I HC BCH KHOA H NI KHOA CNG NGH THNG TIN

BO CO TNG KT TI NGHIN CU THEO NGH NH TH H THNG AN NINH THNG TIN DA TRN SINH TRC HC Bio-PKI (Bio-PKI Based Information Securyty System) CH NHIM TI: PGS.TS. NGUYN TH HONG LAN

7327
04/5/2009 H NI - 2009

B GIO DC V O TO
Trng i hc Bch khoa H Ni

BO CO TNG HP
ti nhim v theo ngh nh th H thng an ninh thng tin da trn sinh trc hc Bio-PKI (Bio-PKI Based Information Security System)
M s: 12/2006/H-NT

Ch nhim ti PGS.TS Nguyn Th Hong Lan Khoa Cng ngh thng tin, i hc Bch khoa H Ni

H Ni 1 - 2009

MC LC
Phn I. THNG TIN CHUNG V TI................................................................... 8 Phn II. BO CO NGHIN CU TNG HP ....................................................... 10
Chng 1. KHO ST V GIAO DCH IN T, CC YU CU AN NINH THNG TIN V XC NH NHIM V CA TI................................ 10

1.1. Khi qut chung...................................................................................................... 10 1.2. Kho st v thng mi in t, giao dch in t trn th gii ............................ 11 1.2.1.Giao dch thng mi in t ........................................................................ 11 1.2.2.Tnh hnh ng dng thng mi in t trn trn th gii............................. 12 1.3. Tnh hnh pht trin cc giao dch in t Vit Nam v c s php l ............... 13 1.3.1.Tnh hnh pht trin cc giao dch in t Vit Nam .................................. 13 1.3.2.H thng php l cho thng mi in t ca Vit Nam............................... 14 1.3.3.Mt s vn ca giao dch thng mi in t Vit Nam ....................... 15 1.4. Nhu cu v an ton bo mt thng tin trong giao dch in t............................... 15 1.5. Khi qut v cc gii php cng ngh bo mt an ton thng tin v an ninh mng............................................................................................................... 16 1.5.1.Cc cng ngh mt m ................................................................................. 16 1.5.2.Cc cng ngh chng thc ........................................................................... 16 1.5.3.Cng ngh sinh trc hc ............................................................................... 17 1.5.4.Cng ngh bo v h thng v mng ........................................................... 17 1.5.5.Cng ngh bo v mng ............................................................................... 18 1.6. Xc nh nhim v ca ti ................................................................................. 18 Chng 2. SINH TRC HC V H THNG AN NINH BO MT THNG TIN DA TRN SINH TRC HC............................................................. 19

2.1. Tng quan v sinh trc hc .................................................................................... 19 2.2. H thng sinh trc hc............................................................................................ 20 2.2.1.Khi qut v h thng sinh trc hc .............................................................. 20 2.2.2.Cc c im ca h thng sinh trc hc ..................................................... 21 2.3. nh gi hiu nng v cht lng hot ng ca h sinh trc hc ....................... 24 2.3.1.Vn li trong hot ng ca h sinh trc .................................................. 24 2.3.2.Cc tham s nh gi cht lng. ................................................................ 24 2.4. H thng an ninh bo mt da trn trc hc.......................................................... 25 2.4.1.Dng sinh trc hc qun l v bo v kha................................................... 25 2.4.2.Dng sinh trc hc sinh kha ................................................................... 27

Chng 3.

C S H TNG KHA CNG KHAI PKI V VN AN TON TRONG H THNG PKI ............................................................................ 28

3.1. H mt m kha cng khai..................................................................................... 28 3.1.1.Khi qut v h mt m kha cng khai ....................................................... 28 3.1.2.Ch k s ...................................................................................................... 30 3.2. H tng kha cng khai PKI ................................................................................... 31 3.2.1.Khi qut chung v PKI ................................................................................. 31 3.2.2.Cc m hnh kin trc ca PKI ...................................................................... 32 3.2.3.Kin trc cc thnh phn trong hot ng PKI.............................................. 35 3.3. Cc giao dch in t vi h tng kha cng khai ................................................. 37 3.3.1.Cc dch v ca PKI ...................................................................................... 37 3.3.2.Xc thc an ton trong giao dch in t....................................................... 37 3.3.3.c im khi trin khai PKI ........................................................................... 38 3.4. Vn an ton trong h thng PKI ........................................................................ 39

Phn III. BO CO KT QU NGHIN CU CA TI ..................................... 40

Chng 4. NGHIN CU PHN TCH V XY DNG M HNH GII PHP H THNG BioPKI .......................................................................................... 40

4.1. Vn kt hp sinh trc vo h tng kha cng khai PKI..................................... 40 4.2. Phn tch cc hng tip cn nghin cu h thng BioPKI .................................. 41 4.2.1.Gii php 1: i snh c trng sinh trc thay mt khu xc thc ch th........................................................................................................... 41 4.2.2.Gii php 2: kt hp k thut nhn dng sinh trc vi k thut mt m, m ha bo mt kha c nhn ............................................................... 42 4.2.3.Gii php 3: dng sinh trc hc sinh kha c nhn.................................. 43 4.3. xut m hnh gii php h thng BK-BioPKI ca ti .................................... 43 4.3.1.H thng li h tng kha cng khai PKI. ..................................................... 45 4.3.2.H thm nh xc thc sinh trc vn tay trc tuyn ...................................... 46 4.3.3.M hnh tch hp h sinh trc vo h tng kha cng khai thnh h BKBioPKI ........................................................................................................... 46 4.4. Gii php cng ngh thit k v trin khai h thng BK-BioPKI ............................ 47 4.4.1.Cu hnh mng h thng v thit b .............................................................. 47 4.4.2.Ni dung xy dng v trin khai ton b cc thnh phn h thng BK-BioPKI ..................................................................................................... 47 4.4.3.Phng n phn tch thit k xy dng h thng BK-BioPKI ....................... 47 Chng 5. PHN TCH THIT K V XY DNG PHN MM H THM NH XC THC SINH TRC VN TAY.................................................. 49

5.1. H thm nh sinh trc vn tay trong h thng BK-BioPKI..................................... 49

5.2. Phn tch thit k v xy dng Phn h sinh trc 1: H thm nh c trng vn tay sng, trc tuyn trong h thng BK-BioPKI............................................... 50 5.2.1.Phn tch thit k chc nng......................................................................... 50 5.2.2.Phn tch chc nng v cc thut ton ......................................................... 51
5.2.2.1. Chc nng thu nhn nh vn tay .................................................................. 51 5.2.2.2. Chc nng x l nh vn tay v trch chn c trng ................................... 52

5.2.3.Xy dng v lp trnh cc khi chc nng Phn h sinh trc 1 .................... 61 5.2.4.Th nghim v kt qu.................................................................................. 62
5.2.4.1. Kch bn th nghim tch hp phn h vo h thng .................................... 62 5.2.4.2. Kt qu th nghim. ...................................................................................... 63

5.3. Phn tch thit k v xy dng Phn h sinh trc 2: H sinh kha sinh trc bo mt kha c nhn trong h BK-BioPKI............................................................ 64 5.3.1.Phn tch cc chc nng............................................................................... 64 5.3.2.Thut ton sinh kha t sinh trc vn tay ..................................................... 65 5.3.3.Thit k phn mm sinh kha sinh trc bo v kha c nhn ...................... 70
5.3.3.1. Thit k s khi ........................................................................................ 70 5.3.3.2. Cc thut ton ............................................................................................... 70 5.3.3.3. Xy dng biu phn cp chc nng h phn mm sinh trc.................... 73

5.3.4.Th nghim v kt qu.................................................................................. 75 Chng 6. PHN TCH THIT K V XY DNG H THNG H TNG KHA CNG KHAI PKI CHO H THNG BK-BIOPKI........................................ 77

6.1. Phn tch cc yu cu v gii php thit k h thng BK-BioPKI .......................... 77 6.2. Gii php cng ngh v thit k h thng BK-BioPKI ............................................ 78 6.2.1.Phn tch gii php cng ngh xy dng h thng ....................................... 78 6.2.2.Gii thiu v th vin OpenSSL.................................................................... 78 6.3. Phn tch thit k cc thnh phn chc nng ca h thng BK-BioPKI ................ 82 6.4. Thit k xy dng v lp trnh phn mm c s cc chc nng hot ng h thng BK-BioPKI................................................................................................ 83 6.4.1.Cc tnh hung hot ng giao dch c s ca h thng .............................. 83 6.4.2.Thit k cc giao dch c s ca h thng .................................................... 84 6.5. Thit k cc thnh phn chnh trong c s h tng kha cng khai ca h thng BK BioPKI.................................................................................................. 95 6.6. Thit k xy dng v lp trnh phn mm ngi dng trong h thng BK-BioPKI............................................................................................................... 99 6.6.1.Phn tch yu cu.......................................................................................... 99 6.6.2.Gii php v phn tch cc chc nng .......................................................... 99 6.6.3.Xy dng kch bn cc chc nng phn mm ngi dng ......................... 101 6.6.4.Thit k c s d liu phn mm ................................................................ 110

Chng 7.

THIT K TCH HP H THNG AN NINH THNG TIN BKBIOPKI V TH NGHIM ....................................................................... 113

7.1. H thng tch hp v yu cu thit k.................................................................. 113 7.2. xut m hnh tch hp 2 phn h sinh trc vn tay vo c s h tng PKI thnh h BK-BioPKI....................................................................................... 113 7.3. Thit k tch hp phn h sinh trc 1 thm nh vn tay ngi dng .................. 113 7.4. Thit k tch hp Phn h sinh trc 2 sinh kha sinh trc bo v kha c nhn.. 118 7.4.1.Phn h sinh trc sinh kha bo v kha c nhn...................................... 118 7.4.2.M hnh tch hp phn h sinh trc sinh kha bo v kha c nhn vo h thng v thit k h thng ............................................................... 119 7.4.3.Thit k cc kch bn hot ng tch hp.................................................... 122 7.5. Xy dng th nghim ng dng ch k s trong h thng BK-BioPKI v th nghim.................................................................................................................. 124 7.5.1.Mc ch ca ch k s ............................................................................... 124 7.5.2.Vn xc thc .......................................................................................... 124 7.5.3.Xc thc trong h PKI ................................................................................. 125 7.5.4.Thit k ng dng trn c s h thng BK BioPKI................................... 127 7.5.5.Thit k trin khai ng dng........................................................................ 128 7.5.6.Th nghim ng dng v kt qu ............................................................... 134 Chng 8. THIT K V XY DNG CC PHN MM NG DNG AN TON THNG TIN TRONG H BIOPKI............................................................. 135

8.1. Tng quan cc ng dng an ton thng tin.......................................................... 135 8.2. ng dng k v m ha thng ip ..................................................................... 136 8.2.1.Phn tch yu cu truyn thng tin bo mt ................................................ 136 8.2.2. Xy dng ng dng k v m ha thng ip s dng du hiu sinh trc 137
8.2.2.1. M t cc yu cu v chc nng ca h thng ........................................... 137 8.2.2.2. Qu trnh m ha v gii m thng ip...................................................... 138 8.2.2.3. Ch k s v xc thc................................................................................. 138

8.2.3. Thit k chi tit cc chc nng ca h thng ............................................. 138 8.2.4. Cc cng ngh s dng trong chng trnh............................................... 146 8.2.5. Th nghim v nh gi............................................................................. 147 8.3. ng dng th nghim kim sot bo mt truy cp t xa ..................................... 148 8.3.1.Yu cu tng cng bo mt truy cp t xa v gii php........................... 148 8.3.2.Phn tch v thit k ng dng th nghim................................................. 149 8.3.3.Kch bn ng dng, kch bn th nghim v kt qu th nghim ............... 150 8.4. ng dng an ton trao i thng tin trn SMS..................................................... 154 8.4.1.Yu cu ca ng dng ................................................................................ 154 8.4.2.Gii php truyn thng tin cy bng SMS ................................................... 155

8.4.3.Phn tch thit k ng dng ........................................................................ 156 8.4.4.nh gi v th nghim .............................................................................. 161 8.5. Kt chng........................................................................................................... 163

Phn IV. TNG HP CC KT QU V KT LUN ............................................ 164

1. Cc kt qu t c ca ti theo cc sn phm ghi trong thuyt minh nhim v......................................................................................................... 164 1.1. Tm tt cc yu cu khoa hc i vi sn phm to ra (kt qu dng II v III)... 164 1.2 Kt qu cc sn phm dng cc bo co ng k.......................................... 164 1.3 Kt qu cc sn phm ng k ........................................................................ 164 2. Kt qu phi hp vi Malaysia. ............................................................................. 169 2.1. c im qu trnh hp tc .................................................................................. 165 2.2. Cc hot ng phi hp nghin cu .................................................................... 166 2.3. Tip tc pht trin Hp tc vi Malaysia ............................................................. 166 3. Cc kt qu khc..................................................................................................... 171 3.2. Cc bi bo khoa hc........................................................................................... 171 3.3. Hi tho m rng.................................................................................................. 172 4. Tm tt v s dng kinh ph..................................................................................... 173 5 . Kt lun v hng pht trin.................................................................................... 173 5.1. Nhn xt nh gi chung...................................................................................... 173 5.2. V tin thc hin ............................................................................................. 173 5.3. Hng pht trin .................................................................................................. 174

TI LIU THAM KHO ............................................................................................ 176

DANH SCH CC CN B V SINH VIN THAM GIA THC HIN TI

A. DANH SCH CC CN B THAM GIA TRC TIP 1. PGS.TS Nguyn Th Hong Lan 2. TS Nguyn Linh Giang 3. TS H Quc Trung 4. ThS Bnh Qunh Mai 5. ThS Nguyn Anh Hon 6. TS Ng Hng Sn 7. KS Nguyn Th Hin Khoa CNTT, HBK HN, ch nhim ti Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN

B. DANH SCH CC CN B THAM GIA T VN 1. PGS.TS ng Vn Chuyt 2. ThS Vn Uy 3. ThS Ng Minh Dng Khoa CNTT, HBK HN Khoa CNTT, HBK HN Vin Khoa hc hnh s, B Cng An

C. DANH SCH CC SINH VIN THAM GIA THC HIN TI 1. Cc sinh vin i hc Tm tt cc phin bn thit k trin khai theo tin Phin bn h thng BioPKI Ver.1 (thng 6 n 12- 2006) Nghin cu v th nghim cc thut ton: Thu nhn vn tay, trch chn c trng, sinh kha sinh trc v thm nh xc thc vn tay Nghin cu cc hng tip cn h thng BioPKI Xy dng phng n v mi trng phn mm h thng BioPKI da trn b th vin m OpenSSL v ngn ng C++

Danh sch nhm sinh vin tt nghip 6-2006 tham gia ti: 1. L Anh Tun TTM - K46 2. Ng Trng Cnh TTM K46 3. Nguyn Sinh Chung Tin Php K46 4. Nguyn Vn Hnh KSCLC K46 Phin bn h thng BK-BioPKI Ver.2 (thng 1-2007 n 6-2007) Phn tch thit k cc m un c s h tng h thng PKI: CA, RA User Tip tc nghin cu v th nghim cc thut ton sinh trc hc vn tay Xy dng v thit k phn mm phn h sinh trc hc (Biometric) bao gm: K m sinh trc v thm nh vn tay trong h thng BK-BioPKI

Danh sch nhm sinh vin tt nghip 6-2007 tham gia ti: 1. Nguyn Thc Hiu 2. Nguyn Quang Th 3. Phm Quang Thnh 4. Nguyn Hong Anh 5. Phm S Lm 6. Tng Mnh Cng TTM - K47 TTM - K47 TTM - K47 Tin Php - K47 KSCLC - K47 TTM - K47

Phin bn h thng BK-BioPKI Ver. 3.1 v phin bn Ver.4 tch hp h thng (thng 7-2007 n 6-2008) Phn tch thit k pht trin v lp trnh ton b Protoptye c s h tng h thng BKBioPKI trong mi trng mng PTN Phn tch thit k pht trin phn h sinh trc Biometric vi 2 mun v th nghim vo ng dng h thng Ver.4 Phn tch thit k tch hp phn h sinh trc vo ton b h thng BK-BioPKI phin bn Ver.4 Xy dng m hnh kch bn 3 ng dng trong h BK-BioPKI Ver. 4

Danh sch nhm sinh vin tt nghip 6-2008 tham gia thit k pht trin h thng BioPKI v tham gia vit bo co tng hp ti: 1. L Tin Dng (trng nhm) 2. Bi Thnh t 3. Nguyn Th Thu Hng 4. Trn Hi Anh 5. Dng Vn 6. Hong Trn c 7. Ng Tin Dng 8. Trn Nguyn Ngc 9. V Ngc H TTM - K48 TTM - K48 KSTN - K48 Tin Php - K48 Tin Php - K48 TTM - K48 TTM - K48 TTM - K48 TTM - K48

2. Cc hc vin cao hc tt nghip thc s theo hng ti 1. Trn Tun Vinh kha 2003-2005 bo v 2006 2. Nguyn Anh Ti kha 2004-2006 bo v 2007 3. V Thanh Thng 4. L Quang Tng 5. L Trn V Anh 6. H Tin Dng kha 2005-2007 bo v 2007 kha 2006-2008 bo v 11- 2008 kha 2006-2008 bo v 11- 2008 kha 2006-2008 bo v 11- 2008

Phn I.
1. Tn ti

THNG TIN CHUNG V TI

H thng an ninh thng tin da trn sinh trc hc Bio-PKI (Bio-PKI Based Information Security System)
M s: 12/ 2006/ H-NT 2. Ch nhim ti: PGS. TS Nguyn Th Hong Lan Hc hm, hc v, chuyn mn: PGS.TS ngnh Cng ngh Thng tin Chc danh: Ph Trng khoa Cng ngh Thng tin, i hc Bch Khoa H Ni in thoi c quan : (84. 4) 38.68.25.96 in thoi nh ring : (84. 4) 38.32.89.25 Email: lannth@it-hut.edu.vn 3. C quan ch tr i hc Bch Khoa H Ni, Khoa Cng ngh Thng tin S 1 ng i C Vit, H Ni 4. H v tn Ch nhim pha i tc nc ngoi: TS. Ong Thian Song Chc danh: Gim c iu hnh Trung tm nghin cu Sinh trc hc (CBB) Trng i hc a phng tin Malaysia (MMU) Tel: +606-252.33.43 Fax: +606-231.88.40 Emal: tsong@mmu.edu.vn 5. C quan i tc nc ngoi: Trng i hc a phng tin Malaysia (Malaysia Multimedia University -MMU), Trung tm nghin cu Sinh trc hc v Sinh Tin hc (Center of Biometrics and Bioinformatics CBB) Khoa Khoa hc v Cng ngh thng tin (Faculty of Information Science and Technology - FIST) Malaysia Multimedia University (MMU), Jalan Ayer Keroh Lama, 75450 Melaka Malaysia http:///www.mmu.edu.my 6. Thi gian thc hin ti: T 6/2006 n 6/2008 7. Tng kinh ph thc hin ti: 800.000.000 VN

Tng kinh ph cp 2006: 450.000.000 VN Tng kinh ph cp 2007: 350.000.000 VN ti nhn c cp kinh ph n 6/2008. 8. Mc tiu ca Nhim v H thng an ninh thng tin (Bio-PKI Based Information Security System) kt hp cc du hiu c trng sinh trc hc vn tay con ngi vo h tng c s bo mt kha cng khai PKI l hng nghin cu mi cho php mang li nhng u im hn cc h thng kha cng khai hin c v an ton bo mt, v tnh xc thc thm nh trong cc giao dch, cc dch v in t qua mng my tnh. Mc tiu ca Nhim v ti theo ngh nh th hp tc vi Malaysia ch yu bao gm: Nghin cu xut phng n kt hp cc c trng ca vn tay vi m bo mt kha cng PKI to kha m sinh trc hc h BioPKI. Xy dng th nghim h tng c s h thng an ninh thng tin Bio-PKI (protoptype). Thit k v xy dng th nghim phn mm h thng an ninh thng tin da trn m sinh trc hc Bio-PKI nhm hng ti ng dng trong xc thc, thm nh sinh trc hc v kim sot truy cp dng trong cc lnh vc an ninh, thng mi in t, ngn hng, giao dch in t, chnh ph in t. Tch hp cc kt qu nghin cu ca 2 pha Vit Nam v Malaysia, th nghim pht trin ng dng h thng Bio-PKI.

9. Yu cu khoa hc i vi sn phm to ra (kt qu dng III) Tn sn phm:

H thng an ninh thng tin da trn m sinh trc hc Bio-PKI (gi tt l H thng an ninh thng tin Bio-PKI), bao gm: Kt qu gii php tch hp c trng vn tay vi m bo mt trong h PKI thnh h BioPKI. Kt qu th nghim Prototype v h tng h thng BioPKI thm nh vn tay trong h BioPKI. Kt qu phn mm my tnh cho h thng BioPKI, phn h sinh trc bao gm: phn mm phn h m ha kha sinh trc hc vn tay BioPKI v phn mm xc thc thm nh vn tay. Bo co phn tch h thng v hng xy dng ng dng trong xc thc thm nh vn tay v iu khin truy nhp trong h BioPKI. Bo co tng hp ti. Cc sn phm khc: o to thc s, k s Cc bi bo khoa hc

Phn II. BO CO NGHIN CU TNG HP

Chng 1. KHO ST V GIAO DCH IN T, CC YU CU AN NINH THNG TIN. XC NH NHIM V CA TI
1.1. Khi qut chung
Nhng nm cui ca th k XX v u th k XXI chng kin s ln mnh vt bc ca mng Internet c v quy m v cht lng. Internet c ng dng rng ri mi ngnh ngh, lnh vc kinh t, x hi v an ninh. Tnh ph bin rng ri khin Internet v ang l nn tng c s cho cc giao dch thng mi ton cu v cc ng dng ca giao dch in t to thnh mt hnh thc x hi o vi cc c trng ring bit. Trong mi trng x hi tht, mi quan h gia cc i tc thng c xc nh r rng bi qu trnh gp g, k kt thng din ra mt cch trc tip, khng hoc t thng qua phng tin truyn thng trung gian. Cc t chc chnh ph, doanh nghip v cc c nhn khi tham gia giao dch in t lun i hi khng nhng phi bo v ton vn thng tin lu chuyn trn Internet m cn phi cho h cm gic tin cy ging nh khi giao dch trn giy t. H mun nhng ngi tham gia ng l nhng ngi c yu cu, v mi c nhn phi chu trch nhim v hnh vi lin quan ca mnh trong giao dch khi c s c xy ra. Tuy nhin, mi trng mng khng phi lun an ton. c trng ca Internet l tnh o v tnh t do, mi ngi u c th tham gia v t li du vt c nhn ca mnh. Vic xc thc mi c nhn qua mng thng l kh khn nn nguy c xy ra gi mo nh danh, b la o trc tuyn l rt cao. y l va l im mnh v cng l im yu ca giao dch in t qua mng Internet. Nhng nm gn y cc hnh thc phm ti trong mi trng mng v cng ngh cao tng nhanh chng cng vi s pht trin ca cng ngh. Mc d cc c im trn, tnh tin li, ph dng v hiu qu ca cng ngh cao ang lm thay i cuc sng v cc giao dch in t thng mi in t ngy cng pht trin nhanh chng trn phm vi th gii. V th nhu cu xy dng mt h thng bo mt an ton thng tin, m bo giao tip gia nhng ngi dng mt cch an ton, c nh danh v chng ph nhn tr nn ht sc cp thit trong phm vi mi quc gia cng nh phm vi ton cu. Hin nay vn nghin cu cc gii php nhm m bo an ton thng tin, bo mt d liu trong cc giao dch in t qua mi trng mng lun l vn thi s c tt c cc quc gia v cc t chc quc t quan tm c v phng din php l v phng din k thut v cng ngh. Gii php an ninh da trn cc du hiu sinh trc hc l mt trong cc hng nghin cu mi ang c th gii quan tm pht trin v p dng. Trn thc t cng c cc sn phm qung co trong cc giao dch in t nh th ngn hng sinh trc hc, th mua hng, th an ninh, h chiu sinh trc hc ..., tuy nhin hin nay vn cha c cc

10

sn phm thng mi c trin khai rng ri c hiu qu cao trn thc t, hn na vic nghin cu lin quan n sinh trc hc con ngi lun l vn nhy cm c c th ca tng quc gia. Bi vy gii php ny vn lun c c bit quan tm nghin cu v pht trin. ti nghin cu H thng an ninh thng tin da trn m sinh trc hc Bio-PKI (BioPKI InfoSec System) theo ngh nh th hp tc vi Malaysia do pha Malaysia ngh, c thc hin trn c s hp tc nghin cu gia trng i hc a phng tin Malaysia (MMU) v trng i hc Bch Khoa H Ni (HUT). Malaysia l mt nc pht trin trong khu vc ng Nam , c iu kin a l v mi trng tng i gn vi Vit Nam, i hc a phng tin Malaysia (MMU) l trng c uy tn ca Malaysia v c iu kin c s vt cht kh hin i. Hp tc vi Malaysia l trong iu kin hin nay l ph hp vi iu kin nc ta, cho php chng ta c th tip cn mc ph mt mt vi nn cng ngh cao, mt khc tip cn v trnh nghin cu khoa hc ha nhp khu vc v tin ti ha nhp vi th gii.

