Professional Documents
Culture Documents
(123doc) - Nghien-Cuu-Mat-Khau-Su-Dung-Mot-Lan-Va-Ung-Dung PDF
(123doc) - Nghien-Cuu-Mat-Khau-Su-Dung-Mot-Lan-Va-Ung-Dung PDF
N
TT NGHIP I HC
ti:
Nghin cu mt khu s dng mt ln v
ng dng
Gio vin hng dn: TS. Hong Xun Du
Sinh vin thc hin: Nguyn Vit Huy
Lp: D09CNPM2
H Ni, 12/2013
N TT NGHIP
MC LC
LI M U ............................................................................................................................................... 3
DANH MC BNG BIU, HNH V, S .......................................................................................... 5
CHNG 1 TNG QUAN V OTP V NG DNG ...................................................................................... 6
1.1.
1.1.1.
Mt khu l g?...................................................................................................................... 6
1.1.2.
1.1.3.
1.2.
1.2.1.
OTP l g? ............................................................................................................................. 9
1.2.2.
u im ca OTP ................................................................................................................. 9
1.2.3.
Nhc im ca OTP.......................................................................................................... 10
1.3.
1.3.1.
1.3.2.
1.3.3.
S/KEY ................................................................................................................................. 13
1.3.4.
HOTP .................................................................................................................................. 15
1.3.5.
1.4.
Kt chng .................................................................................................................................. 20
2.1.1.
2.1.2.
Phng php sinh OTP bng thut ton da trn mt khu c ........................................... 22
2.1.3.
Phng php sinh OTP bng thut ton da trn giao thc thch thc tr li: ............... 23
2.2.
2.2.1.
2.2.2.
2.2.3.
2.2.4.
2.3.
Kt chng .................................................................................................................................. 36
Page | 1
N TT NGHIP
CHNG 3. NG DNG OTP TRONG XC THC GIAO DCH NGN HNG TRC TUYN ......................... 37
3.1.
Xc thc giao dch ngn hng trc tuyn s dng OTP chuyn giao qua SMS ......................... 37
3.1.1.
3.1.2.
Ci t ................................................................................................................................. 39
3.1.3.
Kt qu ................................................................................................................................ 40
3.2. Xc thc giao dch ngn hng trc tuyn s dng OTP sinh trn in thoi di ng da trn
giao thc Thch thc Tr li ................................................................................................................ 44
3.2.1.
3.2.2.
li
Ci t phn mm sinh OTP trn in thoi di ng da trn giao thc Thch thc Tr
............................................................................................................................................. 45
3.2.3.
Kt qu ................................................................................................................................ 46
3.3.
Kt chng .................................................................................................................................. 48
KT LUN................................................................................................................................................. 49
TI LIU THAM KHO .......................................................................................................................... 50
Page | 2
N TT NGHIP
LI M U
T lu, mt khu (password) c s dng rng ri trong khu ng nhp (log-on)
xc thc ngi dng truy nhp vo cc h thng my tnh v mng. T ng nhp vo
cc phn mm ng dng trn my tnh c nhn n ng nhp vo my ch cng ty v
c website ca cc t chc ti chnh, ngn hng, phng tin chnh xc thc ngi
dng ch l mt khu (tn ng nhp hay username - cng l mt dng password khng c ngha bo mt v thng khng c gi b mt). Tuy nhin, hu ht cc
chuyn gia bo mt u nhn nh password khng cn an ton trc cc th on tn
cng tinh vi hin nay. Mt khu c th b nghe ln, b nh cp, hoc b ph m (vi
cc mt c m ha hoc bm) v sau c th b lm dng tng i d dng. Mt
khu s dng mt ln - OTP (One Time Password) c gii thiu tng cng
an ton trong qu trnh xc thc ngi dng, xc thc cc giao dch, c bit l cc
giao dch thanh ton trc tuyn trong cc h thng ngn hng.
n "Nghin cu v mt khu s dng mt ln v ng dng" c la chn vi
mc ch nghin cu su v mt khu s dng mt ln, cc phng php sinh v to
mt khu s dng mt ln v ng dng. T vic phn tch v u, nhc im ca cc
phng php ny, n tp trung nghin cu v ci t th nghim ng dng mt
khu s dng mt ln nng cao an ton cho xc thc cc giao dch ngn hng trc
tuyn.
n gm 3 chng vi ni dung nh sau:
Chng 1 Tng quan v OTP v ng dng
Gii thiu tng quan v mt khu s dng mt ln (OTP): khi qut v mt khu
s dng mt ln v u, nhc im ca mt khu s dng mt ln. Gii thiu tng
quan v cc ng dng ca mt khu s dng mt ln.
