Scribd Logo
Upload

Welcome to Scribd!

  • AN TOÀN DỮ LIỆU

    Uploaded by

    haitacbe
    11 views13 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views13 pages

    AN TOÀN DỮ LIỆU

    Uploaded by

    haitacbe

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    AN TON D LIU Ngy nay, khi m nhu cu trao i thng tin d liu ngy cng ln v a dng, cc tin b v in t - vin

    thng v cng ngh thng tin khng ngng c pht trin ng dng nng cao cht lng v lu lng truyn tin th cc quan nim tng v bin php bo v thng tin d liu cng ngy cng c i mi. Bo v an ton thng tin d liu l mt ch rng, c lin qua n nhiu lnh vc v trong thc t c th c rt nhiu phng php c thc hin bo v an ton thng tin d liu 12 iu cn bit bo v an ton d liu: 1. D liu no cn u tin bo v Tht s c qu nhiu d liu cn bo mt nh thng tin khch hng, nhn s, b mt thng mi, thng tin ti chnh, k hoch kinh doanh... do bn cn u tin xc nh nhng thng tin no quan trng, c nh hng nhiu n hot ng kinh doanh, sn xut. Chng hn thng tin v khch hng s quyt nh s thnh bi trong hot ng kinh doanh, bn nn xc lp mc u tin cao nht, u t cc gii php qun l, h tng k thut bo mt d liu nh s dng phn mm qun l khch hng, v d Misa CRM (ID: B0901_48), Microsoft Dynamic CRM, SugarCRM... 2. Phng nga cc mi e da t Internet K ph hoi bng nhiu cch s xm nhp vo h thng mng, ly cp thng tin, ph hy d liu hoc lm nh tr hot ng kinh doanh, do bn cn lp t thit b bo v ngay t cng truy cp Internet hn ch ti a mc xm nhp. Hin nay Internet ADSL kh thng dng v ph bin, bn c th s dng router ADSL tch hp tng la, pht hin xm nhp ca hng DrayTek (ID: A0905_67), Dlink, Linksys hoc s dng cc thit b tng la phn cng chuyn dng ca O2Security, Cyberoam, Barracuda hay cc chng trnh tng la dng phn mm nh ZoneAlarm, Comodo Firewall bo v cng truy cp Internet ca mnh 3. Ngn nga cc mi e da t mng ni b i vi d liu quan trng bn cn trnh cc mi e da t virus, su my tnh. Bn c th s dng phn mm chng virus AVG (ID: A0905_68), Kaspersky (ID: A0806_88), Panda, Symantec Norton,... Nhn vin bt mn hay sp ngh vic cng l ni lo i vi d liu nhy cm. Nu c nhu cu qun l truy cp mc cao, chi tit hn, bn c th s dng thit b gim st mng chuyn dng dng phn cng nh O2Security (ID: A0904_65) hoc dng phn mm nh LanHelper, Network 4. Phng nga cc mi e da t con ngi i tc, khch n giao dch ti cng ty, nhn vin giao nhn hng ha cng l mi e da n an ton thng tin. Khch n giao dch, h c th i lang thang ng nghing xung quanh cng ty bn hoc i tc c mi vo phng lm vic, bn c vic ra khi phng vi pht, khi c chc cc ti liu, vn bn trn bn khng b dm ng? Nhn vin qua li gia cc phng, bn c th ly thng tin ti liu ca nhau... V vy bn cn c phng tip khch, khu vc giao dch ring bit; ct gi cn thn cc thng tin, ti liu quan trng vo ngn ko, lp t ca t ti cc phng, sau na cn lp t camera gim st nh Vivotek (ID: A0905_63), Dlink (ID: A0910_72), Panasonic (ID:A0901_62), v.v. 5. Lu tr thng tin, ti liu dng s. Vn bn, ti liu quan trng nh hp ng thu vn phng, bo co thu, bo co ti chnh...cn c sao chp, lu gi dng s. Thng tin dng s s gip bn d dng trong vic ct gi, sao lu, bo v, tm kim trch lc. Bn c th s dng my qut

