B GIO DC O TO

TRNG HDL HI PHNG KHOA CNG NGH THNG TIN

N TT NGHIP
ti :

TM HIU CNG NGH CA V NG DNG CA N TRONG THNG MI IN T

Gio vin hng dn : TS. H VN CANH Sinh vin : Trn Th Thu H Lp : CT702

NI DUNG
M U Chng I : TNG QUAN V THNG MI IN T
Chng II :TNG QUAN V C S H TNG KHO CNG KHAI V VAI TR CA N TRONG THNG MI IN T Chng III :CA(CERTIFICATE AUTHORITY-CA)

Phn I

M U
- Cc cng vic, thng tin ang dn c s ho. - Nhu cu an ninh, an ton trn mng my tnh tr thnh vn cp thit. - Cn xy dng c s h tng nhm bo m an ton d liu trong cc phin giao dch. - Xy dng C s h tng v mt m kho cng khai PKI (Public Key Infrastructure) vi bn th ba l mt nh cung cp chng thc s CA (Certificate Authority) chuyn cung cp v xc minh cc chng ch s.

Chng I

TNG QUAN V THNG MI IN T T chc lut thng mi quc t a ra nh ngha : Thng mi in t l vic trao i thng tin thng mi thng qua cc phng tin in t v khng cn phi vit ra giy bt c cng on no ca qu trnh giao dch. - Thng mi in t tr nn kh ph bin: Nhng hnh thc kinh doanh mi trn cc phng tin in t lin tc xut hin, c bit l dch v kinh doanh ni dung s. - Cc n v tham gia thng mi in t cn c chnh sch an ninh .

Chng II TNG QUAN V C S H TNG KHO CNG KHAI V VAI TR CA N TRONG THNG MI IN T

2.1 S hnh thnh ca PKI: - PKI (Public key Intrastructure) ra i nm 1995. - L xy dng mt b tiu chun bo mt, cng c, chnh sch cho php ngi s dng cng nh cc t chc c th to lp, lu tr v trao i. 2.2 Chc nng ca PKI : - Bo m b mt cc thng tin truyn trn mng . - Bo m ton vn cc thng tin truyn trn mng. - Bo m xc thc cc thng tin truyn trn mng . - Bo m h tr cc yu cu chng chi ci.

2.3 C s h tng ca kho cng khai :

Phn 1: Tp hp cc cng c, phng tin, giao thc bo m an ton thng tin. Phn 2: Hnh lang php l : Lut giao dch in t, cc quy nh di lut.

Phn 3: Cc t chc iu hnh giao dch in t (CA, RA )

2.4Cc yu cu ca c s h tng (Infrastructure Requirements): 2.4.1 U thc nh pha th ba (third-party trust) :

- Cho php ngi dng tin tng vo bt c kho cng khai no c xc thc bi bn th ba ny 2.4.2 Xc thc mc tin cy ca ngi dng (CA) : - CA l ni tp trung p ng cc yu cu v xc thc mc tin cy ca mi ngi s dng 2.4.3 Xc nhn cho (Cross-certification) : L qu trnh m trong c hai CA chc chn trao i thng tin v kho m vi nhau

2.4.4 Nhn dng ngi dng (Certificates) : ch s hu n . Phn cui ca thng tin cha trong xc nhn ngi dng ny chnh l kho cng khai ca ngi s hu 2.5 C s khoa hc v PKI 2.5.1 M ho. Mt m c s dng bo v tnh b mt ca thng tin 2.5.2 Ch k s : - Ch k s khng c gn mt cch hu c vi ti liu c k. Do , thut ton k c dng phi tri ch k vi ti liu c k theo mt cch thc no .

Cha cc thng tin c s dng kim tra xc nhn ca ngi

- Vic kim tra ch k s c s dng mt thut ton kim tra c cng khai ho hon ton. Do , ng v nguyn tc mi ngi c th kim tra ch k s ca ti liu . - Bn sao ca ti liu k khng khc g so vi bn gc. y l mt c im cn lu . 2.7 - Chng ch s. Chng ch s l mt tp tin in t dng xc minh danh tnh mt c nhn, mt my ch, mt cng ty trn Internet . Bao gm : Thng tin c nhn ca ngi c cp. Kho cng khai (Public key) ca ngi c cp Ch k s ca CA cp chng ch

VAI TR CA KHO CNG KHAI TRONG THNG MI IN T :

i vi ngi dng : - Bng cch s dng h thng PKI ngi dng cm thy an tm bi v tt c cc thng tin u c m ho. - C th thc hin nhng hot ng thng mi, ti chnh, x hi qua mng m vn c m bo tnh hp l, an ton i vi nh pht trin, cung cp dch v : - D dng xy dng ng dng, pht trin ng dng da trn nn tng bo mt PKI. - C th pht trin ng dng kt hp vi cc ng dng dch v cng, ng dng thng mi in t sn c.