1.2. Kho st v thng mi in t, giao dch in t trn th gii 1.2.1. Giao dch thng mi in t
Ngy nay, cng vi cc ng dng cng ngh thng tin, hnh thc thng mi truyn thng ang dn thay i sang mt hnh thc khc, l thng mi in t. Thng mi in t bt u xut hin t nhng nm 1970 vi s ra i ca hot ng chuyn nhng qu in t gia cc ngn hng thng qua cc mng an ton t nhn. Thp k 1980, bin gii thng mi in t m rng n cc hot ng trao i ni b d liu in t v th vin in t. Cc dch v trc tuyn bt u xut hin vo gia nhng nm 1980. Ch n thp k 1990, thng mi in t mi chuyn t cc h thng cc b sang mng ton cu Internet. Hng lot cc tn tui ln (Amazon.com, Yahoo!, eBay.com, NTTDoMoCo, Dell, Electrolux, WallMart ...) khng nh v gp phn vo s tng trng nhanh chng gi tr giao dch thng qua thng mi in t. Ngy nay ngi ta hiu khi nim thng mi in t thng thng l tt c cc phng php tin hnh kinh doanh v cc quy trnh qun tr thng qua cc knh in t m trong Internet (hay t nht l cc k thut v giao thc c s dng trong Internet) ng mt vai tr c bn v cng ngh thng tin c coi l iu kin tin quyt. Thng thng c 3 i tng chnh tham gia vo hot ng thng mi in t l: Ngi tiu dng C (Consumer) gi vai tr quyt nh s thnh cng ca thng mi in t; Doanh nghip B (Business) ng vai tr l ng lc pht trin thng mi in t v Chnh ph - G (Government) gi vai tr nh hng, iu tit v qun l cc hot ng thng mi in t. Cc hnh thc hot ng ca giao dch thng mi in t: Th in t (e-mail): cc t chc, c nhn c th gi th cho nhau mt cch trc tuyn thng qua mng. y l hnh thc ph bin nht v d thc hin nht, hu nh mi ngi mi la tui u c th s dng.

11

Thanh ton in t (e-payment): l vic thanh ton tin thng qua h thng mng (chng hn nh: tr lng bng cch chuyn tin trc tip vo ti khon, tr tin mua hng bng th tn dng, th mua hng...). Ngoi ra, thanh ton in t cn p dng trong cc dch v nh: trao i d liu in t ti chnh (FEDI) phc v cho vic thanh ton in t gia cc cng ty giao dch vi nhau bng in t; tin mt Internet (Internet Cash) l tin mt c mua t mt ni pht hnh (ngn hng hoc t chc tn dng) ri c chuyn i sang cc ng tin khc thng qua Internet; ti tin in t (electronic purse) l ni tin mt Internet, ch yu l th thng minh smart card, tin c tr cho bt k ai c c th; giao dch ngn hng s ho (digital banking), giao dch chng khon s ho (digital securities trading) phc v cho cc hot ng thanh ton gia ngn hng vi khch hng, gia ngn hng vi cc i l thanh ton, gia h thng ngn hng ny vi h thng ngn hng khc hay thanh ton trong ni b mt h thng ngn hng. Trao i d liu in t (EDI) l vic chuyn giao thng tin t my tnh in t ny sang my tnh in t khc bng phng tin in t, c s dng mt tiu chun c tha thun cu trc thng tin, cng vic trao i thng l giao dch kt ni, t hng giao dch gi hng hoc thanh ton. Truyn ti ni dung: tin tc, phim nh, chng trnh pht thanh, truyn hnh, chng trnh phn mm, v my bay, v xem phim, hp ng bo him ... c s ho v truyn gi theo mng. Mua bn hng ho hu hnh: hng ho hu hnh l tt c cc loi hng ho m con ngi s dng c cho bn v c chn mua thng qua mng nh: t, xe my, thc phm, vt dng, thuc, qun o ... Ngi mua xem hng, chn hng ho v nh cung cp trn mng, sau xc nhn mua v tr tin bng thanh ton in t. Ngi bn sau khi nhn c xc nhn mua v tin in t ca ngi mua s gi hng ho theo ng truyn thng n tay ngi mua. Cc hnh thc hot ng ca thng mi in t vn ang ngy mt m rng v c nhiu sng to. Ngy nay, rt nhiu ngnh cng nghip cng nh cc lnh vc x hi khc nhau cng tham gia vo th trng thng mi in t. V nh vy, li ch m thng mi in t em li cho cuc sng ca con ngi hin i cng ngy mt m rng hn, nng cao hn.

1.2.2. Tnh hnh ng dng thng mi in t trn trn th gii

Cng vi s pht trin mnh m ca Internet ton cu th cc dch v ng dng giao dch in t cng pht trin mt cch nhanh chng, c bit l cc dch v thng mi in t. C nhiu cc thng k khc nhau v doanh s thng mi in t v nhng thng k y c s khc bit ng k. Theo s liu tnh ton ca Forrester Research - mt cng ty nghin cu Internet Massachusetts, M - doanh s thng mi in t trn ton th gii khng ngng tng nhanh: nm 1997 t 36 t USD, nm 2000 t hn 700 t USD v nm 2002 t khong 2.293,5 t USD .... Theo mt thng k gn y nht ca Miniwatts Marketing Group th tnh n ht thng 3 nm 2008, M vn l quc gia ng u th gii v s lng ngi s dng Internet (trn 218 triu ngi), chim 71,9% dn s trong nc v 15,5%

12

ngi dng th gii, tc tng trng giai on 2000-2008 l 128,9%. Xp th 2 sau M l Trung Quc chim 14,9% ngi dng th gii, tc tng trng giai on 2000-2008 l 833,3%. Nht Bn ng th 3 trong bng xp hng, Hn Quc ng th 9 v Vit Nam ng th 17 sau Indonesia. S pht trin ca thng mi in t dng nh khng c gii hn mc d gp kh nhiu tr ngi. C th l trong nhng nm qua, tuy c thi gian cc cng ty thng mi in t gp phi khng t kh khn, song t l tng vic lm trong cc cng ty ny (khong 10%) vn tng nhanh hn t l tng vic lm ca ton b nn kinh t. Nhng cng vic lin quan n mng Internet cng tng khong 30%. Theo kt qu iu tra ca Cng ty Tnh bo kinh t (EIU) thuc tp ch The Economist, trin vng pht trin thng mi in t trn th gii rt ti sng, c bit l khu vc Chu . Thng mi in t cng lc cng pht trin trn th gii v doanh thu do thng mi in t mang li cng tng gn gp i mi nm, l l do nhiu nc ang ro rit khuyn khch, thc y v xy dng c s cho vic pht trin thng mi in t. V mt php l, hin nay trn th gii hu ht cc nc ng dng thng mi in t u xy dng cho mnh nhng o lut v quy nh ring nhm bo v quyn li cho nhng ngi tham gia vo th trng ny cng nh n nh x hi v pht trin kinh t.

1.3. Tnh hnh pht trin cc giao dch in t Vit Nam v c s php l 1.3.1. Tnh hnh pht trin cc giao dch in t Vit Nam
Trong bng xp hng ca Miniwatts Marketing Group, tnh n ht thng 3 nm 2008, Vit Nam ng th 17 trong top cc quc gia c nhiu ngi s dng Internet nht th gii. Tnh n ht nm 2007, Vit Nam chng ta hin c s ngi s dng Internet nhiu th nm khu vc Chu , sau Trung Quc, Nht Bn, n , Hn Quc v Indonexia. Vi tc pht trin mnh m nh vy nn cc ng dng ca Internet, c bit l cc dch v thng mi in t c tip nhn mt cch nhanh chng. Thng mi in t bt xut hin ti Vit Nam t nhng nm 90 v n nm 2006 l nm c ngha c bit i vi thng mi in t Vit Nam. l nm u tin thng mi in t c php lut tha nhn chnh thc khi Lut Giao dch in t, Lut Thng mi (sa i), B lut Dn s (sa i) v Ngh nh Thng mi in t c hiu lc. Nm 2006 cng l nm u tin trin khai K hoch tng th pht trin thng mi in t giai on 2006-2010 theo Quyt nh s 222/2005 /Q-TTg ngy 15 thng 9 nm 2005 ca Th tng Chnh ph. Theo kt qu kho st iu tra ca B Cng thng nm 2007 v mc sn sng ng dng thng mi in t trong cc doanh nghip thuc cc ngnh ngh khc nhau ca Vit Nam cho thy trung bnh mi doanh nghip c 22.9 my tnh (nm 2006 l 17.6), 89% doanh nghip c t 1 n 50 my, trong ngnh ngn hng, ti chnh, t vn, bt ng sn v dch v cng ngh thng tin - thng mi in t c t l trang b my tnh cao nht. Bn cnh , tnh hnh o to cng ngh thng tin v thng mi in t cng c s bin chuyn nhanh chng v cng ngy cng c quan tm u t hn. Nm 2004, chi ph cho o to ch chim bnh qun 12,3% tng s chi ph cng ngh thng tin ca doanh nghip th

13

nm 2007, con s ny tng ln n 20,5%. Hn na, trong s cc doanh nghip c kho st th c n 97% doanh nghip kt ni Internet. iu ny cho thy sn sng cho thng mi in t ca cc doanh nghip l rt cao. Kt qu iu tra trong 2 nm 2006 v 2007 cho thy ng dng thng mi in t ca doanh nghip ngy cng m rng trn mi cp v pht trin nhanh nhng ng dng c phc tp cao. T l doanh nghip c website nm 2007 l 38%, t l tham gia sn giao dch l 10%, t l kt ni c s d liu vi i tc l 15% v c n 80% doanh nghip c kho st c s dng hnh thc ng dng thng mi in t ph bin l e-mail trong c 65% doanh nghip nhn t hng qua th in t. Trong cc doanh nghip hin nay, t l cn b chuyn trch v thng mi in t cng gia tng r rt vi mc trung bnh l 2.7 ngi trong mt doanh nghip, tng gp i so vi con s 1.5 ca nm 2006. Trong nm 2006 nh du s hi nhp kinh t quc t su sc v ton din ca Vit Nam. Vit Nam tr thnh thnh vin chnh thc th 150 ca T chc Thng mi Th gii (WTO). Vit Nam cng thc hin tt vai tr nc ch nh ca Din n Hp tc kinh t Chu Thi Bnh Dng (APEC), th hin cam kt tip tc m ca nn kinh t vi th gii. Tin trnh hi nhp kinh t quc t i hi cc doanh nghip phi quan tm thc s n vic nng cao kh nng cnh tranh. Trong bi cnh , thng mi in t l mt cng c quan trng c nhiu doanh nghip quan tm ng dng. S quan tm ca doanh nghip i vi thng mi in t c th hin qua cc hot ng giao dch mua bn ti cc sn thng mi in t (e-Marketplace), dch v kinh doanh trc tuyn, s lng cc website doanh nghip ... ng o doanh nghip nhn thy nhng li ch thit thc ca thng mi in t thng qua vic ct gim c chi ph giao dch, tm c nhiu bn hng mi t th trng trong nc v nc ngoi, s lng khch hng giao dch qua th in t nhiu hn. Nhiu doanh nghip k c hp ng vi cc i tc thng qua sn giao dch thng mi in t. Trn thc t thanh ton in t lin tc l tr ngi ln i vi s pht trin ca thng mi in t trong giai on t nm 2005 ti 2007. Tuy nhin, nm 2007 nh du s pht trin nhanh chng ca lnh vc ny. tm chnh sch v m, u nm 2007 Chnh ph ra mt vn bn quan trng lin quan ti thanh ton in t c hiu lc, l Quyt nh s 291/2006/Q-TTg ngy 29 thng 12 nm 2006 ca Th tng Chnh ph ph duyt n thanh ton khng dng tin mt giai on 20062010 v nh hng n nm 2020. Hin nay h thng cc ngn hng thnh vin ca Smartlink v Banknetvn chim khong 90% th phn th c nc v ang lin kt vi nhau tng bc thng nht ton th trng th. Cc ngn hng thng mi xy dng l trnh chuyn dn t cng ngh s dng th t sang cng ngh chip in t. Hu ht cc nghip v t Ngn hng Nh nc ti cc ngn hng thng mi v cc t chc tn dng c ng dng cng ngh thng tin.

1.3.2. H thng php l cho thng mi in t ca Vit Nam

Lut giao dch in t c ban hnh nm 2005 vng vi Ngh nh s 57/2006/N-CP v Thng mi in t l ngh nh u tin hng dn Lut giao dch in t, c ban hnh vo ngy 9/6/2006. Tip theo l lut Cng ngh thng tin c ra i nm 2006, l

14

c s php l quan trng to ra mi trng php l cho thng mi in t pht trin. Tip theo cc lut c mt lot cc vn bn quy phm php lut hng dn 2 lut ny c ban hnh trong nm 2007. Ngay trong nm 2007 Chnh ph ban hnh lin tip cc ngh nh quan trng, l: - Ngh nh s 26/2007/N-CP quy nh chi tit thi hnh Lut Giao dch in t v Ch k s v Dch v chng thc ch k s, - Ngh nh s 27/2007/N-CP v Giao dch in t trong hot ng ti chnh, - Ngh nh s 35/2007/N-CP v Giao dch in t trong hot ng ngn hng, - Ngh nh s 63/2007/N-CP quy nh x pht vi phm hnh chnh trong lnh vc cng ngh thng tin, - Ngh nh s 64/2007/N-CP v ng dng cng ngh thng tin trong hot ng ca c quan nh nc.

1.3.3. Mt s vn ca giao dch thng mi in t Vit Nam

Bn cnh nhng thnh cng v thun li ca s pht trin nhanh chng, thng mi in t ca Vit Nam cng ang phi i mt vi mt s vn ln lm cn tr s pht trin v m rng th trng, hp tc quc t. Trong cc vn , vn an ton thng tin, an ninh mng, ti phm lin quan n thng mi in t ang l nhng vn cp bch cn gii quyt. Nhng hnh vi li dng cng ngh phm ti ngy mt gia tng; tnh trng t nhp ti khon, trm thng tin th thanh ton gy nh hng khng nh n cc hot ng thng mi in t lnh mnh. Trn thc t hnh thc thanh ton in t hay giao dch in t Vit Nam cho n nay hu nh vn cha thc s p ng c nhu cu ca ngi dng do cc vn lut php, v ngn hng v cc nh cung cp dch v thanh ton trung gian. Do vy, ngi mua hng trn mng cui cng vn phi thanh ton bng tin mt hoc chuyn khon cho nh cung cp qua 1 thit b trung gian khc m khng c th thanh ton trc tip trn website bn hng. Chnh iu ny gy cn tr khng t n cc hot ng trc tuyn, gia tng chi ph v tn hi kinh t ca ngi tham gia.

1.4. Nhu cu v an ton bo mt thng tin trong giao dch in t

Li ch ca thng mi in t v giao dch in t i vi nn kinh t quc dn cng nh s pht trin v mt cng ngh v th trng ton cu l v cng to ln. Tuy nhin, song hnh cng vi nhng thun li bao gi cng ny sinh v tn ti kh khn. Vn ng lo ngi nht hin nay m tt c cc quc gia u phi i mt l s tn cng, ph hoi ca mt s phn t x hi, gy nh hng khng nh n nn kinh t. Mt vn bc xc c t ra l nghin cu pht tin cc gii php an ton thng tin cho thng mi in t v giao dch in t qua mng. Vn m bo an ninh quc gia trong thi i ton cu ho v thng tin tr thnh mt thch thc ln ngay c vi cc quc gia c mt nn cng ngh thng tin hng mnh.

15

Ti H Ni, cui thng 3/2008 va qua din ra Hi tho Th gii an ninh bo mt Security World 2008. Nhng bo co, tham lun ti Hi tho u cho thy vn an ninh cc website, c bit website ca cc cng ty chng khon l nhng mi quan ngi ln trong nm 2007. Vi nhng din bin xy ra, an ninh mng Vit Nam nm 2007 thc s l mt nm bt n v c coi l nm bo ng . Hng nghn virus mi xut hin, nhng cuc tn cng c ch ch ca gii hacker vo cc website ca cc c quan, t chc v doanh nghip ... gy ra nhng hu qu nht nh cho cc n v ny. Nhiu hot ng phm php, li dng Internet lm mi trng hot ng, tnh trng pht tn th rc, virus ... tng theo cp s nhn.

1.5. Khi qut v cc gii php cng ngh bo mt an ton thng tin v an ninh mng
Vn bo mt an ton thng tin v an ninh mng lun l bi ton kh thch thc cc quc gia trn phm vi ton cu. Hin c nhiu gii php, nhiu sn phm cng ngh c nghin cu v ng dng, tuy nhin vn ny vn lun l vn thi s v thch thc. Trong phn di y s im qua cc gii php cng ngh v lnh vc ny trn c s cc chng sau s tp trung trnh by gii php nghin cu ca ti, c t trong bc tranh ton cnh chung ca cc gii php cng ngh.

1.5.1.

Cc cng ngh mt m

Cng ngh mt m l nn tng ca tt c cc cng ngh bo v thng tin. Cng ngh ny cung cp 5 dch v c bn: m bo b mt, ton vn d liu, chng thc thng ip, chng thc ngi dng v chng chi b. i vi mt m kho i xng, vic nghin cu c thc hin trong lnh vc cng ngh ng dng mt m khi. Mt m kho cng khai, RSA v ECC u c pht trin ng thi. Tuy nhin rt nhiu nghin cu ca RSA v ECC c thc hin nhm gii quyt nhng yu t sai st tng nng sut tnh ton. c bit, mt s nghin cu nh: thut ton modular, thut ton trng hu hn, v thut ton ng cong elp c thc hin. Ngoi ra, cc nghin cu cng c thc hin mt cch ng b v mt giao thc thit lp kho, chng trnh ng dng mt m, v cng ngh phn tch bn vng trong lnh vc kho i xng.

1.5.2.

Cc cng ngh chng thc

Cc cng ngh chng thc c chia thnh 2 nhm l cng ngh h tng kha cng khai PKI (Public Key Infratruction) v cng ngh PMI. Cng ngh PKI da trn nn tng h mt m kha cng khai cng vi cc chnh sch, cc kin trc h thng v c ch s dng cc kho cng khai v tnh ton vn ca chng ch s to thnh c s h tng an ton cho cc giao dch in t trn mng. Hin nay h tng PKI v ang c ng dng rng ri trn th gii. Cc cng ngh h thng PKI da trn h m kho cng khai cng ang c pht trin cng vi cc sn phm c lin kt vi lnh vc dch v ng dng nhm tng cng chc nng VA (Validation Authority), chc nng khi phc kho, tng cng s dng th thng minh v chp nhn cc dch v bo mt, chp nhn phng thc mt m ng cong elip trong thut ton ch k s, tch hp cng ngh khng dy vo cc sn phm chng

16

thc, xy dng h thng PKI ton cu. Bn cnh cng ngh PKI, cng ngh PMI c dng trong vic qun l cc quyn ca ngi s dng. PMI c th c phn thnh 2 loi: EAM (Extranet Access Management) v 3A (Authentication/ Authorization/ Administration).

1.5.3.

Cng ngh sinh trc hc

Sinh trc hc l o cc c im v hnh vi (ch k, dng i, thi quen g phm) hoc cc thuc tnh vt l mang tnh duy nht ca c th con ngi (vn tay, ging ni, khun mt, mng mt, ADN...). Cng ngh sinh trc hc c dng o cc c im vt l v c im hnh vi ca con ngi bng cc thit b t ng v s dng cng c o lng xc nh cc c nhn, phn chiu thng tin nhn c t mt phn ca c th hoc t cc c im hnh vi c nhn. Cng ngh ny c mt li th l khng c ri ro khi cho thu (nhng) mt khu hoc th ID cho ngi khc, hoc lm mt, chim ot hay sao chp chng. V mt cng ngh hin ti, mt (face), vn tay v mng mt (iris) c a vo s dng, mt s cng ngh sinh trc khc nh: gn (vein) mu bn tay, DNA, dng iu (gait), chiu cao, keystroke v mu tai (ear pattern) cng ang c thc y pht trin. Hng hin nay l kt hp cng ngh a sinh trc (multi biometrics) vi cc cng ngh n sinh trc (single biometrics) v vic kt hp cng ngh vo th thng minh cng ang c pht trin. Cc vn v tiu chun ho qu trnh x l, vn chuyn, v lu tr thng tin sinh trc hc vn ang c tho lun. Hng nghin cu tch hp phng php thm nh xc thc sinh trc hc vo h tng kha cng khai PKI to thnh h BioPKI cho php xc thc, thm nh ngi dng khi s dng kho b mt trong hot ng ca h thng PKI. y l mt trong cc gii php ang c quan tm nghin cu nhm m bo s nh hng ln nhau thng qua cc tiu chun, t ng kho v chng thc ngi qun l hp l, d dng p dng cc chc nng quan trng ca chng ch trong cc h thng.

1.5.4. Cng ngh bo v h thng v mng

Cng ngh bo v h thng v mng c dng bo v my tnh v thng tin ca cc t chc hoc c nhn nhm chng li cc hnh ng tri php nh: gi mo, thay th, tit l, xm nhp vo nhng thng tin c truyn i qua mng truyn thng nh internet. Cc lnh vc chnh ca cng ngh ny l bo mt my tnh v my ch, firewall, pht hin xm nhp, pht hin v qun l xm nhp. Vic pht trin cng ngh ny bao gm pht hin vi rt, cc tp d liu c nhn, PC firewall, kim sot truy nhp dch v, kim sot truy nhp server, cng ngh mt m, bo mt h iu hnh, cc cng c phn tch nhc im, server firewall v tch hp cc gii php bo mt. Cng ngh bo mt my tnh l mt vn nng bng v c quan tm mt cch c bit. Cng ngh bo mt server cng ang c pht trin nhm b p nhng thiu st ca SSH, n nh bo mt DHMS v ci tin nhc im i ph vi xm nhp. Trong lnh vc cng ngh chng xm nhp, IDWG (Intrusion Detection Exchange Format) v INCH ca IETF pht trin cc tiu chun trao i thng tin trong vic pht hin xm nhp v cc cng c tnh ton ri ro; bn cnh cn pht trin tiu chun bo mt ca SHSLOG.

17

1.5.5. Cng ngh bo v mng

Cng ngh bo v mng l cng ngh ci tin tnh n nh ca h thng mng nhm chng li cc hnh ng tri php nh: gi mo, thay th, tit l, xm nhp vo nhng thng tin c truyn i qua mi trng mng nh internet. Cc lnh vc cng ngh chnh l: cng ngh bo mt IP (IPSec) - l kin trc bo mt ca tng mng; bo mt tng truyn d liu (TLS security) - l kin trc bo mt cho tng truyn d liu Multicast, kin trc bo mt cho cc dch v khng dy, kin trc cho cng ngh pht hin v ngn chn xm nhp, kin trc qun l bo mt kt hp, v kin trc bo mt mng th h mi (next-generation network). Thng thng, giao thc HTTPS (HTTP/TLS) c s dng m bo an ton cho cc dch v web thng qua cc cng ngh trn. Cc trnh duyt web cng h tr SSL v2.0, SSL v3.0 v TLS v1.0 v gn y l truyn ID v mt khu c m ho. Cng nh cc cng ngh ng dng khc, OpenSSL, Plannet SSL v PowerTCP SSL thng sn sng cung cp ng truyn m ho qua Internet v Intranet, SecureNetterm h tr TLS v ws-ftp (cung cp cc dch v ftp an ton). Giao thc bo mt IPSec - l cng ngh ct li trong vic xy dng VPN - c vn hnh c 2 phng thc: transport mode v tunnel mode. Tuy nhin, tunnel mode ch yu c dng duy tr tnh b mt ca cc lung truyn gi d liu.

1.6. Xc nh nhim v ca ti
H thng an ninh thng tin (Bio-PKI Based Information Security System) kt hp cc du hiu c trng sinh trc hc vn tay con ngi vo m bo mt vi kha cng khai PKI, l hng nghin cu mi cho php mang li nhng u im hn cc h thng m kha cng khai hin c v an ton bo mt, v tnh xc thc thm nh trong cc giao dch, cc dch v in t qua mng my tnh. Mc tiu ca nhim v hp tc vi Malaysia theo ngh nh th ch yu bao gm: - Nghin cu xut phng n kt hp cc c trng ca vn tay vi m bo mt kha cng PKI to m sinh trc hc Bio-PKI. - Xy dng th nghim h tng c s h thng an ninh thng tin Bio-PKI (protoptype). Thit k v xy dng th nghim phn mm h thng an ninh thng tin da trn m sinh trc hc Bio-PKI nhm hng ti ng dng trong cng tc xc thc, thm nh sinh trc hc v kim sot truy cp dng trong cc lnh vc an ninh, thng mi in t, ngn hng, giao dch in t, chnh ph in t. Kt qu nghin cu phi hp ca 2 pha Vit Nam v Malaysia th nghim pht trin ng dng h thng Bio-PKI.

