. 1.4.2 Cng ngh trao i thng tin HTML HTML (Hyper-Text Markup Language) c thng qua rng ri bi cng ng Internet l mt nh dng ti liu dng duyt (browse). Cc cng c tc ch
n tt nghip
Dch v Mobile-wallet
v trnh duyt sn c lm cho ngi dng to cc ti liu HTML kt hp cc i tng multimedia mt cch d dng. XML eXtensible Markup Language (XML) l mt siu ngn ng (meta-language), c thit k truyn thng ng ngha ca d liu thng qua mt c ch m t. N dng th d liu v t ni dung vo trong ng cnh (context), do cho php nh cung cp m ha ng ngha vo ti liu ca h. i vi cc h thng thng tin h tr XML, d liu c th c trao i thm ch gia cc t chc vi cc h thng hot ng v m hnh d liu khc nhau, min l cc t chc ny ng v ng ngha ca d liu m h trao i. WML Wireless Markup Language (WML), xut pht t XML, c pht trin c bit cho WAP. N cho php thng tin c trnh by nh cc th bi (card) thch hp hin th trn cc thit b di ng. Nh vy WML ch yu cho WAP cng ging nh HTML cho Internet. SMS Short Message Service (SMS) cho php gi v nhn cc thng ip vn bn n v i t in thoi di ng. C th trao i ln n 160 k t ch ci v s trong mi thng ip SMS. N cng cung cp cc dch v thng tin di ng, chng hn nh tin tc, th trng chng khon, th thao v thi tit. Gn y SMS chat v ti nhc chung cng c cung cp. MIDP Mobile Information Device Profile (MIDP) l mt b phn c th ca J2ME. Ngy cng c cc nh cung cp hng u h tr xy dng, MIDP tp hp cc th vin v API dng pht trin ng dng J2ME c lp vi phn cng. 1.5 Mt s gii php M-commerce 1.5.1 Mua bn s (Digital purchase) Mua bn s thch hp nht cho ngi dng di ng l cho cc sn phm c th c ti v v s dng ngay lp tc. Hai th trng ln nht cho cc ng dng s l nhc chung (ringtone) v tr chi (game). Nhiu hng truyn thng cho php ngi dng ti nhc chung mi v thit b ca h vi cc ph r. iu ny cho php ngi dng c nhn ha thit b ca h. Mt lnh vc chc chn thnh cng
n tt nghip
Dch v Mobile-wallet
na l tr chi di ng. Cc tin b trong lnh vc sn xut thit b di ng lm cho chng tr thnh cc thit b tuyt vi chi tr chi. 1.5.2 Ngn hng di ng (Mobile banking). Thit b khng dy c hai u im cho ngn hng di ng. u im u tin l cung cp kh nng truy xut ti khon ngn hng c nhn xem nht k ti khon v thc hin giao tc. y l mt m rng cho ngn hng Internet (Internet banking) vn rt thnh cng. u im th hai l s dng thit b di ng cho vic thanh ton, ging nh mt tin mt s (digital cash). Lnh vc ny rt c quan tm, v trin khai thnh cng nhiu nc pht trin. 1.5.3 Cc dch v thng tin (Information Service). Mc d di ng c nhiu li ch, nhng ngi dng di ng vn thng cm thy n cha c lin kt vi nhng thi quen hng ngy. Cc dch v thng tin gip gii quyt vn ny bng cch cung cp thng tin thng dng cho ngi dng, chng hn nh thng tin chng khon, thng tin thi tit, v t s th thao. Vi s pht trin rng ri ca thng ip di ng, nhiu dng thng tin c th c a n ngi dng hn. 1.5.4 Cc dch v da trn v tr (Location-based service). Nu cc nh kinh doanh c kh nng nm bt v phn ng vi v tr v yu cu hin ti ca ngi dng th y s l mt cng c mnh tiu th sn phm. Cc dch v da trn v tr cho php khch hng tm thng tin chnh xc m h cn vo ng thi im m h mun dng n. y s l mt cng c quan trng cho gii php m-commerce, mc d cc vn lin quan n s ring t s phi c gii quyt trc khi cc dch v nh v c s dng rng ri. 1.5.5 Mua sm di ng. Khng phi hu ht cc dng mua sm u s ph bin trn thit b di ng ngay c. S l khng thc t khi tm hng ha s dng cc thit b b hn ch, trong khi cc phng thc mua sm khc th hu ch v th v hn. C mt s dng mua bn c th thch ng tt vi m-commerce. V d, vic mua v xem phim l hon ton c kh nng. Cc thit b di ng cng c th c dng cho vic so snh trc khi mua sm (comparison-shopping). Trc khi quyt nh mua sm, ngi tiu dng c th mun tham kho trc gi ca mt sn phm t nh cung cp Internet bo m rng h mua ng gi.
19
n tt nghip
Dch v Mobile-wallet
1.5.6 Qung co di ng (Mobile advertising). Khi ngi dng di ng bt u thy c li ch t gii php m-commerce, th tip theo s xut hin qung co di ng. Cc nh cung cp dch v c kh nng ly c cc thng tin hp dn i vi cc nh qung co, chng hn nh ni ngi dng ang ng, v h s dng in thoi di ng ca h cho vic g. Vi cc thng tin dng ny, cc nh qung co c th gi cc thng ip c c nhn ha. Tr ngi ln nht cho vic qung co di ng l phn ng ngc ca khch hng. Nu ngi dng nhn c nhng thng ip v qung co khng t nguyn, h s c th thay i nh cung cp dch v, hay thm ch t hn l ngng s dng thit b ca h. V l do ny, trong tng lai gn, chng ta hu nh ch s nhn c cc thng tin qung co theo yu cu, v d nh t trm xng hay nh hng gn nht. 1.5.7 Thanh ton di ng (Mobile payment) L mt phng thc thanh ton mi ang pht trin nhanh v mnh. Thay v phi dng tin mt, sc, credit card th khch hng c th s dng in thoi di ng tr cho cc hng ha s, dch v C 3 kiu thanh ton di ng c bn: Thanh ton da trn SMS Thanh ton trc tip qua Mobile Billing Thanh ton qua mobile web (WAP)
20
n tt nghip
Dch v Mobile-wallet
2. Lnh vc ng dng khng dy vi cng ngh Java

2.1 Khi qut Cc ng dng Java cho cc thit b khng dy nh (MIDlet) s ng mt vai tr c th l nh, cng c th l ln trong cc h thng phn mm phn tn. Khi , n s sinh ra mt dng phn mm client mi. Chng rt thch hp vi khi nim thin-client, nhng do chng qu nh, yu cu phi c thm s phi hp lm vic hiu qu vi cc thng tin c cung cp bi cc servlet v JSP, v c th l EJB ng sau. Ta s xem xt cc cng ngh Java ch cht pht trin ng dng khng dy trong h thng doanh nghip. Ta cng s xt n cc kin trc h tr client khng dy trong cc h thng doanh nghip. Trong lc ny, dch v Web (Web service), c th s tr thnh mt phng tin vt tri h tr cho phn mm client khng dy trong mt vi nm ti. 2.2 Cc phin bn Java 2 Nn tng Java 2 c chia thnh ba phin bn, mi phin bn h tr mt dng phn mm trn cc h thng khc nhau. Phin bn chun, hay J2SE (Java 2 platform, Standard Edition), l phin bn c nht v thng dng nht. N h tr cc ng dng Java, applet, lp trnh desktop v cc h thng ln hn ch yu l cho PC - c th c ni mng hoc khng ni mng. Ngi ta thng thng s dng J2SE cho cc ng dng GUI n v console, cc thnh phn middleware v cc dch v RMI. Phin bn doanh nghip, hay J2EE (Java 2 platform, Enterprise Edition), m rng phin bn chun vi cc API c cc tnh nng doanh nghip (enterprise features). J2EE h tr Web service thng qua cc servlet v JSP, d liu bng JDBC, v cc h thng giao tc ln thng qua EJB y l mt vi cng ngh chnh ca J2EE. Cc thnh phn J2EE gn cht vi pha server ca cc h thng ln: kh nng x l mnh, b nh v khng gian lu tr ln v c kh nng m rng. Phin bn mi nht trong ba phin bn l phin bn thu nh, hay J2ME (Java 2 platform, Micro Edition). N h tr cc thit b micro a dng, m J2ME gi l cc hin trng (profile) nhng tt c chng u km kh nng hn so vi my tnh c nhn. Trong J2ME, sc mnh CPU, b nh, lu tr v kh nng kt ni u b hn ch, c th l rt nghim ngt.
n tt nghip
Dch v Mobile-wallet
2.3 S cn thit ca J2ME Th gii ca cc thit b di ng v cc thit b sub-PC khng c cc c tnh ging nh trong lnh vc PC v server. Ngoi ra, khng phi mi thit b trong lnh vc ny u cng lm mt vic. S khc nhau v thit k v mc ch gia PDA, in thoi, v my nhn tin l rt ng k. Bt k n mang li s i mi g cho th trng, th tnh a dng ca cc thit b ny l mt c mng i vi cc lp trnh vin. Nu mun xy dng mt ng dng cho in thoi di ng, th c phi vit m li, xy dng li, v kim tra li cho mi thit b hay khng? Nu mun xy dng mt client c kt ni mng, th phi xt n cc cng ngh kt ni no? v.v... J2ME ra i nhm mc ch chnh l thit lp mt chun n m thng qua cc nh pht trin c th to nn cc phn mm c tnh kh chuyn (portable) cho cc thit b micro. Ngn ng Java l s la chn ng nhin cho lnh vc ny, bi v v c bn n hng nhiu v tnh kh chuyn. Bng cch ny, Sun m nhn bi ton ln v tnh a dng ca thit b mt mc tng qut, do cc nh pht trin khng phi quan tm n vn ny na. Nu mi nh cung cp PDA, in thoi v my nhn tin u thc hin J2ME cho thit b ca h, th chng ta c kh nng vit chng trnh vit mt ln, chy mi ni (write once, run anywhere) trong lnh vc micro, cng ging nh ta quen vi khi nim ny cc h thng my ln. Tuy nhin, trn thc t t n nh khu ng trn th cn rt nhiu vic phi lm vi lp trnh vin. 2.4 MIDP (Mobile Information Device Profile) Mc d khng phi ch c mt hng kin trc J2ME, nhng cc thit b di ng khng dy dng nh dn dn cng quan tm n J2ME. Bao gm: in thoi di ng Tr t c nhn s (Personal Digital Assistant-PDA) My nhn tin Thit b c sch in t Cc thit b point-of-sale J2ME c t chc thnh cc mc, mi mc xc nh mt nh ngha tng dn ca cc thit b ch. C nhiu la chn kin trc tn ti mi mc, v rng buc ty chn cc mc cao hn. Lp trnh vin ch cn quan tm n hin trng
22
n tt nghip
Dch v Mobile-wallet
(profile), nh ngha cc API; cc nh thc hin J2ME cho thit b cn tp trung n mc VM (Virtual Machine).
Hin trng Cu hnh My o Phn cng/HH
MIDP CLDC K Virtual Machine Cell Phone, PDA,...
Hnh 5. Cc mc t chc J2ME
Cc c t cho cc thit b khng dy l Connected Limited Device Configuration hay CLDC, v Mobile Information Device Profile hay MIDP. MIDP nh ngha cc c tnh ti thiu ca thit b nh sau: B nh khng bay hi c dung lng 128K (ngha l, b nh c trng thi c gi li khi thit b tt) dnh cho cc thnh phn MIDP, bao gm KVM, Core API v chng trnh MIDP. 8K b nh khng bay hi dnh cho d liu bn vng ca ng dng. 32K b nh bay hi cho b nh ca chng trnh. Mn hnh hin th t nht l 96x54 pixel, c th ch l mt bit mu hay h tr nhiu mu hoc mu mc xm. C ch nhp liu h tr t nht mt b phm s, hoc mt mn hnh cm ng c kh nng cu hnh h tr nhp liu s. Kh nng kt ni mng khng dy hai chiu, vi bng thng hn ch v thng thng l khng lin tc. Nh vy cc thit b h tr MIDP cung cp mt nn tng chun cho cc phn mm Java: Phn cng thit b di ng H iu hnh KVM CLDC MIDP MIDlet
Hnh 6. Trin khai h thng J2ME
2.5 Cc kiu ng dng MIDP Cc ng dng MIDP c gi l cc MIDlet. Hu ht cc MIDlet u mt trong hai dng sau:
n tt nghip
Dch v Mobile-wallet
1. ng dng n (standalone application) c np hon ton vo thit b v c th chy bt k lc no thit b c m, khng yu cu ti nguyn bn ngoi. Loi ny bao gm: Cc ng dng PDA v ng dng organizer nh s a ch, danh sch cng vic v lch hn. Cc cng c n gin nh my lm tnh (calculator) Tr chi 2. ng dng ni mng (networked application) c chia thnh t nht hai thnh phn, mt thnh phn l client c trin khai trn thit b di ng. Thnh phn ny s t c dng nu khng c kt ni n t nht mt server trn h thng. Server thng l c t trong mi trng J2EE, v phc v bng Web hoc cc giao thc Internet khc. y, ta hy xt k thut ng client. Ta khng gi mt MIDlet l mt client ch n gin l v n s dng kt ni mng MIDP v lin lc n cc thnh phn khc. Cu hi l phn lun l li ca ng dng t u? MIDlet c m nhn hu ht vic suy ngh v ch quan tm n mng hay khng? khng phi l client, tht vy t nht l khng theo ng ngha trong ng cnh ca h thng enterprise. Mt client l mt MIDlet da vo mt server suy ngh, lu tr, ti, x l, hay ni cch khc l lm vic thay cho n. 2.6 Java 2 Enterprise Edition Cc MIDlet client khng yu cu phi kt ni n cc server chy Java. Mt MIDlet c th c vit to HTTP request n mt trang web c t trc, v n khng cn quan tm l trang web c h tr bi ASP trn IIS, hay servlet trn Apache/Tomcat,... Tuy nhin, trn thc t, khi ton b h thng phn tn c pht trin mi, th Java nn c dng mi mc. Phin bn Java doanh nghip, Java 2 Enterprise Edition, hay J2EE l mt tp cc chun p dng cng ngh Java cho cc hot ng loi doanh nghip (enterprise-class), v d nh: Dch v HTTP, bao gm ng dng Web v dch v Web Lu tr v ly d liu t c s d liu quan h X l giao tc trc tuyn Thc hin i tng phn tn (bng CORBA) Truyn thng ip tin cy gia server v cc tin trnh X l ti liu XML
24
n tt nghip
Dch v Mobile-wallet
Ta xt thut ng Enterprise software (phn mm doanh nghip). y l mt thut ng c nh ngha khng cht. Ni chung, ta nh ngha cc h thng mc doanh nghip bng cc yu cu v nhu cu khi thc thi. Trong bt k lnh vc v mc no, cc h thng doanh nghip thng phi chu p lc rt cao: x l hay lu tr nhiu d liu, x l nhiu yu cu, thng l thng xuyn, nhiu cng vic phi lm cho client. H thng phi c kh nng nng cp, v phi hot ng c hiu qu di p lc cao. H thng phi c tnh sn sng (available). Qun l d liu ng dng phi tha mn tt c tnh cht ca giao tc ACID: atomicity (tnh nguyn t), consistency (tnh ton vn), isolation (tnh tch bit), v durability (tnh bn vng). Ni chung, iu ny c ngha l server phi h tr mt chun tin cy rt cao trong vic x l d liu. Cc chc nng d liu v ng dng phi an ton (secure): iu ny bao gm cn phi c xc thc, v chnh sch cp quyn. Truyn thng ip gia cc thnh phn phi ng tin cy (reliable) iu ny cng ging nh tnh ACID ca giao tc, nhng y ta p dng cho cc thng ip ca ng dng. 2.7 Kin trc Ba-tng (Three-tier) Mt ng dng J2EE nn thc hin theo kin trc ba tng (three-tier architecture), bi v n s phn chia r rng trch nhim cho tng tng khc nhau trong m hnh ng dng. Presentation Business Persistent
Data
Hnh 7. Kin trc three-tier
Tng trnh din (presentation tier) ch m nhn phn biu din thng tin n server v thu thp d liu nhp ca ngi dng. N khng bit hoc khng quan tm n cch m thng tin c pht sinh, mc d n bit mt s iu v hnh dng (shape) ca thng tin. Tng lun l nghip v (business logic tier) (hay i khi cn gi l domain, hay n gin l tng gia (middle tier) m nhn chc nng li ca ng dng: cc tnh nng v cc hm bin dch hay thay i d liu, cc lut
n tt nghip
Dch v Mobile-wallet
phi c p dng cho d liu khi n thay i. Tng ny cung cp cho tng trnh din trc n, v cng l phng tin cho vic lu tr v nhn d liu ca tng sau n. Tng persistent qun l lu tr bn vng v ly d liu ng dng. Tng ny c th bao gm m chng trnh cng vi h qun tr c s d liu quan h. M hnh mu c th biu din nh hnh di: Web server Web browser JSPs, servlets EJB Container Session Beans Entity Beans
Hnh 8. M hnh mu kin trc three-tier
RDB
JavaServer page v servlet, qun l bi mt Web server J2EE, xc nh tng trnh din y l giao din do server qun l. Mt lp xc nh ca Enterprise JavaBean c gi l session bean thc hin logic nghip v. JDBC l mt loi khc ca EJB, entity bean, qun l d liu trn cc RDBMS. Tuy nhin client khng dy (wireless client) l mt dng client c bit. N cn phi c server phc v c bit: d liu phi c x l c bit cho loi client ny. 2.8 H tr cc thit b MIDP thng qua tng mi gii (Mediation) Vic chun b c bit d liu t tng gia cho mt dng trnh din c bit c gi l s mi gii (mediation). Tng mi gii (mediator tier) l mt tnh nng thng thng ca cc h thng N-tng, thng c trin khai h tr vic dng nhiu khung (framework) trnh din khc nhau cho cng mt tng domain.
26
n tt nghip
Dch v Mobile-wallet
JSPs Mediator Visual Basic application