    Kodak (ID: A0907_70), HP, Genius, sao chp ti liu. i vi cc loi ti liu c, nhu nt, bn c th chp li bngmy nh s. 6. Qun l, kim tra, i chiu vn bn, ti liu Cn xc nh thi gian bo mt, lu tr thng tin, ti liu, vn bn. Cc tp tin, ti liu ang s dng hoc khng cn gi tr cn c sp xp, lu tr hp l phc v cng tc trch lc, i chiu. Cc phn mm qun l vn bn nh eDocman (ID: B0506_42), K-EDMS, hay phn mm vn phng in t (eOffice) s gip vic qun l ca bn tr nn hiu qu v chuyn nghip hn. 7. t tn tp tin qui c Mi tp tin, ti liu nn c tn qui c, phc v vic lu tr tm kim. Tn qui c nn ngn gn, d tra cu. 8. m bo d liu khng cn s dng chc chn c xa b Khi thanh l my tnh c, bn cn m bo tt c d liu trong my tnh phi c xa b hon ton (ID: A0702_111). Nhng ti liu quan trng ht gi tr hoc c sai st trong qu trnh nhp liu b loi b cn phi c hy bng my hy giy. c bit cc ti liu ca phng k hoch, phng k ton l ni c nhiu thng tin kh nhy cm. 9. Nhn vin hiu bit y qui nh, th tc bo v thng tin Cn m bo nhn vin hiu r cch bo v d liu ca mnh. Chng hn khng cung cp mt m truy cp cho ngi khc; khi nhn cuc gi, thng tin khng thuc thm quyn th cn chuyn sang b phn c quyn hn, chc nng tr li. Trnh tnh trng b khai thc thng tin qua in thoi, e-mail. Mi nhn vin phi bit cch t qun l, sao lu, khi phc d liu v khng phi lc no nhn vin CNTT cng lun c mt h tr. 10. Lu tr d liu t ng Hu ht doanh nghip VVN sao lu d liu bng tay, iu ny c rt nhiu ri ro. Vic t ng lu tr d liu s gip trnh sai st, b qun, trng tp tin. Bn c th s dng a cng mng D-Link (ID: A0905_59), Synology (ID:A0907_68), Qnap. 11. Bo v d liu c lu tr nhiu ni an ton Nhiu doanh nghip va v nh sau khi lu tr, d phng d liu xong li ct gi ngay ti ch hoc trong vn phng. iu ny rt nguy him nu xy ra ha hon, l lt, khi d liu chnh v d liu d phng u mt. Bn c th s dng a cng gn ngoi Fujitsu, iSmart, Transcend (ID: A0905_58) sao chp v ct gi mt ni an ton cch xa vn phng. 12. C k hoch kim tra cc tp tin lu tr d phng Bn nn c k hoch kim tra li cc d liu lu tr d phng, v bit u n khi s c xy ra, d liu bn cn khi phc li khng phi l tp tin d liu bn cn. Doanh nghip va v nh hoc c nhn s dng my tnh c th p dng mt s li khuyn trn bo v an ton d liu ca mnh, m bo hot ng kinh doanh, tin cng vic lun thng sut. Ni dung ca an ton v bo mt thng tin Khi nhu cu trao i thng tin d liu ngy cng ln v a dng, cc tin b v in t - vin thng v cng ngh thng tin khng ngng c pht trin ng dng nng cao cht lng v lu lng truyn tin th cc quan nim tng v bin php bo v thng tin d liu cng c i mi. Bo v an ton thng tin d liu l mt ch rng, c lin quan n nhiu lnh vc v trong thc t