18

Chng 2. SINH TRC HC V H THNG AN NINH BO MT THNG TIN DA TRN SINH TRC HC
2.1. Tng quan v sinh trc hc
Thut ng sinh trc hc (Biometric) c dng ghp theo ting Hy Lp t 2 t: Bio (thuc v thc th sinh vt sng) v metriko (k thut o, o lng), thut ng ny c hnh thnh trong qu trnh pht trin loi ngi v c bit n t lu th hin cc c trng v th cht hay v hnh vi ca tng c th con ngi. C nhiu loi c trng sinh trc hc: vn tay (Fingerprint), lng bn tay (Palm print), dng hnh hc bn tay (Hand geometry), ch k vit tay (Hand written Signature), khun mt (Face), ting ni (Voice), con ngi mt (Iris), vng mc (Retina), ADN Nhng c trng ny c pht hin t rt sm nhn dng, xc thc ch th con ngi v hin nay ang c quan tm nghin cu trin ng dng trong cc lnh vc an ninh, quc phng, thng mi. Nh vy sinh trc hc c coi l o cc c im v hnh vi (ch k, dng i, thi quen) hoc cc thuc tnh vt l mang tnh duy nht ca c th con ngi cho php nhn din c th con ngi. Cc c trng sinh trc hc ca c th ngi c s dng phi m bo cc tiu chun sau y: Tnh rng ri: cho bit mi ngi thng thng u c c trng ny, to kh nng s dng h thng an ninh sinh trc hc cho mt s lng ln ngi. Tnh phn bit: c trng sinh trc hc gia hai ngi bt k phi khc nhau, m bo s duy nht ca ch th. Tnh n nh: c trng phi c tnh n nh trong mt thi gian tng i di. Tnh d thu thp: kh thi trong s dng, c trng sinh trc hc phi d dng thu nhn mu khi ng k, kim tra xc thc. Tnh hiu qu: vic xc thc sinh trc phi chnh xc, nhanh chng v ti nguyn cn s dng chp nhn c. Tnh chp nhn c: qu trnh thu thp mu sinh trc phi c s ng ca ngi ngi dng. Chng gi mo: kh nng mu sinh trc kh b gi mo C nhiu c trng sinh hc khc nhau c s dng. Mi loi c im mnh v im yu ring. Tuy nhin khng mt c trng no tha mn tt y tt c cc yu cu ca mt c trng sinh trc hc nu trn, ngha l khng c mt c trng sinh trc hc hon ton ti u [6]. Trong cng trnh nghin cu [9] mt bng di y so snh khi qut cc tiu chun nh gi tng ng cc c trng sinh trc hc:

19

c trng sinh trc hc

Tnh rng ri

Tnh phn bit

Tnh n nh

Tnh d thu thp

Tnh hiu qu

Tnh chp nhn c

Chng gi mo

Vn bn tay Dng hnh hc bn tay Vn tay Dng i Khun mt Nhit Khun mt Thi quen g phm Mi Tai Vng mc Mng mt Ch tay Ging ni Ch k ADN

M M M M H H L H M H H M M L H

M M H L L H L H M H H H L L H

M M H L M L L H H M H H L L H

M H M H H H M L M L M M M H L

M M H L L M L L M H H H L L H

M M M H H H M M H L L M H H L

L M M M H L M L M L L M H H L

Bng 2.1: So snh cc cng ngh nhn dng sinh trc hc

Ch : cc k hiu c ngha nh sau: H (cao), M (trung bnh) v L (thp).

2.2. H thng sinh trc hc 2.2.1. Khi qut v h thng sinh trc hc

H thng sinh trc hc (Biometric System) thc cht l mt h nhn dng da trn cc c im v hnh vi hay thuc tnh vt l ca ngi cn nhn dng [9]. H thng sinh trc hc c phn ra thnh hai loi chnh [13]: H thm nh (Verification): H thng thc hin i snh 1-1 gia mu sinh trc hc thu nhn c (Biometric sample) vi mu dng sinh trc hc (biometric template) c trong h thng t trc. Kt qu tr li cu hi mu sinh trc thu nhn c lin quan ti mu dng sinh trc hay khng, thng thng trong h thm nh kt hp vi thng tin nh danh ch th thc hin chc nng xc thc thm nh sinh trc (Authentication). Trong h xc thc thm nh i hi cao v chnh xc kt qu tr li cu hi sinh trc hc sng thu nhn c (biometric sample) c phi l sinh trc ca ch th lu trong h thng khng? Nhn dng (Identification, Recognition): H thng thc hin chc nng tm kim (1-n) t mt c s d liu tm mt mu sinh trc c th trong cc mu khun dng sinh trc thu thp t trc v sau thc hin i snh xp x nhn dng phn lp (Classification) hoc nhn dng ng nht (Identification), v d nh vic tm mu vn tay ti phm trong h s cc vn tay, t xc nh danh tnh ca ch s hu vn tay. S khi chc nng ca 2 loi h thng sinh trc c minh ha trong Hnh 2.1. Cc thnh phn chc nng ch yu ca h thng sinh trc hc [13]: - Thu nhn (Sensor, Capture): thu nhp mu sinh trc hc v biu din di dng s ha. - X l v trch chn c trng (Feature Extraction): Thc hin cc php x l phn tch v trch chn cc c trng t mu sinh trc hc.

20

- i snh (Matching): thc hin so snh cc c trng va trch chn vi khun mu sinh trc c trc. - Ra quyt nh (Decision): da trn kt qu i snh s khng nh danh tnh ngi dng (vi h nhn dng) hoc l mt cu tr li ng hoc sai v mu sinh trc hc so vi khun mu sinh trc c t trc (vi h thm nh). Hot ng ca h thng sinh trc bao gm 2 giai on c bn: - ng k (Enrollment): ng k mu sinh trc vo h thng - Thm nh hoc nhn dng (Verification/ Identification)

Hnh 2.1. S khi chc nng ca 2 loi h thng sinh trc.

2.2.2. Cc c im ca h thng sinh trc hc

a/ Cc vn v thu nhn v biu din mu sinh trc nh sau: Xc thc bng mt khu truyn thng dng Password khng cn s dng cc phng php nhn dng mu phc tp, m ch cn i snh trc tip mt khu. C ch ny cho php xy dng h xc thc mt khu m bo tnh chnh xc, n nh, hiu qu ng nh thit k. Tuy nhin vn khng an ton v im yu nht ca h thng l thng thng mt khu ch gm 6-8 k t, mt khu ny d dng b nh cp, b qun hay b mo danh, khi xy ra mt an ton mt khu, ton b h thng an ton ca h thng s sp . i vi sinh trc hc, mu sinh trc c tnh bn vng cao, kh gi mo dnh danh v chp php m bo an ton cho h thng. Mt khc khi thu nhn cc mu sinh trc sng v x l biu din trch chn c trng, cc kt qu ny ph thuc rt nhiu vo yu t nh phng php ly mu, mi trng ly mu, trng thi tng tc ca ngi ly mu vi thit b v ty theo loi sinh trc thu nhn [7,10]. Thu nhn mu sinh trc khng n nh

21

Nh ni, tn hiu sinh trc hc thu nhn c ph thuc vo c trng sinh l, hnh vi tng tc ca ngi dng V d nh vi thu nhn mu vn tay t my qut (trng hp thu nhn mu c coi l l tng nht), s khc nhau v lc n ca ngn tay ln thit b qut, v tr n ngn tay ln mt phng qut u nh hng ti kt qu thu nhn nh vn tay. V cc ngn tay khng phi l i tng c nh v qu trnh chiu b mt u ngn tay ln mt phng qut khng tuyt i chnh xc, nn vi lc n khc nhau, cc phn khc nhau ca vn tay s c qut nh v d hnh di y:

Hnh 2.2. Thu nhn mu sinh trc khng n nh

i vi nhn dng khun mt, do gc chp hnh khun mt khng th tuyt i ging nhau mi ln ly mu, nn kt qu ly mu ph thuc vo v tr chp hnh khun mt. V th cc mu thu c u c s khc vi nhau. Thay i ca c trng sinh trc Ngoi vic kh khn v qu trnh thu nhn, c sinh trc hc cn b nh hng bi ngoi cnh bn ngoi. Vi vn tay, cc hot ng lm vic, tai nn lao ng u tc ng ti cht lng hnh nh trn u ngn tay. Kt qu thu nhn cn thay i khi ngi dng c eo trang sc, v d nh nhn khi nhn dng hnh dng bn tay. Nhn dng khun mt c th gp kh khn sau mt khong thi gian v di v kiu tc, ru ngi dng thay i, hoc b tai nn nh hng ti khun mt Tt c cc tc ng ngoi cnh u thay i ln ti kt qu thu nhn mu. Tc ng ca mi trng Cc tc ng ca mi trng ti thi im thu nhn cng nh hng ti kt qu mu sinh trc. V d nh m, sch ca da, nh hng ca tui tc, bnh tt v da nh hng ti mu vn tay (Hnh 2-3).

Hnh 2.3. nh hng ca mi trng ln mu vn tay

22

Ngoi ra, cc thut ton phn tch c trng sinh trc hc t mu thu nhn cng khng hon ho v c mt li nht nh. Kt qu l i snh hai mu sinh trc hc c ging nhau hay khng l qu trnh nhn dng mu v ra quyt nh kh phc tp b/ i snh sinh trc hc Do cc nguyn nhn nh hng nu trn, i snh sinh trc hc khng th thc hin mt cch tuyt i nh vi mt khu truyn thng. Thng thng, i snh sinh trc hc thng dng cch i snh tng i gia hai mu, s ging nhau ca tng thnh phn nh c nh gi bng cho im (matching score). Khi s im i snh ln vt ngng nh trc, c th coi l hai mu sinh trc gn tng t nhau. V d vi nhn dng vn tay, cc thnh phn nh c so snh l im kt thc (ridge ending) v im r nhnh (ridge bifurcation), gi chung l im c trng cc b (minutiae). Cc im ny c tch ra bng thut ton trch chn c trng vn tay. Cc im c trng cc b c nh v bng ba tham s (x, y, ) vi (x, y) biu din ta tng i ca im v biu din hng ca nh ti im . Thng thng, mt mu vn tay tt c t 20-70 im c trng cc b.

Hnh 2.4. im c trng cc b ca vn tay

Qu trnh i snh vi mt mu vn tay khc thc hin bng cch so snh v tr tng i gia cc im c trng cc b vi nhau qua thut ton i snh. Kt qu thut ton tr v l t s im i snh c chp nhn (matching score):

23

Hnh 2.5. i snh vn tay.

Kt qu minh ha trong hnh 2-5(a), hai vn tay khc nhau cho ra im i snh l 4, trong hnh 2-5(b), hai vn tay ging nhau cho ra im i snh l 49. Gi tr ti a ca im i snh l 100.

2.3. nh gi hiu nng v cht lng hot ng ca h sinh trc hc 2.3.1. Vn li trong hot ng ca h sinh trc
Khi hot ng mt h sinh trc hc thng gp hai vn v li sau y: - Li khi i snh mu sinh trc ca hai ngi khc nhau nhng cho kt qu l ca cng mt ngi. Li ny c gi l loi b sai (false reject hay false match). - Li khi i snh hai mu sinh trc ca cng mt ngi nhng cho kt qu sai, v cho rng l ca hai ngi khc nhau. Li ny c gi l chp nhn sai (false accept hay false nonmatch).

2.3.2. Cc tham s nh gi cht lng.

o lng mc li ca h thng, cc o thng dng c nh ngha nh sau FMR (False Match Rate): cn gi l FAR (False Accept Ratio)- T s chp nhn sai : cho bit t l tr li l ng i vi d liu vo l sai FNMR (False Nonmatch Rate): cn gi l FRR (False Rejection Ratio) - T s t chi sai: cho bit t l tr li l sai i vi d liu vo l ng.

24

Hai o ny c rng buc vi nhau: nu FMR cao th FNMR s gim tng i v ngc li. Mc chp nhn c ca FMR v FNMR ty thuc vo tng h xc thc sinh trc c th. Vi h yu cu tnh bo mt cao, v t nng vn an ton ca xc thc hn s tin dng ca ngi dng, th FMR s nh v FNMR s cao. Ngoi hai o trn, ngi ta cn s dng o FTC (Failure To Capture - thu nhn mu tht bi) v FTE (Failure to Enroll chp nhn mu tht bi) nh gi hiu nng ca h xc thc sinh trc hc.

2.4. H thng an ninh bo mt da trn trc hc

H sinh trc hc c nhng u im m h bo mt thng thng khng c, nghin cu h thng an ninh, bo mt sinh da trn sinh trc hc (Biometric Security System) c quan tm nghin cu v ng dng. Hng nghin xy dng h thng trn c s kt hp h thng sinh trc hc vi h mt m (Biometric Cryptosystem) ang l vn thi s c quan tm nghin cu pht trin. S kt hp ny nhm mc tiu nng cao tnh an ton ca h mt m da trn cc u im ca h thng sinh trc hc. H thng an ninh, bo mt sinh trc hc (Biometric based Security System) da trn s nhn bit hoc thm nh cc c trng v th cht hay v hnh vi con ngi nhn dng, xc thc tng ch th [1,3,7,8]. Cng vi s pht trin nhanh chng ca CNTT v truyn thng, h thng an ninh da trn nhn dng, thm nh xc thc sinh trc hc v ang c quan tm nghin cu v c nhiu trin khai ng dng trong nhng nm gn y trn th gii. i vi cc giao dch in t v truyn thng, y l mt trong cc hng tip cn mi v an ninh thng tin v mng, an ton d liu. Phng php ny m ra trin vng ln v an ton trong cc giao dch in t, chnh ph in t, thng mi in t Cc lnh vc nghin cu v h thng an ninh sinh trc hc (Biometric Security Systems) - Cc cc nghin cu c bn v cc loi sinh trc hc, v phng php trch chn c trng sinh trc v v nhn dng, thm nh xc thc ch th con ngi. - Cc h nhn dng, thm nh xc thc sinh trc hc ch th trong h thng - H thng an ninh sinh trc hc trn c s h tng kha cng khai PKI (gi l h thng BioPKI) - Mt m sinh trc hc (Biometric Cryptography) Trong h mt m thng thng, im yu thng qu trnh bo v, qun l v phn phi kha. Nguy c ny e da cc mc tiu v xc thc v chng ph nhn. H sinh trc hc c ng dng gii quyt vn . Hin nay c hai hng tip cn kt hp sinh trc hc v mt m hc nh sau [9]: Dng sinh trc hc qun l kha (biometric-based key release) Dng sinh trc hc to kha (biometric-based key generation).

2.4.1. Dng sinh trc hc qun l v bo v kha

Nguyn tc ca phng php ny l qu trnh i snh sinh trc hc tch ring vi qu trnh m ha ca mt m hc. i snh thc hin theo kch bn: nu mu sinh trc i snh

25

chp nhn c so vi mu khun dng sinh trc lu tr, h s gii phng kha m t ni lu tr an ton, nh smart-card hay c s d liu trn my ch.

Hnh 2.6. Hai m hnh bo v kha trong h bo mt

Hnh 2.6 minh ha hai m hnh bo v kha trong h bo mt: m hnh th nht (hnh a) s dng mt khu truyn thng bo v kha m, y l m hnh bo v kha truyn thng v thng dng; m hnh th hai (hnh b) dng vn tay bo v kha m, y l dng kt hp sinh trc hc vi mt m hc. c im ca hng tip cn ny nh sau: Cn phi truy cp ti mu khun dng sinh trc hc thc hin i snh mu. Qu trnh xc thc ngi dng v qu trnh gii phng kha khi ni lu tr hon ton tch ri nhau (offline). Qu trnh thm nh xc thc ch th khng lin quan trc tip cc giao dch trn mng Hng gii php - Gii php dng sinh trc ti cc thit b u cui (End-User dng cng ngh nhng). Thng l gii php theo cc dng thit b theo cng ngh nhng. - K thut ch yu: KT nhn dng, i snh thm nh sinh trc hc t CSDL lu tr ti thit b nhng, t chnh xc cao. - ng dng: Thng dng cc gii php kha sinh trc ti thit b u cui, cht lng ph thuc vo dng thit b. Mt s vn an ton vi m hnh tip cn trn: Kh nng mu khun dng sinh trc hc b mt hay s dng li: Mu khun dng sinh trc hc c dng khi xc thc, v th t ra vn v an ton lu tr mu nh dng. Cch gii quyt c th l chuyn i mu khun dng sinh trc sang mt min biu din khc: H(X) vi X l mu khun dng sinh trc v H l hm chuyn i mt chiu khng th o ngc, c trng cho tng h mt khc nhau. Nhng cch gii quyt ny sinh ra kh khn khi thc hin i snh sinh trc trn min khng gian x l khc.

26

 Chng s dng li mu sinh trc hc: Mt mu sinh trc hc thu nhn c h mt ny c th b s dng li ti mt h mt khc. trnh nguy c trn, c th thit k sao cho mu sinh trc hc ch c dng cho ring bit tng h mt khc nhau. iu ny thc hin khi cho thm mt vi thnh phn d liu b sung vo mu nh dng, tng t nh trong h xc thc mt m truyn thng. Thnh phn b sung ny gi l salt, c tnh cht c th cho tng h mt. Tch ri gia xc thc v gii phng kha: Do hai qu trnh tch ri nhau, nn kt qu ca xc thc c nguy c b tn cng sa i t sai thnh ng khi truyn ti kt qu, dn ti ph v an ton xc thc ca h thng.

2.4.2. Dng sinh trc hc sinh kha

Nghin cu kt hp k thut sinh trc vi k thut mt m, mt m sinh trc (Biometric Encryption) nhm nghin cu to ra kha m t mu khun dng v mu sinh trc trong h thng. Hng tip cn Biometric Cryptosystem cho php kt hp cht ch sinh trc hc vi mt m hc nhm khc phc cc im yu ca phng php bo v kha v cho php thc hin qu trnh thm nh xc thc ch th tch hp trc tip vo trong cc giao dch trn mng. y l hng nghin cu ch yu hin nay. Tuy nhin phng php to kha t mu sinh trc hc gp phi cc kh khn chnh sau [7,9]: - Kh khn khi cn phi sinh ra chui bit chnh xc t cc mu sinh trc thu nhn. Cc mu sinh trc hc thu nhn c t qu trnh khng n nh, chu nhiu tc ng ca nhng yu t ngu nhin khc nhau. V nguyn tc khng th thu c cc chui bt ng nht tuyt i t cc mu sinh trc sng ca cng mt ch th. Do vy chui bit c trng sinh trc thng khng chnh xc dng lm kha. y l kh khn ch yu ca phng php ny. - Vn s dng mu sinh trc hc vi nhiu h: Do kh nng ch sinh c mt kha t mt loi mu sinh trc hc, iu ny nh hng ti an ton ca cc h mt cn li khi mt h mt b tn cng. Gii php ca vn ny l thm mt phn d liu c trng c vai tr lm tham s cho kha sinh ra, nhm tng a dng ca kha i vi tng h mt. - Tnh ton phc tp. Cc gii thut tnh ton hin nay sinh ra kha t mu sinh trc yu cu lng tnh ton ln. Nhng vn kh nu trn l mc tiu nh hng nghin cu ca ti. Trong chng ny trnh by tng quan v h thng sinh trc hc v h thng an ninh bo mt da trn sinh trc hc: khi nim, cc thnh phn, hot ng; cc yu cu i vi h thng. Trong cc chng tip sau s trnh by nghin cu v gii php kt hp h bo mt sinh trc hc vo h tng c s kha cng khai PKI. Chng 4 tip theo s tp trung trnh by h tng PKI, h tng c s cho cc giao dch in t hin nay v cc vn an ton trong h PKI.

27

Chng 3. C S H TNG KHA CNG KHAI PKI V VN AN TON TRONG H THNG

3.1. H mt m kha cng khai
Mt m l mt cng c bao gm cc nguyn tc, phng tin v phng thc chuyn i d liu nhm n du ni dung thng tin, cng c tnh xc thc ca thng tin, ngn chn s thay i, tnh t chi, v vic s dng tri php thng tin. y l mt trong cc phng tin mang tnh cng ngh c dng m bo an ton cho d liu ca cc h thng thng tin v truyn thng. Mt m cng c th c dng bo v tnh b mt ca nhng d liu nh ti chnh hoc c nhn k c khi d liu c lu tr hay vn chuyn. Ngoi ra, n cng c th dng kim tra tnh ton vn ca d liu bng vic pht hin d liu b thay th hay cha v xc nh ngi hoc thit b gi n. Nhng k thut ny l rt quan trng i vi vic pht trin v s dng cc mng thng tin truyn thng ton cu v nhng cng ngh khc, nh pht trin thng mi in t. Mt m bao gm hai quy trnh hot ng tri ngc nhau: m ho v gii m. ng trn gc s dng my tnh trong vic bo mt thng tin, m ho l qu trnh p dng mt thut ton vo mt bn tin r sinh ra mt bn tin m. Bn tin m s xut hin nh l nhng th v ngha i vi mi ngi v tnh c c n, nhng c th bin i ngc li thnh bn tin r i vi nhng ngi c c thut ton ph hp. Qu trnh bin i bn tin m thnh bn tin r gi l qu trnh gii m . Qu trnh m ho thng c iu khin bi mt kho, thc cht l mt chui cc bt s dng lm cc tham s cho thut ton m ho. Qu trnh gii m cng c iu khin bi mt kho lm tham s cho thut ton gii m, v c th l ging hoc khc vi kho dng m ho [2]. Hin nay, trn th gii thng s dng 2 h mt c bn l Mt m kho b mt (Secret Key Cryptography) v Mt m kho cng khai (Public Key Cryptography).

3.1.1. Khi qut v h mt m kha cng khai

H mt m kho cng khai, cn gi l h mt m khng i xng (asymmetric Cryptography), s dng hai kho khc nhau cho qu trnh m ha v gii m: mt kho (kho cng khai public key) m ho, v kho kia (kho ring private key) gii m. Hai kho ny c quan h vi nhau v mt ton hc, nhng t kho cng khai khng th tm ra c kho ring. Trng h mt ny, nu A mun gi cho B mt bn tin mt, A trc tin s ly kho cng khai ca B t c s d liu cng cng v kho cng khai. Sau A s s dng kho cng khai ca B m ho bn tin, ri gi cho B. Pha B s s dng kho ring ca mnh gii m bn tin m. Nh vy l, ch B mi c th gii c bn tin m m A to ra. H mt ny c thc hin nh vo c tnh rt quan trng ca cp kho l khng th xc nh c kho gii m nu ch cn c vo cc thng tin v thut ton v kho m ho.

28

Nguyn tc ch yu ca h m PKI l dng c 1 cp kha cho mi giao dch khi dng mt kha kha ny m ha th s kha kia dng gii m v ngc li.

Hnh 3.1. Hot ng trao i thng tin bo mt trong h kha khng i xng

Trong hot ng trao i thng tin bo mt thng ip trong h kha khng i xng, thng dng kha cng khai m ha v dng kha ring kha c nhn gii m, nh vy ch ngi no l ch s hu kha c nhn th mi c th gii m c bn tin m ha. Khc vi h mt m kha i xng s dng mt kha b mt duy nht va m ha v gii m, phng php mt m dng cp kha cng khai v kha ring m ha v gii m thng tin. Cp kha ny tuy vn lin quan n nhau theo kiu tng ng 1-1, nhng nu bit kha ny th khng th suy ra kha kia c, do , phng php m ha ny c tn m ha bt i xng. Yu cu c bn vi mt h mt m ha cng khai [2]: Khng th tm ra c kha gii m nu bit thut ton v kha m ha. C 2 kha trong cp kha ny u c th dng m ha, kha cn li s gii m thng ip do kha th nht m ha. (y l yu cu khng bt buc nhng hu ht cc thut ton thng dng trong cng ngh m ha cng khai u c c im ny). Trong cp kha ny, kha cng khai c cng b rng ri, kha ring c gi b mt cho ch nhn ca n. Vn bo v b mt an ton kha c nhn ca ch s hu l im mu cht ca h thng kha cng khai.

29

Bn gi tin A

Thm m

Bn nhn tin B

Thng ip

M ha

M ha

Knh truyn

M ha

M ha

Thng ip

K RA

KUB

KRB
Khi sinh kha

Khi sinh kha

KUA

Hnh 3.2. S hot ng h mt kha cng khai m bo tnh xc thc v tnh mt

Cng vic m ha v gii m c th m t tm tt nh sau: Mi u cui trong h thng mng sinh mt cp kha dng cho vic m ha v gii m cc thng ip m n nhn c. Mi u cui ny cng khai ha mt kha dng m ha ca n. Kha cn li c u cui ny gi cho ring mnh. Nu A mun gi mt thng ip cho B, A dng kha cng khai ca B m ha. Khi nhn c thng ip ny, B dng kha ring ca mnh gii m. Ch B c kha ring ny nn ngoi B ra, khng ai c th gii m thng ip .

3.1.2. Ch k s
tng v ch k in t cng tng t nh ch k vit tay m chng ta vn dng. N dng k ln cc thng tin cn gi i nhm mc ch xc nhn tnh trung thc ca thng tin v ca ngi gi tin. Ngi nhn c th bit c ch k ny c ng hay khng v c phi ca ngi gi thc s hay khng. Ngoi ra, cng nh ch k vit tay, ch k in t c trng cho ch nhn ca n, k khc khng th bt chc c. Ch k in t c biu din trong my tnh bi mt xu cc s nh phn. N c to ra bi mt tp lut, mt tp tham s c trng ca ngi k, cng ton b d liu m n c dng k ln. C mt thut ton c kh nng to ra ch k bng kha ring v xc minh ch k bng kha cng khai tng ng. Mi ngi dng s hu mt cp kha ring / kha cng khai. Kha cng khai c cng b i chng, tuy nhin kha ring th ch c ch nhn ca n bit. Do vy, bt k ai cng c th xc minh ch k ca ngi khc bng kha cng khai tng ng, nhng vic to ra ch k th ch ngi s hu cp kha ny mi lm c. Mt hm bm c dng trong qu trnh to ch k. Mc ch ca n l nn d liu, bin mt mu tin thnh mu tin tm lc. Sau , mu tin tm lc ny c p dng thut ton sinh ch k. Ch k c chuyn i cho pha nhn cng vi d liu k [2]. Pha nhn lm nhim v kim tra xc minh mu tin va nhn c cng ch k i km bng cch dng kha cng khai ca ngi nhn. Pha nhn cng dng mt hm bm

30

nh trn thc hin trn d liu c k, thu c bn bm th nht. Song song vi vic , n dng kha cng khai ca ngi gi, gii m ch k thu c bn d liu bm th hai. Nu 2 bn bm ny ging nhau, ch k c xc thc, ngc li th khng.

Hnh 3.3. M hnh s dng ch k s

Thut ton v ch k in t xc minh tnh ton vn ca d liu v nhn dng ca ngi k. Thut ton ny c dng cho th in t, hay mt s hot ng qua mng khc nh chuyn tin, trao i d liu, phn phi phn mm, lu tr d liu v mt s ng dng khc m trong c yu cu v an ton v ton vn d liu.