Hnh 9. V tr ca tng mi gii
Business
Data
i vi cc MIDP client, s mi gii thng l dng mt gateway, bin dch ni dung mc PC sang ni dung mc micro, v c th x l chuyn i giao thc, v d nh: Ni dung HTML c th c bin dch thnh Wireless Markup Language, hay WML Giao thc c bn c th chuyn t HTTP sang Wireless Application Protocol hay WAP Cc datagram s khng c cung cp bng User Datagram Protocol (UDP) m bng Wireless Datagram Protocol hay WDP. Kin trc cui cng s l mt trong hai bin th ca kin trc N-tng ca kin trc J2EE m ta thy trn. Mediation ca domain: JSPs Business MIDlet Gateway
Hnh 10. Mi gii ca tng domain
Data
Mediation/Translation ca tng trnh din: Gateway JSPs Business Data
MIDlet
Hnh 11. Mi gii ca tng trnh din
MIDP client s da nhiu vo phn mm J2EE v cc gateway hay tng mi gii n gin ha hay nh dng ni dung cho vic trnh din v x l ngi dng di ng.
n tt nghip
Dch v Mobile-wallet
3. Cc vn thit k ng dng doanh nghip khng dy p dng cng ngh Java

3.1 M hnh lp trnh c bn Hnh 12 biu din cu trc tng qut ca mt ng dng doanh nghip khng dy in hnh, bao gm mt thit b J2ME v mt server J2EE.
Java/J2EE Application Server EJB Container Java/J2ME Client LCDUI (User Interface) MIDlet GCF (Networking) (Secure) HTTP EJB EJB EJB EJB EJB Servlet RMS (Local Storage) Java Web Services JMS Java Mail JNDI CORBA JDBC Java Connectors
Hnh 12. Kin trc mc cao ca mt ng dng doanh nghip Java khng dy
Kin trc ca mt ng dng doanh nghip phc v cc client khng dy cng tng t nh ca mt ng dng J2EE chun: Mt client ng dng s dng MIDP hay c gi l MIDlet client, cung cp giao din ngi dng trn thit b di ng. MIDlet giao tip vi mt Java servlet, thng l thng qua HTTP, v trn mt knh truyn bo mt khi cn thit. Servlet dch yu cu t MIDlet, v ti lt n, gi yu cu n cc thnh phn EJB. Khi cc yu cu c tha mn, servlet pht sinh mt hi p cho MIDlet. Cc thnh phn EJB, hay cc enterprise beans, bao bc logic nghip v ca ng dng. Mt trnh cha EJB cung cp cc dch v chun nh giao tc, bo mt, v qun l ti nguyn cc nh pht trin c th tp trung vo vic thc hin logic nghip v. Cc thnh phn servlet v EJB c th s dng cc API b sung truy xut d liu v dch v. V d, chng c th s dng JDBC API truy xut c s d liu quan h, hay JavaMail API gi e-mail cho ngi dng.
n tt nghip
Dch v Mobile-wallet
3.2 H tr nhiu loi client Nn tng J2EE nhn mnh vo cc thnh phn c th ti s dng. ng dng c th dng cc thnh phn ny h tr nhiu loi client m khng (hay t) nh hng n logic nghip v chnh ca ng dng. Hnh 13 biu din kin trc ca mt ng dng vi client J2ME v client trnh duyt.
Java/J2EE Application Server Web Container (Secure) HTTP Servlet EJB RMS (Local Storage) (Secure) HTTP EJB JSP EJB Servlet EJB Container JDBC Java Connectors EJB EJB Java Web Services JMS Java Mail JNDI CORBA
Java/J2ME Client LCDUI (User Interface) MIDlet GCF (Networking)
Non-Java Client Browser
Hnh 13. Kin trc mc cao ca mt ng dng J2EE h tr client J2ME v client Brower
3.3 Cc vn khi thit k v thc hin Ta xem xt mt s vn khi thit k v thc hin cc ng dng doanh nghip khng dy. Xy dng ng dng khng dy c nhng rng buc c th. V khi thit k cc ng dng khng dy, ta s gp phi ba vn sau: rng buc thit k (design constraint), thng ip (messaging), v trnh din (presentation). 3.3.1 Rng buc thit k (Design Constraint) Hn ch ca cc thit b di ng dn n nhiu rng buc khi thit k cc ng dng khng dy. Cc ng dng ny phi cung cp cc giao din c ch v tin li trong khi phi i mt vi kch thc mn hnh, kh nng nhp liu, sc mnh x l, b nh, lu tr, v thi gian s dng ngun pin b hn ch. Nht l cc ng dng doanh nghip khng dy cng b rng buc, bi v chng da vo mng. Cc hn ch do mng di ng nh hng n ng dng di ng nhiu hn so vi trnh duyt Web thng thng. Ni chung, cc thit b di ng s gp phi cc vn sau: tr cao
29
n tt nghip
Dch v Mobile-wallet
Bng thng hn ch Kt ni khng lin tc gii quyt cc rng buc ny, client MIDP c th s dng cc cch sau: Ch kt ni vo mng khi cn thit. Ch s dng d liu ng mc cn thit. Phi c kh nng s dng khi ngt kt ni. 3.3.2 Truyn thng ip
Mc d MIDP khng c cc c ch truyn thng client/server phc tp, nh Java Remote Method Invocation (RMI) hay Java API for XML-based Remote Procedure Calls (JAX-RPC), cc nh pht trin vn c th thit k mt giao thc truyn thng ip s dng nh dng v cch trao i theo mnh. i vi hu ht cc ng dng, HTTP xng ng l mt giao thc truyn thng ip c bn, v n c a chung hn so vi cc phng thc truyn thng khc (v d nh da trn socket hay datagram) v cc l do sau y: Tt c cc thit b MIDP phi h tr lp trnh mng MIDP. Do , cc ng dng ch da vo HTTP s c tnh kh chuyn trn cc thit b khc nhau. Mt khc, khng phi tt c cc thit b MIDP u h tr truyn thng da trn packet hay datagram, do cc ng dng s dng cc phng thc ny khng bo m tnh kh chuyn. HTTP c kh nng bo mt tng la (firewall). Hu ht server c tch bit khi client di ng bng firewall, v HTTP l mt trong s t cc giao thc m hu ht cc firewall u cho php i qua. Cc API lp trnh mng ca Java lm cho lp trnh HTTP d dng hn. MIDP h tr HTTP 1.1 v cc API pht sinh cc GET, POST v HEAD request, cc thao tc header c bn, v c ch lung cho thng ip. Trong khi , API cho Java servlet, cung cp kh nng x l HTTP request v sinh cc HTTP response kh mnh. Khi mt MIDP client lin lc vi mt Java servlet th cc s vic sau xy ra: Client m ha application request v ng gi n vo mt HTTP request. Cc Content-Type v Content-Length header phi c thit lp bo m cc gateway trung gian x l request ng n. Servlet nhn HTTP request v gii m application request. Server hay mt thnh phn khc (v d nh enterprise bean) thc hin cng vic xc nh bi application request.
n tt nghip
Dch v Mobile-wallet
Servlet m ha application response v ng gi n vo mt HTTP response. Content-Type v Content-Length header cng phi c thit lp ng bo m cc gateway trung gian x l response ng n. Client nhn HTTP response v gii m application response cha trong . Client c th thit lp mt hoc nhiu i tng v thc hin mt s cng vic trn cc i tng cc b ny. Thit k nh dng thng ip (Message Format) Cch nh dng application request v response l ty thuc vo lp trnh vin. Cc la chn ri vo hai cch sau: Mt cch l dng nh dng nh phn. Cc thng ip nh phn c th c c v ghi s dng cc lp DataInputStream v DataOutputStream trong gi java.io. Trn thc t, s dng cc thng ip ny t c hiu qu trao i bi v ti c rt gn. Ch rng tit kim khng gian, cc thng ip phi tha mn tnh t miu t (self-descriptive). Do , nh dng ca thng ip phi c bit c client v server, v do chng gn cht vi nhau. Cch khc l s dng Extensible Markup Language (XML). Trong khi nn tng J2EE cung cp rt nhiu h tr cho XML (c bit l trong Web service), th c t MIDP khng yu cu h tr XML, mc d cc nh pht trin c th thm h tr XML vo ng dng MIDP bng cch kt hp cc th vin b sung. phn tch v x l ti liu XML, cc nh pht trin c th la chn nhiu cch thc hin, bao gm hai m hnh x l ph bin, Document Object Model (DOM) v Simple API for XML (SAX). (SAX v cc b phn tch da trn s kin khc thch hp hn DOM khi p dng cho cc thit b di ng vi b nh v tc x l b hn ch). Cc th vin RPC da trn XML cng c cung cp, bao gm cc b phn tch da trn c t Simple Access Object Protocol (SOAP). Tuy nhin khi s dng nh dng XML, ngoi vic chi ph cho kch thc v bng thng, cn c chi ph khng nh v b nh, x l v lu tr. Lin quan n truyn thng ip, ta c cc vn sau: Lin lc an ton (Communicating Securely) Cc client MIDP c th da vo mt s c ch ging cc c ch dng h tr lin lc an ton gia cc ng dng J2EE v cc client trnh duyt Web.
31
n tt nghip
Dch v Mobile-wallet
Server ng dng J2EE v nhiu thit b MIDP h tr HTTP trn Secure Sockets Layer (SSL). Cc thit b MIDP s dng secure HTTP xc thc vi server v tin hnh trao i an ton vi server . Khung kt ni tng qut (Generic Connection Framework) trong MIDP cho php ngi lp trnh m kt ni secure HTTP ch n gin bng cch gi phng thc Connector.open() vi URL bt u bng https. xc thc pha client, cc MIDP client da vo vic xc nhn do ng dng qun l, c th da vo c ch t ng k. Ni cch khc, MIDP client gi thng tin y nhim (v d nh tn ng nhp v mt khu) n ng dng J2EE, v ng dng s xc nhn cc thng tin ny, c th bng cch s dng c s d liu. Qun l li Khi server J2EE khng th thc hin request cho MIDP client, n cn phi thng bo iu ny cho client. Mc d chng trnh ca server c th s dng c ch qun l ngoi l ca Java x l li cc b, n khng th s dng c ch ny thng bo li cho MIDP client khi lin lc trn mng. Ni cch khc, lp trnh vin khng th ci t mt khi try-catch trong m client bt trc tip ngoi l c nm ra t server. Thay vo , h phi t chc mt c ch thng bo li vo giao thc truyn thng ip ca h. Mt cch l dnh mt phn c nh trong mi response ca ng dng cho mt m trng thi th hin l request ca ng dng c thnh cng hay khng. V d, khi s dng truyn thng ip nh phn, hai byte u tin c th dnh cho m trng thi s nguyn. Khi s dng HTTP, cc nh pht trin ng dng c th dng m trng thi ca HTTP response th hin thnh cng hay tht bi mc truyn thng. V d, m trng thi ca 200 (OK) c th dng ch thnh cng, trong khi m trng thi 500 (Internal Server Error) c th dng ch tht bi. 3.3.3 Cc chin lc v trnh din (presentation) Ngi dng tng tc vi ng dng cng tp trung v trc tip, th ngi dng cng c th d dng s dng. iu ny c ngha c bit quyt nh cho cc ng dng khng dy do mn hnh hin th v kh nng nhp liu ca cc thit b di ng b hn ch. Cc nh pht trin c th s dng mt vi chin lc lm cho cc ng dng khng dy c kt ni mng tng tnh hu dng hn: thc hin kim tra pha client, cung cp biu th din tin, cho php ngt cc hot ng, v c nhn ha ng dng. Ta s nghin cu cc chin lc ny.
n tt nghip
Dch v Mobile-wallet
Thc hin kim tra pha client Vic kim tra nhp liu pha client l mt phng thc tt gim vic gi n server. Xt mt form t hng, c cc trng thng tin th tn dng. Mt MIDlet c th khng th kim tra thng tin ny mt mnh n c, nhng chc chn n c th p t mt s phng cch kim tra n gin xc nh thng tin c hp l hay khng. V d, n c th kim tra tn ch th khng th l null, hoc ch s th phi c cc con s. Nu d liu nhp c qua cc bc ny, client s chuyn chng n server. Server c th x l cc cng vic phc tp hn, v d nh kim tra s th tn dng c tht s thuc v ch th hay khng hoc ch th cn tin hay khng. Bng cch thc hin vic kim tra nhp liu pha client, cc MIDlet c th trnh vic lin lc khng cn thit n server. Cc MIDlet c th ch ng hn trnh vic nhp liu khng hp l. V d c th gii hn vic nhp s in thoi bng cch s dng trng nhp rng buc s, do cc s in thoi khng phi l s s khng th c gi n server. Cung cp biu th din tin (process indicator) Bi v cc hot ng kt ni mng tn nhiu thi gian, ng dng nn cung cp cho ngi dng mt thng tin phn hi v din tin ca hot ng . V d c th a ra mt hot hnh hoc gauge biu th din tin. Biu th din tin ny dng cho cc hot ng ko di, v d nh khi download danh sch cc trng trn mng. Cho php ngt hot ng Cho php ngi dng c kh nng ngt cc hot ng ko di gip h gi vic iu khin ng dng. Cc biu th din tin c th c thm mt nt nhn ngng. Biu th ny s lng nghe s kin ca nt nhn ngng, v khi nhn nt ngng mn hnh hin th s ngay lp tc chuyn sang mn hnh trc y. Cn ch rng, khng phi tt c cc hot ng u c th dng. V d, khng nn dng vic to mt ti khon ngi dng trn server v lu li trn client. Hai cng vic ny nn thc hin nh l mt hot ng chung hoc l khng thc hin c hai. Nu hot ng b ngt, s c th dn n s khng thng nht gia d liu ca client v server. C nhn ha ng dng Khi nim c nhn ha (personalization) ch kh nng mt dch v thch ng vi thng tin m n bit v ngi dng. Thng thng, nhiu thng tin ca ngi
n tt nghip
Dch v Mobile-wallet
dng, chng hn nh a ch, m ZIP, hay mu sc a thch, s khng thay i t phin lm vic ny sang phin lm vic khc. Bi v cc d liu ny l n nh, ng dng c th dng n c nhn ha vic s dng ca ngi dng. Vic c nhn ha mt dch v l c li v hai l do sau: N gim vic yu cu nhp liu. Ngi dng s chn nu phi nhp i nhp li cc thng tin ny mi ln s dng dch v. N s rt ngn dng chy cng vic (workflow). Ngi dng c th nhp thng tin ti khon vo ln u, v client s gi li thng tin ng nhp ca h. Trong cc ln s dng sau , ngi dng c th la chn t ng ng nhp m khng phi qua mn hnh ng nhp. Trong khi trng thi phin lm vic c th xem l thng tin tm thi, th d liu c nhn ha s c tnh bn vng. Lu d liu bn vng ny u l ty vo ngi pht trin ng dng. Khi quyt nh lu tr d liu c nhn ha, cc nh pht trin phi xem xt cc cu hi sau: D liu c nhn ha c thng xuyn nh hng n client request khng? V d, ng dng t v s lit k cc rp da vo m vng ca ngi dng. Server lu tr m vng ny, do client khng cn phi gi li m vng mi ln n gi yu cu. Tuy nhin cng nn cho php ngi dng c th b qua m vng ny, v d khi h sang thm mt vng khc. Thng tin c nhn ha c kh nng s dng gia nhiu loi client hay khng? V d, ngi dng s dng ng dng t v trn in thoi di ng c th mun truy xut cng ng dng qua Web. Khi , h c th mun d liu c nhn s c sn trnh vic nhp li n qua Web. Quyt nh ni lu d liu c nhn ha khng phi lun lun l mt quyt nh la chn mt trong hai. D liu c nhn ha c th c lu chng c client v server. Khi d liu c nhn ha c lu chng trn c client v server, ng dng c th cn phi c thm mt s tnh nng ng b ha d liu ny. Cc nh pht trin c khuyn l nn cn nhc n chi ph ca vic thc hin cc tnh nng ny.
34
n tt nghip
Dch v Mobile-wallet
4. Bo mt trong thng mi di ng
4.1 Khi qut Bo mt thng tin lun l vn quan trng hng u trong cc lnh vc tnh bo, qun s, ngoi giao, v y cng l mt vn c nghin cu hng nghn nm nay. Nu nh cc vn lin quan n cc hot ng tnh bo v qun s l kh xa l vi cc doanh nghip th vic bo mt thng tin thng mi lun l mt vn c t ra, c bit trong thi i hin nay, khi m thng tin gi vai tr quan trng hng u v cc phng tin truyn thng hin i cho php chng ta chuyn tin rt d dng v cng rt d dng mt thng tin. Vy ta c th lm nhng g s dng c cc tin ch ca cng ngh thng tin v vin thng mang li cho th gii v ng thi khng i th cnh tranh cng nh cc loi ti phm tin hc s dng chnh nhng cng ngh ny gy hi. Tng th vn bo mt l mt topic ln, v vi phm vi ca mt n th khng th tm hiu ht c. Chnh v vy, cc khi nim tm hiu s lin quan ch yu n cc vn bo mt chung ca ng dng web-based bao gm: Cc khi nim c bn v m ha. Tng quan v bo mt phn mm (SSL, disgest, signature). Khi nim v Authorization, authentication.
Khi to mt ng dng web-based, tt c cc thng tin trao i t client c th b chn li. Cc ng dng web-based s dng HTTP trn nn mng TCP truyn thng tin v hu ht cc thng tin ch l dng text n thun. iu ny dn n mt s dng tn cng chung: 1. Cc thng tin nhy cm c th b chn li khi truyn t client n server ( b n trm thng tin). 2. Thng tin trao i c th b chn li v b thay i lm cho cc thng tin sai lch b truyn t client n server (b la gt thng tin). 3. Tnh xc thc nhn dng ca client v server c th b n cp hoc gi mo cho php ai c th gi mo client (b mo danh). gii quyt cc vn trn th cng c cc gii php tng ng: - trnh b n trm thng tin: S dng m ha (Encryption). - trnh b la gt v mo danh: s dng vic xc thc (Authentication).
35
n tt nghip
Dch v Mobile-wallet
Mt nhu cu thit yu trong truyn ti d liu l tnh ton vn d liu (data integrity), trong c 2 vic cn quan tm l: che giu d liu (bo v khi b n trm) v bo v d liu khi b gi mo. che giu d liu: - Encoding - Encryption - Symmetric Encryption - Asymmetric Encryption bo v d liu: - Hashes/ Message disgest - Digital Signature - Digital Certificate - Certificate Authorities 4.2 M ha i xng (Symmetric Encryption) M ha l phng thc dng m ch vic bo v d liu bng cch thay i n v dng khng th hiu c. M ha i xng cng c gi l m ha private key hay m ha secret key. N s dng mt cha kho duy nht m ho v gii m d liu (c th hin di hnh di). Khi mt m ha i xng c s dng cho files trn mt cng, user thc hin m ho vi mt secret key. Khi mt giao tip c s dng m ho i xng, hai giao tip s chia s nhau cng mt mt m m ho v gii m gi tin.
36
n tt nghip
Dch v Mobile-wallet
Hnh 14. M ha i xng
Phng thc m ha i xng c thc hin nhanh hn rt nhiu so vi qu trnh s dng m ha bt i xng. Vi tc nhanh nn thut ton ny c thit k ch mt key trong qu trnh m ho v gii m d liu. M ha i xng cung cp mt gii php m ho mnh m bo v d liu bng mt key ln c s dng. Tuy nhin, bo v cc keys ny ta lun lun phi lu gi chng v c gi l private key. Nu key ny b mt hay b l, khi s khng m bo tnh bo mt ca d liu na. (Tng t nh mt ngi nh c mt chic cha kho kho ca, kho ca ngi nh c th rt phc tp v khng ca ni, nhng iu g s xy ra nu k trm lm ra c mt chic cha kho tng t nh vy). V mt tnh hung khc l trong qu trnh truyn thng tin ca Key gia cc my tnh cng l mt vn . s dng mt m i xng m ho cc giao tip gia ngi A v ngi B trn internet, ngi A phi chc mt iu rng vic bo mt qu trnh truyn keys trn mng cn phi c m bo. Nu A chc chn rng vic truyn d liu v key c m bo, vy A s dng phng thc m ho no cho vic truyn key trn mng. Gii php l key c truyn ti ngi B khng qua con ng internet, c th cha trong a CD v chuyn theo ng bu in, hay vit tay gi th Ri ngi B v A s dng key m ho d liu v gii m trong qu trnh truyn thng tin. Tuy nhin A c th s dng mt gii php thng minh hn l Public Key Infrastructure (PKI) gii php c s dng kt hp vi m ha i xng trong qu trnh truyn thng tin keys. Vic truyn thng tin key bng vic s dng mt m ho truyn vi s dng mt phin truyn thng tin duy nht. Hiu, s dng v
37
n tt nghip
Dch v Mobile-wallet
trin khai s dng PKI khng n gin v c nhiu gii php ca nhiu nh sn xut khc nhau. Mt m i xng c chia lm hai dng: a. Block cipher Block cipher l mt gii php hot dng chng li s hn ch ca d liu tnh. D liu c chia ra thnh cc blocks vi size c th v mi blocks c m ho mt cch khc nhau. b. Stream cipher Stream cipher l gii php hot ng chng li d liu lun lun s dng mt phng thc truyn. Mt vng m, t nht bng mt block, i cho ton b thng tin ca block c cha trong vng m sau block s c m ho ri truyn cho ngi nhn. Mt s khc nhau c bn gia d liu c truyn v d liu nguyn bn. Khng nh gii php s dng mt m i xng l mi block c s dng mt key khc nhau trong qu trnh truyn thng tin. Di y l cc gii php mt m i xng hay s dng nht:
Bng 2. Cc thut ton m ha i xng hay s dng
4.3 M ha bt i xng (Asymmetric Encryption) Mt m bt i xng hay cn gi l m ho s dng public key. N s dng mt cp key l public key v private key th hin hnh di y. Trong mi qu trnh truyn thng tin s dng mt m bt i xng chng cn mt cp key duy nht. N to ra kh nng c th s dng linh hot v pht trin trong tng lai hn l gii php mt m i xng. Private key cn phi gi ring v m bo tnh bo mt v n khng truyn trn mng. Public key c cung cp min ph v c public cho mi ngi.
38
n tt nghip
Dch v Mobile-wallet
V d, khi Alice mun gi thng tin cho Bob, Alice s dng public key ca Bob m ha thng tin ri gi cho Bob. Khi Bob nhn thng tin c m ha ca Alice s gii m thng tin bng Pivate key ca mnh. Mt m bt i xng hot ng chm hn phng thc mt m i xng, khng phi n m ho mt khi lng d liu ln. N thng c s dng bo mt qu trnh truyn key ca mt m i xng. N cung cp bo mt cho qu trnh truyn thng tin bng cc dch v: Authentication, Integrity, Protection, v Nonrepudiation.
Hnh 15. M ha bt i xng
Phng thc mt m bt i xng s dng: - Rivest Shamir Adleman (RSA) - Diffie-Hellman - Error Correcting Code (ECC) - El Gamal - Message Message
39
n tt nghip
Dch v Mobile-wallet
4.4 M hnh Hybrid/Session key System
Hnh 16. M hnh Hybrid system
tn dng c tc ca m ha i xng v sc mnh ca m ha bt i xng, ta s dng m hnh Hybrid system. Trong gm 2 bc: Trao i kha b mt: S dng m ha bt i xng trao i kha b mt. Kha do bn A sinh ra, c m ha bng public key ca B v gi cho B, B s dng private key ca mnh gii m v nhn kha b mt Trao i thng tin: T bc sau, kha b mt s c dng trao i thng tin, s dng m ha i xng.
Nh vy, m ha bt i xng s ch phi s dng mt ln, gip lm tng tc ca h thng, tit kim ti nguyn m vn m bo tnh bo mt ca m ha bt i xng. S dng m hnh Hybrid system c th chng li c vic nh cp thng tin cng nh l che du thng tin, nhng li cha chc chn c tnh ton ton vn ca thng tin. Mt k tn cng man-in-the-midle M c th bt c cc gi tin m A gi cho B ng thi dng kha cng khai ca B gi mo 1 gi tin khc v gi cho B. khc phc iu ny, h thng s dng MAC m bo tnh ton vn d liu. MAC l mt message digest c sinh ra khi dng hm bm 1 chiu bm bn tin cng vi session key. MAC s c gi km theo gi tin v khi B nhn c cng bm bn tin v session key verify tnh ton vn d liu.
40
n tt nghip
Dch v Mobile-wallet
Hnh 17. M hnh Hybrid System vi MAC
Nn nh rng Hybrid system khng phi l thuc cha bch bnh. M hnh Session key c coi l bo mt hn Hybrid system, trong client cng c 1 cp key cng khai ring, v kha session c sinh t 2 pha. Tc l kha b mt s c sinh t 2 thnh phn, mi thnh phn s c mt bn sinh ra. iu ny lm tng thm tnh bo mt ca kha b mt.
41
n tt nghip
Dch v Mobile-wallet
Session key
Session key
Session key
Private Key ca A
Public Key ca A
Private Key ca A
Public Key ca A
Private Key ca B Public Key ca B Alice Public Key ca B