Page | 3
N TT NGHIP
Page | 4
N TT NGHIP
Page | 5
N TT NGHIP
Vy mt khu l g ?
Mt khu l mt hay nhiu t m ngi dng phi bit c cp quyn truy cp, l
mt dng thng tin c bit nh chui cc k t, hnh nh, du vn tay dng xc
thc, chng minh tnh chnh xc mt ngi khi ng nhp vo mt h thng, mt dch
v hay mt ng dng no [8].
Page | 6
N TT NGHIP
Page | 7
N TT NGHIP
Page | 8
N TT NGHIP
1.2.2. u im ca OTP
OTP c nhiu u im so vi mt khu truyn thng. C th:
-
D dng s dng: Vic nhn dng v xc thc c thc hin trong vi giy, trnh
Linh hot: Ngi dng d dng s dng cho cc my tnh khc nhau v d mang
Page | 9
N TT NGHIP
Cc gii php c th ng dng OTP gm: Web mail server, CRM (H qun l khch
hng), ERP (Hoch nh ngun lc doanh nghip), H thng qun l ti liu, Thng
mi in t...
1.2.3. Nhc im ca OTP
OTP s mt an ton khi ch ti khon b mt thit b sinh OTP (OTP Token) hay k
cp c th xm nhp vo h thng gi/nhn tin nhn SMS bit c OTP mi khi
khch hng thc hin giao dch. Ngoi ra, nu nh h thng mng vin thng b chm,
qu ti... hay v l do g m tin nhn SMS gi OTP n chm th giao dch da vo
OTP chuyn giao qua SMS s khng thc hin c.
Hin nay, do tit kim chi ph u t mt s doanh nghip ch s dng hnh thc xc
thc qua tn nh danh ngi dng (username) v mt khu dng mt ln (OTP)
chuyn giao n ngi dng qua tin nhn SMS n in thoi di ng. Tn nh danh
ngi dng d dng b l khi ngi dng ng nhp trn Internet, tham gia cc hot
ng trn mng x hi hoc din n Cn OTP s mt an ton khi ngi dng b
nh cp th SIM in thoi.
Page | 10
N TT NGHIP
Page | 11
N TT NGHIP
Page | 12
N TT NGHIP
1.3.3. S/KEY
S/Key cn c gi l Lamport scheme [7], l mt gii php ph bin c pht trin
xc thc cc ng dng u cui trn cc h iu hnh thuc h Unix. Vic sinh mt
khu da trn hm bm.
Mt khu thc s ca ngi dng c kt hp vi mt thit b offline cha mt tp
ngn cc k t v mt b m gim dn to ra mt mt khu. V mi mt khu ch
c s dng mt ln nn chng v dng vi nhng k cp mt khu.
V tp cc k t khng thay i cho n khi b m gim v 0, nn c th chun b mt
danh sch mt khu dng mt ln m ngi dng c th mang theo. Ni mt cch
khc, ngi dng c th a ra mt khu, cc k t, v gi tr b m mong mun cho
mt my tnh cc b to ra mt khu dng mt ln ph hp, sau c th truyn
mt khu ny trn mng.
S/Key c h tr trong cc h iu hnh Linux, OpenBSD, NetBSD, v FreeBSD.
Mt ng dng m ngun m chung, nh ng dng OPIE [17] c th c dng h
tr vic s dng S/Key trn cc h thng khc. S/Key l thng hiu ca cng ty
Telcordia Technologies [17].
Page | 13
N TT NGHIP
- Xc thc
Sau qu trnh sinh mt khu, ngi dng c mt danh sch cc mt khu. Mt khu
u tin cng l mt khu server ang lu. Mt khu ny s khng c dng xc
thc, v mt khu th hai s c dng:
Ngi dng cung cp cho server mt khu pwd th hai trong danh sch ca mnh
v gch b n i.