3.2. H tng kha cng khai PKI 3.2.1. Khi qut chung v PKI
Sng kin h tng kha cng khai PKI (Public Key Infrastructure, vit tt l PKI) ra i nm 1995, khi m cc t chc cng nghip v cc chnh ph xy dng cc tiu chun chung da trn phng php m ho h tr mt h tng bo mt trn mng Internet. Ti thi im , mc tiu c t ra l xy dng mt b tiu chun bo mt tng hp cng cc cng c v l thuyt cho php ngi s dng cng nh cc t chc (doanh nghip hoc phi li nhun) c th to lp, lu tr v trao i cc thng tin mt cch an ton trong phm vi c nhn v cng cng. PKI bn cht l mt h thng cng ngh va mang tnh tiu chun, chnh sch, va mang tnh ng dng c s dng khi to, lu tr v qun l cc chng thc in t (digital certificate) cng nh cc m kho cng cng v c nhn. Hin nay c rt nhiu cch nh ngha khc nhau v PKI tu theo gc nghin cu hoc ng dng c s h tng ny. Tuy nhin, mt cch c bn nht c th nh ngha c s h tng kho cng khai l mt h thng cng ngh, chun, cu trc v cc chnh sch phi hp vi nhau nhm bo m tnh b mt v an ton thng tin trn Internet s dng mt m kho cng khai [2]. C s h tng kha cng khai PKI l khung lm vic bao gm cu trc t chc cc thnh phn hot ng c phn cng v phn mm h thng, cng vi cc chnh sch, cc

31

th tc qun l v phn phi kha, qun l, cp pht cc chng ch s (digital certificate) v chng thc cc chng ch s. Nn tng mt m ca PKI chnh l h thng mt m kha cng khai. Nh vy PKI l mt c s h tng h thng va mang tnh m hnh va mang tnh cng ngh v cc chun, va l m hnh kin trc va l h thng cc giao dch v ng dng cho php thc hin khi to, lu tr, qun l cc chng ch s (Digital certificate), qun l v phn phi cc kho cng khai, kha c nhn v c ch chng thc chng ch s [11,12]. Hin nay trn th gii PKI c xy dng v trin khai thnh cc kin trc h thng c th bao gm t chc phn cng, phn mm, cc chnh sch quy tc, cc th tc, cc giao dch trong h thng v cc chun. Cng ngh lm nn tng cho cc hot ng chng thc l cng ngh mt m kho cng khai. Cc thnh phn c bn nht trong cng ngh mt m kho cng khai bao gm cc thut ton to cp kho cng khai/ kho ring, cc thut ton bo mt, c ch m ho v gii m thng tin, phng php to ra ch k in t v cu trc ca chng ch s. Cc thnh phn ch yu ca PKI bao gm [11]: - CA (Certificate Authority): B phn thm quyn pht hnh chng ch v chng thc - RA (Registration Authority): B phn thm quyn ng k chng ch, - Certificate Holder- User: ngi s dng trong h thng PKI, ch th chng ch, - Digital Certificate Distribution System: H thng phn phi chng ch s, kho cha - Relying Party: Cc thc th lin quan s dng chng ch. Cc hot ng giao dch c s trong h PKI bao gm: To yu cu chng ch s; Pht hnh chng ch s; cng b chng ch s; s dng/ hy b chng ch s; chng thc chng ch s, bo v kha c nhn ca ngi dng chng ch s. S lc v cng ngh v k thut, c cc chun h thng PKI vi cc nh dng chng ch s khc nhau [12]: - Chng thc s theo chun X.509: Do nhm PKIX ca IETF xy dng, dng giao thc bo mt SSL, IPSec, s dng cho m hnh kin trc PKI phn cp. - Chng thc s SPKI - Simple Public Key Infrastructure. - Chng thc s PGP - Pretty Good Privacy: Do Phil Zimmermann thit k vo nm 1991, chun m ha th in t v chng thc ch k s bng chng nhn PGP, s dng m hnh PKI li Web of Trust.

3.2.2. Cc m hnh kin trc ca PKI

V mt l thuyt th c nhiu kiu m hnh PKI. Mi m hnh c cc thuc tnh v t chc v s tin cy ring nh s lng cc CA trong mt PKI, im tin cy ca ngi dng cui trong mt PKI, v quan h tin cy gia cc CA trong mt PKI c nhiu CA [2,11,12] . Tuy nhin, thc t ch c mt s m hnh PKI sau y l c trin khai: Kin trc mt CA n - Single CA architecture

32

Hnh 3.4. Kin trc CA n

Kin trc cy phn cp - Hierarchical architecture

Hnh 3.5. Kin trc CA phn cp

Kin trc mt li - Mesh architecture

33

Hnh 3.6. Cu trc CA dng li

Kin trc hn hp - Hybrid architecture

Hnh 3.7. Kin trc PKI dng hn hp

34

3.2.3. Kin trc cc thnh phn trong hot ng PKI

C th thy trn hnh v di y s phi hp hot ng ca 5 thnh phn c bn trong kin trc ca PKI [11]:

Hnh 3.8. Kin trc cc thnh phn PKI

Cc thc th u cui (End Entities EE)

Trn thc t, mt EE c th l ngi dng cui, hoc mt thit b nh router, my ch, mt x l, hay bt k th g c th c gn l i tng ca h thng chng ch kha cng khai. Tm li, EE c th c hiu l khch hng ca cc dch v PKI. Thm ch, mt nh cung cp cc dch v PKI cng i khi c coi l EE, v d mt RA c th coi l EE ca CA (CA v RA s c gii thch c th sau). Cc EE b rng buc bi cc chng ch. V d nh cc server v cc ngi dng u cui phi c kt np vo PKI trc khi c th tham gia nh mt thnh vin ca PKI. B phn thm quyn pht hnh chng ch (Certificate Authority CA)

Cc kha cng khai c phn tn theo cc chng ch. Bi th, CA l mt phn v cng quan trng trong kin trc PKI v n l n v duy nht k v pht hnh cc chng ch kha cng khai (CA s dng kha ring ca mnh k cc chng ch). Thc cht ca cng vic l lin kt tn i tng vi kha cng khai, cng nhn rng i tng s hu kha cng khai tng ng. CA cng ng thi chu trch nhim pht hnh cc danh sch chng ch b hy (CRL) nu n khng y quyn cho mt n v chuyn trch lm vic ny (CRL Issuer). CA cng thc hin mt s tc v qun tr nh ng k cho ngi dng, tuy nhin vic ny thng c y thc cho RA (Registration Authority) (RA s c gii thch r rng sau). Trong qu trnh hot ng, CA cn kim nhim c vic lu v khi phc kha mc d cng vic ny cng c th c y thc cho mt b phn chuyn trch.

35

Trong kin trc PKI, thng thng, cc EE c nh cu hnh vi mt hay nhiu mc tin cy no . Nhng mc ny c coi l im xut pht cho cc qu trnh xc minh tip theo. Chnh CA ng vai tr lm c s cho s an ton v tin cy ny. B phn thm quyn ng k (Registration Authority RA)

RA l mt thnh phn khng bt buc phi c trong kin trc PKI. Tuy nhin s xut hin ca n l rt hu ch v s gim nh s lng cng vic m CA phi lm. Nh chng ta ni trn, RA thng tham gia vo qu trnh ng k cho cc EE. Cng vic ny bao gm c vic xc minh cc thng tin m EE dng ng k vi PKI. Ngoi ra, RA cn m nhim mt s cng vic khc, gm: - Thit lp v xc nhn thng tin c nhn ca mt thc th. - Pht tn thng tin chia s ti cc ngi dng, phc v vic xc thc trong mt tin trnh khi to trc tuyn. - Khi to tin trnh chng nhn bi mt CA. Lc ny, RA ng vai tr mt EE. - Cung cp cc thng tin cn thit vi t cch mt ngi dng cui. - Thc hin vic qun l vng i ca cc kha, chng ch. Mc d RA c th gnh vc rt nhiu cng vic gip CA, nhng n khng bao gi c giao quyn pht hnh chng ch kha cng khai, y lun l c quyn ca CA. Tm li, vic xut hin ca RA mang li 2 li ch chnh: - Gim chi ph, c bit l i vi cc t chc phn tn trn din rng, c th phn tn cc RA qun l gip CA. - Vic gim nh cng vic cho CA gip CA c th ngh ngi nhiu hn. Do s gim thiu c cc c hi tn cng nhm vo CA . Chng ch v h thng kho lu tr cc chng ch

Trong vic dng kha cng khai, chng ch l mt vn bn in t c CA k cho cc EE, cng nhn tnh ng n v xc thc ca cc thng tin m EE dng giao tip. Kho lu tr cc chng ch thng l mt th mc. Tuy nhin, trong kin trc PKI, kho ny thc cht l mt cch no lu cc thng tin lin quan ca PKI, v d nh cc chng ch kha cng khai, cc CRL. Trong chun X.500, kho lu tr ny l mt th mc my ch m my khch c th truy cp qua giao thc LDAP (Lightweight Directory Access Protocol), hoc ly file trn my ch qua giao thc FTP (File Transfer Protocol), giao thc HTTP (Hyper Text Transfer Protocol). Ngoi ra, kho ny cn p ng c mt s yu cu t pha h thng my khch. V d c th tr li cho my khch v tnh trng ca cc chng ch, xem chng b hy cha. Tuy nhin, li ch c bn ca cc kho lu tr ny chnh l vic cc EE c ni tm cc chng ch v cc CRL. V d khi A mun giao tip vi B, A phi bit c kha cng khai ca B, v kha c th tm thy trong kho lu tr ny. Danh sch cc chng ch b hy

36

(CRL - Certificate Revocation List) v b phn pht hnh (CRL Issuers). CRL cha danh sch cc chng ch b hy, km theo ch k in t m bo s ton vn v xc thc ca n. Ch k trong CRL thng chnh l ca thc th k v pht hnh cc chng ch trong CRL ny. Cc CRL thng c lu c th d dng thc hin xc minh cc chng ch khi lm vic off-line. Thng thng, CA pht hnh cc chng ch s no th s ng thi chu trch nhim pht cc thng tin v cc chng ch b hy trong s . Tuy nhin, CA cng c th y thc cho mt b phn khc chuyn pht hnh cc thng tin ny, chnh l b phn pht hnh CRL (CRL Issuer). Trong trng hp , cc CRL c pht hnh gi l cc CRL gin tip.

3.3. Cc giao dch in t vi h tng kha cng khai 3.3.1. Cc dch v ca PKI
m bo qu trnh truyn thng an ton. Cung cp mt knh truyn thng tin cy gia PKI v khch hng. T vn khch hng cc gii php, cng nh thc hin truyn thng tin cy gia cc khch hng. Ta c th k n mt s cc dch v ng dng PKI: Secure e-mail (s dng giao thc, v d nh Secure Multipurpose Internet Mail Extensions Version 2, S/MIMEv2, [RFC2311, RFC2312] hoc S/MIMEv3 [RFC2632, RFC2633]) Secure Web server access (s dng giao thc, v d nh Transport Layer Security, or TLS, [RFC2246]) A secure Virtual Private Network, or VPN (s dng giao thc, v d nh IPsec/IKE [RFC2401, RFC2411]) V d nh vi secure-email, c th thc thi bi dch v ca PKI nh sau: Khch hng s s dng gi phn mm i km ca PKI m ha email ri truyn email qua cc vng mng khng an ton s dng c php chun S/MIME m khng cn phi lo lng v tnh ton vn, tnh xc thc, tnh mt ca email . Chng ph nhn: bt k ti liu ti pht tn trn mn bt u t mt nh phn phi hp l th u b PKI tm ra ai l ch th ca n, gip m bo quyn li ca khch hng. Cc PKI cng c th hp tc vi nhau to ra mt mi trng truyn thng kh l tng cho khch hng. PKI cng cung cp lun c cc dch v v phn quyn, i vi mt ti liu, cn c vo ni dung chng ch c th cho bit khch hng nhng quyn g i vi loi ti liu .

3.3.2. Xc thc an ton trong giao dch in t

Di gc nhn v bo mt thng tin phi m bo cc yu cu sau:

- Yu cu v bo mt thng tin: trong giao dch in t xut hin rt nhiu thng tin ring t cn c gi mt tng mc khc nhau. l cc thng tin v c nhn khch hng (danh tnh, a ch, a ch th in t, cc thng tin v ti khon ngn hng); cc thng tin v ti khon ca doanh nghip ti cc ngn hng.

37

Yu cu v tnh ton vn thng tin: thng tin giao dch c m ha di dng chui bit/byte v c truyn qua mi trng mng Internet. Nh chng ta bit, mng Internet hon ton l mt h thng m, rt d b tn cng v xm nhp. Cc thng tin giao dch khng nhng b l m hon ton c th b thay i vi mc ch xu. Yu cu v chng thc ngun gc thng tin: cc thng tin trong giao dch in t u c ch th ca n (khch hng, doanh nghip, trung tm x l d liu, ngn hng ). Yu cu v chng thc ngun gc thng tin gm c 2 kha cnh: - Ai l ch th ca thng tin? - Chng t chi ngun gc thng tin? Cc yu cu v an ton h thng khc: chng tn cng v xm nhp vo website, trung tm d liu, chng n cp thng tin khch hng.

Xc thc tr thnh mt yu cu cp thit v ti quan trng ngay t khi cc tng v thng mi in t mi ra i. Trong qu trnh pht trin v gii quyt vn xc thc th chng ch s to bi h tng kha cng khai PKI (Public Key Infrastructure) ni ln nh mt gii php u vit hng u. Tuy nhin, mt trong nhng vn ni cm l bo v cc chng ch s v cc kha ring t (kha b mt).

3.3.3. c im khi trin khai PKI

Nhng li ch c th nhn thy khi trin khai PKI l [12]: - Tit kim thi gian lm vic, v d nh th t, bo co, hp ng c th gi theo con ng in t thay v dng con ng vt l nh truyn thng. - Ngi dng c th dnh thi gian vo cc cng vic phi lm tay, thay v lun qun vi cc cng vic ca c s h tng bo mt. - S qun l tp trung, thng nht s gim bt lng ti nguyn cho cng vic qun tr. - Gi vt liu thp hn, cn t khng gian lu tr hn, t d tha hn. - Gim tn tht do mt mt thng tin. - Kh nng to mng ring o (Virtual Private Network VPN) qua mt mng cng cng nh Internet c th lm gim chi ph so vi vic thu mt ng dy ring. - C th to ra li nhun t vic kinh doanh mt s dch v, v d nh vic kim tra tnh hp l ca cc giao dch ti chnh bng ch k in t v chng ch s. Nhc im v kh khn khi trin khai PKI

Tuy nhin bn cnh cc im mnh, cng c mt s im ng cn nhc khi c nh trin khai PKI: - H thng phc tp, kin trc cn ph thuc cc chnh sch - Tnh php l ca chng ch s.

38

3.4. Vn an ton trong h thng PKI

Mc d h thng PKI c coi l gii php cho vn an ninh v xc thc hin nay, nhng bn thn h thng cng nh c ch, m hnh hot ng ca n vn cn s h. Cc s h ny khng nht thit n t c ch mt m hc, vn c cng ng mt m kim nghim, m n t nhiu nhn t ch quan v khch quan khc nhau, trong phi k ti yu t con ngi. Mt h PKI v c bn vn tn ti mt s ri ro v bo mt sau: Mt kha c nhn, gi mo kha cng khai, gi mo nh danh ch th [3,18]. An ton kha c nhn

Trong h thng PKI hin nay, kha c nhn c lu tr trn phng tin truyn thng nh trn my tnh ca ngi dng, hoc smartcard v phng tin ny c bo v truy cp bng mt mt khu c bo v truy cp bng mt mt khu di 6 n 8 k t, an ton ca ngi dng ph thuc c vo mt khu ny. C ch m bo an ton cho kha c nhn bng mt khu khng th hin c tnh chng ph nhn trong mt m hc. Bn thn mt khu c nhiu nguy c d b l, hoc b mt bi virus, b nh cp bi cc chng trnh m c hi. Khi kha c nhn mt s rt nguy him, th bt c ai cng c th gi mo ngi v khng ch l mt thng tin m cn c th dn n v c h thng. Nh vy an ton bo mt khi dng cp kha trong h thng ph thuc vo mt khu. Bo mt kha c nhn l vn quan trng trong h thng c s h tng PKI v cng l im yu trong hot ng ca cc h PKI truyn thng. Gi mo kha cng khai: Trng hp kha ny c bo v bng ch k ca CA, tc l kim tra c bng kha cng khai ca CA, c nguy c k tn cng thay th kha ca CA trn my ngi dng, sau tin hnh thay th kha cng khai ca ngi dng bng kha gi. Gi mo kha cng khai dn n l thng tin trong h thng. nh danh i tng: Chng ch s c cha tn ca i tng v phi c thm cc thng tin b sung trnh trng hp nh danh sai do cc thng tin c nhn ca ngi dng trng nhau Trong cc nguy c v bo mt k trn ta thy nguy c ln nht trong PKI l b mt kha c nhn. Vn ny c th c gii quyt bng mt c ch xc thc nh danh mnh hn mt khu truyn thng. l sinh trc hc. Do sinh trc hc mang bn cht chng ph nhn, kh nng gi mo, mt trm c trng sinh trc hc thp hn nhiu so vi mt khu, nn y l gii php tng i hon thin cho vn an ton v s dng kha c nhn.

39

Phn III. BO CO KT QU NGHIN CU CA TI

Chng 4. NGHIN CU PHN TCH V XY DNG M HNH GII PHP H THNG BioPKI
4.1. Vn kt hp sinh trc vo h tng kha cng khai PKI
Nh trnh by cc chng trn, ngy nay h tng kha cng khai PKI l nn tng cho nhiu ng dng bo mt pht trin cho cc giao dch in t qua mng Internet. Tuy nhin, trong h thng PKI vn tn ti vn v an ton trong vic qun l v bo v kha c nhn. Vn ny c nghin cu t lu, c rt nhiu cc gii php khc nhau c a ra gii quyt vn . Mt trong nhng gii php ang c quan tm nghin cu l kt hp sinh trc hc vi PKI tng cng kh nng an ton cho h thng PKI nhm loi b nguy c s dng tri php kha c nhn. Khi qut v mt h thng BioPKI c minh ha trong Hnh 4.1.

Hnh 4.1. Hng tip cn h thng BioPKI

Tuy nhin h thng BioPKI khng phi ch l mt php cng n gin gia h tng kha cng khai PKI vi mt h sinh trc hc no . Vic nghin cu xy dng h thng BioPKI cn gii quyt cc vn ch yu sau: H thng xc thc thm nh sinh trc (Biometric Verification-Authentication System) vi cc vn v kh thm nh sinh trc sng v v cc loi sinh trc ( trnh by chng 2) H tng kha cng khai PKI: Kin trc, chnh sch, cng ngh v cc vn k thut ( trnh by chng 3) M hnh kt hp hai h thng: Biometric security system v PKI system

40

Hn na, nghin cu xy dng h BioPKI lin quan n nhiu vn t c s php l, chnh sch, m hnh kin trc, m hnh tch hp n phn tch thit k h thng, thit k cc gii thut v cc gii php k thut thc thi. Cc phn tip theo ca chng ny s trnh by phn tch cc hng tip cn BioPKI trn c s xy dng gii php v h thng Bio-PKI.

4.2. Phn tch cc hng tip cn nghin cu h thng BioPKI

Hin nay c 3 hng tip cn ch yu nghin cu v gii php h BioPKI [3,5,7]: - Gii php 1: i snh c trng sinh trc thay mt khu (password) xc thc ch th - Gii php 2: Tch hp k thut nhn dng sinh trc vo qu trnh m ha bo mt, mt m sinh trc bo v kha c nhn - Gii php 3: Sinh kha c nhn trc tip t cc c trng sinh trc hc

4.2.1. Gii php 1: i snh c trng sinh trc thay mt khu xc thc ch th
M hnh nguyn tc hot ng ca h thng xc thc dng thm nh sinh trc vn tay thay mt khu c minh ha trong hnh 4.2.

Hnh 4.2. H thng xc thc mt khu v xc thc thm nh sinh trc vn tay

Theo gii php ny, ngi dng mi khi s dng h thng PKI cn gi km theo thng tin sinh trc hc chng minh bn thn. H thng PKI s thc hin cc cc th tc xc thc thng thng v thc hin i snh thng tin sinh trc ca ngi dng km theo ti thi im vi mu sinh trc lu trong qu trnh ng k. Gii php 1 cho php lm tng tnh tin cy ca h thng PKI, nhng cn phi lu mt s c im sau: H thm nh xc thc sinh trc da trn k thut i snh mu thng thng ca k thut nhn dng, d kh thi. Khi cc mu sinh trc c lu tr tp trung ti Server, t ra vn bo m an ton cho my ch lu tr v qu trnh truyn cc c trng sinh trc t ni lu tr n ni s dng i snh.

41

Qu trnh i snh c trng thm nh sinh trc tch ri qu trnh hot ng mt m trong h PKI. Kt qu i snh c trng sinh trc l iu kin h thng tip tc thc hin cc hot ng khc, hn na cc kt qu thng c gi qua mi trng mng truyn thng, do vy c ny sinh nguy c b tn cng vo knh truyn thng nhm lm sai lch kt qu tr li.

c trng sinh trc hc c gi t ngi dng ti my ch i snh nn c th b mt trm v dn n tn cng gi mo. u im l tn dng cc k thut v i snh sinh trc hc hin c, d thc hin trn thit b nhng. Khi kt hp vi gii php cng ngh nhng c th t chc lu ti thit b nhng c nhn, tuy nhin an ton bo mt cn ph thuc vo an ton ca dng thit b lu tr mu v giao thc truyn thng bo mt t ni lu tr n ni s dng.

4.2.2. Gii php 2: kt hp k thut nhn dng sinh trc vi k thut mt m, m ha bo mt kha c nhn
Theo hng tip cn ny, nhiu phng php ang c quan tm nghin cu, ni bt l phng php m ha bo mt sinh trc BE (Biometric Encryption) [1,7]. Qu trnh m ha bo mt m sinh trc hc l qu trnh m ha gn kt s PIN hay kha m sinh trc vi c trng sinh trc sao cho sau c kha m v c trng sinh trc gc u khng cn lu tr v khi phc chnh xc. Tuy nhin kha sinh trc ch c to li ng khi mu sinh trc hc sng ca ch th xut hin trong qu trnh thm nh. S khi m hnh h thng da trn k thut BE c trnh by trong hnh 4.3

Hnh 4.3. H thng BioPKI xc thc thm nh sinh trc theo phng php mt m sinh trc hc (Biometric Encryption- BE)

42

y l hng nghin cu mi ang c nhiu ngi quan tm nghin cu hin nay, cc c im ca phng php ny nh sau: H thm nh xc thc sinh trc da trn kha m sinh trc trnh phi i snh mu sinh trc trc tip, cho php chp nhn khng n nh khi thu nhn cc du sinh trc sng trc tuyn, gii quyt mt vn kh mu cht ca cc h thng thm nh sinh trc. Lu cc kha m sinh trc thay cho lu trc tip cc mu sinh trc, cho php t chc lu tr phn tn v an ton Qu trnh i snh sinh trc c tch hp vo qu trnh hot ng mt m trong cc giao dch s dng chng ch s ca h PKI. Qu trnh thm nh ch th gn lin vi c ch trao i kha trong cc hot ng giao dch lm tng an ton lu tr v bo v truy cp kha c nhn. kh v phc tp ca cc thut ton mt m sinh trc (Biometric Encyption), i hi nhiu nghin cu v m hnh v thut ton.

4.2.3. Gii php 3: dng sinh trc hc sinh kha c nhn

tng chnh ca hng ny l kha c nhn c sinh trc tip da trn c trng sinh trc hc v c dng k cc d liu. u im ln nht ca gii php ny l n khng cn ni lu tr, do vy loi b nguy c tn cng kha c nhn. Mt khc, h thng rt thun tin khi bn thn ngi dng mang theo kha c nhn s dng bt k u, khng cn thit phi c a lu tr hoc smartcard [13]. Kha cng khai s c sinh tng ng vi kha c nhn ny theo thut ton RSA.
Enrollment Template

Sample

Accept Shape matching Reject Feature coding

Code string

Private key generation

Forgery

Hnh 4.4. H thng BioPKI dng kha c nhn sinh trc hc

Trn thc t gii php 3 kh kh thi, kh trin khai ng dng v c nhng gii hn v l thuyt. nh hng nghin cu v h thng BioPKI s nghin cu hai gii php 1 v 2 v tp trung nghin cu gii php 2.

4.3. xut m hnh gii php h thng BK-BioPKI ca ti

43

Theo hng nghin cu BioPKI [5], khung lm vic ca h thng BioPKI trong mi trng mng c trnh by trong hnh 4.5 di y.

CA for Public Keys Client

Biometrics Devices Extraction Biometric key Storage -Biometric Verification

Server

Computer Network

CSDL CA CSDL BioInfor

CA for Biometrics Information

Hnh 4.5. Khung lm vic ca h thng trong mi trng mng

t c cc kt qu nghin cu theo cc yu cu nhim v, ni dung nghin cu ca nhim v ti c xc nh bao gm t nghin cu v phng din l thuyt xy dng m hnh gii php h thng an ninh da trn sinh trc hc vn tay kt hp vi h tng kha cng khai BioPKI n nghin cu v phng din k thut phn tch thit k ton b h thng BioPKI v la chn gii php cng ngh thc thi ci t trin khai h thng trong mi trng mng phng th nghim. Trn c s xy dng v th nghim mt s ng dng v ch k s v bo mt thng ip trong h thng BioPKI. xut m hnh h thng an ninh thng tin da trn sinh trc hc BioPKI bao gm cc thnh phn h thng sau: H thng li h tng kha cng khai PKI H thng sinh trc thm nh xc thc sinh trc vn tay trc tuyn (Fingerprint Biometric System) M hnh tch hp h sinh trc vo h tng kha cng khai v xy dng h thng tch hp BioPKI (gi tn l BK-BioPKI) M hnh mc khung cnh h thng BK-BioPKI c trnh by trong Hnh 4.6.