Session key Session key
Bob Private Key ca B

Session key
Session key
Session key
message Alice
Message encrypted
message Bob
Hnh 18. M hnh session key
- Bc 1 : qu trnh trao i kha (Key agreement) A sinh key th nht, dng public key ca B m ha key ri gi cho B, B dng private key ca mnh gii m, ly c key th nht ng thi sinh key th 2 ri gi cho A bng cch dng public key ca A. A dng private key ca mnh, gii m ly c key th 2. Nh vy, kha session l kt hp ca 2 key th nht v th 2. - Bc 2 : qu trnh trao i thng tin. Cc thng tin s c m ha bng kha b mt. 4.5 Ch k s (Digital Signature) Ch k s (ch k in t) l m hnh m bo an ton d liu khi truyn trn mng v c s dng to chng nhn in t trong cc giao dch in t qua mng Internet.
n tt nghip
Dch v Mobile-wallet
Ch k in t (digital signature) l on d liu ngn nh km vi vn bn gc chng thc tc gi ca vn bn v gip ngi nhn kim tra tnh ton vn ca ni dung vn bn gc. Ch k in t c to ra bng cch p dng thut ton bm mt chiu trn vn bn gc to ra bn phn tch vn bn (message digest) hay cn gi l fingerprint, sau m ha bng private key to ra ch k s nh km vi vn bn gc gi i. Khi nhn, vn bn c tch lm 2 phn, phn vn bn gc c tnh li fingerprint so snh vi fingerprint c cng c phc hi t vic gii m ch k s (xem hnh di).
Hnh 19. Cch to ch k s
Cc bc kim tra: 1. Dng public key ca ngi gi (kha ny c thng bo n mi ngi) gii m ch k s ca message. 2. Dng gii thut (MD5 hoc SHA) bm message nh km. 3. So snh kt qu thu c bc 1 v 2. Nu trng nhau, ta kt lun message ny khng b thay i trong qu trnh truyn v message ny l ca ngi gi.
4.6 Chng nhn s (Digital Certificate) v t chc chng nhn s (Certificate Authority) Hy xem v d A mun gi thng ip cho B v m ha theo phng php kha cng khai. Lc ny A cn phi m ha thng ip bng public key ca B. Trng hp public key b gi mo th sao? Hacker c th t sinh ra mt cp kha public key/private key, sau a cho A kha public key ny v ni y l kha
n tt nghip
Dch v Mobile-wallet
public key ca B. Nu A dng public key gi ny m tng l ca B th dn n h qu mi thng tin A truyn i u b hacker c c. Vn ny c gii quyt nu c mt bn th ba c tin cy, gi l C, ng ra chng nhn public key. Nhng public key c C chng nhn gi l chng nhn in t (public key certificate hay digital certificate).
Hnh 20. Chng nhn s
Mt chng nhn in t c th c xem nh l mt h chiu hay chng minh th. N c mt t chc tin cy (nh VeriSign, Entrust, CyberTrust, v.v...) to ra. T chc ny c gi l t chc chng nhn kha cng khai Certificate Authority (CA). Mt khi public key c CA chng nhn th c th dng kha trao i d liu trn mng vi mc bo mt cao. Cu trc ca mt chng nhn in t gm cc thnh phn chnh nh sau: Issuer: tn ca CA to ra chng nhn. Period of validity: ngy ht hn ca chng nhn. Subject: bao gm nhng thng tin v thc th c chng nhn. Public key: kha cng khai c chng nhn. Signature: do private key ca CA to ra v m bo gi tr ca chng nhn. 4.7 Public key infrastructure (PKI) Trong mt m hc, h tng kha cng khai (ting Anh: Public key infrastructure, vit tt PKI) l mt c ch cho mt bn th 3 (thng l nh cung cp chng thc s) cung cp v xc thc nh danh cc bn tham gia vo qu trnh trao i thng tin. C ch ny cng cho php gn cho mi ngi s dng trong h
n tt nghip
Dch v Mobile-wallet
thng mt cp kha cng khai/kha b mt. Cc qu trnh ny thng c thc hin bi mt phn mm t ti trung tm v cc phn mm phi hp khc ti cc a im ca ngi dng. Kha cng khai thng c phn phi trong chng thc kha cng khai. Khi nim h tng kha cng khai (PKI) thng c dng ch ton b h thng bao gm nh cung cp chng thc s (CA) cng cc c ch lin quan ng thi vi ton b vic s dng cc thut ton mt m ha kha cng khai trong trao i thng tin. Tuy nhin phn sau c bao gm khng hon ton chnh xc bi v cc c ch trong PKI khng nht thit s dng cc thut ton m ha kha cng khai. PKI cho php nhng ngi tham gia xc thc ln nhau v s dng thng tin t cc chng thc kha cng khai mt m ha v gii m thng tin trong qu trnh trao i. Thng thng, PKI bao gm phn mm my khch (client), phn mm my ch (server), phn cng (nh th thng minh) v cc quy trnh hot ng lin quan. Ngi s dng cng c th k cc vn bn in t vi kha b mt ca mnh v mi ngi u c th kim tra vi kha cng khai ca ngi . PKI cho php cc giao dch in t c din ra m bo tnh b mt, ton vn v xc thc ln nhau m khng cn phi trao i cc thng tin mt t trc. Hu ht cc h thng PKI quy m doanh nghip u da trn cc chui chng thc xc thc cc thc th. Chng thc ca ngi dng s c mt nh cung cp chng thc s cp, n lt nh cung cp ny li c chng thc c mt nh cung cp khc cp cao hn to ra... H thng s bao gm nhiu my tnh thuc nhiu t chc khc nhau vi cc gi phn mm tng thch t nhiu ngun khc nhau. V vy, cc tiu chun l yu t rt quan trng i vi hot ng ca cc PKI. Hu ht cc tiu chun v PKI hin ti c son tho bi nhm lm vic PKIX ca IETF. Cc h thng PKI doanh nghip thng c t chc theo m hnh danh b trong kha cng khai ca mi ngi dng c lu tr (bn trong cc chng thc s) km vi cc thng tin c nhn (s in thoi, email, a ch, ni lm vic...). Hin nay, cng ngh danh b tin tin nht l LDAP v nh dng chng thc ph bin nht (X.509) cng c pht trin t m hnh tin nhim ca LDAP (X.500). 4.8 One time password (OTP) Xut hin t u th k 20 v cn c tn gi khc l Vernam Cipher, OTP c mnh danh l ci chn thnh ca ngnh m ha d liu. OTP l thut ton duy
n tt nghip
Dch v Mobile-wallet
nht chng minh c v l thuyt l khng th ph c ngay c vi ti nguyn v tn (tc l c th chng li kiu tn cng brute-force). c th t c mc bo mt ca OTP, tt c nhng iu kin sau phi c tha mn: - di ca cha kha phi ng bng di vn bn cn m ha. - Cha kha ch c dng mt ln. - Cha kha phi l mt s ngu nhin thc. Mi nghe qua c v n gin nhng trong thc t nhng iu kin ny kh c th tha mn c. Gi s Alice mun m ha ch 10MB d liu bng OTP, c ta phi cn mt cha kha c di 10MB. to ra mt s ngu nhin ln nh vy Alice cn mt b to s ngu nhin thc (TRNG - True Random Number Generator). Cc thit b ny s dng ngun ngu nhin vt l nh s phn r ht nhn hay bc x nn v tr. Hn na vic lu tr, chuyn giao v bo v mt cha kha nh vy cng ht sc kh khn. OTP ngy nay c s dng rng ri v kh quen thuc trong cc giao dch in t. V d mt giao dch chuyn tin qua in thoi th trc khi giao dch c thc hin, ngi dng s c nhn mt tin nhn c cha m OTP, sau ngi dng phi in OTP vo form c sn v gi ln server xc thc.
5. Cc chun trong thng mi in t

Khi thit k, xy dng mt h thng th vic xy dng m bo sao cho n ph hp vi cc chun ca quc t l mt iu quan trng. Cc chun cng chnh l mt trong nhng thc o h thng 5.1 Chun ng gi bn tin giao tip ISO 8583 ISO 8583 l chun quc t quy nh c t ca bn tin trao i gia cc h thng ngn hng, ti chnh trong giao dch in t. Vic s dng chung mt chun ng gi bn tin s d dng trong vic giao tip, trao i thng tin, d liu gia cc ngn hng v t chc ti chnh. xy dng v ng gi bn tin ISO 8583 trong JAVA, th vin JPOS h tr kh y v d dng trin khai. ISO 8583 nh ngha nh dng bn tin v lung giao tip gip cc h thng khc nhau c th trao i thng tin. Mc d ISO 8583 nh ngha mt chun chung, nhng n khng c trng cho mt mng hay mt h thng no c. Thay vo , mi mt mng hay h thng s s dng chun ny xy dng ty bin cc trng, cc cch s dng. Mt bn tin ISO 8583 c chia lm 3 phn:
n tt nghip
Dch v Mobile-wallet
Message Type Indicator (MTI) : ch nh dng thng ip Mt hoc nhiu BITMAP, dng ch nh phn t d liu no th hin Cc phn t d liu, chnh l cc trng ca bn tin a. Message Type Indicator (MTI)
y l mt trng gm 4 s dng phn chia cc chc nng mc cao ca thng ip. Mt MTI ch ra phin bn ISO 8583, lp thng tin (Message class), chc nng ca thng tin (Message Function), v ngun gc thng tin (Message Origin). V d mt MTI 0210 s cho ta bit cc thng tin sau:
0xxx X2xx xx1x xxx0 -> -> -> -> phin bn ISO 8583 (1987 version) lp thng tin (bn tin ti chnh ) chc nng ca thng tin (Request Response) khi ngun ca thng tin (Acquirer)
ISO 8583 version V tr th nht trong MTI, ch ra phin bn ISO 8583 s dng: V tr 0xxx 1xxx 2xxx 9xxx ISO 8583-1:1987 version ISO 8583-2:1993 version ISO 8583-1:2003 version S dng c nhn
Bng 3. MIT
ngha
Message class V tr th 2 trong MTI, ch ra mc ch ca bn tin: V tr x1xx x2xx x3xx x4xx x5xx x6xx x7xx Authorization Message Financial Message File Actions Message Reversal Message Reconciliation Message Administrative Message Fee Collection Message
47
ngha
n tt nghip
Dch v Mobile-wallet
x8xx x9xx
Network Management Message Reserved by ISO