Server tnh H(pwd) trong pwd l mt khu c cung cp. Nu H(pwd) l mt
khu u tin (ci server ang lu) th qu trnh xc thc thnh cng. Server s tnh
H(mt khu i) v so snh kt qu vi mt khu i-1, c lu trn server.
- Tnh bo mt
Tnh bo mt ca S/Key ph thuc vo phc tp ca hm bm m ha. Gi s rng
mt k tn cng gi mt mt khu c dng cho mt ln xc thc thnh cng.
Gi mt khu ny l i, mt khu ny khng cn gi tr trong qu trnh xc thc na
NGUYN VIT HUY D09CNPM2
Page | 14
N TT NGHIP
Page | 15
N TT NGHIP
Page | 16
N TT NGHIP
Da trn thut ton sinh OTP, thit b OTP c 2 dng: ng b thi gian v dng b
m.
Loi thit b OTP ng b thi gian to ra m s kh on (mt m hay kha) da vo
ng h trong v m s ny c xc thc vi iu kin ng h trong ca thit b
OTP ng b vi my ch xc thc. Do s x dch ca ng h, vic ng b tuyt i
thi gian gia thit b OTP v my ch l khng th nn my ch xc thc phi chp
nhn cc kha c s sai lch i cht. iu quan trng l thu hp khung ca xc
thc n nh nht gim thiu kh nng b tn cng. a phn cc nh cung cp thit
b OTP p dng phng thc cng dn thi gian x dch iu chnh vi mi xc
thc thnh cng. Thit b OTP ng b thi gian c th phi cn chnh li nu khng
c s dng trong mt thi gian di.
Loi thit b OTP dng b m tng b m mi khi sinh ra mt kha mi v kha ny
c xc thc vi iu kin b m trong ca thit b OTP ng b vi my ch xc
thc. Khc vi b m trong ca thit b OTP, b m ca my ch c iu chnh
vi mi xc thc thnh cng. Vi loi ny, thit b OTP v my ch xc thc d b
mt ng b.
So vi thit b OTP ng b thi gian, thit b OTP dng b m km an ton hn
trong vic chng li kiu tn cng th ng online v offline. Tin tc c th thc hin
tn cng kiu gi mo (phishing) v thu thp nhiu kha dng sau , hay ai ly
NGUYN VIT HUY D09CNPM2
Page | 17
N TT NGHIP
Page | 18
N TT NGHIP
Page | 19
N TT NGHIP
1.4. Kt chng
Chng 1 gii thiu v cc khi nim c bn bao gm nh ngha mt khu, mt
khu s dng mt ln (OTP) cng nh cc phng php xc thc mt khu, mt khu
s dng mt ln. OTP c ng dng cho nhiu lnh vc nh: ng dng trong xc
thc giao dch, ng nhp mt ln, S/Key, HOTP, Security Token ... Mt khu s dng
mt ln tuy vn cn nhiu nhc im cha th khc phc, nhng hin ti n vn l
mt phng php bo mt kh an ton trong thi im hin nay so vi mt khu truyn
thng.
Page | 20
N TT NGHIP
Thit lp:
-
Xc thc:
Page | 21
N TT NGHIP
2.1.2. Phng php sinh OTP bng thut ton da trn mt khu c
OTP sinh ra bng thut ton da trn mt khu c khng c gi tr thay i theo thi
gian, m chng c sinh ra theo thut ton mi khi c yu cu s dng. Thut ton
ca bn xc thc v ngi dng phi ng b vi nhau. Mi ln mt ngi dng c
xc thc thnh cng, bn xc thc s ch chp nhn mt OTP ktip c sinh ra bi
thut ton. Khng ging OTP da trn thi gian, OTP da trn ton hc ch c gi tr
cho mt ln s dng v khng b tn cng nh m t trn khi m mt khu c
s dng nhiu ln trong mt khong thi gian. V vic ng b ha ng h v sai s
ng h khng phi l vn . Mt vn cn quan tm l nu mt khu da trn ton
NGUYN VIT HUY D09CNPM2
Page | 22
N TT NGHIP
2.1.3. Phng php sinh OTP bng thut ton da trn giao thc Thch thc
Tr li:
Giao thc th thch v tr li (Challenge Response) cho php ngi truy nhp t xc
thc mnh vi h thng bng cch chng minh hiu bit ca mnh v gi tr mt m b
mt m khng yu cu ngi truy nhp tit l gi tr b mt. H thng xc thc a ra
cho ngi truy nhp mt s c to ra mt cch ngu nhin c gi l th thch
(challenge). Ngi truy nhp nhp s th thch v gi tr bmt hm mt m tnh ra
cu tr li. H thngxc thcthng tinnhn dng ngi truy nhp thnh cng nu cu
tr li l gi tr mong i. Do th thch l mt s ngu nhin, nn giao thc th thch
tr li cung cp mt l chn c hiu qu chng li dng tn cng pht li. Hnh 2.2
minh ha qu trnh xc thc ngi dng da trn giao thc thch thc tr li.