44

Certificate Certificate

Certificate

Hnh 4.6. M hnh mc khung cnh h thng BioPKI

4.3.1. H thng li h tng kha cng khai PKI.

Nh trnh by phn trn, nhim v ch yu ca ti tp trung vo vn tng cng bo mt kha c nhn trong hot ng h thng PKI, ti la chn gii php xy dng h thng PKI da trn m hnh kin trc CA n lm h thng li nghin cu gii php tch hp h thng sinh xc thc thm nh sinh trc vo h PKI xc thc sinh trc ngi dng. H thng h tng c s PKI ca ti c xy dng m bo y cc thnh phn ch yu ca m hnh PKI, bao gm: - B phn thm quyn xc thc v cp chng ch (CA) - B phn thm quyn ng k (RA) - H thng phn phi, qun l chng ch s - chng th s (Certificate) - Lu tr chng ch s (CR) - Ngi dng trong h thng (user) Cc hot giao dch c s trong h thng PKI bao gm: - ng k ngi dng - Xin cp chng ch - Cp pht v qun l chng ch s - Gia hn hay hy b chng ch s - Thc hin c ch s dng chng ch s, xc thc ch k s

45

4.3.2. H thm nh xc thc sinh trc vn tay trc tuyn

H thng thm nh xc thc sinh trc da trn m hnh c bn di y:

Hnh 4.7. M hnh h thng thm nh xc thc sinh trc

Theo m hnh ny h thng sinh trc ca h BioPKI dng sinh trc vn tay sng c ly trc tuyn t thit b scanner. Hot ng ca h thng sinh trc gm 2 phn h chc nng hot ng bao gm: Pha ng k sinh trc (Enrollment): - ng k ngi dng - Ly du vn tay sng trc tuyn t thit b - X l nh trch chn c trng - M ha - Lu tr c trng Pha xc thc v thm nh (Verification and Authentication): - Ly du vn tay sng trc tuyn t thit b - X l nh trch chn c trng - i snh thm nh trc tuyn (online) xc thc vn tay ca ch th ngi dng

4.3.3. M hnh tch hp h sinh trc vo h tng kha cng khai thnh h BKBioPKI
Trn c s nghin cu cc hng tip cn BioPKI nh phn tch trong phn 4.2, ti nghin cu xut m hnh tch hp h thng kt hp gii php 1 v gii php 2. M hnh mc khung cnh c trnh by trong hnh 4.6, bao gm: - H thng li PKI trn c s kin trc CA n c xy dng trn c s b th vin m OpenSSL v ngn ng C++ vi Windows 2003. Trung tm xc thc CA server m nhim cc chc nng c bn ca CA h PKI. Trong giai on hin ti trong h thng RA c vai tr qun l ngi dng, lu tr kha c nhn c bo mt bng sinh trc vn tay. Ton b cc giao thc ca cc giao dch c s ga RA v CA c thit k v ci t lm c s tch hp h sinh trc to thnh h BioPKI.

46

- H sinh thm nh sinh trc vn tay sng trc tuyn bao gm 2 phn h sinh trc: Phn h sinh trc thm nh trc tuyn vn tay ngi dng (theo hng tip cn gii php 1, gi l Phn h sinh trc 1); Phn h sinh trc sinh kha sinh trc vn tay bo mt kha c nhn ca ngi dng trong h thng (theo hng tip gii php 2 gi l Phn h sinh trc 2). H sinh trc c tch hp vo h BioPKI ti my user v c qun l bi RA v xc thc bi CA, chi tit ca m hnh tch hp s c trnh by trong chng 5 v chng 7.

4.4. Gii php cng ngh thit k v trin khai h thng BK-BioPKI 4.4.1. Cu hnh mng h thng v thit b
- Cu hnh mng cc b cho h thng BK-BioPKI trong giai on ny bao gm mt my Server v cc my Client (users) kt ni hot ng trong mi trng mng tc nghip ti phng th nghim khoa CNTT HBK HN - Thit b qut vn tay: Scaner Futronic model 9880, Futronic's FS82 USB 2.0 Fingerprint scanner with scanning window size is 16x24mm; Image resolution is 480x320 pixel, 500 DPI; Raw fingerprint image file size is 150K byte; with Live Finger Detection (LFD). - H thng li PKI c thit k trn c s b th vin m ngun m OpenSSL, theo chun X509. - Tt c cc my trong phng th nghim c ci t mi trng lp trnh Windows XP SP1, b cng c lp trnh Microsoft visual studio 2003, h qun tr c s d liu MySQL.

4.4.2. Ni dung xy dng v trin khai ton b cc thnh phn h thng BKBioPKI
Ton b h thng BK-BioPKI c thit k xy dng trn cu hnh h thng phn cng v lp trnh ton b bao gm cc thnh phn h thng: - H thng phn mm c s BK-PKI: s trnh chi tit trong chng 6 - H thng phn mm sinh trc Fingerprint Biometric Verification: s trnh chi tit trong chng 5. - H thng phn mm tch hp BK-BioPKI: s trnh chi tit trong chng 7 - H thng phn mm cc ng dng trong h thng BK-BioPKI: s trnh by chi tit trong chng 8.

4.4.3. Phng n phn tch thit k xy dng h thng BK-BioPKI

Mc d hin ti c cc phn mm m v h PKI nh OpenCA, trong giai on ny ti chn phng n: Phn tch thit k v xy dng h thng li h tng kha cng khai PKI theo chun trn c s dng b th vin OpenSSL trin khai cc hot ng giao dch trong mi trng mng phng ti th nghim. Vi phng n ny cho php lm ch ton b h thng PKI th nghim m hnh gii php tch hp BioPKI. Phn tch thit k h thng sinh trc ca h BioPKI

47

- ti la chn dng sinh trc vn tay sng v xy dng h thng trn c s kt hp 2 hng tip cn BioPKI: gii php 1 v gii php 2 (H thng sinh trc vn tay gm 2 phn h sinh trc 1 v phn h sinh trc 2 c trnh by chi tit trong chng 5). - Dng thit b scanner USB qut vn tay thng dng, gi thnh r. Ngn ng lp trnh: C++, Matlab

Cc ni dung phn tch thit k xy dng v ci t h thng BK-BioPKI s c trnh by chi tit trong cc chng 5, 6, 7 v 8 tip theo y.

48

Chng 5. PHN TCH THIT K V XY DNG PHN MM H THM NH XC THC SINH TRC VN TAY
5.1. H thm nh sinh trc vn tay trong h thng BK-BioPKI.
V m hnh h thng PKI cng vi c ch xc thc chng ch s trn c s h mt m kha cng khai v nguyn tc v l thuyt l m bo an ton nh cc phng php m ha v gii m cng vi knh truyn thng bo mt dng giao thc SSL. Tuy nhin, l hng ca trong hot ng ca h thng PKI li lin quan n chnh yu t ngi dng. Tht vy chng ta c th thy c tc hi nghim trng khi mt ngi dng nh mt kha c nhn hoc qun mt khu hoc b l mt khu gii m kha c nhn, t , ngi dng s mt ht an ton cc thng tin, d liu c m ha, hoc nguy him hn, nu h b k xu s dng tri php kha c nhn lm cc bt c vic g hn mun (s dng ch k s), v sau ngi dng khng th t chi c nhng thng tin c k bng kha c nhn ca h b mt. Mt trong cc hng nghin cu gii quyt vn l xy dng cc gii php an ninh thng tin da trn sinh trc hc trn c s kt hp h xc thc sinh trc vo h tng kha cng khai PKI to thnh h BioPKI. ti nghin cu xut gii php. H thm nh xc thc sinh trc vn tay trong h thng BK-BioPKI bao gm 2 phn h: Phn h sinh trc thm nh trc tuyn vn tay ngi dng (theo hng tip cn gii php 1 v BioPKI, gi l Phn h sinh trc 1). Phn h sinh trc sinh kha sinh trc vn tay bo mt kha c nhn ca ngi dng trong h thng (theo hng tip gii php 2 v BioPKI, gi l Phn h sinh trc 2) Mi phn h sinh trc bn thn n l mt h thng thm nh xc thc sinh trc vn tay sng trc tuyn, bao gm 2 qu trnh hot ng ch yu: - ng k (Enrollment) - Thm nh xc thc (Verification Authentication) Sau y s trnh by c t hot ng tng phn h sinh trc: Phn h sinh trc thm nh vn tay ngi dng (Phn h sinh trc 1): u vo l vn tay sng ca ngi dng, ngi dng cho vn tay vo thit b qut vn tay, nh vn tay c thu nhn v x l, sau c trng vn tay ca ngi dng s c trch chn. Trong qu trnh k m (enrollment), c trng vn tay c lu vo c s d liu. Cn trong qu trnh thm nh, c trng vn tay s c i snh vi c trng c gii m t c s d liu, t a ra kt qu thm nh. Phn h sinh trc sinh kha sinh trc vn tay bo mt kha c nhn ca ngi dng trong h thng (Phn h sinh trc 2): u vo l vn tay sng ca ngi dng,

49

ngi dng a vn tay vo thit b qut vn tay, nh vn tay c thu nhn v x l, sau c trng vn tay ca ngi dng s c trch chn. T c trng vn tay, mt tp kha s c sinh ra v tp kha c s dng m ha kha c nhn ca ngi dng. Khi mun ly kha c nhn ra s dng, ngi dng cng li thc hin qut vn tay, cc c trng sinh trc trch chn c s c dng sinh ra tp kha. Tp kha s c dng gii m kha c nhn.

5.2. Phn tch thit k v xy dng Phn h sinh trc 1: H thm nh c trng vn tay sng, trc tuyn trong h thng BK-BioPKI 5.2.1. Phn tch thit k chc nng
Cc chc nng ca Phn h sinh trc 1 c biu din nh sau:
Module thm nh vn tay s

Thu nhn vn tay s

X l nh vn tay

Trch trn c trng

M ha v lu tr c trng

Thm nh

Phn vng

Xc nh ta im trung tm

Xc nh hng Xc nh ta im tham chiu Nh phn ha i h ta Lm mnh nh So snh

Hnh 5.1. Biu phn cp cc chc nng ca Phn h sinh trc 1.

Hot ng Phn h sinh trc 1 gm 2 qu trnh: ng k sinh trc (Enrollment): Trong chc nng ny, ngi dng thc hin qu trnh ng k vo h thng, cng vi cc thng tin c nhn, vn tay s c qut trc tuyn thnh nh, qu trnh x l nh v trch trn c trng c thc hin, c trng vn tay c m ha v c lu tr li trong CSDL ti my ngi dng. Thm nh xc thc (Verification-Authentication) sinh trc: Ngi s dng thc hin ng nhp vo h thng v qut vn tay sng trc tuyn a vo h thng. Cc giai on x l v trch chn c trng vn tay c thc hin tng t trong giai on ng k (Enrollment). Vic i snh 2 tp c trng vn tay c thc hin trn c s, mt tp c trch chn t vn tay thu nhn trc tuyn ca ngi dng, tp kia c ly trong CSDL.

50

Hnh 5.2. Hai qu trnh hot ng chc nng ca Phn h sinh trc 1

Phn h sinh trc 1 c tch hp vo h thng BK-BioPKI 2 tin trnh: Tin trnh ng k ngi dng: Khi ngi dng mun ng k mt ti khon trong h thng, sau khi nhp nhng thng tin c nhn cn thit, ngi dng s phi thc hin qu trnh qut vn tay h thng c th lu tr c cc c trng ca ngi dng (ng vi ti khon ca ngi dng va c to). Tin trnh ng nhp h thng Khi ng nhp vo h thng, ngi dng sau khi nhp username v password, s phi thc hin qut vn tay. H thng s thc hin qu trnh thm nh vn tay a ra quyt nh c cho ngi dng ng nhp vo h thng hay khng.

5.2.2. Phn tch chc nng v cc thut ton

5.2.2.1. Chc nng thu nhn nh vn tay Chc nng ny thc hin thu nhn ly nh vn tay sng t Thit b qut vn tay: Scaner Futronic model 9880, Futronic's FS82 USB 2.0 Fingerprint scanner v lu vo my di dng file nh Bitmap. Futronic's FS80 USB2.0 Fingerprint Scanner s dng cng ngh cm bin CMOS h thng quang hc chnh xc thu nhn nh vn tay, tc qut ca n l 100ms. nh bitmap vn tay thu c t my qut vi cc thng s k thut c th nh sau: scanning window size is 16x24mm; Image resolution is 480x320 pixel, 500 DPI; Raw fingerprint image file size is 150K byte; with Live Finger Detection (LFD) Sau khi thit b c kch hot, chng trnh s to ra mt tin trnh chy lin tc kim tra tn hiu thu nhn c t USB, nu tn hp l s bt u thu nhn d liu do thit b tr v

51

bng cch gi cc hm API trong th vin. Kim tra d liu ly v v a ra thnh nh dng file Bitmap hin th ln mn hnh. Tin trnh ny lin tc qut d liu nhn c t USB, do khi thc hin thu mu hay thm nh th phi tm dng tin trnh m bo d liu khng b sai lch

Hnh 5.3. Thit b scaner Futronic's FS80 USB 2.0

Hnh 5.4. nh vn tay thu c t thit b (*.bmp)

5.2.2.2. Chc nng x l nh vn tay v trch chn c trng y l chc nng quan trng nht, n quyt nh s chnh xc ca chng trnh. Chc nng ny nhn nh vn tay t u vo v c nhim v x l c th trch chn c c trng. Ton b cng c phn mm x l nh vn tay ca chc nng c phn tch thit k v lp trnh ci t bng ngn ng C++ trong mi trng Windows 2003. Trong phn di y s trnh by chi tit v phn tch v xy dng b cng c phn mm x l nh vn tay. Khi chc nng x l nh vn tay gm cc chc nng [10,15]: Phn vng nh vn tay: phn ra vng quan tm v vng khng quan tm trong x l Xc nh hng cho mi im nh: tnh hng cho mi im nh sau tnh hng cho khi cha im nh v t li hng mi im nh thnh hng ca khi. Nh phn ha da theo hng thu c. Lm mnh nh nh phn

52

a) Phn vng nh Giai on ny thc hin vic phn vng nh vn tay sao cho c th loi i nhng vng khng quan tm. Chng trnh s dng mt thut ton kh hiu qu. tng phn vng nh sau: Chia nh thnh cc khi im nh (bigPoint). Khi ny c kch thc 3x3 vi nh kch thc nh v 7x7 vi nh kch thc ln. Xt xem mi khi im nh c thuc vng quan tm hay khng theo iu kin: nu khi 3x3 th n s thuc vng quan tm nu c t nht 1 im nh trong khi l en. Nu khi 7x7 phi c t nht 6 im nh l im en 15%). Vic xt cc khi im nh c xut pht t tm ca nh (phn ln cng l tm ca vng cha vn), loang ra bin ca vng nh du nhng im thuc vng cha vn.

Hnh 5.5. nh vn tay ban u v nh phn vng

b) Xc nh hng ca cc im nh. C nhiu phng php tnh hng ca im nh. Mt trong s nhng phng php quen thuc hay c s dng l phng php ca Lin Hong [20] da trn tnh cc o hm gradient bc mt theo hai hng ngang, dc ca nh. Tuy nhin phng php ny c khi lng tnh ton kh ln. y p dng mt phng php c ngh trong bi bo [14] cho php c lng hng n gin vi khi lng tnh ton nh hn nhiu m chnh xc cng tng ng. Chng trnh thc hin thut ton ny s dng cc trnh by nh hnh v sau, v tr mt im nh c c lng ri vo mt trong 8 hng chia bi cc ng thng cch u nhau mt gc 22.50

53

Hnh 5.6. Hng ca cc im nh

Th tc xc nh hng ca im nh: void SetOrient() { Orient[0].dong=0;Orient[0].cot=1; Orient[1].dong=-1;Orient[1].cot=1; Orient[2].dong=-1;Orient[2].cot=0; Orient[3].dong=-1;Orient[3].cot=-1; Orient[4].dong=0;Orient[4].cot=-1; Orient[5].dong=1;Orient[5].cot=-1; Orient[6].dong=1;Orient[6].cot=0; Orient[7].dong=1;Orient[7].cot=1; } Mt im nh c th nm trn mt ng vn, hoc nm trn mt rnh no . Do vy, ta quy c hng ca im nh l hng ca ng vn (nu n nm trn ng vn) hoc hng ca rnh trong trng hp ngc li. xc nh hng ca mi pixel, trc ht ta tnh gi tr xm trung bnh G[i] ca mi hng i ( i = 0,1,..,7) trong ca s 9 9 vi tm l im ang xt theo cng thc: G[0] = (G[4,0] + G[4,2] +G[4,6] +G[4,8] ) / 4; G[1] = (G[2,0] + G[3,2] +G[5,6] +G[6,8] ) / 4; G[2] = (G[0,0] + G[2,2] +G[6,6] +G[8,8] ) / 4; .. vi G[i,j] l gi tr mc xm ti im c ta (i,j) ng vi mi ca s. Tm hng ny c chia thnh 4 nhm, mi nhm 2 hng vung gc nhau: nhm j ( j = 0,1,2,3) cha hng j v j + 4. Gi tr tuyt i ca s khc ca mc xm trung bnh trong mi nhm c tnh nh sau: Gd[j] = | G[j] - G[j+4]| ( j = 0,1,2,3) Sau ta chn nhm c gi tr khc nhau ln nht, nu:

54

iMax = arg{ Max (Gd[i]) } (trong arg (G[i]) = i) th c hai hng iMax v iMax+4 u c xem xt. Hng ca pixel c tnh bi: iMax nu ( |Grey - G[iMax] < Grey - G[iMax+ 4] ) Di = iMax + 4 ngc li ( trong Grey l mc xm ti pixel ang xt). c) Nh phn ha nh. Phn ny trnh by thut ton nh phn ha nh da trn hng ca cc im nh. Nh phn ha c thc hin da trn hng c nh gi l hiu qu nht. Qu trnh nh phn ha c thc hin nh sau: Vi pixel c hng i xc nh c trn, ta tnh gi tr xm trung bnh theo hng i v hng i + 4, gi s chng l G[i] v G[ i + 4]. Ta nh phn ha pixel bng vic ly trung bnh xm ri so snh vi ngng, nu hn th ta cho mc xm nhn gi tr 255 cn nh hn th nhn l 0.
i = 0,1,2,3

Hnh 5.7. nh hng v nh vn tay nh phn ha

d) Gii thut lm mnh nh Khi nim lm mnh c hiu l vi mi ng vn trch chn c ta s thu mnh n li n khi n ch c dy l 1 pixel. ng vn c lm mnh gi l xng. Gii thut lm mnh thc cht l gii thut tm xng i tng c trnh by phn 3.3.6 chng 3. Ta s thc hin bng cch da trn bin ca i tng, theo ta s bc dn cc

55

lp bin t ngoi vo trong cho n khi khng cn bc thm c na th dng. Phn cn li ca qu trnh ny l xng ca i tng. Cc gii thut x l nh nh phn v lam mnh nh vn tay c p dng v lp trnh trn c s cc gii thut c bn trnh by trong cc ti liu ng ti [10]. Tin trnh lm mnh nh c minh ha nh sau:

Hnh 5.8. Qu trnh lm mnh nh

Thut ton lm mnh nh tng qut: Tin hnh d bin mt i tng, vi mi im bin tm c, kim tra iu kin xa ca im ny. C th tip tc cho ti khi khng cn im no c xa c, iu kin kim tra mt im c b xa hay khng s tng ng vi mt thut ton. Mt s qui c v k hiu: cp 4 (8) lng ging i xng; im xng. P l mt im nh, nh du vi 8 im ln cn P theo th t P0 n P7.

Hnh 5.9. Cc im ln cn (k) ca im nh P

Cp 4 ln cn: N2 = {(P0, P4); (P2, P6)} Cp 8 ln cn: l N4 = N2 U {(P1, P5),(P3, P7)} im bin: mt im c gi l im bin nu c s thay i t ngt v mc xm. Trong nh nh phn vn tay, im bin en m trong 8 lng ging ca n c t nht mt im trng.

56

im xng: Mt im nh l im xng khi n l im c nhiu hn hai vng - nn khng gn nhau trong 8 lng ging. Nh vy ti mt im bin chng ta ch cn qut xung quanh cc im lng ging v m s ln thay i mu nn ca cc im lng ging ny so vi mu nn. Nu s ln thay i ny ln hn 2 th im bin ang xt l im xng.

Hnh 5.10. im xng v vng nn.

Cc bc ca thut ton lm mnh c tin hnh nh sau: Bc 1: D bin theo thut ton d bin chun. Bc 2: Vi mi ng bin, kim tra im bin c l im xng khng? Nu khng l im xng th nh du im xa v sau. Bc 3: Xa nhng im c nh du Bc 4: Kim tra iu kin dng. Nu khng cn im bin no c nh du xa th dng, ngc li th quay li bc 1. Theo thut ton ny th cc i tng nh ln lt b bc dn cc lp bin, cui cng thu c dng biu din cu trc ca i tng. e/ Trch chn c trng. Sau khi x l nh vn tay v lm mnh nh chng ta thu c nh vn tay dng nh xng, da vo , c th trch chn mt cch d dng cc im c trng m chng s lm c s cho chc nng thm nh. Cc im c trng c xc nh nh cc thuc tnh sau [4]: - im kt thc: s im en ln cn l 1 - im r nhnh: s im en ln cn l 3, Thng tin v mi im c trng bao gm: - Ta ca im c trng (x, y) - Hng ca im c trng - Kiu ca im c trng (im kt thc hay r nhnh)

57

Hnh 5.11. im r nhnh v im dng

Cc bc thut ton trch chn c trng v i snh [4]: Bc 1: Tm ta im trung tm vn tay. Vi mi tp im minutiae trch chn c ta tnh khong cch trung bnh t mt im minutiae ti tt c cc im cn li v chn ra im minutiae c gi tr nh nht trong s Khong cch trung bnh t im minutiae (xi , yj) n tt c cc im minutiae cn li c tnh l:

Trong n l s im minutiae ca tp, (xj , yj) l ta ca im minutiae th j trong tp. Sau ta s chn ra im c khong cch trung bnh nh nht. = min (d1, d2, , dn) im ny l trung tm vn tay. Trong trng hp c t hai khong cch nh nht trng nhau tr ln th im c chn s l im u tin theo th t duyt. Th nghim cho thy nu s im minutiae gi t th trung tm vn tay tnh c l n nh. Bc 2: Xc nh im c trng tham chiu. im minutiae tham chiu k hiu l R. y l im c v tr gn trung tm vn tay nht. (chnh l im trung tm vn tay nu tnh theo cch 1). im ny c xc nh theo phng trnh [4]:

Vi [Cx, Cy] l ta im trung tm vn tay. Ta ca im minutiae tham chiu ny l [XR, YR] Bc 3: Chuyn h ta .

58

u tin ta chuyn h ta cc. Ta gi h ta c l CSold. Gc ta ca CSold l gc trn bn tri ca nh, im [0,0]. H ta mi gi l CSnew c gc ta ti im minutiae tham chiu R. Php chuyn i gia hai h trc ta ny c th c th hin nh sau [4]:

Gc ta ca h ta mi s l [XR, YR]. T l tp im minutiae, ta ca cc im minutiae c tnh li nh sau:

Tip theo sp li trt t cc im minutiae cn li. Khong cch gia gc ta v cc im minutiae khc c tnh trc:

Cc im minutiae i c sp li da trn khong cch ti gc ta v s c t ch s mi:

Nh vy: im minutiae u tin l im minutiae tham chiu, im th hai l im minutiae gn nht vi im minutiae tham chiu, c tip tc nh vy,.. Tip theo l hiu chnh xoay cho trong UT. Gc quay c tnh nh sau:

Gc l gc gia trc x v h ta t im minutiae tham chiu n im minutiae th hai. Dng gc , ta c th quay ton b cc im minutiae:

Nh vy, ton b cc im minutiae c sp xp li v quay to thnh mt tp im minutiae c ta mi. Bc 4: So snh hai tp im c trng. Sau khi chuyn i h ta ta c 2 tp im minutiae l tp mu v tp so snh [4]

59

Ln lt c 2 tp im v tnh lch v khon cch v gc, nu nh hn ngng cho php th chp nhn.