Bng 4. Message class
Message function V tr th 3 trong MIT, ch ra chc nng ca thng tin, l ci m nh ngha lung thng tin s c x l nh th no trong h thng. V tr xx0x xx1x xx2x xx3x xx4x xx8x xx9x Request Request Response Advice Advice Response Notification Response acknowledgment Negative acknowledgment
Bng 5. Message function
ngha
Message origin V tr th 4 trong MTI, ch ra ni khi ngun ca thng tin: V tr xxx0 xxx1 xxx2 xxx3 xxx4 xxx5 Acquirer Acquirer Repeat Issuer Issuer Repeat Other Other Repeat
Bng 6. Message origin
ngha
b. BITMAP Trong ISO 8583, mt BITMAP l mt trng hay mt trng con trong bn tin, c chc nng ch ra cc yu t, cc thnh phn d liu c ch ra trong bn tin.
n tt nghip
Dch v Mobile-wallet
Mt bn tin ISO s c t nht 1 BITMAP, c gi l PRIMARY BITMAP, c dng ch ra cc trng t 1 n 64. Bitmap c th c truyn i di dng 8bytes d liu nh phn, hoc 16 k t hexa. Mt trng ch c th hin khi n c ch nh trong 1 bit ca BITMAP l true. V d, byte 82x c dng binary l 1000 0010 s ch ra rng trng 1 v 7 s c th hin trong bn tin, cn cc trng 2,3,4,5,6,8 s khng c th hin. c. Data Elements Data elements l cc trng trong bn tin ISO, ch ra cc thng tin v giao dch. Mi data element c mt ngha v mt nh dng khc nhau. 5.2 Chun bo mt h thng thng tin ISO 27001 T chc Tiu chun ho quc t (ISO) ban hnh ISO 27001 vo thng 10 nm 2005. V c bn, ISO 27001 - H thng qun l an ninh thng tin - phn b sung ca tiu chun ISO/IEC 17799 m thc hnh; ISO/IEC 17799 ln u tin c ban hnh di tiu chun BS 7799-1. Hai tiu chun ny ha hp v lin quan mt thit vi nhau. Tiu chun ISO 27001 a ra cc yu cu cho vic xy dng, p dng, iu hnh, kim tra, gim st v pht trin h thng an ninh thng tin mt cch tan din v khoa hc. ISO/IEC 17799 nu c th s lng kim sot an ninh n l, c la chn v p dng nh mt phn ca h thng an ninh thng tin. ISO 27001 qui nh nhng yu cu i vi h thng an ninh thng tin, khc bit vi ISO/IEC 17799 l c iu chnh mt s iu cn thit ph hp vi nhu cu ca doanh nghip, l c s xem xt nh gi cp chng ch ca t chc bn th ba. ISO 17021: 2006, nh gi s ph hp cc yu cu i vi c quan cung cp nh gi v chng nhn h thng qun l, khng nhng a ra cc chun mc tng ng i vi cc c quan chng nhn h thng qun l cht lng v mi trng, m cn lin quan n tiu chun v an tan thc phm (ISO 22000), an ton chui cung ng (ISO/PAS 28000: 2005) cng nh lin quan n bt c tiu chun no s c xy dng trong tng lai. ISO 27001 c xy dng ha hp , tng thch vi cc h thng qun l khc nh : ISO 9001: 2000 v ISO 14001: 2004 v c nh hng trn phm vi ton cu.
n tt nghip
Dch v Mobile-wallet
5.2.1 Khi nim v ISO 27001:2005 ISO 27001 l tiu chun v h thng qun l an ninh thng tin (ISMS Information Security Management System) do T chc tiu chun ho quc t (ISO) pht trin v ban hnh . Tiu chun cung cp mt m hnh thit lp, p dng, vn hnh, gim st, xem xt, duy tr, ci tin H thng ISMS v c th p dng cho hu ht mi loi hnh t chc nh : cc t chc kinh doanh thng mi, Chnh ph, t chc phi li nhun. 5.2.2 Li ch ca vic p dng ISO 27001:2005 - Chng t cam kt m bo v an ninh thng tin mi cp trong t chc - m bo tnh sn sn tin cy ca phn cng v cc c s d liu - Bo mt thng tin, to nim tin cho i tc v khch hng - Gim thiu ri ro gp phi - Nhanh chng khc phc cc s c xy ra - Gim gi thnh v cc chi ph bo him - Nng cao nhn thc v trch nhim ca tt c cc nhn vin v an ninh thng tin. 5.2.3 Cu trc ca b tiu chun ISO 27000 - B tiu chun ISO 27001 : 2005 bao gm : - ISO 27000 Cc nguyn tc v t vng - ISO 27001 Cc yu cu ca h thng qun l an ninh thng tin - ISO 27002 (ISO/IEC 17799 M thc hnh) - ISO 27003 - Hng dn p dng H thng qun l an ninh thng tin - ISO 27004 o lng H thng qun l an ninh thng tin - ISO 27005 - Qun l ri ro H thng qun l an ninh thng tin - ISO 27006 27010 s ln lt xy dng, ban hnh - ISO 17021 nh gi s ph hp 5.2.4 Cc yu cu ca tiu chun quc t ISO 27001:2005 - H thng qun l an ninh thng tin - Trch nhim lnh o
n tt nghip
Dch v Mobile-wallet
- nh gi ni b H thng ISMS - Xem xt ca lnh ao v H thng ISMS - Ci tin H thng ISMS Km theo ph lc quan trng v kim sot cc mc tiu gm 11 nhm yu t sau : - Chnh sch an ninh - T chc an ninh - Qun l ti sn - An ninh ngun nhn lc - An ninh mi trng v vt l - Qun l hot ng v truyn thng - Kim sot truy cp - Thu np, pht trin v duy tr H thng ISMS - Qun l s c an ninh thng tin - Qun l tnh lin tc trong kinh doanh - S tun th 5.2.5 Cc bc ch yu xy dng v p dng ISO 27001:2005 - Cam kt thc hin d n ca lnh o - Thnh lp Ban ch o ANTT - Kho st nh gi thc trng H thng hin hnh - o to nhn thc v ISO 27001 - o to vit ti liu - a ra chnh sch mc tiu v phm vi an ninh thng tin - Phn tch, nh gi ri ro trong phm vi ca H thng ISMS - La chn mc tiu, bin php kim sot ph hp thc thi - p dng th - o to chuyn gia nh gi ni b - Tin hnh nh gi ni b
n tt nghip
Dch v Mobile-wallet
- Hon chnh h thng ti liu - Tin hnh nh gi th - Khc phc, phng nga s khng ph hp - nh gi chng nhn - Duy tr, ci tin H thng sau chng nhn 5.3 PKCS PKCS (ting Anh: Public Key Cryptography Standards) l mt chun do phng th nghim RSA Data Security Inc pht trin. N da vo cc cu trc ASN.1 v thit k cho ph hp vi chng ch X.09, cc tiu chun ny do ANSI thit k, theo d liu c chia thnh tng khi nh nht l 8 bit (octet). PKCS hin ti bao gm cc chun PKCS#1, PKCS#3, PKCS#5,PKCS#7, PKCS#8, PKCS#9, PKCS#11, PKCS#12, PKCS#13, PKCS#15. Hin ti phin bn ca cc bn ang l 2.1. Trong c th tm c cc chun m ha d liu, chun ny c thit k da vo cch m cc thm m dng tn cng vo on m. C th m t s qua th ny, trong PKCS#1 c cc chun m ha - gii m RSAES - OAEP scheme, chun to ch k in t - kim tra RSASSA - PSS scheme ver2.1, hay trong PKCS#7 l cc chun m ha cho password. PKCS#11 l phc tp nht, n l chun cho vic truyn thng tin trn mng di dng cc gi tin m.
Cc chun PKCS PKCS #1 Version Tn 2.1 RSA Cryptography Standard Gii thch Xem thm trong RFC 3447. nh ngha cc thc tnh ton hc c nh dng ca cc kha RSA public, private, v cc gii thut c bn, cc s encoding/padding thc thi m ha, gii m, ch k RSA. Khng cn c pht trin na. N bao ph v vic m ha RSA ca message disgest, nhng c nhp vo PKCS #1. L mt phng thc m ha cho php 2 bn c th giao tip vi nhau chia s kha b mt m khng cn bit v nhau thng qua knh giao tip khng an ton. Khng cn c pht trin na. N c nhp vo PKCS #1.PKCS #1. 52
PKCS #2 PKCS #3
( c rt li)
1.4
Diffie-Hellman Key Agreement Standard ( c rt li)
PKCS #4
n tt nghip
Dch v Mobile-wallet
PKCS #5 PKCS #6 PKCS #7
2.0
1.5
1.5
Password-based Encryption Standard ExtendedCertificate Syntax Standard Cryptographic Message Syntax Standard Private-Key Information Syntax Standard. Selected Attribute Types
xem thm trong RFC 2898 v PBKDF2.
nh ngha cc m rng trong c t c ca chng nhn X.509. xem thm trong RFC 2315. Cch s dng k (sign) hoc m ha thng tin thng qua PKI. c cp nht trong Cryptographic Message Syntax Standard (CMS). xem thm trong RFC 5208. Dng trao i, di chuyn private certificate keypairs ( c m ha hoc khng). nh ngha cc loi thuc tnh c la chn trong cc chng nhn m rng PKCS #6, cc bn tin c k s PKCS #7, cc thng tin v private key PKCS #8, v cc yu cu certificatesigning PKCS #10. Xem thm trong RFC 2986. nh dang bn tin gi n mt t chc chng thc yu cu chng nhn s. Mt tp API nh ngha mt interface chung cho cc token m ha (c th l cc Hardware Security Module). nh ngha nh dang chung ca 1 file dng lu tr private keys cng vi cc chng nhn s, c bo v bi kha b mt. (ang trong qu trnh pht trin)
PKCS #8 PKCS #9
1.2
2.0
1.7
Certification Request Standard Cryptographic Token Interface (Cryptoki) Personal Information Exchange Syntax Standard Elliptic Curve Cryptography Standard Pseudo-random Number Generation Cryptographic Token Information Format Standard
2.20
1.0
1.1
(ang trong qu trnh pht trin)
nh ngha mt chun cho php ngi dung cc yu t m ha token nhn dng cc ng dng ca h, c lp vi phn thc thi Cryptoki ca ng dng (PKCS #11) hay cc API khc. Bng 7. Tng quan v PKCS
53
n tt nghip
Dch v Mobile-wallet
5.4 FIPS (Federal Information Processing Standards): Tiu chun x l thng tin lin bang. 5.4.1 FIPS 140-1: Security Requirements for Cryptographic Modules Tn tiu chun: Cc yu cu an ton i vi module mt m S hiu tiu chun: FIPS 140-1 Ngy ban hnh:01/1994.
Phm vi s dng: Dng nh gi cc module mt m s dng bi cc thit b x l thng tin. Tiu chun ny nh gi mt module mt m t mt trong bn lp m bo an ton t thp n cao: Level 1, Level 2, Level 3 v Level 4. Hin tiu chun ny c thay th bi FIPS 140-2 v trong tng lai s l FIPS 140-3. Tham kho chi tit: FIPS 140-1. o Ti http://csrc.nist.gov/publications/fips/fips140-1/fips1401.pdf Ghi ch: Nhng ai pht trin sn phm IS c s dng n module mt m u cn quan tm n tiu chun ny. 5.4.2 FIPS 140-2: Security Requirements for Cryptographic Modules Tn tiu chun: Cc yu cu an ton i vi module mt m S hiu tiu chun: FIPS 140-2 Ngy ban hnh:05/2001.
Phm vi s dng: Dng nh gi cc module mt m s dng bi cc thit b x l thng tin. Tiu chun ny nh gi mt module mt m t mt trong bn lp m bo an ton t thp n cao: Level 1, Level 2, Level 3 v Level 4. FIPS 140-2 l bn tiu chun chnh thc hin ang s dng v trong tng lai s c thay th bi FIPS 140-3. Tham kho chi tit: - FIPS 140-2.
o Ti: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
Ghi ch: Nhng ai pht trin sn phm IS c s dng n module mt m u cn quan tm n tiu chun ny. 5.4.3 FIPS 140-3: Security Requirements for Cryptographic Modules Tn tiu chun: Cc yu cu an ton i vi module mt m
n tt nghip
Dch v Mobile-wallet
S hiu tiu chun: FIPS 140-3 Ngy ban hnh:13/07/2007. Phm vi s dng: Dng nh gi cc module mt m s dng bi cc thit b x l thng tin. y ang l bn Draft nn cha nghin cu k v ni dung. Tham kho chi tit: - FIPS 140-3.