Chng III

CA(CERTIFICATE AUTHORITY-CA) Mt h thng kho cng khai lm vic nh sau : - Mt CA pht hnh cc chng ch cho nhng ngi nm gi cp kho cng khai v kho ring.
Kho ring ca CA Thng tin i tng Kho cng khai ca i tng Tn CA

Sinh ch k s

- Mt chng ch gm c mt gi tr Ch k CA kho cng khai v thng tin dng nhn dng duy nht ch th (subject) ca chng ch. Ch th ca chng ch c th lm mt ngi, thit b, hoc mt thc th khc c nm gi kho ring tng ng. - Cc chng ch c CA k, bng cch s dng kho ring ca CA.

Xc thc da trn chng ch s :

1.Ngi dng nhp tn v mt khu cho xc thc 4. My dch v dng chng ch v ch k s xc nh nh danh ngi dng 5. My dch v xc nhn quyn truy nhp vo nhng ti nguyn no cho ngi dng

3.My khch gi chng ch v ch k qua mng 2.My khch ly kho b mt to ch k s

Chng ch s chng thc cho my khch kt ni ti my dch v

Thi gian tn ti v vic thu hi chng ch : Chng ch c thi gian hp l c quy nh trc, nh ngha ngy/gi bt u v ngy/gi kt thc. Cc chng ch b thu hi trong trng hp pht hin hoc nghi ng c tho hip kho ring tng ng. Quy trnh pht hnh chng ch s : Bc 1 : Nhp thng tin v ngi c cp (Input Users Data) Ngi thc hin ln lt nhp cc thng tin ca ngi c cp chng ch : H v tn (Fullname) , S chng minh nhn dn (ID Card Number) Chng trnh s t ng sinh yu cu cp chng ch s (Certificate Request) vi cc thng tin trn

Bc 2 : K yu cu chp chng ch s (Sign Certificate Requests) Ngi s dng nhp mt khu dng gii m kho b mt ca CA (mt khu nu c t khi thc hin thit lp h thng) . Qu trnh pht hnh chng ch s cho ngi s dng s c thc hin. Bc 3 : Chuyn i nh dng ca chng ch (Generate PKCS12 Certificate). Sau khi pht hnh chng ch s, ci t c chng ch cho ng dng Mail hoc lu vo thit b Ikey, th chng ch s cn c chuyn i nh dng thnh dng PKCS12. Ngi thc hin nhp s PIN ca ngi c cp . Ngi qun tr nhp mt khu m ho kho b mt trong tp pkcs#12. Qu trnh sinh chng ch kt thc.

Bc 4 : Cp chng ch cho ngi dng . Bn cht ca bc ny l copy chng ch vo a mm cho ngi s dng. thc hin m mn hnh commandline, chuyn th mc hin hnh thnh /MyCA/user. Ngi thc hin nhp s PIN ca ngi s dng cn copy chng ch s. Ngi s dng c cp mt a mm trn c chng ch s ca h di nh dng PKCS12 v chng ch ca CA. Ngi s dng s thc hin ci t cc chng ch ny cho ng dng Mail. Bc 5 : Cp nht chng ch va pht hnh ln LDAP server. thc hin, ngi qun tr chn chc nng Export Certificates to LDAP server Bc 6 : In ni dung chng ch. S dng trang http://printcert .

Qui trnh hu b chng ch : Hu b mt chng ch : - Chn chc nng Revoke a certificate by Administrator. - Ngi qun tr thc hin g ID ca chng ch cn hu b sau nhp mt khu c s dng lm kho gii m kho b mt ca CA. - Qu trnh hu b chng ch c ID c nhp trn c thc hin. Pht hnh CRL v cp nht ln LDAP: Trn my CA ngi qun tr chn mc Issue New CRL v Update current CRL to LDAP server . - Sau bc ny th chng ch ca cc ngi s dng c yu cu hu b c pht hnh v a ln LDAP Server.

Tt c cc my trn h thng CA phi cp nht danh sch ny vo h thng ca mnh thng qua trang publicdatabase t trn my LDAP (vic cp nht CRL cho ngi s dng trn cc mi trng lm vic khc nhau). Cp chng nhn hu b chng ch cho ngi s dng : * Ti CRL t LDAP server v my CA : ti CRL hin ti t LDAP server, phc v cho vic in chng nhn hy b, ngi qun tr trn my CA thc hin : Trong tp /etc/hosts b sung dng: 200.1.1.1 publicdatabase * In chng nhn hu b cho ngi s dng : M trang http ://printcert. Ngi qun tr chn chc nng Print CRL.

EM XIN CHN THNH CM N THY C V CC BN !