Cui cng l tnh tng s im hp l trn tng s im duyt, nu ln hn ngng th cho php. Ngng y l t t ph thuc v mc chnh xc ca thut ton v cht lng nh vn tay, ngng cng ln th cng bo mt nhng kh nng t chi li cao, cn nu nh qu th kh nng nhn nhm tng ln. g/ M ha lu tr c trng v thm nh Sau khi trch chn c trng, s thc hin m ha cc c trng bng thut ton Blowfish m ha vi kha i xng v c lu gi v bo mt c nhn. Ngi dng c quyn chn la kha m m ha, mt gii php n gin l kha i xng c chn chnh l password ca ngi dng. Khi xc thc, cc c trng sinh trc sng ly trc tip t thit b qut vn tay, qua qu trnh x l nh trnh by trn, cc c trng vn tay sng s c xc thc bi qu trnh i snh vi mu ly trong qu trnh ng k. Tuy nhin trn thc t khng th ly c 2 nh vn tay hon ton ng nht ca cng mt ngi, y l vn kh ch yu ca qu trnh xc thc thm nh sinh trc. Kh khn ny lun tn ti thc t bi cc nguyn nhn sau: S dch chuyn: Cng mt ngn tay nhng ngi s dng li t vo cc v tr khc nhau trn my qut dn n cc kt qu khc nhau. Vi my scaner USB th ch cn dch chuyn 2mm cng dn n lch khon 30 pixel trn nh vn tay Quay: Cng mt ngn tay, mt v tr nhng li xoay theo nhiu hng khc nhau v do nh vn tay cng b quay mt gc tng t Mo do php chuyn i phi tuyn: Nh ta bit, ngn tay l vt th 3 chiu khi my scaner qut, n phi chuyn thnh nh 2 chiu thng qua mt php bin i phi tuyn, do s dn n vic cng mt ngn tay v v tr nhng nghing cng nh v tr cao thp ca ngn tay so vi b mt qut dn n nh thu c li khc nhau. Sc v iu kin ca da: nh thu c hon ton chu nh hng ca vic n tay vo my qut mnh hay nh v quan trng hn v iu kin ca da. Da m, kh hay sch, bn u gy ra cc kt qu khc nhau Nhiu: y l iu m bt k h thng thu nhn nh cng gp phi, n ty thuc v cht lng ca my qut.

60

Chnh v cc nguyn nhn trn y m nhiu cc cng trnh quan tm nghin cu v xut, m hnh gii php theo hng tip cn 2 cng nhm gii quyt vn ny.

5.2.3. Xy dng v lp trnh cc khi chc nng Phn h sinh trc 1

Trong phn ny s trnh by thit k trin khai v ci t lp trnh Phn h sinh trc 1 nh phn tch trn a/ Giao din ca phn h sinh trc 1: l ca s hin th nh vn tay qut trc tuyn (Hnh 5.12). Vi 3 nt n: Save, Scan v Stop, vic s dng phn h rt n gin, gm: Phm Scan: Khi ngi dng n phm Scan, chng trnh s hin th nh vn tay ln ca s giao din ngi dng c th t nh gi cht lng nh qut. Phm Stop: Dng qu trnh qut nh. Phm Save: Chng trnh s thc hin cc chc nng n bn trong cui cng a ra file cha thng tin ca cc im c trng trch chn c c tn l minutiae.txt. b/ Ci t lp trnh cc hm chc nng - Chc nng thu nhn v lu tr nh Phn h c chc nng lu tr nh vo file trong b nh v biu din nh ln mn hnh. Phn h c s dng th vin m ngun m FreeImage (http://sourceforge.net). Chc nng trch chn c trng

Chc nng ny bao gm cc cng vic sau: phn vng nh, xc nh hng, nh phn ha, lm mnh nh v trch chn c trng. Phn vng nh: void doSegmentImage(fipWinImage &doneImage); Xc nh hng cc im nh: void getDirPixels(fipWinImage &doneImage); Nh phn ha: void doBinazi(fipWinImage &doneImage); Lm mnh nh: fipWinImage doThinning(fipWinImage imageInput); Trch chn c trng: void takeAllMinutiaePoints(Minutiae *pt);

Chc nng i snh nh:

Chc nng ny c nhim xc nh xem 2 tp im c trng c tng ng khng: void OnVerification();

61

Hnh 5.12. Giao din phn h sinh trc 1

5.2.4. Th nghim v kt qu.

5.2.4.1. Kch bn th nghim tch hp phn h vo h thng Phn h ny c tch hp trong tin trnh ng k v ng nhp ca ngi dng ca chng trnh RA_Client. Phn h cng c s dng trong ng dng bo v truy cp t xa. Tin trnh ng k.

Sau khi in y thng tin c nhn, ngi dng phi qut vn tay trc tuyn. Phn h s gi chc nng k m vn tay s. Cui cng, thng tin v vn tay ngi dng s c m ha v lu tr trong CSDL ca RA. Thut ton m ha s dng l Blowfish, v kha s dng m l password ca ngi dng.
Informations conforme aux rgles

Demande d'enregistrement

Recevoir des informations personnelles

Module d'enrlemen t de l'empreinte digitale

Utilisateur

Acceptation Rpondre Refus

Des informations personnelles et des minuties chiffrs

Hnh 5.13. Tin trnh ng k ngi dng vo h thng

Tin trnh ng nhp.

62

 ng nhp vo h thng, ngi dng phi nhp thng tin v username, password, v phi qut vn tay sng.
Rsultat

Vrifier username et le mot de pass

Username et le mot de pass

Utilisateur

Base de donnes

Rpondre

Module de vrification des empreintes digitales

Hnh 5.14. Tin trnh ng nhp h thng dng vn tay

5.2.4.2. Kt qu th nghim. nh gi hiu nng cng nh chnh xc ca phn h, 2 qu trnh th nghim c tin hnh th nghim. u tin, l th nghim trn nhng mu nh vn tay c sn trong CSDLFingerprint Verification Competition 2004 t trang web: http://bias.csr.unibo.it/ fvc2004. Sau l th nghim vi cc vn tay sng c qut trc tuyn bi thit b scanner, cc vn tay ca nhng ngi trong PTN ca khoa CNTT- H BKHN. Mc ch ca th nghim l tnh ra c 3 t l theo 3 cng thc sau: T l thnh cng: Tsuccess = T l t chi sai: TFRR =

ns 100% N

nFR 100% N nFA T l chp nhn sai: TFAR = 100% N

T thu c biu kt qu thc nghim sau vi cc iu kin khc nhau ca vn tay:

63

100 90 80 70 60 50 40 30 20 10 0

19.4 10.8

1.5 26.5 19.7 23.1 19.2 22.3 9.8 FAR 97 FRR Success 67.9

69.8

53.8

57.7

VT kh

VT ?m

Quay

VT b? x?c VT chu?n

Hnh 5.15. Biu kt qu th nghim thut ton

- Nhn xt: Qua th nghim vi CSDL vn tay cho thy: vy tay m a li kt qu ti nht, vn tay kh v b xc c kt qu chp nhn c. Vn tay chun cho kt qu tt nht. Yu t quyt nh n kt qu nhiu nht l phi chn c tp minutiae chnh xc, y . Tn ti nhng s khng chnh xc ny l do cc l do sau: Thit b qut vn tay hot ng cha tht s hiu qu, thit b kh nhy cm vi vn tay m. Mi ln qut mi ch thc hin qut mt ln, do vy ng vi mt ngi dng, ch c mt mu vn tay i snh.

5.3. Phn tch thit k v xy dng Phn h sinh trc 2: H sinh kha sinh trc bo mt kha c nhn trong h BK-BioPKI. 5.3.1. Phn tch cc chc nng
Vn bo v kha c nhn lun c ch trng v kha c nhn ng vai tr bo mt tp trung cho ton b hot ng khc. Nu kha c nhn ca ngi dng b mt trm th ng nhin nhng ti liu mt gi cho ngi dng s khng cn an ton. Trong trng hp kha c nhn ca mt CA b mt th ton b cc CA v ngi dng cp di ca n s khng m bo tin cy, v ngi ly c kha c nhn c th cp chng ch s cho bt k mt CA hay ngi dng gi mo no nhn danh CA ny. Nu CA gc b mt kha c nhn th ton b h thng PKI tr nn v ngha v sp . C th thy, vn bo v kha c nhn mang ngha rt ln. Vn xc thc v thm nh ch th, im yu ca PKI, li l im mnh ca sinh trc hc. Do xu th kt hp sinh trc hc vi PKI thnh BioPKI l xu th tt yu. H thng BioPKI c xy dng s m bo nh danh chnh xc ngi dng, bo v an ton tuyt i kha c nhn, ng thi mang li s tin li cho ngi s dng. Cng theo xu hng , trong h thng BKBioPKI c thit k phn h sinh trc vi mc ch l thm nh ngi dng trc tuyn v bo v kha c nhn.

64

Phn h sinh trc 2 gm cc chc nng chnh: Chc nng ng k m: Sinh trc hc vn tay c dng sinh tp kha sinh trc, tip , tp kha sinh trc c dng m ha bo v kha c nhn. Chc nng thm nh xc thc sinh trc v truy xut kha c nhn: Tp kha sinh trc c sinh ra t vn tay sng gii m kha c nhn.

5.3.2. Thut ton sinh kha t sinh trc vn tay

H thng BK-BioPKI s dng thut ton sinh kha da trn thut ton trch chn cc c trng sinh trc hc vn tay gm cc im minutiae. im minutiae l cc im kt thc hoc r nhnh ca ng vn. Thut ton ny c xy dng v thit k da trn t tng ca mt lun n tin s [4] gm cc bc chnh c trnh by trong s sau:

Trch chn c trng

Tnh v tr im trung tm

Xc nh im tham chiu

Chuyn h ta

Lng t ha

S ha im Minutiae

To kho c nhn v tp kho

Hnh 5.16. Thut ton sinh kha t sinh trc vn tay

a/ Trch chn tp im c trng p dng cng thut ton trch chn c trng trnh by trong phn 5.2.2 thu c tp im c trng y l tp im minutiae. Tuy nhin tng cng n nh c trng, trong gii php ny b sung 1 s x l sau: - Ngi dng N s phi ly mu khong K ln (v d thc t chn K=5), mi ln mt tp im c trng minutiae c trch chn, sau 5 ln, chn ra cc im minutiae c xc sut xut hin cao nht trong 5 tp , tp im minutiae cui cng tng i n nh v c chnh xc cao vi khong min im minutiae. Qu trnh chn im minutiae din ra nh sau Chn cc im minutiae m cng v tr, hng v loi trong c nm mu. Chn cc im gn im trung tm trc. Xt cc im minutiae c v tr trong 5 mu ging nhau nhng gradient v loi li khc nhau. im minutiae s c ly khi c t 3 trong s 5 mu ging nhau. Th t chn l chn t cc im gn trung tm chn ra. Xt cc im minutiae c cng gradient v loi nhng li c v tr sai khc trong khong dung sai. Khong dung sai y l mt hnh ch nht kch thc chn trc. Nu cc im minutiae cc mu c th c t trong khong dung sai

65

 th c th coi chng l mt v c chp nhn. Th t chn l im cng gn trung tm th cng c u tin. Xt cc im minutiae ging nhau t nht 3 mu v v tr hoc hng hoc loi. im minutiae nm cng gn trung tm ca nh vn tay cng c u tin. Qu trnh chn s kt thc khi m bo s im minutiae c trch chn tha mn min: 70 Mi im minutiae c c trng bi 3 thng s quan trng gm v tr, hng v loi im.

ij = x ij , y ij , ij , t ij

Trong : i l ch s ca im minutiae trong ln ly mu th i (i = 1..5), j l ch s im minutiae th j trong mt ln ly mu vi cc ta ( x ij , y ij ) hng ij loi im minutiae t ij . Tnh v tr im trung tm ca vn tay da trn Thut ton m s ng vn ( Ridge Count Method) c trnh by trong [4]. tng ca phng php l: cc ng vn c th coi nh cc ng trn ng tm. im cng gn trung tm th s ng vn bao quanh n cng nhiu. Do , im trung tm s l im c s ng vn bao quanh n ln nht. Qua thng k th giao im ca hng ct s ng vn ln nht vi ct ct s ng vn ln nht s l im trung tm. Phng php ny tnh i vi nh vn tay c lm mnh. Gi RCi l s ng vn m mt ng ngang th i ct, ln lt tnh s ng vn b ct cho mi hng ta c tp: RCV,All = {RCi | i = 0,, Height} Trong Height l s im ca nh vn tay theo chiu thng ng. Xt t tri qua phi, tng gi tr ca RCi nu c s chuyn tip t im en (gi tr mc xm l 0) sang im trng (gi tr mc xm l 255) Chn hng ngang cha honh ca trung tm vn c RCV ln nht theo cng thc: RCV = max(RCV,All) Mt cch tng t chn ra hng dc c cha tung ca trung tm vn RCH RCH, All = {RCi | i = 0Width} v RCH = max(RCH,All) Sau khi chn c hai ng ngang v ng dc nh trn, ly giao im ca hai ng . im chnh l im trung tm vn tay v c ta [CX; CY], gi l ta trung tm. Trn hnh 5.17 minh ha mt vn tay c tnh s ng vn theo cch ny. im trung tm l im giao bi hng dc ct 34 vn v hng ngang ct 24 vn.

66

Hnh 5.17. Cch tnh s ng vn ca mt vn tay

Cc bc x l di y c thc hin nh trnh by trong phn 5.2.2.2, bao gm: - Xc nh im tham chiu im minutiae tham chiu c nh ngha l im minutiae gn im trung tm vn tay nht im minutiae tham chiu k hiu l R. Khong cch t im trung tm n tt c cc im cn li:

di =
Trong :

C x x i + C y y i , vi i = 1,N

N l s im minutiae trong nh ang xt. xi, yi l ta ca im minutiae im tham chiu l im c gi tr di min:

2 2 R = m m min C x x i + C y y i , i = 1, N
Ta im tham chiu l [xR, yR]. - Chuyn h ta Sau khi tnh ton c im tham chiu ta c th dng c h ta mong mun ln nh vn tay ang xt. Cng vic tip theo l chuyn t h ta c sang h ta mi ny. H ta c chnh l h ta do b nh quy nh: gc [0, 0] nm gc trn bn tri. H ta mi c gc ti im minutiae tham chiu. S d ta chuyn sang h ta mi ny (cn c gi l h ta cc) l s dng thuc tnh v tr tng i gia cc im minutiae gn im gc, thuc tnh ny khng thay i nhiu vi mi ln ly mu nn c th s dng tnh ton. Ta c cng thc chuyn h ta nh sau:
x y T : Csold Cs new O x = Oold + x R , O y = Oold + y R new new

Gc ta ca h ta mi s l [XR, YR]. T l tp im minutiae, ta ca cc im minutiae c tnh li nh sau:

67

 T = i i = ( x i x R , y i y R ) , i 1, N

Tip theo sp li trt t cc im minutiae cn li. Khong cch gia gc ta v cc im minutiae khc c tnh trc:

dT =

x R x iT + y R y iT , i = 2, N

Cc im minutiae i c sp li da trn khong cch ti gc ta v s c t ch s mi:

T = T ' d i d i +1 , i = 2, N

Nh vy im minutiae u tin l im minutiae tham chiu, im th hai l im minutiae gn nht vi im minutiae tham chiu, c tip tc nh vy. Tip theo, ta quay h ta sao cho trc honh i qua im minutiae th hai. Mc ch ca bc ny l gim nh hng ca s quay ca nh u vo n chnh xc ca thut ton. Gc quay c tnh l:

T' x2 = arccos 2 2 2 T' T' x2 + y2

Vi (x2T, y2T) l ta ca cc im minutiae th hai. Gc l gc gia trc x v trc honh mi l ng thng ni t im minutiae tham chiu n im minutiae th hai 2 . Dng gc , ta c th quay ton b cc im minutiae:

T '' = T '' T '' = x T '' , y T '' , T '' , t i , i = 2, N vi i i i i i i x T '' = x T ' cos()-y T ' sin() i i i T '' = ( + i ) mod 2 i y T '' = y T 'sin()+y T ' cos() i i i

Nh vy, ton b cc im minutiae c sp xp li v quay to thnh mt tp im minutiae c ta mi. b/ Sinh tp kho sinh trc Thut ton sinh trc vn tay t tp im c trng trch chn c xy dng trong Phn h sinh trc 2 cn thc hin cc bc cc x l y: Lng t ho

gim yu cu chnh xc qu cao ca nh u vo v vn m bo an ton cho thut ton bo v kha c nhn, nh vn tay cn c chia thnh cc c kch thc bng nhau v ta ca im minutiae s c tnh l v tr ca cha n [4]. Ta chia nh vn tay thnh cc kch thc Kx x Ky. S trn nh ch cn li l:

pk =

Width Height x Kx Ky

68

Theo thc nghim cho thy trong mt hnh vung 7x7 khng tn ti hai im minutiae. Nh vy gi tr ln nht c th ly cho Kx v Ky l 7. Vi kch thc nh l 512 x 512 th s lng t ti thiu s l 16.000 . Trong h trc ta mi, t k hiu cc quay quanh gc ta theo hnh xon c. Cc lng t c nh du ngc theo chiu kim ng h, xut pht t gc l c s 0, tip theo cc t 1 n 8 xp trn hnh vung bao quanh gc. 9 li tip tc c xp bn phi 1 v vic sinh c c thc hin tip tc n khi gp cha im minutiae cui cng trong tp th dng li. Mi im minutiae s ri vo mt trong cc lng t trong hnh xon c . Mi im minutiae s c s ha theo lng t tng ng.

Hnh 5.18. H ta cc

S ho im minutiae

im minutiae ri vo lng t no s c thay bng s th t ca . Ta gi thit khng c hai im minutiae no ri vo cng mt . Sau qu trnh ny, tp im minutiae trch chn c s c chuyn thnh tp s. Gi s im nh c ta lng t ho l (k,l) th gi tr s ho ca im l: numCoor (m) 4 3 II -5 -4 -3 -2 III -1 2 1 0 -1 -2 -3 -4 -5
Hnh 5.19. S ha ta cc

I 1 2 IV 3 4 (k)

69

Qu trnh xc nh gi tr s ho cn c vo im nm trn vung bao no, trn hnh v l hnh vung c cnh 4 c t nht. im u ca l im thuc trc k c ta s ho l: (2*chiu_di_cnh__vung -1)2 Ta s ho ca cc im khc trn vung ny c tnh bng cch xc nh lch vi im u ny. Sau y l biu thc chi tit cho tng trng hp. Gi tr ca numCoor c tnh tu thuc vo gi tr ca k v m: numCoor = (2k-1)2+m k > m >= 0 m >= k > 0 numCoor = (2m-1)2+m + m -k m > -k >= 0 numCoor = (2m-1)2+2m-k numCoor = (-2k-1)2+ 3(-k) +(-k) + (-m) -k >= m > 0 -k > -m >= 0 numCoor = (-2k-1)2+ 4(-k) + (-m) -m >= -k > 0 numCoor = (-2m-1)2+ 5(-m) + (-m) (-k) numCoor = (-2m-1)2+ 6(-m) + k - m > k >= 0 k >= -m > 0 numCoor = (2k-1)2+ 7k + k (-m) To tp kha sinh trc Trong cc im minutiae tm c ta chn ra k im minutiae n nh nht v ly k s tng ng trong qu trnh s ha. V d mt kho gm 10 im minutiae l: 17 27 35 50 83 99 128 142 173 193 Nu mun to ra mt tp kho th ta sinh t hp chp m ca k s c Nrcombiantion phn t. Mi kha sinh trc l m gi tr s ha ng cnh nhau (theo th t tng dn) theo kiu ghp xu. S kha sinh trc ca tp l: Nrcombination = C m k Trong chng trnh, chn m = 5. Nh vy mi kho con l mt chui gm 5 s t nhin ghp vi nhau.

5.3.3. Thit k phn mm sinh kha sinh trc bo v kha c nhn

5.3.3.1. Thit k s khi S khi cc chc nng phn mm sinh kha sinh trc c trnh by trong hnh 5.20. 5.3.3.2. Cc thut ton Cc thut ton thc hin trong s (hnh 5.21) bao gm: - M ho kho c nhn bng kha sinh trc - Mi kha Kr thuc tp K dng m ha kha c nhn thnh bn m C
Kr g : P C, C = g K r (P)

T dng tp kha K m ha kha c nhn thnh tp S c Nrcombination cc bn m:

S = g Kr ( P ) K r K, r = 1, Nrcombination

70

V tr ca phn t trong S ph thuc vo v tr phn t tng ng trong H v K. Thut ton m ho s dng l DES. Cc thng tin sau khi m ho c lu tr trong my ca ngi dng, bao gm: kho c nhn c m ho v tp cc kho m bm.

Qu trnh ng k
M ha kha c nhn Bm tp kha sinh

To tp kha sinh trc sinh Kha sinh trc trc sinh trc

trc

CSDL

Chng ch s

Qu trnh thm nh

i snh Gii m kha c nhn To tp kha sinh trc sinh trc Bm tp kha sinh trc Kha c nhn Chng ch s

Kha sinh trc sinh trc

Hnh 5.20. S khi phn mm sinh trc bo v kha c nhn

Bm tp kho Dng mt hm bm H thc hin bm tp kho K trn. S d ta dng hm bm m bo an ton cho kho m c lu trong b nh, trnh b truy xut bt hp php. Tp cc gi tr bm nh sau:

H = h ( K r ) K r K & r = 1, Nrcombination

Mi kho m Kr trong tp K s c bm thnh phn t tng ng h(Kr), tp H cng c Nrcombination phn t. Thut ton s dng l MD5

71

Hnh 5.21. S thut ton m ha kha c nhn

Khi chc nng i snh v gii m kha c nhn Nhim v ca bc ny gii m kha b mt bng cch tm ra kho m dng m ho kho b mt . Ta ch ch cn to ra mt kho m t cc c trng sinh trc hc vn tay v chiu di ca kho ny phi bng vi chiu di ca kho m c dng m ho kho c nhn. Ta cng c th to ra c Nrcombination cc kho m tho mn iu kin ny. Qu trnh gii m kho c nhn gm 2 bc nh: Bc 1: Tm kho m dng m ho u tin, gi tr bm ca kha K c tnh theo hm bm h: H'= h(K') Ta quan tm n gi tr bm H v tp cc gi tr bm H cha trong my client v tm trong tp H xem c gi tr H hay khng? Qu trnh tm kim c th cho ra hai loi kt qu nh sau: Tm c mt gi tr bm trong H ging vi H: kt qu ny ch ra K c th c dng gii m. Chuyn qua bc 2. Khng tm c: khng c gi tr bm no trong H cha H. iu ch c ngha l kha sinh trc sinh ra khng ph hp. Nhng ta vn c Nrcombination kha sinh trc khc c th sinh ra. Nh vy, ta phi lp li vic sinh kha sinh trc. Mt kha sinh trc khc s c sinh ra so snh tip. Qu trnh sinh ny c lp li ti a l Nrcombination ln. Nu thc hin ht Nrcombinationln m khng c mt kha sinh trc no ph hp th ngha l vn tay khng ph hp v vic gii m c dng li. Kha c nhn lc s khng th tip cn c. Bc 2: Gii m kho c nhn: thc hin ti khi gii m. Sau khi so snh gi tr bm ca hai kho ging nhau, ta s dng kho sinh trc ca gi tr bm gii m tp m ho kho c nhn trong CSDL ti my client.
K' q : C P, P = q K ' ( C )

Vi C l bn m v P l kha c nhn ban u.

72

Hnh 5.22. Qu trnh gii m kha c nhn

5.3.3.3. Xy dng biu phn cp chc nng h phn mm sinh trc M t khi chc nng x l nh vn tay

Cc chc nng ca khi ny c m t trong bng di y Chc nng Thu nhn nh vn tay Ci thin nh Lm mnh nh Trch chn c trng Bng 5.1 Bng m t cc chc nng khi x l nh vn tay Khi X l nh c thit k v lp trnh trong mi trng lp trnh kt hp s dng cc th vin m sau vi cc ngn ng sau: - Th vin FreeImage h tr vic c v ghi cc file nh v c h tr mt s thao tc x l nh c bn nh: Tnh ton vi tng im nh Thay i kch thc nh. Th vin ny c tham kho ti http://freeimage.sourceforge.net . Phin bn s dng trong chng trnh l bn 3.9.3.0 c h tr cho ngn ng Visual C++ 2003. - Th vin OpenSSL h tr cc hm m ha bo mt v gii m truy xut kha c nhn M t Thu nhn nh vn tay t c s d liu nh hoc thu trc tip t thit b scan nh vn tay c ci thin nhm lm tng cht lng ca nh. Lm mnh nh l bc tin x l cho bc trch chn c trng nh

73

- Ngn ng Visual C++ 2003 v Matlab.

Bo mt kha c nhn

Thu nhn v X l nh vn tay

Sinh kha v M ha

i snh v Gii m kha c nhn

Thu nhn nh vn tay Sinh tp kha sinh trc sinh trc

Nhn t my qut nh vn tay

Sinh tp kha sinh trc sinh trc

Nhn t CSDL (th thut ton) Ci thin nh

M ha kha c nhn v lu tr Kha bm

i snh v Gii m kha c nhn

Lm mnh nh

Trch chn c trng

Hnh 5.23. Biu phn cp chc nng h phn mm sinh trc

Thit k ci t lp trnh cc chc nng

- Chc nng thu nhn: u vo ca Mun ny l nh vn tay dng *.bmp thu nhn trc truyn t thit b qut vn tay, vhng trnh s dng my scan ca Futronic model 9880.. nh vn tay c th c ly mu nhiu ln tng chnh xc cho tp im c trng. Trong giai on u th nghim thut ton, nh u vo c s dng t CSDL nh. - X l nh: nh sau khi c thu nhn s c x l bng Matlab. Chng trnh s dng cc hm h tr ca Matlab bng vic xy dng cc file th vin lin kt ng .dll t cc file .m ca Matlab, sau tch hp vo h thng, chng trnh cn b MCR (Matlab Compiler Runtime) thc thi chng trnh. S dng ngn ng Matlab cho kt qu kh tt nhng c nhc im v tc Moun x l nh gm c 2 chc nng chnh l ci thin nh v lm mnh nh. Chng trnh s dng file fenhancement.m ca Matlab ci thin nh v s

74

dng file edge.m ca Matlab lm mnh nh. Cui cng, sau khi lm mnh nh bng Matlab, chng trnh thc hin xa gai nh lm mnh tng chnh xc cho bc trch chn im minutiae - M ho v gii m Cc thut ton chi tit ca 2 khi chc nng trnh by chi tit phn trn. V cng ngh v lp trnh, chc nng m ha kha c nhn s dng hm th vin PEM_Write_PrivateKey v chc nng gii m kha c nhn s dng PEM_Read _PrivateKey ca th vin OpenSSL

5.3.4. Th nghim v kt qu
Chng trnh h thm nh xc thc vn tay c th nghim theo 2 kch bn: o o Chng trnh th nghim vi cc nh vn tay t CSDL nh vn tay dng cho cc h thm nh sinh trc. Chng trnh th nghim vi cc nh vn tay sng thu nhn t thit b qut

a/ Chng trnh thc hin th nghim vi b c s d liu nh FVC 2004 (Fingerprint Verification Competition 2004 c download t trang web http://bias.csr.unibo.it/fvc2004) Kch bn th nghim vi 100 vn tay khc nhau, trong mi vn tay s c 8 loi mu nh vn tay vi cc iu kin m t ly mu khc nhau nh sau: Loi 1: Ngn tay t lch tm v t nh Loi 2: Ngn tay t ng tm nhng t nh Loi 3: Ngn tay t chun quy cch: ng tm gia v t va phi Loi 4: B mt ngn tay tip xc khng u, lch v pha u ngn. Loi 5: B mt ngn tay tip xc khng u, lch v pha cui ngn. Loi 6: Ngn tay b t cho Loi 7: Ngn tay b kh, nh b m Loi 8: Ngn tay b t, nh b nho.