o Ti: http://csrc.nist.gov/publications/PubsDrafts.html#FIPS-140--3
Ghi ch: Nhng ai pht trin sn phm IS c s dng n module mt m u cn quan tm n tiu chun ny.
55
n tt nghip
Dch v Mobile-wallet
Chng 3. PHN TCH H THNG

Xy dng demo dch v mobile wallet nhm chng minh tnh thc tin ca ti, hng ti mc tiu xy dng v cung cp dch v sau ny, to s thun tin cho ngi dng khi thanh ton mt s dch v, gim ti cho h thng tin t, gp phn pht trin nn ti chnh khng phi tin mt. Trong , bao gm cc dch v c bn v thit yu sau: Np tin vo ti khon, chuyn tin t ti khon ngn hng ny sang ti khon ngn hng khc, t s thu bao in thoi ny sang s thu bao in thoi khc. Thanh ton v tra cu thng tin thanh ton cc dch v vin thng (ADSL, HomePhone, Mobile Post-Paid, Mobile Pre-Paid, Mua hng) thng qua in thoi di ng
H thng c xy dng qua tham kho cc chc nng, nghip v ca cc nh cung cp dch v mobile wallet c trn th trng nh mobivi, payplus hay cc dch v mobile banking ca cc ngn hng MB, Vietcombank
1. Chc nng ca h thng

M hnh phn r chc nng trn in thoi:
56
n tt nghip
Dch v Mobile-wallet
MobileWallet
Login
Chuyen tien VDT VDT VDT TK NH VDT CMND
Nap tien
GDich Tien mat Nap tien mat Rut tien mat
Cuoc vien thong
Thanh toan
Tra cuu TK Tra cu so du Tra cuu GD
Cai dat
Ho tro
The cao
Tra truoc
Dich vu
Kich hoat VDT
HDSD
Tra sau
Y/C thanh toan
Doi PIN
Danh muc NH Phi dich vu
HomePho ne
Doi MK
ADSL
Khoa the
Khac
Mo the
Ngon ngu
Hnh 21. M hnh phn r chc nng trn in thoi
1.1 Chc nng ng nhp 1.1.1 Thng tin chung chc nng Tn chc nng ng nhp trn ng dng Login Trc khi s dng cc chc nng trn ng dng, KH phi ng nhp bng MK trn ng dng, mc nh ban u khi KH ng k l 123456, sau KH c th i MK (s c lu li trn ng dng) v KH phi nh MK. Nhng ln ng nhp sau KH phi ng nhp bng MK KH i Khch hng KH vo ng dng M-Wallet trn in thoi, chc nng ny c kch hot ln trn in thoi ng dng s hin th y menu chc nng cho KH s dng N/A N/A
M t
Tc nhn iu kin trc iu kin sau Ngoi l Cc yu cu c bit
1.1.2 Biu lung x l chc nng

n tt nghip
Dch v Mobile-wallet
ng nhp
in thoi
Bt u
Nhp mt khu ng dng
Xc nhn
Kim tra MK
Y Hin th menu chc nng trn in thoi
Kt thc
Hnh 22 Lung x l chc nng ng nhp
1.1.3 M t dng s kin chnh (Basic flow) Bc 1: KH vo ng dng trn in thoi, ng dng s yu cu KH nhp mt khu. Nu l ln u tin th KH s dng mt khu mc inh c cung cp khi ti ng dng l 123456 Bc 2: KH nhp MK, chn OK(ng ) xc nhn v sang bc tip theo hoc chn Cancel (Hy) kt thc. Bc 3: ng dng s so snh MK KH nhp v MK c lu trn in thoi:
n tt nghip
Dch v Mobile-wallet
o Nu sai s thng bo li trn mn hnh Mobile theo ngn ng c thit lp mc nh trn ng dng o Nu trng khp th ly thng tin ngn ng mc nh lu trong RMS ra Bc 4: Hin th tt c cc chc nng theo ngn ng, kt thc nghip v 1.1.4 M t dng s kin ph (Alternative Flow) KH chn Cancel hy tip tc: thot ra khi ng dng M-Wallet Ti bt k mn hnh nhp liu no u c nt Back, khi KH khng nhp liu m bm nt Back th ng dng s tr v mn hnh trc ng dng kim tra MK khng hp l: ng dng hin th thng bo li tng ng v nt OK. KH bm OK th STK quay li mn hnh Nhp mt khu. Thng bo li tng ng: Sai mat khau truy cap. 1.2 Chc nng chuyn tin VT VT 1.2.1 Thng tin chung chc nng Tn chc nng M t Tc nhn Chuyn tin VT VT Cho php KH chuyn tin t TK VT ca KH n TK VT ca KH th hng Khch hng KH chuyn tin ng k dch v VT v knh thanh ton trn Mobile ca KH chuyn tin trng thi hot ng KH nhn tin ng k dch v VT v VT ang trng thi hot ng S d TK VT KH chuyn tin gim i s tin iu kin sau S d TK VT KH th hng tng ln s tin chuyn N/A Ngoi l Cc yu cu c bit N/A 1.2.2 Biu lung x l chc nng
iu kin trc
59
n tt nghip
Dch v Mobile-wallet
Hnh 23. Lung x l chc nng chuyn tin VT VT
60
n tt nghip
Dch v Mobile-wallet
1.2.3 M t dng s kin chnh (Basic Flow) Bc 1: KH vo chc nng chuyn tin t VT VT trn ng dng, ng dng hin th ln lt cc thng tin yu cu KH nhp chuyn tin: o S Mobile KH th hng (c ng k s dng dch v VT trn Mobile) o S tin o PIN Bc 2: ng dng hin th thng tin xc nhn cho KH: "Xac nhan chuyen <AMOUNT> VND cho thue bao <RECV_MSISDN>" Bc 3: KH xc nhn thc hin giao dch: o ng : Sau KH xc nhn, ng dng chuyn thng tin sang Mobile gateway xc minh s Mobile gi v Mobile nhn. o Khng ng : ng dng tr v menu chnh (sau khi ng nhp ng dng thnh cng), kt thc nghip v. Bc 4: Mobile gateway ch xc minh hp l khi c 2 s Mobile gi v nhn u ng k dch v VT v dch v Mobile ca c 2 u trng thi hot ng. o Khng hp l: Mobile gateway tr KQ li v mn hnh Mobile KH, KH xc nhn thng tin th ng dng tr v menu chnh (sau khi ng nhp ng thnh cng), kt thc nghip v. o Hp l: Mobile gateway thc hin sinh s OTP (6 s) ri gi OTP v client qua knh SMS. Bc 5: ng dng client nhn OTP ri hin th ln mn hnh cho ngi dng nhp vo. Sau khi ngi dng nhp OTP hin th, ng dng gi OTP ln cho Mobile gateway xc thc qua knh HTTP. Bc 6: Mobile gateway nhn OTP v xc thc vi OTP sinh. o Khng hp l: Mobile gateway tr KQ li v mn hnh Mobile KH, KH xc nhn thng tin th ng dng tr v menu chnh (sau khi ng nhp ng thnh cng), kt thc nghip v. o Hp l: Mobile gateway thc hin vic ng gi bn tin theo chun ISO 8583 ri gi ln core server.
61
n tt nghip
Dch v Mobile-wallet
Bc 7: Core server x l yu cu ri gi tr v kt qu cho Mobile gateway. Bc 8: Mobile gateway nhn kt qu tr v, x l thng tin, ng gi v gi v cho client. Bc 9: ng dng client hin th kt qu nu thnh cng l:KH chuyn tin: "Quy khach da thuc hien chuyen thanh cong <Amount> VND cho thu bao <RECV_MSISDN>, So du cua qui khach la <Amount>. Kt thc nghip v. 1.2.4 M t dng s kin ph (Alternative Flow) KH chn Cancel hy tip tc: ng dng thot ra khi ng dng MobileWalletClient. Ti bt k mn hnh nhp liu no u c nt Back, khi KH khng nhp liu m bm nt Back th ng dng s tr v mn hnh trc i vi cc trng nhp liu v c di trong khong min max xc nh. Khch hng khng th nhp qu max v nu nhp nh hn min th s c thng bo v d: so dien thoai ban nhap khong dung, do dai so dien thoai lon hon 9 so. Gi Y/C v ch nhn KQ: Lu Y/C xong, gi Y/C th hin th dang xu ly Cc thng bo li tng ng: o Bc 4: So thue bao khong hop le So thue bao khach hang thu huong khong hop le o Bc 9: Sai ma PIN So du khong du de thuc hien giao dich Hin th thng tin li tng ng khc KQ nhn c nu c li th s c hin th ln mn hnh. KH bm OK, ng dng tr v menu chnh (sau khi ng nhp ng dng thnh cng), kt thc nghip v.
62
n tt nghip
Dch v Mobile-wallet
1.3 Chc nng truy vn s d 1.3.1 Thng tin chung chc nng Tn chc nng M t Tc nhn iu kin trc iu kin sau Ngoi l Cc yu cu c bit Tra cu s d Cho php KH tra cu s d TK VT KH Khch hng KH ng k dch v VT v knh thanh ton trn Mobile ca KH trng thi hot ng N/A N/A N/A
1.3.2 Biu lung x l chc nng
Hnh 24. Lung x l chc nng truy vn s d Sinh vin thc hin: L S c - Kha K50 - Lp CNPM 63
n tt nghip
Dch v Mobile-wallet
1.3.3 M t dng s kin chnh (Basic Flow) Bc 1: KH vo chc nng tra cu s d trn ng dng, ng dng yu cu KH nhp PIN xc thc. Bc 2: Sau KH nhp PIN v xc nhn, DSTK chuyn thng tin sang Mobile gateway xc thc s Mobile gi. Mobile gateway ch xc thc hp l khi s Mobile gi ng k dch v VT v dch v thanh ton trn Mobile trng thi hot ng: o Khng hp l: Tr KQ v ng dng hin th li ln mn hnh Mobile KH, kt thc nghip v. o Hp l: Mobile gateway gi yu cu tra cu s d sang Core server Bc 3: Mobile gateway nhn KQ tr v t Core server, cp nht KQ vo Y/C, ng thi kim tra KQ: o Khng thnh cng: Mobile gateway tr KQ v ng dng hin th thng tin li ln mn hnh KH. Kt thc nghip v. o Thnh cng: Mobile gateway tr thng bo s d v ng dng hin th ln mn hnh KH: So du tai khoan VDT cua quy khach la <Amount> VND Kt thc nghip v. 1.3.4 M t dng s kin ph (Alternative Flow) KH chn Cancel hy tip tc: ng dng thot ra khi ng dng MobileWalletClient. Ti bt k mn hnh nhp liu no u c nt Back, khi KH khng nhp liu m bm nt Back th DSTK s tr v mn hnh trc i vi cc trng nhp liu v c di trong khong min max xc nh. Khch hng khng th nhp qu max v nu nhp nh hn min th s c thng bo v d: so dien thoai ban nhap khong dung, do dai so dien thoai lon hon 9 so. Gi Y/C v ch nhn KQ: Lu Y/C xong, gi Y/C th hin th dang xu ly Cc thng bo li tng ng: o Bc 2: So thue bao khong hop le o Bc 3: Hin th thng tin li tng ng khc
64
n tt nghip
Dch v Mobile-wallet
KQ nhn c nu c li th s c hin th ln mn hnh. KH bm OK, ng dng tr v menu chnh (sau khi ng nhp ng dng thnh cng), kt thc nghip v.
2. Kh khn trong vic trin khai dch v
ifi W
Hnh 25. M hnh tng th h thng Mobile wallet
Qua s trn, ta c th nhn thy r im yu nht ca h thng chnh l chic in thoi di ng. c im chung ca chic in thoai di ng l kh nng x l yu, hn ch b nh, nng lng... lm hn ch s m rng ca dch v thanh ton. Ngoi ra, vic server phi giao tip vi rt nhiu dng in thoi khc nhau ca nhiu nh sn xut khc nhau cng l mt thch thc ln. Khi mobile commerce ang t ra thng dng v nhiu tnh ng dng thc tin cao, th vic bo mt trong truyn ti d liu li tr thnh 1 vn quan trng v cp thit cho ngi dng mobile v cc nh pht trin ng dng khng dy. Tng th vn bo mt ca 1 mng ch mnh m bng im yu nht ca chnh n v trong mt mng mobile-commerce th im yu nht l thit b client-side. Kh nng b chn tn hiu, b nh b gii hn, sc mnh tnh ton yu ca hu ht cc thit b cm tay chnh l im yu nguy him ca cc h thng khng dy, d liu d b li dng, b n cp. Ngi s dng s ch chp nhn s dng v in t khi dch v chng minh c n trc tin l bo m an ton hn v tht, v th 2 mi n tnh tin dng. V in t khng th thanh ton c nu khng c i tc (merchant) chp nhn n. Merchant l bn cung cp hng ha, r rng vic m rng dch v ng ngha vi vic m rng c tht nhiu cc merchant chp nhn thanh ton qua v in t. Ngi s dng s chng s dng v in t nu n khng th c kh nng
n tt nghip
Dch v Mobile-wallet
thanh ton hoc thanh ton c rt t cc dch v, ti thiu phi l cc dch v thit yu nh thanh ton tin in, nc, thu bao in thoi,
3. Gii php cng ngh