Page | 23
N TT NGHIP
Hnh 2.2: M hnh xc thc ngi dng da trn giao thc Thch thc Tr li.
Xc thc khng mt m ni chung thch hp trong nhng ngy trc khi c Internet ,
khi ngi dng c th chc chn rng h thng yu cu mt khu thc s l h
thng m h ang c gng truy cp, v khng ai c kh nng nghe trm trn
cc ng truyn ly cc mt khu c nhp vo. gii quyt vn ny chng
ta cn phi c mt cch tip cn khc phc tp hn. Nhiu gii php lin quan n mt
m xc thc hai chiu, trong c ngi s dng v h thng phi dng mt phng
php thuyt phc khc m h bit c th chia s b mt (mt khu), m khng bao gi
b mt ny c truyn i mt cch r rng trn cc ng truyn, ni nhng k
trm c th l rnh rp, nh cp.
Mt trong nhng phng php c thc hin lin quan n vic s dng mt khu
l mt bn m ha mt s thng tin ngu nhin nhm to ra cc thch thc (challenge),
sau , u kia phi hi p li mt tr li (response) mt gi tr tng t nh m ha
l mt s chc nng c xc nh trc cc thng tin ban u c cung cp, do
chng minh rng n c th gii m cc th thch.
Page | 24
N TT NGHIP
Page | 25
N TT NGHIP
My khch gi cr v cc cho my ch
chnh xc
My ch s gi sr
chnh xc
sc l thch thc to ra bi my ch
cr l tr li ca my khch
sr l tr li ca my ch
Page | 26
N TT NGHIP
Page | 27
N TT NGHIP
Page | 28
N TT NGHIP
u im ca phng php chuyn giao OTP bng tin nhn SMS l tin nhn vn
bn l mt knh truyn thng ph bin, c sn trong gn nh tt c cc thit b cm
tay vi lng ngi s dng kh ln. y cng l mt li th so snh ln ca loi cng
c ny so vi vic s dng cc loi thit b phn phi OTP khc. Trn thc t th loi
cng c ny c nhiu tim nng ph bin ti nhiu ngi tiu dng vi tng chi
ph thp. Tt nhin cng vi mt s trng hp khc th gi ca mi tin nhn thng
xuyn cho mi mt OTP khng hn ph hp.
Cch thc gi nhn OTP qua tin nhn vn bn cng bc l mt s vn , l n
khng c bo v cn thit chng li cc cuc tn cng m s tinh vi ang ngy
cng gia tng. Cc tin nhn c th c m ha bng cch s dng mt s tiu
chun nh A5/x, iu m theo bo co ca mt s nhm tin tc c th gii m trong
vng vi pht hoc vi giy, hoc n khng c m ho bi nhng nh cung cp dch
v khi nhn v gi i ti tt c. Ngoi cc mi e do t tin tc, cc nh mng in
thoi di ng cng l mt thnh phn trong vic m bo s tin cy. V d trong
trng hp chuyn vng, qua nhiu hn mt nh mng in thoi di ng n l rt
cn phi to c s tin tng. V bt c ai nh cp c thng tin ny, u c th
gn kt vi nhng k tn cng, chng hn nh cc cuc tn cng man-in-themiddle. Gii php cho vn l xc thc Out of Band, trong s dng mt knh
ring bit cho yu t xc thc th hai, ang tr thnh mt thc tin tt nht cho vn
xc thc hai yu t.