75

Bng kt qu: Loi nh Loi 1 Loi 2 Loi 3 Loi 4 Loi 5 Loi 6 Loi 7 Loi 8 T l chp nhn sai FAR(%) 20 20 15 20 20 10 30 40 T l t chi sai FRR (%) 20 20 10 60 60 80 40 40

b/ Chng trnh thm nh sinh trc bo v kha c nhn c th nghim vi cc vn tay c qut trc tip t thit b bi cc bn cng tham gia ti. Kt qu th nghim trong trng hp thu nhn nh vn tay sng c qut trc tip t scanner: S ln th 130 T l chp nhn sai - FAR(%) 20 T l t chi sai FRR (%) 30

So snh kt qu ca 2 th nghim trn, ta thy chng trnh chy chnh xc hn vi d liu nh vn tay loi 3 so vi nh c thu trc tip t scanner, v nh loi 3 l loi nh vn tay c t ng tm v cht lng tt. Bng kt qu cho thy t l li i vi nh vn tay qut t thit b cn ln, nguyn nhn l do nh c thu trc tip t scanner thng khng n nh

76

Chng 6. PHN TCH THIT K V XY DNG H THNG H TNG KHA CNG KHAI PKI CHO H THNG BK-BIOPKI
6.1. Phn tch cc yu cu v gii php thit k h thng BK-BioPKI
M hnh h thng mc khung cnh H thng BK - BioPKI thuc ti nghin cu cp nh nc theo ngh nh th hp tc vi Malaysia v H thng an ninh sinh trc hc BK-BioPKI ca khoa CNTT nhm nghin cu v th nghim mt s gii php tch hp sinh trc hc vo h tng kha cng khai PKI. Mc ch ca h thng BK BioPKI l to mt mi trng c s h tng kha cng khai trong phng th nghim vi mng cc b t pht trin th nghim tch hp yu t sinh trc hc vo PKI nghin cu mt s vn v an ton an ninh da trn sinh trc hc.

Hnh 6.1. H thng BK BioPKI

H thng BK BioPKI bao gm: a) C s h tng kha cng khai PKI gm c: CA Server, RA, cc giao dch c s, ngi dng trong h thng. CA Server qun l cp pht chng ch s theo chun X509. Cng c xy dng l dng ngn ng C++ trn nn Windows v s dng th vin OpenSSL; h qun tr c s d liu MySQL. b) H thm nh sinh trc: gm 3 thnh phn chnh:

77

ng k sinh trc ( enrollment) M ha lu tr c trng sinh trc i snh thm nh sinh trc

c) Thit k giao din (interface) v tch hp phn h sinh trc vo c s h tng kha cng khai to thnh h BioPKI. Kin trc mt h PKI khi c trin khai ph thuc vo cc chnh sch v m hnh theo qui nh ca cc c quan c thm quyn. Nh trnh by, mc tiu ca ti l th nghim, mi trng ci t h thng l phng th nghim. Do , kin trc PKI c chn p dng vo thit k h thng BK-BioPKI l kin trc CA n l hon ton ph hp vi iu kin thc t cng nh nhim v ca ti. Vi kin trc PKI CA n, v mt t chc h thng bao gm hai phn h: l CA server v RA-Client. CA server m nhn vai tr ca mt trung tm cp pht chng ch. Cn RAClient va ng vai tr l RA (c quan ng k chng th) va l ni ngi dng c th thc hin cc chc nng ca mnh. RA-Client cng l ni c tch hp phn h sinh trc vo h thng. H thng BK-BioPKI phi m bo c cc chc nng c bn ca mt c s h tng kha cng khai, ng thi h thng c tch hp cc chc nng ca phn h sinh trc vo cc hot ng ca h thng.

6.2. Gii php cng ngh v thit k h thng BK-BioPKI 6.2.1. Phn tch gii php cng ngh xy dng h thng

La chn gii php v cng ngh Th vin OpenSSL c chn xy dng c s h tng kha cng khai [4]. Ngn ng pht trin h thng l C++ v va h tr hng i tng va tch hp c cc hm vit bng ngn ng C trong th vin OpenSSL. H qun tr c s d liu l MySQL v y l h qun tr c s d liu m ngun m v c h tr cc hm C API thc hin truy vn c s d liu. xut gii php h thng Thit k c s h tng kha cng khai nh s h tr ca cc hm th vin c trong OpenSSL. Thit k phn h sinh trc vn tay. Thit k tch hp sinh trc vo c s h tng kha cng khai.

6.2.2.

Gii thiu v th vin OpenSSL

Khi qut chung v OpenSSL OpenSSL l mt kt qu ca s cng tc nhm pht trin mt k thut bo mt dng thng mi, y cc c trng v l b cng c m ngun m thc thi cc giao thc nh Secure Sockets Layer (SSL v2/v3) v Transport Layer Security (TSL v1) vi nhng thut ton m

78

ha phc tp. D n c qun l bi hip hi nhng ngi tnh nguyn trn th gii, s dng Internet trao i thng tin, lp k hoch v pht trin cng c OpenSSL v cc ti liu lin quan khc [16,22,23] SSL l giao thc a mc ch c thit k to ra cc giao tip gia hai chng trnh ng dng trn mt cng nh trc (socket 443) nhm m ho ton b thng tin i/n m ngy nay c s dng rng ri cho giao dch in t nh truyn s hiu th tn dng, mt khu, s b mt c nhn (PIN) trn Internet. [23] Ngy nay giao thc Secure Socket Layer (SSL) c s dng rng ri trn World Wide Web trong vic xc thc v m ho thng tin gia client v server. T chc IETF (Internet Engineering Task Force) chun ho SSL v t li tn l TLS (Transport Layer Security). Mc d l c s thay i v tn nhng TLS ch l mt phin bn mi ca SSL. Phin bn TLS 1.0 tng ng vi phin bn SSL 3.1. Tuy nhin SSL l thut ng c s dng rng ri hn. Tnh m ca th vin OpenSSL cho php can thip ti qu trnh to v qun l chng ch s, ph hp vi yu cu ca ti. Do vy ti la chn xy dng mt h thng PKI trn nn tng th vin OpenSSL. OpenSSL l th vin cho lp trnh vi ngn ng C v c th ci t trn nhiu mi trng thc hin C khc nhau nh Microsoft Visual C++. Borland C++ Builder OpenSSL c th c s dng trn nhiu h iu hnh khc nhau t cc h thng UNIX n Window. Ci t th vin OpenSSL ci t th vin OpenSSL trn h iu hnh Window trc ht cn download phin bn ca th vin ny dnh cho Window ti a ch: http://www.slproweb.com/products/Win32OpenSSL.html Sau , chy file install ci t (gi s vo th mc C:\Openssl). s dng th vin ny vi Microsoft Visual C++ cn lm cc bc sau: Copy tt c cc file trong th mc 'C:\OpenSSL\lib\VC' vo th mc Visual C++ 'lib'. Th mc ny i khi c t a ch 'C:\Program Files\Microsoft Visual Studio\VC98\lib' or 'C:\Program Files\Microsoft Visual C++\lib'. Tip theo, copy tt c trong th mc 'C:\OpenSSL\include' ti th mc Visual C++ 'include'. Qu trnh ci t hon tt v c th bt u lp trnh vi th vin OPENSSL. Thnh phn ca b th vin OpenSSL bao gm: - Th vin v m ha: hu ht cc thut ton ph bin v m ha i xng, m ha cng khai, hm bm ... u c hin thc trn th vin ny. Th vin c chc nng sinh s ngu nhin ln, v h tr nhiu nh dang lu tr v qun l kha, chng ch s. Ngoi ra, OpenSSL cho php tch hp vi cc b phn cng tng tc m ha ph bin trong phin bn mi nht l 0.9.8. - Th vin v giao thc SSL: tt c cc phin bn ca giao thc SSL u c h tr, bao gm c giao thc mi nht l TLS v1.

79

Lp trnh s dng OpenSSL s dng th vin OpenSSL, cn cho cc file khai bo c t (file .h) sau vo file m ngun: #include <openssl/bio.h> #include <openssl/err.h> #include <openssl/rand.h> #include <openssl/ssl.h> #include <openssl/x509.h> #include <openssl/x509v3.h> Ngoi ra cn thm file applink.c l file lin kt phn h khi bin dch chng trnh. File ny ch s dng cho cc phin bn th vin 0.9.8 tr v sau. Khi lin kt (link), cn t thng s cho th vin cn thm l libeay32.lib v ssleay32.lib. Khi to th vin Th vin cn c khi to trc khi s dng, bao gm: Khi to thng s cho s dng cc hm m ha v bm OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); Khi to qun l b nh, np cc hm qun l li. CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); CRYPTO_malloc_init(); ERR_load_crypto_strings(); Khi to s dng th vin SSL SSL_library_init(); SSL_load_error_strings(); S dng Tp cc hm API ca OpenSSL chia ra theo nhm chc nng, mi nhm chc nng bt u tn hm bng mt tin t. V d, cc hm v th vin X.509 lun c tn bt u l X509_, cc hm giao tip vo ra c tin t ca tn BIO_, cc hm m ha l EVP_, cc hm giao thc SSL l SSL_. S dng cc hm m ha Qu trnh thc hin m ha nh sau To context cha thng tin v m ha: lu trong con tr kiu EVP_CIPHER_CTX: EVP_CIPHER_CTX *x = NULL; x = (EVP_CIPHER_CTX*) malloc(sizeof(EVP_CIPHER_CTX)); EVP_CIPHER_CTX_init(x); Ch nh thut ton, kha m cho qu trnh m ha/gii m: dng mt trong cc hm sau: int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, unsigned char *key, unsigned char *iv);

80

int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); Thm d liu cn m ha: int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int*outl, unsigned char *in, int inl); Ly ra d liu m ha: int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int*outl); S dng giao thc SSL To context cu hnh kt ni SSL: dng cc hm SSL_CTX_ To mt kt ni vo ra thng thng: theo giao thc TCP/IP bng cc hm BIO_: BIO_new_connect, BIO_do_connect To mt socket SSL: da trn kt ni BIO v context cu hnh SSL: SSL_new, SSL_set_bio, SSL_connect c ghi d liu qua socket SSL: bng cc hm SSL_read, SSL_write. ng kt ni SSL v gii phng context: SSL_close, SSL_CTX_free. S dng th vin X.509 Yu cu chng ch s th hin bng i tng X509_REQ. Trong i tng ny bao gm tn nh danh ca ngi ng k, c th hin bng X509_NAME. Thnh phn m rng ca yu cu chng ch l X509_EXTENSION. Cc hm ca X.509 chia theo chc nng: X509_NAME_*: thao tc vi i tng X509_NAME X509_PKEY* v X509_PUBKEY*: thao tc vi kha cng khai/c nhn. X509_REQ*: thao tc vi yu cu chng ch s. X509_CRL*: thao tc vi danh sch CRL. X509_REVOKED*: thao tc vi mt chng ch s b hy nm trong danh sch CRL. Ngoi ra cn mt s hm khc. Cc bc to yu cu chng ch nh sau: To i tng tn nh danh X509_NAME To cp kha cng khai/c nhn, cho kha cng khai vo yu cu chng ch s. Thm cc thnh phn m rng nu cn. Thc hin k chng thc ni dung yu cu chng ch. CA pht hnh chng ch s t yu cu chng ch: Ly thng tin X509_NAME trong yu cu chng ch v gn cho trng Subject ca chng ch s. Ly thng tin X509_NAME trong chng ch s gc ca CA v gn cho trng Issuer ca chng ch s. Dng kha cng khai trong yu cu chng ch s v kim tra ch k. Ly kha cng khai cho vo chng ch s. Thm cc thnh phn m rng nu cn Thc hin k chng ch bng kha c nhn ca CA. Th vin OpenSSL ang trong qu trnh pht trin, ti liu th vin c lit k ti

81

http://www.openssl.org/docs/.

6.3. Phn tch thit k cc thnh phn chc nng ca h thng BK-BioPKI

<<device>> CAServer <<SSL>> 1 <<device>> Application server (DB server) 1 <<SSL>> <<SSL>> * <<LAN>> * <<device>> RA_Client 1

<<SSL>>

<<device>> RA_Client

<<LAN>>

<<device>> RA_Client

Hnh 6.2. S trin khai ca h thng

Xut pht t mc tiu ca ti v do mi trng ci t h thng l PTN nn kin trc PKI c chn p dng vo thit k h thng BK BioPKI l kin trc CA n. Kin trc mt h PKI cn ph thuc vo cc chnh sch v m hnh trin khai PKI theo qui nh ca c quan c thm quyn. Trong giai on hin nay h thng BK BioPKI c xy dng trong phng th nghim vi kin trc CA n l ph hp vi iu kin thc t v nhim v ca ti. H thng BK BioPKI phi m bo c cc chc nng c bn ca mt c s h tng kha cng khai, ng thi h thng c tch hp cc chc nng ca phn h sinh trc hc. Do yu cu nu trn v do kin trc PKI c chn l CA n nn cc chc nng chnh ca h thng c th c th hin qua biu phn r chc nng nh hnh 6.3. Nh trn phn tch v h thng BK BioPKI l mt c s h tng kha cng khai nn n phi c cc chc nng c bn: to yu cu xin cp chng ch, cp pht chng ch, qun l vic gia hn chng ch v hy b chng ch. Cc chng ch c la chn theo chun X509 v l chun c s dng rng ri hin nay ng thi chun chng ch ny c th vin OpenSSL h tr. Trong phng n thit k hin nay h thng c kin trc CA n nn cc RA c thit k m nhim chc nng qun l ngi dng gim ti cho CA, mi RA qun l cc ngi dng ng k vi n. CA trong h thng BK BioPKI ch m nhim cc chc nng lin quan ti chng ch. RA trong h thng BK BioPKI s m nhn vic qun l ngi dng ca h thng, ng thi l ni sinh kha, to yu cu cp chng ch cho cc ngi dng. Cc t chc h thng nh vy s gip CA khng phi m nhn qu nhiu cng vic m cc cng vic c chia ra cc RA. Bn cnh cch t chc ny cn c u im l kha c nhn

82

sinh ti RA s c mt cao hn so vi cch sinh kha ti CA v nu kha sinh ti CA s phi qua mt bc phn phi kha t CA ti ngi dng.

Hnh 6.3. Biu phn r chc nng ca h thng BK BioPKI

6.4. Thit k xy dng v lp trnh phn mm c s cc chc nng hot ng h thng BK-BioPKI 6.4.1. Cc tnh hung hot ng giao dch c s ca h thng
Trc khi i vo thit k cc hot ng ca h thng BK BioPKI, ta xt li cc chc nng ca h thng cung cp di cch nhn ca cc tnh hung s dng sau:

83

User authentication Guest Register

Certificate Request Request Certificate User User Management

CA Admin

User

Login

<<include>> <<include>> Send Request RA Admin

Modify profile

Logout

Create Request

Delete user

RA Admin Setup

SetupCA CA Admin

SetupRA

RA Admin

Certificate Management Manage Certificate CA Admin <<extend>> Issue Certificate <<extend>> Extend Certificate <<extend>>

<<layer>> BK - BioPKI Applications Digital Signature <<extend>> User Remote Authentication Get Certificate Secure Message Sign <<extend>> Verify Signature

Revoke Certificate

User

Hnh 6.4. Cc tnh hung s dng giao dch trong h thng BK BioPKI

Vi biu ny, cc chc nng ca h thng gn lin vi cc tc nhn bao gm: ngi qun tr CA- CA Amin, ngi qun tr RA- RA Admin v ngi dng ca h thng.

6.4.2. Thit k cc giao dch c s ca h thng

Tip theo y l thit k cho cc tnh hung s dng chnh ca h thng lin quan ti cc hot ng c s ca c s h tng kha cng khai, trong ch yu l thit k cho pha CA Server Thit lp h thng: thit lp cho CA v RA CA v RA u cn phi thit lp c th hot ng c. Thit lp ti CAServer:

84

CAServer

CACertCreator

Key-pair generator

DB Access

: CA Admin

1 : Setup() 2 : Wait for CA 's information()

3 : CA information

<<create>> 4 : Create New Root Cert() 5 : generate new key pair() 6 : new key pair 7 : Create self - sign certificate()

8 : Create CA 's SSL certificate() 9 : generate new key pair() 10 : new key pair 11 : create new cert - sign by root cert() <<create>> 12 : create CA's DB()

13 : new DB 14 : write CA config info()

Hnh 6.5. Biu din tin qu trnh thit lp ca CA Server

Thit lp CA ln u tin l qu trnh to chng ch cho CA: c 2 chng ch: mt l chng ch gc ca CA dng trong vic cp pht chng ch; hai l chng ch dnh ring cho vic to knh SSL vi cc RAClient. CA s t sinh ra cp kha tng ng cho mi chng ch, v mi chng ch c c k bi kha ring ca chng ch gc CA (root certificate).. Chng ch gc ny ca CA s c trao i offline vi cc RAClient. Cc bc ca qu trnh thit lp c thit k bao gm: 1. Ngi qun tr CA s kch hot chc nng thit lp cho CA. 2. CA Server yu cu ngi qun tr cung cp cc thng tin v CA. la chn cc 3. 4. 5. 6. thng tin v di kha, thut ton... cho vic to chng ch ca CA. Ngi qun tr cung cp y cc thng tin cn thit. CA Server yu cu b phn to chng ch to chng ch gc u tin sinh b phn sinh kha s sinh cp kha cho chng ch gc Cp kha c gi li cho b phn to chng ch

85

7. Khi c cp kha cho chng ch gc, b phn to chng ch s to ra chng ch s gc ca CA vi CA t k bng kha b mt trong cp kha va c to. 8. CA Server yu cu b phn to chng ch to chng ch phc v cho knh SSL ni vi n. 9. B phn to chng ch yu cu b phn sinh kha sinh cp kha cho chng ch mi. 10. Cp kha c gi li cho b phn to chng ch. 11. Chng ch SSL c k xc nhn bi ch k ca CA( kha b mt ca CA). 12. CA Server to c s d liu cho n. 13. Nu c s d liu c to thnh cng th: 14. CA Server lu thng tin cu hnh ca n vo c s d liu. Di y l biu hot ng khi to ti CAServer, biu m t hot ng khi to ca CA, trong c bao gm din bin ca vic thit lp CA trong trng hp h thng cha c thit lp.

Check config info

[Configurated]

[Not yet]

Load config info and DB

Create root certificate [fail]

[fail] [success]

[success] Create CA's SSL certificate [fail] [success] Create DB

Login

[fail] [success] [success] Write CA's infos into DB

[fail]

Start main program

Write config info

Hnh 6.6. Biu hot ng khi ng ca CA Server

86

Thit lp cho cc RAClient: RAClient to mi c s d liu ca n v lu cc thng tin v c s d liu vo Registry ca h iu hnh. Mi RA s to ra yu cu cp chng ch cho mnh. (Sinh cp kha ca RA v to mt yu cu cp chng ch tng ng cp kha ). Yu cu ny c gi ti CA theo kiu offline. Ti CAServer, CA Admin s cp chng ch cho RA t cc yu cu trn. Cc chng ch ca RA c gi offline v cho RA. Hnh sau l thit k qu trnh thit lp cho RA
RA Setup Request Creator CA

: RAadmin 1 : Select setup RA()

2 : Query infomation()

3 : Enter infomation() 4 : Store RA config() 5 : Create Request() 6 : Send Request file 7 : Create Certificate() 8 : Send RA,CA Certificate 9 : Store certificates()

DATBT

Hnh 6.7

Sau khi c c chng ch, RA nhp chng ch ca n cng vi chng ch ca CA, lu vo c s d liu. Chng ch ca RA s c dng to knh SSL kt ni ti CAServer. Biu hot ng khi to ca RAClient nh sau:

87

Check Config info

[Not yet] [Configurated] Load config info and DB

Check RA status

Create request

[Not yet] [Activated] Import CA's and RA 's Certificate Start main program

Hnh 6.8. Biu hot ng khi ng ca RA Client

Qun l chng ch: gia hn, thu hi, cp mi chng ch Gia hn chng ch: Khi chng chi ht han hoc sp ht han, ngi dung yu cu CA gia han thi gian s dung chng chi. Ngi dng s chn ra chng ch no cn gia hn, sau RA gi yu cu gia hn ti CA. Khi CA nhn c yu cu, n lu yu cu gia hn i CA Admin duyt. CA Admin s quyt nh c gia hn cho chng ch hay khng. Nu ng gia hn, chng ch s c t li thi gian c hiu lc bt u t thi im c gia hn v ko di 1 nm. Biu din tin sau y m t qu trnh gia hn cho mt chng ch (chi tit thit k trong ti liu k thut ca h thng).

88

RA

CAServer

CA GUI

CA's DB Access

X509 cert : CA Admin

: User seq RA - Side 1 : extend cert()

2 : select cert 3 : extend request

4 : receive request()

5 : CA 's response

6 : Update request into DB() 7 : Add request, change cert status()

8 : return 9 : Update GUI() 10 : Update()

11 : Extend() 12 : choose certificate 13 : extend cert() 14 : reset validity time()

15 : finish 16 : Update into DB() 17 : Update DB()

18 : finish 19 : Update GUI() 20 : Update()

Hnh 6.9. Biu din tin qu trnh gia hn mt chng ch

Khi CA nhn c yu cu, n s lu yu cu v cp nht trng thi ca chng ch, ng thi cp nht giao din ngi dng cho CA. (cc bc 4 10 trn biu ). Khi c ngi qun tr CA quyt nh gia hn, chng ch s c gia hn nh ni trn, CA s cp nht c s d liu v giao din hon thnh vic gia hn. (Cc bc cn li trn biu ).

89

Hot ng gia hn c th c m hnh ha trong biu sau:

User RA CA

Select Certificate Retrieve certificate info Select an extend request

Receive request

Send extend request

Store extending request

[Accept] [Deny] Set new valid time for certificate

Discard request

Update DB

Hnh 6-10. Biu hot ng gia hn chng ch

Thu hi chng ch: Biu din tin ca qu trnh thu hi mt chng ch c th hin di y. Qu trnh thu hi bt u bn pha RA (mu xanh trn hnh v).

90

RA

CAServer

CA GUI

DB Access

CRL : CA Admin

: User seq RA - side 1 : Revoke cert()

2 : select cert
3 : revoke request

4 : receive request()

5 : CA's response

6 : Update request into DB()

7 : return

8 : Update certificate() 9 : Change certificate's status()

10 : select revoke request

change status of certificate into "waiting for revoke"

11 : revoke() 12 : revoke cert() 13 : Update DB()

14 : return 15 : Update GUI()

16 : SelectUpdateCRL() 17 : UpdateCRL() 18 : Update()

Hnh 6-11. Biu din tin ca giao dch thu hi mt chng ch

Vic thu hi chng ch c th theo nh k hoc ti mt thi im CA Admin quyt nh thu hi mt chng ch nht nh no . Ngi dng c th xin thu hi chng ch ca mnh khi b mt kha c nhn. Trong trng hp ny ngi dng gi yu cu cho CA (thng qua RA) thu hi chng ch. Khi CA nhn

91

c yu cu thu hi mt chng ch, yu cu ny s c lu vo hng i ca CA ch duyt. Thng tin v chng ch b yu cu hy s c cp nht vo c s d liu v trn giao din ngi dng ca CA ngi qun tr CA c th xem xt v duyt yu cu. (Cc bc 6, 7, 8, 9 trn biu ). Khi ngi qun tr CA chn mt yu cu v duyt thu thi, CA s thu hi chng ch, cp nht thng tin v chng ch vo c s d liu v cp nht giao din ngi dng ca CA. (Cc bc cn li trn biu din tin). Biu hot ng thu hi chng ch nh sau:
User RA CA

Select Certificate Retrieve certificate info

[regular update CRL] [irregular]

Receive revoke request Send revoke request in any case Store request Change all expired certificates status into "Revoked" Select request

[Accept request] Change certificate status into "Revoked" [else]

Update CRL

Hnh 6.10. Biu hot ng thu hi chng ch

Cp mi chng ch Qu trnh cp mi mt chng ch c th coi bt u t khi ngi dng yu cu cp chng ch y xt qu trnh cp ti pha CA Server. Biu din tin chi tit nh hnh v di y.