    c th c rt nhiu phng php c thc hin bo v an ton thng tin d liu. Cc phng php bo v an ton thng tin d liu c th c quy t vo ba nhm sau: - Bo v an ton thng tin bng cc bin php hnh chnh. - Bo v an ton thng tin bng cc bin php k thut (phn cng). - Bo v an ton thng tin bng cc bin php thut ton (phn mm). Ba nhm trn c th c ng dng ring r hoc phi kt hp. Mi trng kh bo v an ton thng tin nht v cng l mi trng i phng d xn nhp nht l mi trng mng v truyn tin. Bin php hiu qu nht v kinh t nht hin nay trn mng truyn tin v mng my tnh l bin php thut ton. An ton thng tin bao gm cc ni dung sau: - Tnh b mt: tnh kn o ring t ca thng tin - Tnh xc thc ca thng tin, bao gm xc thc i tc( bi ton nhn danh), xc thc thng tin trao i. - Tnh trch nhim: m bo ngi gi thng tin khng th thoi thc trch nhim v thng tin m mnh gi. m bo an ton thng tin d liu trn ng truyn tin v trn mng my tnh c hiu qu th iu trc tin l phi lng trc hoc d on trc cc kh nng khng an ton, kh nng xm phm, cc s c ri ro c th xy ra i vi thng tin d liu c lu tr v trao i trn ng truyn tin cng nh trn mng. Xc nh cng chnh xc cc nguy c ni trn th cng quyt nh c tt cc gii php gim thiu cc thit hi. C hai loi hnh vi xm phm thng tin d liu l: vi phm ch ng v vi phm th ng. Vi phm th ng ch nhm mc ch cui cng l nm bt c thng tin (nh cp thng tin). Vic lm c khi khng bit c ni dung c th nhng c th d ra c ngi gi, ngi nhn nh thng tin iu khin giao thc cha trong phn u cc gi tin. K xm nhp c th kim tra c s lng, di v tn s trao i. V vy vi pham th ng khng lm sai lch hoc hy hoi ni dung thng tin d liu c trao i. Vi phm th ng thng kh pht hin nhng c th c nhng bin php ngn chn hiu qu. Vi phm ch ng l dng vi phm c th lm thay i ni dung, xa b, lm tr, xp xp li th t hoc lm lp li gi tin ti thi im hoc sau mt thi gian. Vi phm ch ng c th thm vo mt s thng tin ngoi lai lm sai lch ni dung thng tin trao i. Vi phm ch ng d pht hin nhng ngn chn hiu qu th kh khn hn nhiu. Mt thc t l khng c mt bin php bo v an ton thng tin d liu no l an ton tuyt i. Mt h thng d c bo v chc chn n u cng khng th m bo l an ton tuyt i. 1.2. Cc chin lc an ton h thng : a. Gii hn quyn hn ti thiu (Last Privilege): y l chin lc c bn nht theo nguyn tc ny bt k mt i tng no cng ch c nhng quyn hn nht nh i vi ti nguyn mng, khi thm nhp vo mng i tng ch c s dng mt s ti nguyn nht nh. b. Bo v theo chiu su (Defence In Depth):

    Nguyn tc ny nhc nh chng ta : Khng nn da vo mt ch an ton no d cho chng rt mnh, m nn to nhiu c ch an ton tng h ln nhau. c. Nt tht (Choke Point) : To ra mt ca khu hp, v ch cho php thng tin i vo h thng ca mnh bng con ng duy nht chnh l ca khu ny. => phi t chc mt c cu kim sot v iu khin thng tin i qua ca ny. d. im ni yu nht (Weakest Link) : Chin lc ny da trn nguyn tc: Mt dy xch ch chc ti mt duy nht, mt bc tng ch cng ti im yu nht K ph hoi thng tm nhng ch yu nht ca h thng tn cng, do ta cn phi gia c cc yu im ca h thng. Thng thng chng ta ch quan tm n k tn cng trn mng hn l k tip cn h thng, do an ton vt l c coi l yu im nht trong h thng ca chng ta. e. Tnh ton cc: Cc h thng an ton i hi phi c tnh ton cc ca cc h thng cc b. Nu c mt k no c th b gy mt c ch an ton th chng c th thnh cng bng cch tn cng h thng t do ca ai v sau tn cng h thng t ni b bn trong. f. Tnh a dng bo v :Cn phi s dng nhiu bin php bo v khc nhau cho h thng khc nhau, nu khng c k tn cng vo c mt h thng th chng cng d dng tn cng vo cc h thng khc. 1.3 Cc mc bo v trn mng : V khng th c mt gii php an ton tuyt i nn ngi ta thng phi s dng ng thi nhiu mc bo v khc nhau to thnh nhiu hng ro chn i vi cc hot ng xm phm. Vic bo v thng tin trn mng ch yu l bo v thng tin ct gi trong my tnh, c bit l cc server trn mng. Bi th ngoi mt s bin php nhm chng tht thot thng tin trn ng truyn mi c gng tp trung vo vic xy dng cc mc ro chn t ngoi vo trong cho cc h thng kt ni vo mng. Thng thng bao gm cc mc bo v sau: a. Quyn truy nhp Lp bo v trong cng l quyn truy nhp nhm kim sot cc ti nguyn ca mng v quyn hn trn ti nguyn . D nhin l kim sot c cc cu trc d liu cng chi tit cng tt. Hin ti vic kim sot thng mc tp. b. ng k tn /mt khu. Thc ra y cng l kim sot quyn truy nhp, nhng khng phi truy nhp mc thng tin m mc h thng. y l phng php bo v ph bin nht v n n gin t ph tn v cng rt hiu qu. Mi ngi s dng mun c tham gia vo mng s dng ti nguyn u phi c ng k tn v mt khu trc. Ngi qun tr mng c trch nhim qun l, kim sot mi hot ng ca mng v xc nh quyn truy nhp ca nhng ngi s dng khc theo thi gian v khng gian (ngha l ngi s dng ch c truy nhp trong mt khong thi gian no ti mt v tr nht nh no ). V l thuyt nu mi ngi u gi kn c mt khu v tn ng k ca mnh th s khng xy ra cc truy nhp tri php. Song iu kh m bo trong thc t v nhiu nguyn nhn rt i thng lm gim hiu qu ca lp