3.1 Gii php cng ngh trn in thoi Cc nh sn xut khc nhau th a ra cc dng in thoi khc nhau, s dng cc h iu hnh khc nhau nh (Symbian, android, window mobile) Vic giao tip vi cc h iu hnh ny khng c mt chun chung m phi x l ring l lm hao tn ti nguyn h thng cng nh kh khn trong vic chun ha giao tip. Ti sao s dng cng ngh Java? Cc thit b di ng c th cc phn mm ca n l nhng b m cng, do nh sn xut ci t vo, nhng ngy nay, cc phn mm c th linh ng ti v t mng (loading software over the air). Java l cng ngh c nhiu nh sn xut di ng ln tch hp trong thit b ca mnh:America Online, Ericsson, Matsushita, Motorola, NTT DoCoMo, Palm, Samsung, Siemens, Sun Microsystems*, Bull, Fujitsu, Mitsubishi, Nokia, Oracle, RIM, Sharp, Sony, Symbian... Java l nn tng cng ngh c th chy trn c hu ht cc thit b di ng m khng ph thuc nhiu vo phn cng ca thit b. Mt im na l J2ME h tr lng nghe tin nhn SMS t 1 cng nh trc, gip ng dng bt c cc tin nhn gi n m khng tin nhn vo Inbox ca in thoi. iu ny kh hu ch trong vic pht trin thm yu t bo mt ng dng qua knh tin nhn mt cch t ng v trong sut vi ngi dng. 3.2 Gii php cng ngh pha server side Mobile gateway l mt proxy servlet c nhim v l ng gia h tr giao tip gia client v core server. nh dng bn tin giao tip gia client v mobile gateway l dng binary ch khng phi XML gim dung lng ng truyn cng nh tc x l. Mobile gateway s hon ton ch l tng mi gii gia client v core server, nhim v chnh ca n n gin l ch forward cc yu cu ca client i v nhn kt qu, tr v cho client. iu ny gip gim ti cho c client v server v linh ng trong vic m rng h thng cng nh bo tr sau ny.
66
n tt nghip
Dch v Mobile-wallet
Hnh 26. Cc module mc thp ca mobilegateway
Lung x l: a. Mobile gateway tip nhn yu cu t client application qua Channel (s dng http connection hoc tcp). b. Lung d liu nhn c s qua Validator validate (theo TLV) v kim tra tnh ton vn chiu di ca lung d liu nhn c c. Sau khi c kim tra, Parser s thc hin phn tch lung d liu v chuyn thnh object d. Bussiness Processing s cn c theo loi giao dch, s dng wrapper ng gi d liu v gi n Core Server. e. Kt qu nhn c t Core Server s c ng theo c ch TLV v gi v Channel Phn core server l thnh phn chnh ca h thng m nhim cc x l nghip v, tng tc vi CSDL Vi mi mt giao dch cn c x l, mobile gateway li m mt kt ni socket n core server giao tip. Vic ng m kt ni thng xuyn s lm tiu tn nhiu ti nguyn cng nh thi gian ca c h thng. Chnh v vy, ti u kt ni n core server, ta cn qun l c kt ni n n; iu ny d dng lm c vi Apache pooling. Apache pooling s qun l vic m bao nhiu kt ni n core server, v mi khi m kt ni th cc kt ni ny s khng b ng li m s dng ch (Idle) phc v cho nhng ln sau. Apache pooling cn c s dng trong vic kt ni n database ca h thng. Phn core server do thi gian hn hp cng nh thiu thn v kin thc, nghip v nn em cha th xy dng hon chnh vi cng ngh EJB. Hin ti th
67
n tt nghip
Dch v Mobile-wallet
core server ch c th x l mt s yu cu n gin, v kt ni trc tip vi database thc hin lnh.
4. Gii php bo mt
4.1 M hnh m ha Do client l cc ng dng chy trn in thoi, vi sc mnh tnh ton v b nh yu hn nhiu so vi PC, v mc tiu ca dch v l hng c n nhng khch hng khng c iu kin s dng nhng chic smartphone t tin. H c th ch s dng nhng chic in thoi h tr JAVA MIDP 1.0 nhng vn c nhu cu s dng v in t. Vic hng n c nhng khch hng bnh dn gip dch v c th c trin khai rng khp. Hin ti, vic p dng m hnh m ha trao i thng tin Session key vo h thng l khng hp l. Bi v vi sc mnh tnh ton ca mt chic in thoi b nh th vic m ha v gii m bng m ha bt i xng mt rt nhiu thi gian. Qua vic kim tra m hnh session key trn my in thoi Nokia N70 th phi mt ti 20s gii m gi tin bng RSA. Thm vo , pht sinh thm vn l lu tr private key v phn phi public key ca khch hng. Nu l lu tr private key trn in thoi th s khng m bo tnh an ton v chic in thoi rt d lt vo tay ngi khc. Nu l lu tr private key trn server chng thc th h thng s phc tp ln v cng gp phi khng t kh khn server chng thc lm vic, giao tip vi in thoi. V nguyn tc trong mua bn in t, th h thng M-wallet chp nhn thanh ton vi bt k khch hng no c nhu cu. V vy, vic yu cu khch hng phi c cp public/private key ring s lm cho h thng gim i mt lng ln khch hng. M thc cht, khch hng ch cn chc chn l h ang giao dch vi Server c xc thc. Chnh v vy, m hnh Hybrid th hin mnh l la chn thch hp. Vi m hnh ny, public key ca server s c hardcode trong ng dng, ng dng s c phn phi trn knh c chng thc. Client s sinh kha session ri gi ln cho server trao i thng tin. V m bo tnh ton vn ca thng tin, ta s dng thm MAC trong mi bn tin. 4.2 MAC MAC c sinh bng cch bm bn tin v session key. Hacker nu mun gi dng, hay thay i bn tin cng khng c v session key l b mt, c trao i bng m ha bt i xng. Trong mi bn tin gi ln lun phi km theo MAC xc thc tnh ton vn ca bn tin.
n tt nghip
Dch v Mobile-wallet
4.3 Th vin Bouncy Castle Bn thn cc API ca J2ME khng h tr cc gii thut m ha trn, m ch vi MIDlet 2.0 c h tr HTTPs, v vy, ta phi s dng th vin ca mt nh cung cp khc. Trong s cc th vin m ha cho J2ME hin nay th BouncyCastle ni ln l mt th vin m ha nhanh, chy c trn nhiu nn tng, h tr rt nhiu cc gii thut v h tr cc chun v bo mt nh PKCS, SSL,X.509 Hn th na, BouncyCastle l th vin m ngun m v min ph. 4.4 Phn phi public key server C mt vn trong m hnh Hybrid system, l vn phn phi public key ca server. Vic ny c th c thc thi bng cch hardcode trong ng dng, v bt ngi dng download ng dng t trang web chnh thc ca nh cung cp. Sau mt khong thi gian, khi cn update public key th server s bt buc ngi dng phi update phin bn ng dng mi nht. Vi cng ngh 3G hin nay ang pht trin rt mnh th vic download vi trm kilobyte khng cn l kh khn v t . 4.5 M ngun c th dch ngc Hin nay, tn ti rt nhiu chng trnh c th dch ngc m ngun bytecode .class ca java, iu ny rt nguy him v hacker c th c c ton b m ngun ca chng trnh t bit c lung lm vic v tm ra nhng l hng c th li dng. Gii php l s dng cng c obfucator obfucate m ngun, a m ngun v dng m con ngi kh c th hiu c nhng my th hon ton hiu c. 4.6 RMS khng an ton J2ME cung cp 1 vng nh ring lu tr cc d liu trin in thoi, l RMS (Record Management System). Cc RMS ca 1 MIDlet khng th c c bi cc MIDlet khc nu khng c cho php. RMS ha hn l ni lu tr nhng thng tin nhy cm ca ngi dng mt cch b mt tuyt i. Nhng ch cn s dng 1 ng dng qun l file n gin nh FExplorer, hacker c th tm n file rms.db ca ng dng MIDlet , ni cha cc thng tin m ng dng lu trn my, ri truyn ra ngoi bng bluetooth, cable,Ri bng nhng cng c crack, c file theo ANSI th mi thng tin trong RMS c th d dng ly ra. Do vy, lu tr trong RMS khng phi l an ton tuyt i, ta ch lu nhng thng tin tht s l cn thit trn RMS, cn li lu trn server, v vi nhng thng tin nhy cm, cn phi m ha trc khi lu.
n tt nghip
Dch v Mobile-wallet
4.7 Client sinh key session Trong m hnh Hybrid, kha b mt c sinh hon ton t pha client. Nhng in thoi l mt thit b nh, yu, hn ch v nhiu mt, khng th l mt thit b sinh key an ton c. Hin ti, APIs can thip vo phn cng ca J2ME l rt t, do vy ngun random (entropy) l khng cao, vic sinh key ngu nhin gn nh da vo thi gian, mt s thng tin c nhn ca my in thoi, l gii thut PRNG. Vic sinh key m khng gian kha khng ln th hacker c th li dng b kha 1 cch d dng, d k c di kha c l 24bytes. y c l l hn ch ln nht ca client chy trn in thoi. khc phc, ta phi nh n mt cng ngh khc, l OTP (One Time - Password). 4.8 SEQUENCE Relay attach l phng thc tn cng kh ph bin, i tng hacker gi lin tip mt bn tin cng mt ni dung ln server, li dng delay ca h thng chuc li. ngn chn relay attach, ta s dng thm bin sequence. Mi mt giao dch khi x l lun m bo l phi hon thnh trc khi x l tip mt giao dch khc. Khi mt giao dch hon thnh, bin sequence li c tng ln 1 n v. Ngoi ra, cc client khi gi thng tin ln u phi c t thuc tnh user-agent kim tra. 4.9 OTP OTP l t c l c nhc kh nhiu trong bo mt ngn hng, chng khon OTP c coi l gii php ti u nht trong bo mt. OTP l password ch c s dng mt ln duy nht, v n c hiu lc trong mt khong thi gian nht nh. V d trong giao dch thanh ton, khi ngi dng chuyn tin t 1 ti khon n 1 ti khon, xc nhn vic chuyn tin ny l t ng thu bao ca ngi dng, server s gi OTP qua tin nhn n thu bao , v ngi dng s nhp OTP nhn c vo form v gi ln cho server, ti y, server s xc thc OTP. V OTP ch c hiu lc trong 1 khong thi gian ngn, nn hacker khng c thi gian b kha, v cng khng th gi danh ngi dng c v OTP c gi qua knh SMS, mt knh c cho l rt bo mt, rt kh v rt t khi gi mo. Vy vic p dng OTP vo trong h thng M-wallet nh th no? Trong cc ng dng thc trin khai OTP, OTP s c truyn qua knh tin nhn, c lp vi knh giao tip ca ng dng vi server. Ngi dng s phi thot ng dng ra, vo inbox, ghi nh OTP, ri li vo ng dng ghi OTP. iu ny rt bt tin cho ngi s dng. Tht may mn l J2ME c h tr API v Wireless messaging (WMA), cho php lp trnh vin c th vit ng dng gi v nhn tin nhn mt cch t ng. Khi server gi tin nhn v, ta cn yu cu SMSC
n tt nghip
Dch v Mobile-wallet
gi tin nhn theo 1 cng m ng dng ang lng nghe. Khi c tin nhn v, ng dng bt c tin nhn, c ni dung, ri hin th ln ng dng cho ngi dng. mc demo, ta c th s dng mt modem GSM thay v phi s dng mt SMSC thc th nhn tin SMS. Chi tit hng dn s dng NOWSMS, tham kho trn trang web chnh thc www.nowsms.com R rng, vi vic p dng thm OTP, h thng M-wallet s m bo c tnh bo mt cao, tnh xc thc ca h thng. S ngu nhin s c sinh t server vi sc mnh gp nhiu ln client s m bo c tnh bo mt, khng gian kha ln.
71
n tt nghip
Dch v Mobile-wallet
Chng 4. THIT K
1. Thit k CSDL
phc v cho dch v, ta cn mt c s d liu ngn hng. C s d liu c xy dng mc n gin, trc mt y l phin bn u phc v cho vic demo chng trnh. 1.1 Xy dng cc thc th v cc bng cho c s d liu C s d liu phi c xy dng bao gm cc thc th sau y: 1. Khch hng 2. Ti khon 3. Ti khon in thoi (knh thanh ton trn in thoi) 4. Ti khon card (knh thanh ton trn th) 5. Giao dch 6. Thu bao in thoi Chi tit cc thc th c xy dng thnh cc bng nh di y:
STT Tn bng Thng tin khch hng Thng tin ti khon V in t Thng tin knh thanh ton trn Mobile Thng tin bn tin giao dch Thng tin knh thanh ton trn Th Thng tin v cc thu bao ang s dng M t
01 CUSTOMER 02 CUST_ACCOUNT 03 CUST_MOBILE 04 TRANS_APP 05 CUST_CARD 06 MOBILE
72
n tt nghip
Dch v Mobile-wallet
Hnh 27. S mi quan h gia cc bng trong CSDL
1.2 Bng CUSTOMER