2.2.3. To OTP s dng token
Token l mt thit b dng xc thc ngi dng thay cho c ch ID/Username v
mt khu ng nhp. Mi thit b token u phn bit nhau v c nh cung cp dch
v gn vi mt ngi dng c th. OTP c th c sinh trn token.
Thit b token hot ng theo phng thc t to cc dy s ngu nhin (OTP) v c
gi tr ch trong mt khong thi gian nht nh (thng di 1 pht). Chng hn, khi
ngi dng mun ng nhp vo trang web ngn hng - ni cung cp thit b token,
Page | 29
N TT NGHIP
thc hin giao dch, ngi dng phi nhp dy s OTP trn thit b token vo mt
khu th mi c truy cp. Nu sau thi gian qui nh trn thit b token, OTP ny s
khng cn gi tr, v nu ngi dng vn cha ng nhp hay hon tt giao dch th h
phi nhn nt hay thit b token s t ng to ra OTP mi v ngi dng nhp OTP
mi ny ng nhp hay hon tt giao dch. C th tham kho mt s dch v dng
thit b token: www.payoo.com.vn,www.fpts.com.vn.
Page | 30
N TT NGHIP
Page | 31
N TT NGHIP
Page | 32
N TT NGHIP
2.2.4. To OTP s dng in thoi di ng
Page | 33
N TT NGHIP
Page | 34
N TT NGHIP
Page | 35
N TT NGHIP
2.3. Kt chng
Chng 2 trnh by cc phng php sinh mt khu s dng mt ln (OTP) v cc
phng php chuyn giao chng n ngi s dng. C 3 phng php sinh OTP
thng dng, bao gm phng php sinh s dng thi gian ng b, sinh s dng thut
ton v sinh OTP da trn giao thc thch thc - tr li. Cc phng php chuyn giao
OTP n ngi s dng gm phng php in ra giy, gi OTP bng tin nhn SMS, s
dng token v phng php MOTP. Mi phng php sinh v chuyn giao OTP u
c nhng c trng v cc u, nhc im ring. Do , theo yu cu bo mt c th
ca mi h thng m ta la chn mt phng php ph hp.
Page | 36
N TT NGHIP
Page | 37
N TT NGHIP
Kch bn th nghim:
Trc khi c th thc hin cc giao dch trc tuyn c xc thc bng OTP, ngi dng
cn thc hin cc th tc ng k ti khon giao dch trc tuyn, gm username,
passwordv s in thoi vi ngn hng. Sau , ngi dng s s dng cc thng tin
ny khi giao dch chuyn tin trn trang thanh ton trc tuynca ngn hng . Kch
bn thc hin giao dch trc tuyn c xc thc bng OTP gm cc bc sau:
1. Ngi dng ng nhp vo trang thanh ton trc tuyn ca ngn hng s dng
username v password ng k.
2. H thng xc thc thng tin ti khon ngi dng; Nu chnh xc s cho ngi dng
truy cp vo h thng.
3. Ngi dngvo ng dng chuyn tin trc tuyn. Giao din chuyn tin trc tuyn
xut hin.
4. Ngi dng s nhp ln lt cc thng tin ca giao dch vo giao din chuyn tin
trc tuyn bao gm: ti khon ngi nhn, s tin chuyn khon, ni dung chuyn
tin; v ngi dng s la chn Gi tin nhn SMS trong Hnh thc nhn m giao
dch.
5. Ngi dng nhn vo nt Chp nhn. Giao din xc thc OTP xut hin. ng
h m li 1 pht (thi gian sng hp l ca OTP) bt u chy.
6. Mt tin nhn s c gi t tng i ca h thng ti in thoi ca ngi dng
cha m giao dch OTP. Ngi dng nhp m OTP nhn c t tin nhn SMS vo
xc thc v nhn nt Chp nhn. Nu ngi dng nhp ng OTP v trong khong
thi gian cho php th giao din giao dch thnh cng xut hin. Nu ngi dng nhp
sai th h thng s yu cu ngi dng nhp li OTP.
Page | 38
N TT NGHIP
3.1.2. Ci t
Chng trnh th nghim c ci t trn h iu hnh Microsoft Windows, ngn
ng C# trn phn mm lp trnh Microsoft Visual Studio kt hp vi h qun tr c s
d liu My SQL h thng c th truy xut c s d liu.