    bo v ny. C th khc phc bng cch ngi qun mng chu trch nhim t mt khu hoc thay i mt khu theo thi gian. c. M ho d liu bo mt thng tin trn ng truyn ngi ta s dng cc phng php m ho. D liu b bin i t dng nhn thc c sang dng khng nhn thc c theo mt thut ton no v s c bin i ngc li trm nhn (gii m). y l lp bo v thng tin rt quan trng. d. Bo v vt l Ngn cn cc truy nhp vt l vo h thng. Thng dng cc bin php truyn thng nh ngn cm tuyt i ngi khng phn s vo phng t my mng, dng kho trn my tnh hoc cc my trm khng c mm. e. Tng la Ngn chn thm nhp tri php v lc b cc gi tin khng mun gi hoc nhn v cc l do no bo v mt my tnh hoc c mng ni b (intranet) f. Qun tr mng. Trong thi i pht trin ca cng ngh thng tin, mng my tnh quyt nh ton b hot ng ca mt c quan, hay mt cng ty x nghip. V vy vic bo m cho h thng mng my tnh hot ng mt cch an ton, khng xy ra s c l mt cng vic cp thit hng u. Cng tc qun tr mng my tnh phi c thc hin mt cch khoa hc m bo cc yu cu sau : hnh a: cc ,c bo v trn mng my tnh Tng la (Fire Walls) Bo vt l (Physical protect) M ho d liu (Data Encryption) ng k v mt khu (Login/Password) Quyn truy nhp (Access Rights) Thng tin (Information) Mc bo v - Ton b h thng hot ng bnh thng trong gi lm vic. - C h thng d phng khi c s c v phn cng hoc phn mm xy ra. - Backup d liu quan trng theo nh k. - Bo dng mng theo nh k. - Bo mt d liu, phn quyn truy cp, t chc nhm lm vic trn mng. 1.4. An ton thng tin bng mt m Mt m l mt ngnh khoa hc chuyn nghin cu cc phng php truyn tin b mt. Mt m bao gm : Lp m v ph m. Lp m bao gm hai qu trnh: m ha v gii m. bo v thng tin trn ng truyn ngi ta thng bin i n t dng nhn thc c sang dng khng nhn thc c trc khi truyn i trn mng, qu trnh ny c gi l m ho thng tin (encryption), trm nhn phi thc hin qu trnh ngc li, tc l bin i thng tin t dng khng nhn thc c (d liu c m ho) v dng nhn thc c (dng gc), qu trnh ny c gi l gii m. y l mt lp bo v thng tin rt quan trng v c s dng rng ri trong mi trng mng. bo v thng tin bng mt m ngi ta thng tip cn theo hai hng:

    - Theo ng truyn (Link_Oriented_Security). - T nt n nt (End_to_End). Theo cch th nht thng tin c m ho bo v trn ng truyn gia hai nt m khng quan tm n ngun v ch ca thng tin . y ta lu rng thng tin ch c bo v trn ng truyn, tc l mi nt u c qu trnh gii m sau m ho truyn i tip, do cc nt cn phi c bo v tt. Ngc li theo cch th hai thng tin trn mng c bo v trn ton ng truyn t ngun n ch. Thng tin s c m ho ngay sau khi mi to ra v ch c gii m khi v n ch. Cch ny mc phi nhc im l ch c d liu ca ngi _ung th mi c th m ha c cn d liu iu khin th gi nguyn c th x l ti cc nt. 1.5. Vai tr ca h mt m Cc h mt m phi thc hin c cc vai tr sau: - H mt m phi che du c ni dung ca vn bn r (PlainText) m bo sao cho ch ngi ch hp php ca thng tin mi c quyn truy cp thng tin (Secrety), hay ni cch khc l chng truy nhp khng ng quyn hn. - To cc yu t xc thc thng tin, m bo thng tin lu hnh trong h thng n ngi nhn hp php l xc thc (Authenticity). - T chc cc s ch k in t, m bo khng c hin tng gi mo, mo danh gi thng tin trn mng. u im ln nht ca bt k h mt m no l c th nh gi c phc tp tnh ton m k ch phi gii quyt bi ton c th ly c thng tin ca d liu c m ho. Tuy nhin mi h mt m c mt s u v nhc im khc nhau, nhng nh nh gi c phc tp tnh ton m ta c th p dng cc thut ton m ho khc nhau cho tng ng dng c th tu theo d yu cu v an ton. Cc thnh phn ca mt h mt m : nh ngha : Mt h mt l mt b 5 (P,C,K,E,D) tho mn cc iu kin sau: - P l mt tp hp hu hn cc bn r (PlainText), n c gi l khng gian bn r. - C l tp cc hu hn cc bn m (Crypto), n cn c gi l khng gian cc bn m. Mi phn t ca C c th nhn c bng cch p dng php m ho Ek ln mt phn t ca P, vi k K. - K l tp hu hn cc kho hay cn gi l khng gian kho. i vi mi phn t k c__________a K c gi l mt kho (Key). S lng ca khng gian kho phi ln k ch: khng c thi gian th mi kho c th (phng php vt cn). - i vi mi k K c mt quy tc m eK: P C v mt quy tc gii m tng ng dK D. Mi eK: P C v dK: C P l nhng hm m: dK (eK(x))=x vi mi bn r x P. 1.6. Phn loi h mt m C nhiu cch phn loi h mt m. Da vo cch truyn kha c th phn cc h mt m thnh hai loi:

    - H mt i xng (hay cn gi l mt m kha b mt): l nhng h mt dung chung mt kho c trong qu trnh m ho d liu v gii m d liu. Do kho phi c gi b mt tuyt i. - H mt m bt i xng (hay cn gi l mt m kha cng khai) : Hay cn gi l h mt m cng khai, cc h mt ny dng mt kho m ho sau dng mt kho khc gii m, ngha l kho m ho v gii m l khc nhau. Cc kho ny to nn tng cp chuyn i ngc nhau v khng c kho no c th suy c t kho kia. Kho dng m ho c th cng khai nhng kho dng gii m phi gi b mt. Bn r M ho Bn m Gii m Bn r Kho M ho vi kho m v kho gii ging nhau Ngoi ra nu da vo thi gian a ra h mt m ta cn c th phn lm hai loi: Mt m c in (l h mt m ra i trc nm 1970) v mt m hin i (ra i sau nm 1970). Cn nu da vo cch thc tin hnh m th h mt m cn c chia lm hai loi l m dng (tin hnh m tng khi d liu, mi khi li da vo cc kha khc nhau, cc kha ny c sinh ra t hm sinh kha, c gi l dng kha ) v m khi (tin hnh m tng khi d liu vi kha nh nhau) 1.7. Tiu chun nh gi h mt m nh gi mt h mt m ngi ta thng nh gi thng qua cc tnh cht sau: a, an ton: Mt h mt c a vo s dng iu u tin phi c an ton cao. u im ca mt m l c th nh gi c an ton thng qua an ton tnh ton m khng cn phi ci t. Mt h mt c coi l an ton nu ph h mt m ny phi dng n php ton. M gii quyt n php ton cn thi gian v cng ln, khng th chp nhn c. Mt h mt m c gi l tt th n cn phi m bo cc tiu chun sau: - Chng phi c phng php bo v m ch da trn s b mt ca cc kho, cng khai thut ton. - Khi cho kho cng khai eK v bn r P th chng ta d dng tnh c eK(P) = C. Ngc li khi cho dK v bn m C th d dng tnh c dK(M)=P. Khi khng bit dK th khng c kh nng tm c M t C, ngha l khi cho hm f: X Y th vic tnh y=f(x) vi mi x X l d cn vic tm x khi bit y li l vn kh v n c gi l hm mt chiu. - Bn m C khng c c cc c im gy ch , nghi ng. b, Tc m v gii m: Khi nh gi h mt m chng ta phi ch n tc m v gii m. H mt tt th thi gian m v gii m nhanh. c, Phn phi kha: Mt h mt m ph thuc vo kha, kha ny c truyn cng khai hay truyn kha b mt. Phn phi kha b mt th chi ph s cao hn so vi cc h mt c kha cng khai. V vy y cng l mt tiu ch khi la chn h mt m.