STT Tn trng Kiu d liu v di INT VARCHAR2(100) VARCHAR2(20) VARCHAR2(3) Nulla ble N N N N Uni que P/F Key P Mc nh M t M khch hng Tn khch hng S th cn cc Loi th cn cc
1 CUST_CODE 3 CUST_NAME 4 ID_NO 5 ID_TYPE
73
n tt nghip
Dch v Mobile-wallet
6 ID_ISSUE_DATE 7 ID_ISSUE_PLACE 8 GENDER 9 BIRTHDAY 10
DATE(7) VARCHAR2(25) VARCHAR2(6) DATE(7)
N N N N Y Y Y Y N Y
Ngy cp th cn cc Ni cp th cn cc Gii tnh (MALE/FEMALE) Ngy sinh S in thoi lin lc Fax Email a ch lin lc SYS Ngy to DATE Ngy cp nht
CONTACT_MOBIL VARCHAR2(20) E_NO VARCHAR2(20) VARCHAR2(34) VARCHAR2(200) DATE(7) DATE(7)
11 FAX 12 EMAIL 13 ADDRESS 14 CREATED_DATE 15 MODIFIED_DATE
Bng 8. Bng CUSTOMER
1.3 Bng CUST_ACCOUNT

STT 1 2 3 4 6 8 9 10 11 Tn trng ACC_ID ACC_LEVEL ACC_STATUS BALANCE CUST_CODE CREATED_DATE ACTIVE_DATE MODIFIED_DAT E EXPIRED_DATE Kiu d liu v di INT VARCHAR2(3) VARCHAR2(3) VARCHAR(22) INT DATE DATE DATE DATE Nulla ble N N N N N N Y Y Y F SYS DAT E Uni que Y P/F Key P Mc nh M t S TK V in t Hng ti khon (t hn mc) Tnh trng ti khon S d ti khon VT ban u khi ng k M khch hng Ngy to Ngy kch hot Ngy cp nht Ngy ht hiu lc
Bng 9. Bng CUST_ACCOUNT
1.4 Bng CUST_MOBILE

STT 1 Tn trng MOBILE_ID Kiu d liu v di INT INT VARCHAR2(20) VARCHAR2(3) Nulla ble N N N N Uni que P/F Key P F Mc nh M t S t tng xc nh tnh duy nht S TK V in t S MSISDN Hng giao dch trn knh Mobile
2 ACC_ID 3 MSISDN 4 MOBILE_LEVEL
74
n tt nghip
Dch v Mobile-wallet
5 MOBILE_STATUS 7 CREATED_DATE 8 MODIFIED_DATE 9 EXPIRED_DATE 10 MSISDN_TYPE
VARCHAR2(3) DATE(7) DATE(7) DATE(7) NUMBER(22)
N N Y Y Y
Tnh trng knh Mobile Ngy to Ngy cp nht Ngy ht hiu lc Xc nh loi thu bao: 0 - tr truc, 1 - tr sau
Bng 10. Bng CUST_MOBILE
1.5 Bng TRANS_APP

STT Tn trng Kiu d liu v di NUMBER(22) CHAR(6) CHAR(4) DATE(7) NUMBER(22) CHAR(12) NUMBER(22) VARCHAR2(20) NUMBER(22) VARCHAR2(3) VARCHAR(22) VARCHAR2(3) NUMBER(22) NUMBER(22) Nulla ble N N N N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Uni que Y P/F Key P Mc nh ID bn tin M x l Loi bn tin (Gi/nhn ...) Ngy gi bn tin Ngun xut pht giao dch S tham chiu S audit S MSISDN S TK V in t Tnh trng ti khon V in t S d ti khon V in t M nguyn t S tin giao dch Ph giao dch Tn KH np tin, chuyn tin a ch KH np tin, chuyn tin S th cn cc KH np tin, chuyn tin Loi th cn cc KH np tin, chuyn tin Tn KH nhn tin a ch KH nhn tin S th cn cc KH nhn tin Loi th cn cc nhn tin S TK V in t KH nhn tin S TK NH ca ngi nhn M t
1 REQUEST_ID 2 PROCESS_CODE 3 REQUEST_MTI 4 REQUEST_DATE 5 APP_ID 6 REF_NO 7 AUDIT_NO 8 MSISDN 9 ACC_ID 10 ACC_STATUS 11 BALANCE 12 CURR_CODE 13 TRANS_AMOUNT 14 TRANS_FEE 15 16 17 18 19 20
SENT_CUST_NAM VARCHAR2(35) E SENT_CUST_ADD R SENT_ID_NO SENT_ID_TYPE VARCHAR2(200) VARCHAR2(20) VARCHAR2(3)
RECV_CUST_NAM VARCHAR2(35) E RECV_CUST_ADD VARCHAR2(200) R VARCHAR2(20) VARCHAR2(3) NUMBER(22)
21 RECV_ID_NO 22 RECV_ID_TYPE 23 RECV_ACC_ID
24 RECV_BANK_ACC VARCHAR2(20)
75
n tt nghip
Dch v Mobile-wallet
_NO 25 RECV_MSISDN 26 RECV_BANK_CO DE VARCHAR2(20) VARCHAR2(15) VARCHAR2(3) VARCHAR2(1) Y Y Y Y S MSISDN ca KH nhn tin M ngn hng ca TK KH nhn tin M li tr v Xc nh loi thu bao: 0 - tr truc, 1 - tr sau
27 RESPONSE_CODE 28 RECV_MSISDN_T YPE
Bng 11. Bng TRANS_APP
1.6 Bng CUST_CARD

STT 1 2 3 4 5 6 7 8 9 10 11 12 Tn trng Kiu d liu v di INT INT VARCHAR2(19) VARCHAR2(3) VARCHAR2(3) VARCHAR2(3) CHAR(4) VARCHAR2(3) DATE(7) DATE(7) DATE(7) DATE(7) Nulla ble N N N N N N N N N N Y Y SYSD ATE Phng thc pht hnh (theo l, k qu ...) Ngy pht hnh (in th) Ngy to Ngy cp nht Ngy ht hiu lc Uni que P/F Key P F F Mc nh M t S t tng xc nh tnh duy nht ca th S TK V in t S th ATM Loi th (bnh thng, c bit) Hng th Tnh trng th
CARD_ID ACC_ID CARD_NO CARD_TYPE CARD_LEVEL CARD_STATUS CVV ISSUE_METHOD ISSUE_DATE CREATED_DATE MODIFIED_DATE EXPIRED_DATE
Bng 12. Bng CUST_CARD
1.7 Bng MOBILE

STT 1 2 3 4 5 6 7 Tn trng Kiu d liu v di INT VARCHAR2(20) INT VARCHAR2(22) VARCHAR2(35) VARCHAR2(20) VARCHAR2(3) Nulla ble N N N N Y Y Y Uni que P/F Key P Mc nh M t S t tng xc nh tnh duy nht S MSISDN Loi thu bao S d trong ti khon tr trc s n trong tr sau Tn thu bao S th cn cc Loi th cn cc
MOBILE_ID MSISDN MSISDN_TYPE BALANCE CUST_NAME ID_NO ID_TYPE
76
n tt nghip
Dch v Mobile-wallet
8 9 10 11 12 13
ID_ISSUE_PLACE ID_ISSUE_DATE CREATED_DATE GENDER EMAIL BIRTHDAY
VARCHAR2(200) DATE(7) DATE(7) VARCHAR(6) VARCHAR2(34) DATE(7)
Y Y Y Y Y SYSD ATE
Ni cp th cn cc Ngy cp th cn cc Ngy to
Bng 13. Bng MOBILE
2. c t giao din kt ni
2.1 X l giao dch Bc 1. Khch hng s dng chc nng trn ng dng j2me. ng dng s thc hin vic ng gi v gi bn tin v pha mobile gateway Bc 2. Mobile gateway tip nhn request t j2me gi n qua knh kt ni. Bn tin nhn c s c phn tch, xc thc v ng gi chuyn n core system. Bc 3. Mobile gateway nhn c bn tin t core system, xc thc bn tin sau ng gi v tr v pha client. Bc 4. ng dng j2me thc hin vic gii gi, xc thc bn tin v hin th kt qu giao dch. 2.2 c t bn tin tng tc 2.2.1 nh ngha cc tham s hn ch d liu truyn (do hn ch v tc , tnh n nh ca knh truyn), cc tham s c thu gn v vit tt nh sau:
TT Tham s Kiu d liu n 12 Owner S ti khon ca ngi s dng chiu di ti a T vit tt M t
o[x]
2 3
p[x] m
an n
8 12
Pin Msisdn
S Pin s dng trong cc giao dch S in thoi th hng trong cc giao dch (topup, gch n cc tr sau, homephone, chuyn tin) 77
n tt nghip
Dch v Mobile-wallet
4 5 6 7 8
np s[x] a f[a] ma[a]
an n n n an
8 9 10 2
New pin Sequence amount Function Message authentication code Data
Mt khu mi, s dng trong giao dch i mt khu S th t ca giao dch (ng b gia client v server) S tin trong cc giao dch (chuyn tin, topup, gch n) Chc nng cn thc hin (xem bng danh sch cc chc nng) M xc thc bn tin
d[a]
Cha d liu giao dch chuyn t ng dng v mobile gateway (d liu giao dch c encode theo dng hexa) Phin bn hin ti ca ng dng Phin bn public key lu pha client M li giao dch M dch v thanh ton M giao dch, phc v truy vn giao dch Thng ip th hin kt qu giao dch M ngn hng Chng minh th nhn dn nh danh h thng x l Chui Hexa ca session key. Chui gm 9 k t. Hai K t u l Sequence (01-99) to ngu nhin. K t th 3 ch loi device, 0 : iphone, 1 : J2me.
10 13 14 15 16 17 18 19 20 21 22
v kv r[y] sc tid[y] ms bc pid sid sk otp
an an n an an an an an n an an
10 10 2 30 15 100 10 12 2 16 9
Version Key version Result Service code Transaction Id Message Bank code Personal id System id Session Key Otp String
78
n tt nghip
Dch v Mobile-wallet
Su k t cui l chui ngu nhin sinh t thng tin ca my. 23 l[x] an 1 Language 1 : Ting vit khng du 2 : Ting vit c du 3 : English 24 25 26 27 cn cvv cne id an an an an 19 3 30 10 Card No CVV Customer Name User Identification No User Identity card date issued. Digital sign Public key M s in trn th 3 k t cui ghi sau th H v tn khch hng S Chng minh th
28
uidd
an
10
Ngy cp Chng minh th 05-05-2010 Ch k ca mobile gateway Public key mi
29 30 31
ds pk mgs
an an an
message sign mu tin dng k Bng 14. nh ngha cc tham s ca bn tin
Cc tham s c k t: [x] tham s bt buc c trong request [y] tham s bt buc c trong response [a] tham s bt buc c trong c request & response Kiu d liu: an: kiu d liu ch cha cc ch s v ch ci n: kiu d liu ch cha cc ch s 2.2.2 Cch thc to d liu bn tin a. Request URL nh dng request t client http(s)://[host]:[port]/[application]/[contextPath]?d=[value]
n tt nghip
Dch v Mobile-wallet
v d: http://192.168.168.74/MobileGateway/TxGateway?d=0230313539663d3033 266f3d38343136353735303132373726703d31323334353626723d34636163643730 3062363936613733346431373831353766616163623833663364623836633539393 5653463316632626635373535363937386365393930336564633962363330663064 3633636462333831643232376637623937303935376461663165656337633637363 96261333465626465646437633437663630393934
Kt qu c tr v l lung bytes d liu, s dng nh dng http request V d: 36539393033656463396236333066306436336364623338316432323766376 2393730393537646166316565633763363736396261333465626465646437633437 663630393934 b. Danh sch chc nng
Gi tr 03 04 05 06 07 08 09 11 12 13 14 15 16 17 18 Truy vn s d Truy vn giao dch External chuyn tin v in t - v in t Chuyn tin v in t - ngn hng Chuyn tin s dng CMTND Np tin Rt tin Np tin thu bao tr trc Gch n cc thu bao tr sau Gch n cc home phone tr sau Gch n cc ADSL Gch n cc cc dch v khc Thanh ton dch v Yu cu thanh ton dch v (Request to pay) Kch hot v in t 80 M t
n tt nghip
Dch v Mobile-wallet
19 21 22 23 24 25 26 27 28
Thay i PIN Kha v in t Truy vn giao dch internal Ly tn phin bn mi nht trn server Truy vn kt qu giao dch cui Bn tin trao i session key Bn tin kch hot Client Bn tin kch hot Th Bn tin cp nht thng tin c nhn Bng 15. Danh sch cc chc nng
V d bn tin chuyn tin Request: /TxGateway?f=05&s=1&o=841657501277&p=47780a282&m=0947000759 &a=10000&ma=0723d6059c9e71c1386fcef43dbd26fc03536979ebfdb0b47780a282 293245199a5f02cadb24c0b8fc55457b652718acdfa4fb4a27c6f4573f6681935f45b9
Response: f=05&r=05&ms=giao%20dich%20thanh%20cong c. nh ngha tham s cho cc chc nng