Thut ton bm SHA 1 c s dng to ra OTP. C s d liu c s dng
xc thc ngi dng, lu lch s giao dch. C s d liu lu tr username, password,
tn ch ti khon, s tin hin c v cc ln giao dch.
Phn mm bn server c xy dng di dng web server. Pha server da vo OTP
gi ti di ng ngi dng a ra quyt nh cho php ngi dng thanh ton
hay t chi yu cu ny. Phn mm ny tng tc vi c s d liu lu thng tin ca
ngi dng cng nh ti khon ca h. Chng trnh s dng mt in thoi m
phng mt tng i gi tin nhn cha OTP.
Page | 39
N TT NGHIP
3.1.3. Kt qu
Trong phn demo, mt trang ch Banking v hai trang khc nhau c ci t. Trang
ch c hin thdanh sch hai trang ny trn trang web ca mnh ngi s dng c
th click vo trang. Ban u ngi dng phi ng nhp vo trang ch vi
username v password ca mnh. Mn hnh ng nhp nh minh ha trn Hnh 3.2.
Page | 40
N TT NGHIP
Trn trang web c cha danh sch hai trang m ngi dng c quyn c truy
cp sau khi ng nhp l: Chuyn khon v Lch s giao dch. Sau khi ng nhp
thnh cng bng username v password ng k trc , ngi dng click vo
Chuyn khon v s c hng ti trang Chuyn khon. Trang Chuyn khon
c thit k nh trn Hnh 3.3.
Page | 41
N TT NGHIP
Sau khi ng nhp bng ti khon ca mnh, trn trang chuyn khon s hin ln thng
tin ca ngi dng vi c s d liu hin ti bao gm: s ti khon, h tn, s d ti
khon, s in thoi. Ngi dng s phi nhp s tin chuyn khon, s ti khon
ngi nhn, ni dung chuyn tin. Trong Hnh thc nhn m giao dch c hai la
chn cho ngi dng l: Tin nhn SMS v Challenge Response, phn ny chng ta
s la chn Tin nhn SMS. Sau khi in y thng tin cho ln giao dch, ngi
dng n vo nt Chp nhn, mt tin nhn cha OTP s c gi ngay n cho ngi
dng v ngi dng s c hng ti trang Xc Nhn xc thc OTP. Trang Xc
Nhn c thit k nh trn hnh 3.4.
Page | 42
N TT NGHIP
Page | 43
N TT NGHIP
3.2. Xc thc giao dch ngn hng trc tuyn s dng OTP sinh trn in thoi di
ng da trn giao thc Thch thc Tr li
3.2.1. M t kch bn th nghim
Hnh 3.6 m t qu trnh xc thc s dng OTP sinh trn in thoi di ng s dng
giao thc Thch thc Tr li (Challenge Response).
Page | 44
N TT NGHIP
3. Ngi dng s nhp ln lt cc thng tin ca ln giao dch vo giao din chuyn
tin trc tuyn bao gm: s tin chuyn khon, ti khon ngi nhn, ni dung chuyn
tin; v ngi dng s la chn Challenge - Response trong Hnh thc nhn m
giao dch. Mt Challengecha mt OTP v mt M giao dch trng hin
ln.
4. Ngi dng khi ng ng dng Mobile OTP ci trn in thoi; ng dng hin
ln bao gm cc : Challenge, Money, OTP. Ngi dng nhp m Challenge v s tin
cn chuyn c trn trang web vo in thoi v nhn nt OK. ng dng s sinh ra
mt OTP cho ngi dng.
5. Ngi dng nhp OTP va nhn c vo M giao dch v nhn nt Chp
nhn. Nu ngi dng nhp ng OTP th giao din giao dch thnh cng lp tc
xut hin. Nu ngi dng nhp sai th h thng s yu cu ngi dng nhp li OTP.
Page | 45
N TT NGHIP
3.2.3. Kt qu
Hnh 3.7: Trang Chuyn Khon khi xc thc bng Challenge Response
Page | 46
N TT NGHIP
Tng t nh vic xc thc giao dch ngn hng trc tuyn s dng OTP chuyn giao
qua SMS, sau khi ng nhp vo khon ca mnh, ngi dng hng ti trang Chuyn
Khon, nhp cc thng tin giao dch v chn Challenge Response trong Hnh
thc nhn m giao dch. Lc ny h thng s t ng to ra mt OTP Challenge.