    Th no l mt h thng an ton thng tin? Thanh ton bng th tn dng qua dch v web c th gp cc ri ro nh: Thng tin truyn t trnh duyt web ca khch hng dng thun vn bn nn c th b lt vo "con mt" ngi khc . Trnh duyt web ca khch hng khng th xc nh my ch m mnh trao i thng tin l tht hay gi mo. Khng th m bo c thng tin truyn i c b thay i hay khng. V vy cn phi c mt c ch bo m an ton trong qu trnh giao dch in t. Mt h thng thng tin trao i d liu an ton phi p ng cc yu cu sau: H thng phi m bo d liu trong qu trnh truyn i khng b nh cp. H thng phi c kh nng xc thc, trnh trng hp gi danh, mo nhn. H thng phi c kh nng kim tra tnh ton vn d liu. Giao thc SSL Giao thc SSL (Secure Socket Layer) t hp nhiu gii thut m ha nhm m bo qu trnh trao i thng tin trn mng c bo mt. Vic m ha d liu din ra mt cch trong sut, h tr nhiu giao thc khc chy trn nn giao thc TCP. C ch hot ng ca giao thc SSL da trn nn tng cc ng dng m ha c kim chng nh: gii thut m ha i xng v bt i xng, gii thut bm (hash) mt chiu, gii thut to ch k s, v.v... Phng php m ha d liu M ha kha b mt Phng php m ha kha b mt (secret key cryptography) cn c gi l m ha i xng (symmetric cryptography). Vi phng php ny, ngi gi v ngi nhn s dng chung mt kha m ha v gii m d liu. Trc khi m ha d liu truyn i trn mng, hai bn gi v nhn phi c kha v phi thng nht thut ton dng m ha v gii m. C nhiu thut ton ng dng cho m ha kha b mt nh: DES - Data Encrytion Standard, 3DES - triple-strength DES, RC2 - Rons Cipher 2 v RC4, v.v... Nhn xt: Nhc im chnh ca phng php ny l kha c truyn trn mi trng mng nn tnh bo mt khng cao. u im l tc m ha v gii m rt nhanh. M ha kha cng khai

    Phng php m ha kha cng khai (public key cryptography) gii quyt c vn ca phng php m ha kha b mt l s dng hai kha public key v private key. Public key c gi cng khai trn mng, trong khi private key c gi kn. Public key v private key c vai tr tri ngc nhau, mt kha dng m ha v kha kia s dng gii m. Phng php ny cn c gi l m ha bt i xng (asymmetric cryptography) v n s dng hai kha khc nhau m ha v gii m d liu. Phng php ny s dng thut ton m ha RSA (tn ca ba nh pht minh ra n: Ron Rivest, Adi Shamir v Leonard Adleman) v thut ton DH (Diffie-Hellman). Gi s B mun gi cho A mt thng ip b mt s dng phng php m ha kha cng khai. Ban u, A c c private key v public key. A s gi private key ni an ton v gi public key cho B. B m ha v gi cho A thng ip m ha bng public key nhn c ca A. Sau A s gii m thng ip bng private key ca mnh. Ngc li nu A mun gi thng ip cho B th A phi m ha thng ip bng public key ca B. Nhn xt: Phng php cho php trao i kha mt cch d dng v tin li. Tuy nhin, tc m ha kh chm nn ch c s dng cho mu d liu nh. T chc chng nhn kha cng khai Hy xem v d A mun gi thng ip cho B v m ha theo phng php kha cng khai. Lc ny A cn phi m ha thng ip bng public key ca B. Trng hp public key b gi mo th sao? Hacker c th t sinh ra mt cp kha public key/private key, sau a cho A kha public key ny v ni y l kha public key ca B. Nu A dng public key gi ny m tng l ca B th dn n h qu mi thng tin A truyn i u b hacker c c. Vn ny c gii quyt nu c mt bn th ba c tin cy, gi l C, ng ra chng nhn public key. Nhng public key c C chng nhn gi l chng nhn in t (public key certificate hay digital certificate). Mt chng nhn in t c th c xem nh l mt h chiu hay chng minh th. N c mt t chc tin cy (nh VeriSign, Entrust, CyberTrust, v.v...) to ra. T chc ny c gi l t chc chng nhn kha cng khai Certificate Authority (CA). Mt khi public key c CA chng nhn th c th dng kha trao i d liu trn mng vi mc bo mt cao. Cu trc ca mt chng nhn in t gm cc thnh phn chnh nh sau: Issuer: tn ca CA to ra chng nhn. Period of validity: ngy ht hn ca chng nhn. Subject: bao gm nhng thng tin v thc th c chng nhn.