C.nng/T.s 03 04 m np a v kv bc pid tid s sc M t chc nng Truy vn s d Truy vn giao dch External (cc giao dch ly thng tin trn h thng Smartlink, MB) x x x x x x x x x x x x x x chuyn tin v in t - v in t Chuyn tin v in t ngn hng Chuyn tin s dng 81
05 06 07
n tt nghip
Dch v Mobile-wallet
CMTND 08 09 11 12 13 14 15 16 17 18 19 21 22 23 24 25 26 27 28 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x Np tin Rt tin Np tin thu bao tr trc Gch n cc thu bao tr sau Gch n cc home phone tr sau Gch n cc ADSL Gch n cc cc dch v khc Thanh ton dch v Yu cu thanh ton dch v (Request to pay) Kch hot v in t Thay i PIN Kha v in t Truy vn giao dch internal Ly tn phin bn mi nht trn server Truy vn kt qu giao dch cui Bn tin trao i session key Bn tin kch hot client Bn tin kch hot th Bn tin cp nht thng tin c nhn
Bng 16. Cc tham s cho tng chc nng
d. Cch thc to d liu trng

n tt nghip
Dch v Mobile-wallet
nh dng request t client http(s)://[host]:[port]/[application]/[contextPath]?d=[value] [value]: gi tr c encode theo dng hexa, theo c ch TLV (Tag Length - Value) Tag (2 k t): ng dng ngun Tag = 01: j2me
Length (8 k t): chiu di d liu biu din theo s BCD Value: d liu
V d: http://192.168.168.74/MobileGateway/TxGateway?d=010630313539663d30 33266f3d38343136353735303132373726703d31323334353626723d346361636437 3030623639366137333464313738313537666161636238336633646238366335393 9356534633166326266353735353639373863653939303365646339623633306630 6436336364623338316432323766376239373039353764616631656563376336373 6396261333465626465646437633437663630393934&o=xxxx&ma=yyyy xxxx : s msisdn ti khon yyyy : mac ca d liu truyn i
d liu: 010630313539663d3033266f3d38343136353735303132373726703d313233 34353626723d3463616364373030623639366137333464313738313537666161636 2383366336462383663353939356534633166326266353735353639373863653939 3033656463396236333066306436336364623338316432323766376239373039353 7646166316565633763363736396261333465626465646437633437663630393934
d=010630313539663 ng dng yu cu: j2me, h thng x l: Core system, chiu di bn tin: 0159 (bytes) nh dng response t mobile gateway biu din di dng hexa. Chui hexa sau khi c chuyn v mng bytes c nh dng nh sau: [byte1][byte2 byte5][byte6 end]
83
n tt nghip
Dch v Mobile-wallet
byte1: byte gi tr th hin kt qu tr v t mobile gateway byte2 byte6 byte6 e. Bng m li (Xem thm ph lc) byte5: 4 bytes biu din chiu di d liu theo dng BCD end: mng bytes d liu end: 3des(f=x&.&ma=yyy)
84
n tt nghip
Dch v Mobile-wallet
Chng 5. CI T
1. Cu hnh phn cng
Pha Client l in thoi di ng c h tr ng dng Java MIDP 1.0 tr ln v h tr mng. Trong qu trnh xy dng ng dng, client c th l trnh gi lp do nh sn xut cung cp. Server l my ch c cu hnh mnh chy cc ng dng Java, database v d: Intel Pentium dual CPU E2200 @2.20 MHz, 1G RAM. V c kt ni internet. Mt modem GSM c th nhn tin nhn v nhn tin OTP n my client. Modem GSM c th l mt modem ch thc hoc c th l mt in thoi h tr chc nng modem v d N70, Sony erricson P1i
2. Cu hnh phn mm
My ch dch v c th ci bt k h iu hnh g do Java h tr a nn. C th h thng ny c xy dng trn my tnh ci h iu hnh Windows Vista 64bit Home Edition. Tuy nhin vn c th trin khai trn my ch h iu hnh Linux hay Macintosh... My ch dch v ci t cc phn mm sau: o Java 2 SDK 1.6 tr ln o Netbean 6.8 o My SQL Server 5.1 Driver for JDBC o NowSMS chy dch v nhn tin xy dng ng dng cn phi c mt s phn mm sau: o J2ME Wireless Toolkit 2.0 o Cc th vin m ngun m BouncyCastle, JPOS
3. Ngn ng, mi trng

Ngn ng chnh xy dng ng dng l ngn ng Java, trn mi trng Windows. Mobile gateway c trin khai trn server Apache Tomcat 6.0.
85
n tt nghip
Dch v Mobile-wallet
Chng 6. TNG KT V NHN XT
1. Giao din ca ng dng MIDlet

ng dng chy trn trnh gi lp Wireless Tool Kit 2.5.2 ca SUN Microsoft System, y l b cng c rt hu ch cho lp trnh vin J2ME. Giao din ca ng dng c thit k n gin sao cho thun tin cho ngi s dng nht, khng mu m phc tp v l giao dch ti chnh, khng phi l gii tr. Cc mn hnh nhp liu c thit k 1 n 2 dng nhp trn mt mn hnh ph hp vi nhng thit b c mn hnh nh. Sau y l mt s giao din khi chy trn trnh gi lp:
86
n tt nghip
Dch v Mobile-wallet
Hnh 28. Mn hnh Splash
Hnh 29. Mn hnh ng nhp
Hnh 30. Mn hnh chnh
Hnh 32. Chc nng tra cu TK
87
n tt nghip
Dch v Mobile-wallet
Hnh 31. Mn hnh nhp PIN
Hnh 33. Mn hnh ch
Hnh 34. Mn hnh kt qu
Hnh 35. Mn hnh nhp OTP
88
n tt nghip
Dch v Mobile-wallet
2. Hiu sut ca ng dng

2.1 Cc thng s thc thi Cc thng s sau y c tnh tng hp khi s dng tt c cc chc nng ca ng dng (12 ln ly mu) vi trnh gi lp Wireless toolkit trn cu hnh my cc b CPU core 2 duo T5800 2x2.0 Ghz, 4Gb RAM Kch thc trung bnh Request t client Kch thc trung bnh Response client nhn c Kch thc ca ng dng 112 bytes 178 bytes 93 Kb
Thi gian thc thi trung bnh trong mi trng gi lp 1093 ms (thi gian tnh t khi gi yu cu v nhn hi p) Thi gian thc thi thc t trong mng 3G Thi gian thc thi thc t trong mng Wifi Thi gian thc thi thc t trong mng GPRS 1026 ms 1134 ms 2132 ms
Bng 17. Cc thng s thc nghim ng dng
Nhn xt: Thi gian thc thi l c th chp nhn c i vi thit b di ng ( c c thi gian m ha v gii m bn tin). Kch thc ng dng b (ch c 93Kb, nh hn 100Kb).
2.2 B nh J2ME Wireless Toolkit c cng c Memory Monitor cho php gim st b nh s dng ca ng dng trong qu trnh thc thi.
89
n tt nghip
Dch v Mobile-wallet
Hnh 36. th b nh khi thc thi ng dng
Nh ta thy b nh ca ng dng ch tng cao khi khi ng chng trnh do phi khi to nhiu Object v nht l phi ti file ngn ng, sau khi khi ng, ng dng s gii phng b nh, dung lng b nh gim ng k, sau dn i vo n nh mc trung bnh thp ch khong tm 170 Kb. iu ny l chp nhn c v cc dng my in thoi hin nay p ng c rt nhiu v b nh.
3. Tng kt v nhn xt
3.1 lm c Xy dng c dch v v in t vi 2 chc nng chnh l chuyn tin v truy vn s d cho ngi dng di ng. Tm hiu cc gii php, khi nim bo mt v a ra gii php cho dch v mobile wallet, nht l gii php OTP. Tm hiu chun ISO 8583 v p dng thnh cng vo h thng mibile wallet. Vn dng cc cng ngh mi xy dng h thng nh: MIDP 2.0, proxy servlet, apache mina framework 2.0, apache pooling, Jpos. H thng h tr 2 ngn ng chnh l Vit Nam (c du v khng du) v ting Anh.
90
n tt nghip
Dch v Mobile-wallet
H thng c phn tch, thit k kh hon chnh, hon ton c th a vo thc tin. 3.2 Hn ch Cc chc nng cha c xy dng hon thin. V bo mt, h thng cn thm cc yu t nh CA, PKI bao gm c ch xc thc bn th 3, c ch lu tr private key, c ch sinh kha OTP (bng cc thit b phn cng chuyn dng nh HSM) Do iu kin khch quan, h thng cha c th nghim thc t, vn dng mc gi lp. Database c thit k n gin, cha cht ch v y . Mt s thut ng v khi nim cn kh mi nn vic chuyn dch sang ting Vit cn cha r rng v thng nht. 3.3 Hng pht trin Hon chnh cc chc nng ca h thng. Nng cp phn bo mt ca h thng. Hon chnh phn core ca h thng, p dng cc cng ngh mi nht h thng hot ng hiu qu ti u.
Mt ln na, em xin chn thnh cm n c gio thc s Bi Th Ha hng dn v ch dy tn tnh cho em trong qu trnh thc hin n.
91
n tt nghip
Dch v Mobile-wallet
Ph lc
TT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 M li 000 901 902 903 904 905 101 103 105 109 113 114 122 125 136 140 141 151 154 161 175 177 178 185 200 210 216 217 Giao dch thnh cng S in thoi khng hp l hoc khng ng nh dng S tin khng hp l hoc khng ng nh dng PIN sai H thng bo dng Dch v yu cu cha c hoc ang ngng hot ng V in t cha c kch hot Merchant khng hp l V in t b kha Giao dch ang trong qu trnh x l S lng tin giao dch khng hp l V in t khng tn ti H thng ang tm dng Bn tin yu cu khng hp l Ti khon v in t khng c quyn thc hin giao dch H thng cha h tr bn tin yu cu V in t ang b kha do khai bo mt th V in t khng s d thc hin giao dch V in t b kha vnh vin S lng tin giao dch vt qu hn mc cho php Vt qu s ln nhp sai PIN cho php. H thng s tm thi kha v in t D liu khng ng nh dng Ngy giao dch khng hp l H thng t chi x l giao dch Giao dch time-out M dch v yu cu khng tn ti M s th co khng tn ti Th co s dng 92 M t
n tt nghip
Dch v Mobile-wallet
29 30 31 32 33
218 219 220 230 908
Th co ht hn Th co cha kch hot Th co b kha H thng ghi nhn v ang x l Giao dch time-out Bng 18. Bng m li dch v
93
n tt nghip
Dch v Mobile-wallet
Ti liu tham kho
[1] Ray Rischpater, Beginning JavaME Platform, APRESS 2008 [2] John W. Muchow, Core J2ME Technology & MIDP, Prentice Hall PTR [3] Jonathan Knudsen, Pat Niemeyer, Learning Java, 2nd Edition, O'Reilly [4] Mourad debbabi, Mohamed Saleh, Chamseddine Talhi and Sami Zhioua, Java for Mobile Devices: A Security Study. [5] Shivani Agarwal, Mitesh Khapra, Bernard Menezes and Nirav Uchat, Security Issues in Mobile Payment Systems. [6] David Hook, Beginning Cryptography with Java, Wrox Press 2005 [7] http://www.java-security-training-guide.com/session-key-systems.html : Cc khi nim c bn v bo mt [8] http://www.bouncycastle.org/java.html : Th vin dng m ha [9] http://java.sun.com : Trang ch Sun Java [10] http://discussions.nokia-asia.com/: Ni tho lun ca Nokia [11] http://jcp.org : Trang ch t chc Java Community Process
94

Sample J2ME

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sample J2ME

Uploaded by

Copyright:

Available Formats

n tt nghip

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Thut ng Mobile wallet

Thng mi di ng Thut ton m ha Encryption Standard

OTP ISO 8583 Mobile Paid

Mobile Post- Thu bao in thoi tr sau Paid

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Chng 1. GII THIU

2. Pht biu bi ton

Hnh 1. Mi lin h gia Di ng v Khng dy

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Cng ngh 2.5G

Hnh 2. S pht trin cng ngh truyn thng v tuyn

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Th h th hai in thoi t bo s & v.v

Hnh 3. S pht trin ca cng ngh v tuyn

Mng hu tuyn Mng v tuyn

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

2. Lnh vc ng dng khng dy vi cng ngh Java

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Hin trng Cu hnh My o Phn cng/HH

MIDP CLDC K Virtual Machine Cell Phone, PDA,...

Hnh 5. Cc mc t chc J2ME

Hnh 6. Trin khai h thng J2ME

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

JSPs Mediator Visual Basic application

Mediation/Translation ca tng trnh din: Gateway JSPs Business Data

Hnh 11. Mi gii ca tng trnh din

3. Cc vn thit k ng dng doanh nghip khng dy p dng cng ngh Java

Java/J2ME Client LCDUI (User Interface) MIDlet GCF (Networking)

Non-Java Client Browser

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Hnh 14. M ha i xng

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Bng 2. Cc thut ton m ha i xng hay s dng

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Hnh 15. M ha bt i xng

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

4.4 M hnh Hybrid/Session key System

Hnh 16. M hnh Hybrid system

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Hnh 17. M hnh Hybrid System vi MAC

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Private Key ca B Public Key ca B Alice Public Key ca B

Bob Private Key ca B

Hnh 18. M hnh session key

Hnh 19. Cch to ch k s

Hnh 20. Chng nhn s

5. Cc chun trong thng mi in t

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM

Network Management Message Reserved by ISO

Diffie-Hellman Key Agreement Standard ( c rt li)

Sinh vin thc hin: L S c - Kha K50 - Lp CNPM