Ngi dng s s dng OTP ny cng vi s tin nhp vo ng dng trong thit b
di ng nh Hnh 3.8.
Ngi dng sau khi bit c challenge t server s nhp challenge v s tin s dng
trong giao dch vo in thoi, sau nhn nt OK , phn mm s kt hp challenge
v s tin sinh ra mt OTP mi xc thc giao dch.
NGUYN VIT HUY D09CNPM2
Page | 47
N TT NGHIP
3.3. Kt chng
Trong chng ny, chng ta tin hnh xy dng v th nghim chng trnh th
nghim v xc thc giao dch ngn hng trc tuyn s dng OTP chuyn giao qua
SMS v xc thc giao dch ngn hng trc tuyn s dng OTP sinh trn in thoi di
ng da trn giao thc Thch thc Tr li. C hai phng php sinh v chuyn giao
OTP c ci t c kh nng cung cp tnh bo mt cao cho xc thc giao dch trc
tuyn. Cc ng dng ny c kh nng trin khai rng ri trong thc t do khng i hi
b sung phn cng hay phn mm phc tp.
Page | 48
N TT NGHIP
KT LUN
Mt khu s dng mt ln (OTP) l mt khu ch c s dng mt ln duy nht
xc thc mt giao dch hoc mt phin lm vic. Do OTP ch c s dng mt ln
nn c an ton cao hn so vi mt khu truyn thng, trnh c cc dng tn cng
nh nghe ln. n nghin cu v mt khu s dng mt ln, cc k thut sinh v
chuyn giao mt khu mt ln v ng dng vo xc thc cc giao thc trc tuyn. C
th, cc ni dung n thc hin:
- Nghin cu tng quan v mt khu s dng mt ln v ng dng ca mt khu s
dng mt ln.
- Nghin cu cc phng php sinh mt khu s dng mt lnda trn thi gian,
da trn thut ton; phng php sinh mt khu bng Token v in thoi di ng;
cc phng php chuyn giao mt khu s dng mt ln bng giy, bng tin nhn
SMS.
- n ci t v th nghim thnh cng ng dng mt khu s dng mt ln
trong xc thc giao dch ngn hng trc tuyn s dng phng php chuyn giao
OTP thng qua tin nhn SMS v sinh OTP trn in thoi di ng.
Hng pht trin tip theo ca n c th l:
- Nghin cu v ng nhp mt ln s dng mt khu s dng mt ln;
- Ci tin ng dng sinh OTP trn in thoi di ng v giao din v tnh nng
vic xc thc ngi dng tr nn thn thin, tin li v m bo an ton cao
hn.
Page | 49
N TT NGHIP
D. MRaihi, J. Rydell, S. Bajaj, S. Machani, D. Naccache, OATH ChallengeResponse Algorithm, June 2011.
[2].
D. MRaihi, J. Rydell, S. Bajaj, S. Machani, D. Naccache, Time-Based OneTime Password Algorithm, May 2011.
[3].
[4].
http://www.rsa.com/node.aspx?id=1156 , 9/2013
[5].
[6].
[7].
[8].
Xc thc http://vi.wikipedia.org/wiki/X%C3%A1c_th%E1%BB%B1c
[9].
[10].
Challenge-Response Algorithm
http://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication,
9/2013
[11].
[12].
http://datasecurity.vn/tech/business-tech/1590-chng-thc-trong-mt-ngan-hanginternet.html, 10/2013
[13].
Dng Hong Anh, Nguyn Vit Huy, Nguyn Vn Tn, Phm Minh T Bo
co nghin cu khoa hc: Nghin cu v mt khu s dng mt ln v ng
dng, 12/2012.
[14].
[15].
Page | 50
N TT NGHIP
[16].
Th gii vi tnh
http://pcworld.com.vn/pcworld/printArticle.asp?atcl_id=5f5e5d5e5e5f5a,
10/2013
[17].
[18].
[19].
[20].
http://gamethu.vnexpress.net/gt/diem-tin/2006/03/3b9ad22c/, 10/2013
Page | 51