    Public key: kha cng khai c chng nhn. Signature: do private key ca CA to ra v m bo gi tr ca chng nhn.
    **CH K IN T. Ch k in t (electronic signature) l thng tin i km theo d liu (vn bn, hnh nh, video, ) mc ch xc nh ngi ch ca d liu .

    Ch k in t c s dng trong cc giao dch in t. Xut pht t thc t, ch k in t cng cn m bo cc chc nng: xc nh c ngi ch ca mt d liu no : vn bn, nh, video, ... d liu c b thay i hay khng. Hai khi nim ch k s (digital signature) v ch k in t (electronic signature) thng c dng thay th cho nhau mc d chng khng hon ton c cng ngha. Ch k s ch l mt tp con ca ch k in t (ch k in t bao hm ch k s) Ch k in t c to ra bng cch p dng thut ton bm mt chiu trn vn bn gc to ra bn phn tch vn bn (message digest) hay cn gi l fingerprint, sau m ha bng private key to ra ch k s nh km vi vn bn gc gi i. khi nhn, vn bn c tch lm 2 phn, phn vn bn gc c tnh li fingerprint so snh vi fingerprint c cng c phc hi t vic gii m ch k s. Cc bc m ha: 1. Dng gii thut bm thay i thng ip cn truyn i. kt qu ta c mt message digest. dng gii thut md5 (message digest 5) ta c digest c chiu di 128-bit, dng gii thut sha (secure hash algorithm) ta c chiu di 160-bit. 2. S dng kha private key ca ngi gi m ha message digest thu c bc 1. thng thng bc ny ta dng gii thut rsa. kt qu thu c gi l digital signature ca message ban u. 3. Gp digital signature vo message ban u. cng vic ny gi l k nhn vo message. sau khi k nhn vo message, mi s thay i trn message s b pht hin trong giai on kim tra. ngoi ra, vic k nhn ny m bo ngi nhn tin tng message ny xut pht t ngi gi ch khng phi l ai khc. Cc bc kim tra: 1. Dng public key ca ngi gi (kha ny c thng bo n mi ngi) gii m ch k s ca message. 2. Dng gii thut (md5 hoc sha) bm message nh km. 3. So snh kt qu thu c bc 1 v 2. nu trng nhau, ta kt lun message ny khng b thay i trong qu trnh truyn v message ny l ca ngi gi.

    Nguy c b thay i, sao chp hoc mt d liu trn mng tht s l mt tr ngi trong giao dch in t. V th, bo m tnh ton vn d liu l mt phn trong cc bin php Ch k in t Ch k in t (digital signature) l on d liu ngn nh km vi vn bn gc chng thc tc gi ca vn bn v gip ngi nhn kim tra tnh ton vn ca ni dung vn bn gc. Ch k in t c to ra bng cch p dng thut ton bm mt chiu trn vn bn gc to ra bn phn tch vn bn (message digest) hay cn gi l fingerprint, sau m ha bng private key to ra ch k s nh km vi vn bn gc gi i. khi nhn, vn bn c tch lm 2 phn, phn vn bn gc c tnh li fingerprint so snh vi fingerprint c cng c phc hi t vic gii m ch k s. Cc bc m ha: 1. Dng gii thut bm thay i thng ip cn truyn i. kt qu ta c mt message digest. dng gii thut md5 (message digest 5) ta c digest c chiu di 128-bit, dng gii thut sha (secure hash algorithm) ta c chiu di 160-bit. 2. S dng kha private key ca ngi gi m ha message digest thu c bc 1. thng thng bc ny ta dng gii thut rsa. kt qu thu c gi l digital signature ca message ban u. 3. Gp digital signature vo message ban u. cng vic ny gi l k nhn vo message. sau khi k nhn vo message, mi s thay i trn message s b pht hin trong giai on kim tra. ngoi ra, vic k nhn ny m bo ngi nhn tin tng message ny xut pht t ngi gi ch khng phi l ai khc. Cc bc kim tra: 1. Dng public key ca ngi gi (kha ny c thng bo n mi ngi) gii m ch k s ca message. 2. Dng gii thut (md5 hoc sha) bm message nh km. 3. So snh kt qu thu c bc 1 v 2. nu trng nhau, ta kt lun message ny khng b thay i trong qu trnh truyn v message ny l ca ngi gi. Nhn xt v ng dng ch k in t Ch k in t l m hnh m bo an ton d liu khi truyn trn mng v c s dng

    to chng nhn in t trong cc giao dch in t qua mng Internet. V d A gi n t chc Certificate Authority yu cu cp chng nhn in t km theo kha cng khai ca h. T chc CA s k nhn vo v cp digital certificate cho A. Khch hng ny s thng bo certificate ca mnh trn mng. Gi s c B mun gi cho A mt message th cng vic u tin B s ly certificate ca A v kim tra tnh hp l ca certificate. Nu hp l, B s ly public key trong digital certificate m ha d liu v gi cho A. Ch k s Ch k s (mt dng ch k in t) l thng tin c m ha bng kha ring (tng ng vi mt kha cng khai) ca ngi gi, c nh km theo vn bn nhm m bo cho ngi nhn nh danh v xc thc ng ngun gc, tnh ton vn ca d liu nhn c. Ch k s ra i khc phc cc thiu st ca nhng h thng xc thc ra i trc . Cng vi s pht trin ca thng mi in t, ngoi nhu cu xc thc, cc nhu cu khc v bo mt nh ton vn d liu v chng t chi cng u ht sc cp thit. Ch k s ng mt vai tr rt quan trng trong trng hp xy ra tranh chp v ch k s c cung cp bi h thng CA cng cng c gi tr php l tng ng nh ch k tay trong cc giao dch phi in t.

    Kha ring (Private-key) Kha ring hay c gi l kha b mt (Private-key) l mt kha thuc cp kha m ha khng i xng, kha ny c to ra t thit b to kha (USB token, HSM vv..) do nh cung cp dch v CA cp, kha ny s c ngi dng m ha d liu to ra ch k s, kha b mt ch c duy nht ngi dng to ch k s bit. Kha cng khai (public-key) Kha cng khai (public-key) l mt kha thuc cp kha m ha khng i xng, c to ra t thit b to kha (USB token, HSM vv..) do nh cung cp dch v CA cp. Kha ny s c ngi k s to r v cng khai cho ngi nhn, ngi nhn dng kha ny gii m ch k s v kim tra ch k s xem c ng ngi cn gi gi cho mnh khng (xc thc ch k s).

    2. Dch v chng thc ch k s Dch v chng thc ch k s l mt loi hnh dch v chng thc ch k in t do t chc cung cp dch v chng thc ch k s cp. Dch v chng thc ch k s bao gm:

    To cp kha ( kha cng khai v kha b mt) cho thu bao. Cp, gia hn, tm dng. phc hi chng th s ca thu bao. Duy tr trc tuyn c s d liu v chng th s.

    USB Token & HSM USB token v HSM l nhng thit b phn cng dng to cp kha b mt, cng khai v lu tr kha b mt, cc thit b ny s c nh cung cp dch v ch k s giao cho khch hng khch hng c th to cp kha v k ln d liu cn k. Ty theo mc v yu cu s dng khch hng c th la chn s dng mt trong cc lo phn cng trn m nh cung cp dch v ch k s cung cp bn c th k s. USB token c im ca USB token:

    L thit b phn cng c th sinh cp kha (kha b mt v kha cng khai) v lu gi kha b mt cng nh chng th s ca thu bao C kh nng lu tr ln, tc x l cao (32 bit) Thch hp cho cc ng dng chnh ph in t, e-tax, e- customs, internet banking... Thit b ph hp vi ngi dng c nhn v cc c quan s dng k vi lu lng va phi

    HSM (Hardware Security Module)

    L thit b phn cng c th sinh cp kha (kha b mt v kha cng khai) v bo v kha b mt , c giao cho khch hng thc hin k s L module bo mt phn cng duy nht t chun FIPS140-2 mc 4 C kh nng thc hin 1200 transaction/giy. H tr kh nng load balancing, ti a ln ti 16 thit b c s dng cho cc h thng chnh ph ca Chu u Thit b ph hp vi cc t chc, doanh nghip cn k nhiu v nhanh (c th k t ng)

    You might also like