92

Khi yu cu c gi ti cho CA, yu cu ny s c lu vo c s d liu, sau giao din CA Server s c cp nht ngi qun tr bit c. Ngi qun tr CA (CA Admin) la chn mt trong s cc yu cu cp chng ch duyt cp. CA kim tra cc thng tin trong yu cu chng ch v s tng ng ca cp kha ca yu cu . Nu cc thng tin hp l th s cp mi chng ch cho yu cu ny. Sau khi to mi chng ch, yu cu s b xa khi danh sch ch duyt cp, chng ch mi c cp nht vo c s d liu ca CA. Qu trnh cp chng ch hon tt. Tng bc ni trn c th hin trn biu din tin sau:
RA

CAServer

CA GUI

CA's DB Access

X509 Cert : CA Admin

: User seq RA - side 1 : create request()

2 : create X509 request()

3 : send request() 4 : X509 request

5 : receive request()
6 : CA response

7 : Update requests in DB() 8 : return

9 : Update request list() 10 : Choose a request 11 : request info 12 : accept to Issue() 13 : Issue cert() 14 : get request info() 15 : create new cert() 16 : a new cert 17 : Update cert into DB() 18 : return delete the request which was accepted 19 : Update cert list() 20 : update request list in DB() 21 : return 22 : update request list()

Hnh 6.11. Biu din tin cp mi mt chng ch cho ngi dng

93

Hot ng pht hnh chng ch c th c th hin trn biu sau:

Select a request

Check request info

Validate request

[OK] Issue new certificate

Delete request and update form

Update DB

[else]

Hnh 6.12. Biu hot ng pht hnh chng ch

ng k ngi dng vo h thng Khi mt ngi mun ng k vo h thng, ngi s phi chy chng trnh RA Client v kch hot chc nng ng k ngi dng. H thng s hin th form ngi dng in cc thng tin ng nhp. Cc thng tin ny c dng RA sau ny qun l ngi dng. ng thi, ngi dng c yu cu qut vn tay ly c trng sinh trc hc nhm mc ch xc thc sau ny. Yu cu cp chng ch Ngi dng chn to yu cu chng ch t giao din ca chng trnh. H thng ly thng tin chung v ngi dng t c s d liu, sau hin th form ngi dng nhp thng tin b sung. RA s sinh cp kha c nhn v cng khai cho ngi dng. c trng vn tay c dng m ha kha c nhn v lu vo c s d liu ti RA. Kha c nhn c dng k ln yu cu cp chng ch. Yu cu c lu vo c s d liu v c gi ln cho CA ch duyt cp.

94

Retrieve user info

Select certificate type

Generate new key pair

Encrypt Private Key Using Biometric

Store encrypted Private Key

Create Request

[send request now] Store new request

[request will be send later] Send request to CA

Hnh 6.13. Biu hot ng to yu cu cp chng ch

6.5. Thit k cc thnh phn chnh trong c s h tng kha cng khai ca h thng BK BioPKI
H thng c kin trc n CA. Vic duyt cp, xc nh hiu lc ca chng ch l do CA quyt nh. Vic sinh cp kha v to yu cu chng ch c thc hin ti cc RA. Mi RA c th qun l nhiu ngi dng. Ngi dng mun ng nhp vo h thng th phi ng k vi RA, sau ng nhp v thc hin vic xin cp, s dng cc chng ch s do CA duyt cp.

95

CA:
<<device>> CAServer <<artifact>> CAServer.exe <<C API>> <<execution environment>> MySQL Server <<import>> <<modelLibrary>>

OpenSSL

Hnh 6.14. CA Server

CA l mt phn h chnh ca h thng, c ci trn my Server. CAServer.exe l chng trnh thc hin mi nhim v lin quan ti CA. Trn cng my Server, c ci h qun tr c s d liu MySQL, mi d liu CA qun l u dng MySQL. Vic to mi, cp nht, thay i ni dung c s d liu ca CA c gi qua API ca MySQL. CA v RA client u phi dng ti th vin OpenSSL.
_
<<modelLibrary>>

OpenSSL

<<artifact>> libeay.lib

<<artifact>> ssleay.lib

<<artifact>> ssleay32.dll

<<artifact>> libeay32.dll

Hnh 6.15. Th vin OpenSSL

CA c thit k gm nhm cc lp cung cp giao din cho ngi dng; nhm cc lp x l lin quan ti an ton an ninh v nhm cc lp iu khin hot ng ca CAServer nh trong biu gi di y.

96

CA GUI ConfigForm MainForm SSLConnection

CAServer CADao IDao

SSLContext

CA Certificate

CA CRL

Cert Request

X509Request

X509Certificate

X509CRL

Hnh 6.16. Biu thit k lp ca CAServer trong h thng BK BioPKI

RA:
<<device>> RA_Client <<artifact>> RA_Client.exe <<C API>> <<import>> <<execution environment>> MySQL Server <<modelLibrary>>

OpenSSL

Hnh 6.17. RAClient

RAClient l phn h chnh th hai ca h thng. N m nhn chc nng ca mt RA trong h PKI, ng thi l giao din chnh cho ngi dng tham gia vo h thng BK_BioPKI v s dng cc dch v ca h thng. Mi RAClient nm trn mt my PC trong phng Lab.

97

RA RAGUI Application Form -List of cert <<List>> CertList +Update() +FindCert()

MainForm

RADao IRaDao

RAClient

Security Biometric IBiometric BiometricSecurity

Hnh 6.18. Biu thit k lp cho RAClient

RAClient c c s d liu ring qun l thng tin v ngi dng v cc chng ch ca cc ngi dng ng k vi n. ti mi my Client u c ci MySQL. RAClient cng dng th vin OpenSSL trong m ha, bo mt. Yu t sinh trc hc c tch hp pha ng k ngi dng ti RA v trong bc to chng ch. Cc lp lin quan ti bo mt xy dng h thng BK BioPKI, mt nhm cc lp c xy dng t cc hm ca th vin OpenSSL.
Security EVP_Hash EVP_Pkey SSLContext

X509Certificate

SSLConnection

X509CRL

X509Time

X509Request

X509Extension

X509Name

X509Revoked

Hnh 6.19. Cc lp xy dng t th vin OpenSSL

98

Lp EVPHash thc hin cc hm bm. Lp EVPPkey l giao din gi cc hm lin quan ti m ha gii m. Hai lp SSLConnection v SSLContext phc v cho knh mt theo giao thc SSL. Cc lp X509* l cc lp xy dng cho vic s dng chng ch theo dng X509. Chng ch s theo nh dng X509 version 3. Cc chng ch c th dng : to ch k s; m ha bo mt; hoc dng trong ng dng truy cp t xa. Ring chng cp chng ch ca RA v chng ch SSL ca CA c dng to knh SSL gia CA v RA.

6.6. Thit k xy dng v lp trnh phn mm ngi dng trong h thng BKbioPKI 6.6.1. Phn tch yu cu

Da trn cc yu cu v chc nng v kin trc ca h thng BK-PKI, chng phn mm ngi dng trong h thng BK-bioPKI phi m bo cc chc nng c s sau: Thit lp RA ng nhp, ng xut chng trnh Xin cp chng ch Gia hn chng ch Thu hi chng ch S dng chng ch Qun l ngi dng: ng k, sa i, xa b ngi dng.

Nh vy ta c th thy phn mm ngi dng trong h thng l s kt hp gia RA v End entity trong m hnh h thng PKI tng qut. Phn mm ny va ng vai tr l mt RA trong vic giao tip vi CA (kt ni SSL, gi yu cu, nhn chng ch) ng thi li l ni cc thc th u cui (ngi dng) thc hin cc chc nng ca mnh (yu cu cp chng ch, thu hi chng ch, s dng chng ch).

6.6.2.

Gii php v phn tch cc chc nng

Gii php

Phn mm ngi dng trong h thng c thit k, xy dng da trn gii php chung ca h thng trnh by.

99

<<device>> RA_User <<artifact>> RA_Client.exe <<C API>> <<import>> <<execution environment>> MySQL Server <<modelLibrary>>

OpenSSL

Hnh 6.20. S trin khai phn mm ngi dng RA-Client

<<modelLibrary>>

OpenSSL

<<artifact>> libeay.lib

<<artifact>> ssleay.lib

<<artifact>> ssleay32.dll

<<artifact>> libeay32.dll

Hnh 6.21. Th vin OpenSSL

Biu phn cp cc chc nng c s ca phn mm ngi dng trong h thng

Chc nng ca RA-Client

Thit lp RA

ng nhp

Xin cp chng ch

Qun l chng ch

S dng chng ch

Qun l ngi dng

To chng ch RA

ng nhp

To yu cu cp chng ch

Gia hn chng ch

ng k

Ly chng ch RA, CA

ng xut

Gi yu cu cp chng ch

Hy b chng ch

Xa ngi dng

Thit lp knh SSL

Ly chng ch

Hnh 6.22. Cc chc nng RA-Client

Cc chc nng trong phn mm ngi dng bao gm:

100

Thit lp RA: y l chc nng u tin phi thc hin c th thit lp mt h thng PKI. Mc ch ca chc nng ny l ng k, thnh lp RA. thc hin iu , cn phi c mt chng ch RA do CA cp, ng thi RA cng phi c chng ch CA chng thc CA m mnh kt ni n. Sau khi RA v CA c cp chng ch ca nhau, knh mt SSL c th c thit lp.

ng nhp: y l chc nng kim sot ngi truy cp vo chng trnh. ng nhp thnh cng, ngi dng cn phi c mt user v password c ng k. Sau khi tch hp sinh trc vo h thng, ngoi password ngi dng s phi s dng du vn tay ca mnh truy cp chng trnh. i km vi chc nng ng nhp l chc nng ng xut, gip ngi s dng thot khi chng trnh an ton. Xin cp chng ch: khi truy cp chng trnh, ngi dng c th thc hin chc nng xin cp chng ch. c th xin cp chng ch, ngi dng cn to yu cu chng ch, gi yu cu chng ch v cui cng l ly chng ch v (nu yu cu c chp nhn).

Qun l chng ch: ngi dng c th thc hin chc nng qun l chng ch ca mnh bng cch yu cu gia hn nhng chng ch sp ht hn hoc yu cu thu hi nhng chng ch m mnh cm thy khng an ton hoc khng cn thit S dng chng ch: y l chc nng gip ngi dng c th ly c chng ch cng kha c nhn ca chng ch s dng trong cc ng dng ca h thng. Qun l ngi dng: chc nng ny bao gm chc nng ng k ngi dng, thay i thng tin ngi dng v xa b ngi dng. ng k ngi dng cho php mt ngi s dng ng k user, password v cc thng tin cn thit khc c th ng nhp h thng thnh cng. Chc nng thay i thng tin ngi dng cho php ngi dng thay i cc thng tin v bn thn ngi dng . Chc nng xa b ngi dng thuc quyn ca RA administrator (ngi c chng ch RA ng k vi CA lc thit lp RA). Chc nng ny cho php RA administrator c th xa b nhng user c ng k ti RA .

6.6.3.

Xy dng kch bn cc chc nng phn mm ngi dng

Thit lp RA Chc nng thit lp RA l chc nng thc hin qu trnh RA to c s d liu, xin cp chng ch, ng thi lu tr cc thng tin cn thit c th lin kt vi c s d liu v to knh SSL vi CA sau ny. 1. RAadmin chn setup RA t giao din chng trnh. 2. RAadmin c yu cu nhp cc thng tin cn thit (bao gm thng tin profile, thng tin kt ni CA (ip address), thng tin kt ni c s d liu). 3. RAadmin nhp thng tin theo yu cu. 4. RA setup lu tr cc thng tin ny. 5. RA setup gi hm Create Request ca i tng Request Creator. 6. Yu cu cp chng ch c gi n CA. 7. CA to chng ch theo yu cu.

101

8. Chng ch RA, CA c gi cho RA thng qua knh mt (trong trng hp ny l gi offline). 9. RA setup lu li cc chng ch to knh SSL sau ny.

RA Setup : RAadmin 1 : Select setup RA() 2 : Query infomation()

Request Creator

CA

3 : Enter infomation() 4 : Store RA config() 5 : Create Request() 6 : Send Request file 7 : Create Certificate() 8 : Send RA,CA Certificate 9 : Store certificates()

Hnh 6.23. Kch bn giao dch thit lp RA

ng nhp ngi dng

User Login Object : User 1 : Send user password()

Database Access

2 : Send user password 3 : Querry database() 4 : Send result 5 : send result

Hnh 6.24. Kch bn giao dch ng nhp ngi dng

ng nhp ngi dng l chc nng cho php ngi dng c truy cp vo chng trnh thc hin cc chc nng khc ca chng trnh. Ngi dng c chia lm lm loi l ngi dng bnh thng v RA administrator.

102

Kch bn ng nhp ngi dng: 1. Ngi dng chy chng trnh, nhp user, password vo form ng nhp. 2. i tng ph trch ng nhp ngi dng ca h thng (User Login Object) gi user, password cho i tng giao tip vi c s d liu (Database Access). 3. Database Access thc hin truy vn d liu (bng tblUser). 4. Kt qu truy vn c chuyn cho User Login Object. 5. User Login Object thng bo kt qu ng nhp cho ngi dng. Nu kt qu ng nhp l tht bi, ngi dng c th ng nhp tip ti a 2 ln, nu vn khng thnh cng chng trnh s t ng thot. Xin cp chng ch Chc nng xin cp chng ch l chc nng thc hin ba qu trnh: qu trnh to yu cu cp chng ch, qu trnh gi yu cu cp chng ch ln cho CA v qu trnh ly chng ch CA v (nu c ng cp). Qu trnh to yu cu cp chng ch

Request Creator : User 1 : Create Request()

Database Access

2 : Get profile() 3 : Query user profile()

5 : get certificate's type()

4 : Send profile

6 : select certificate's type() 7 : Create Request() 8 : Send request private key 9 : store request private key()

Hnh 6.25. Kch bn giao dch to yu cu cp chng ch.

Kch bn to yu cu chng ch: 1. Ngi dng yu cu to yu cu cp chng ch

103

2. i tng to yu cu chng ch (Request Creator) gi yu cu ly profile ca ngi dng n i tng giao tip vi c s d liu (Database Access). 3. Database Access thc hin truy vn c s d liu ly profile ca ngi dng. 4. Profile ca ngi dng c gi n Request Creator. 5. Ngi dng c yu cu chn loi chng ch m ngi dng yu cu cp. 6. Ngi dng chn loi chng ch. 7. To yu cu chng ch: bao gm cc qu trnh to cp kha RSA (public key v kha c nhn), qu trnh to yu cu v qu trnh k (s dng kha c nhn va to) ln yu cu. 8. Yu cu v privatkey tng ng va to c gi n Database Access. 9. Database Access lu yu cu, kha c nhn vo c s d liu. Trong qu trnh ny m yu cu cp chng ch RA (RA_request_ID) c to ra ng vi yu cu . Kch bn gi yu cu chng ch cho CA

: User

<<interface>> Request List

Database Access

Request sender

CA

1 : Select request() 2 : Send request 3 : Send request()

5 : send CA_Request_ID 4 : Send CA_Request_ID 6 : Store CA_Request_ID()

7 : Change request status()

8 : Update()

Hnh 6.26. Kch bn giao dch gi yu cu cp chng ch.

1. Ngi dng chn yu cu gi cho CA. 2. Yu cu c chn c gi cho i tng ph trch vic gi request cho CA (request sender). 3. Request c gi n CA thng qua knh mt SSL. 4. Ngay khi nhn c request, CA gi tr m yu cu chng ch CA (CA_request_ID) cho Request sender.

104

5. 6. 7. 8.

CA_request_ID c gi cho Database Access lu vo c s d liu. CA_request_ID c lu vo c s d liu tng ng vi yu cu gi. Trng thi ca yu cu chng ch c s i (submitted). Trng thi yu cu chng ch giao din c cp nht.

Kch bn ly chng ch t CA

: User

<<interface>> Request List

<<interface>> Cert List

Database Access

CA comunicator

CA

1 : Select request() 2 : Send RA_request_ID, CA_request_ID 3 : Send command 4 : Send certificate 5 : Send certificate 6 : Store certificate()

7 : Change request status() 8 : Update() 9 : Update()

Hnh 6.27. Kch bn giao dch ly chng ch

1. Ngi dng chn yu cu cp chng ch t giao din chng trnh, v yu cu ly chng ch t CA ng vi yu cu cp chng ch . 2. RA_request_ID, CA_request_ID tng ng vi yu cu c gi n i 3. 4. tng giao tip vi CA (CA communicator). CA communicator to lnh ly chng ch v gi lnh cho CA. Lnh ly chng ch c dng GETCERT RA_request_ID CA_request_ID. CA nhn c lnh da vo CA_request_ID tm chng ch tng ng. Nu khng c chng ch th thng bo cho RA, nu c th gi chng ch cho CA communicator. Chng ch c gi ti Database Access. Chng ch c lu vo c s d liu. Trng thi ca yu cu chng ch tng ng c sa i (Issued). Trng thi ca yu cu chng ch c sa i giao din danh sch yu cu. Danh sch chng ch c update.

5. 6. 7. 8. 9.

105

Gia hn chng ch Chc nng gia hn chng ch gm qu trnh gi yu cu gia hn chng ch ln CA v qu trnh ly chng ch gia hn (nu c CA ng ) t CA. Kch bn qu trnh gi yu cu gia hn ln CA.

: User

<<interface>> CertList

Database Access

CA communicator

CA

1 : Select certificate() 2 : Send serial number 3 : Send command 4 : Send serial number()

5 : Change cert status()

6 : Update()

Hnh 6.28. Giao dch giao dch gia hn chng ch.

1. Ngi dng chn chng ch cn gia hn t danh sch chng ch v yu cu gia hn chng ch. 2. Serial number ca chng ch c gi n CA communicator. 3. CA communicator gi lnh gia hn chng ch n cho CA. Lnh gia hn chng ch c dng Extend SerialNumber. 4. Serial Number c gi n Database Access. 5. i trng thi ca chng ch tng ng trong c s d liu thnh ch xin gia hn. 6. Cp nht giao din danh sch chng ch. Kch bn qu trnh ly chng ch c gia hn t CA.

106

: User

<<interface>> CertList

Database Access

CA communicator

CA

1 : Select certificate() 2 : Send serial number 3 : Send command 4 : Send certificate 5 : Send certificate 6 : Update certificate()

7 : Update()

Hnh 6.29. Giao dch giao dch ly chng ch gia hn

Ngi dng chn certificate c trng thi ang ch gia hn Serial number ca chng ch c gi n CA communicator. CA communicator gi lnh ly chng ch gia hn n cho CA. CA nhn c lnh, da vo s serial number gi chng ch gia hn cho RA. 5. CA communicator gi chng ch c gia hn cho Database Access. 6. Database Access da vo serial number trong chng ch thay mi chng ch trong c s d liu, thay i trng thi chng ch. 7. Cp nht giao din danh sch chng ch. Thu hi chng ch Thu hi chng ch l chc nng cho php ngi dng thng bo cho CA bit chng ch mnh mun CA thu hi.

1. 2. 3. 4.

: User

<<interface>> CertList

Database Access

CA communicator

CA

1 : Select certificate() 2 : Send serial number() 3 : Send command 4 : Send serial number 5 : Update cert status() 6 : Update()

Hnh 6.30. Giao dch thu hi chng ch.

107

Kch bn thu hi chng ch: 1. 2. 3. 4. 5. Ngi dng chn chng ch cn thu hi. Serial number c gi n CA communicator. CA communicator gi lnh thu hi hi chng ch cho CA. Serial number c gi n Database access. Trng thi chng ch c update trong c s d liu.

6. V trong giao din danh sch chng ch. S dng chng ch

Application : User 1 : Select certificate()

Database Access

2 : Serial number() 3 : Query private key()

4 : Send private key() 5 : query password() 6 : Enter password() 7 : Decrypt private key()

Hnh 6.31. Giao dch s dng chng ch.

Vic s dng chng ch y mang ngha l vic ly v gii m kha c nhn ca chng ch . Chng ch c s dng trong cc ng dng ca chng trnh l ng dng ch k s, ng dng m ha thng ip v ng dng truy cp t xa. Kch bn qu trnh ny nh sau: 1. Ngi dng chn chng ch t giao din danh sch chng ch ca mt ng dng c th. 2. Serial number ca chng ch c gi n cho Database Access. 3. Kha c nhn ( c m ha bng password) c ly t c s d liu. 4. Kha c nhn c gi cho ng dng. 5. Ngi dng c yu cu nhp password gii m. 6. Password c nhp. 7. Kha c nhn c gii m, c th s dng.

108

Qun l ngi dng trong h thng ng k ngi dng

Registration User : User 1 : Register user() 2 : Query information() 3 : Enter information() 4 : Check information() 5 : Send user

Database Access

6 : Query the user()

7 : Send result 8 : Create user profile() 9 : Send user profile 10 : Hash password() 11 : Send hash of password 12 : Store user()

Hnh 6.32. Kch bn giao dch ng k user

1. Ngi s dng chn ng k ngi dng t giao din ca h thng. 2. H thng yu cu ngi dng nhp thng tin. 3. Ngi dng in thng tin theo yu cu. 4. H thng kim tra thng tin m ngi dng nhp. 5. Tn User c gi n Database Access. 6. Database Access thc hin truy vn xem tn ny c s dng cha. 7. Gi kt qu cho Registration User. 8. Nu user ny c th thng bo cho ngi dng t tn khc, nu cha c th to profile cho ngi dng. 9. Gi profile cho Database Access. 10. Bm password ca ngi dng. 11. Gi m bm password cho Database Access. 12. Database Access lu cc thng tin ngi dng vo bng tblUser.

109

Xa ngi dng: Chc nng ny ch xut hin khi ngi dng ng nhp vi t cch RA admin. Mc ch ca chc nng ny l gip RA admin c th xa ngi dng trong danh sch qun l ca mnh. Vic xa ngi dng lin quan n rt nhiu vn nh chng ch ca ngi dng , cc yu cu cp chng ch ngi dng s ra saoDo vic xy dng mt chnh sch ph hp l rt cn thit. Tuy nhin, do iu kin lm n c hn nn n ny cha tm hiu k c vn ny. Hin ti, khi xa ngi dng th cc chng ch v yu cu cp chng ch cng b xa.

: RA Admin

<<interface>> User List

Database Access

1 : Select user() 2 : Send user 3 : Delete user() 4 : Send result 5 : Update list()

Hnh 6.33. Kch bn xa ngi dng

1. RA admin chn ngi dng cn xa t danh sch ngi dng. 2. User c gi n Database Access. 3. Database Access thc hin vic xa user (bao gm xa ngi dng, cc chng ch, yu cu cp chng ch v cc kha c nhn ca ngi dng ). 4. Kt qu ca vic xa ngi dng c gi tr li. 5. Danh sch ngi dng c cp nht.

6.6.4.

Thit k c s d liu phn mm

Sau khi xem xt kch bn cc chc nng ca chng trnh, xem xt cc i tng trong chng trnh, xy dng cc ph thuc hm trn cc i tng , ng thi phn tch tnh tn sut s dng ca cc i tng, c s d liu cho chng trnh c thit k nh sau: Bng User Trng User Profile Password Kha chnh Yes No No Kiu d liu Varchar(20) BLOB Varchar(20) M t Tn ngi s dng Lu tr thng tin user theo chun X509Name Lu m bm ca password ng nhp h thng ca user

110

Bng Request Trng RA RequestID X509Request Private key CA RequestID Kha chnh Yes No No No Kiu d liu Interger BLOB BLOB Interger M t T ng tng, dng lm m yu cu m RA cung cp cho user. c to ra t X509Name bng hm chun ca X509 Lu kha c nhn khi yu cu c to ra. y l m yu cu RA nhn c t CA ngay khi CA nhn c request. S dng ly chng ch t CA 1: Requested 2: Submitted (Request c gi ln CA v nhn c CA RequestID, ch khi nhn c ci ny ri mi chuyn) 3: Issued (Yu cu c chp nhn) 4: Denied (Yu cu b t chi) Kha ngoi, lin kt nhiu-1 vi bng User. Loi chng ch c yu cu cp 0: chng ch RA 1: chng ch s dng ch k s 2: chng ch s dng m ha thng ip 3: chng ch s dng truy cp t xa

Request Status

No

Interger

User Type

No No

Varchar (20) Interger

Bng Certificate Trng Serial Number X509Cert User CA RequestID Cert Status Kha chnh Yes No No No No Kiu d liu Interger BLOB Varchar(20) Integer Integer M t Serial number ca chng ch Lu chng ch dng pem Kha ngoi, lk nhiu 1 vi bng User c ng b t bng Request 1: ang hot ng 2: b hy 3: ht hn 4: ang gia hn 5: ang xin hy Lu kha c nhn, c ng b t bng Request Loi chng ch 0: chng ch RA 1: chng ch s dng ch k s 2: chng ch s dng m ha thng ip 3: chng ch s dng truy cp t xa

Private key Type

No No

BLOB Interger

Quan h gia cc bng:

111

Hnh 6.34. Quan h cc bng trong CSDL

112

Chng 7. THIT K TCH HP H THNG AN NINH THNG TIN BKBIOPKI V TH NGHIM

7.1. H thng tch hp v yu cu thit k
H thng BK-BioPKI c thit k theo m hnh PKI-CA n. Phn h sinh trc s c tch hp vo c s h tng PKI theo cc chc nng sau: ng k v kim sot ng nhp ngi dng s dng du sinh trc vn tay kt hp password ca ngi dng. Xin cp chng ch v s dng chng ch bng cch tch hp sinh trc vn tay bo v truy cp kha c nhn trong cc giao dch v ng dng.

H TNG C S KHA CNG KHAI PKI

PHN H SINH TRC

H THNG BK-BioPKI

Hnh 7.1. M hnh tch hp h thng

7.2. xut m hnh tch hp 2 phn h sinh trc vn tay vo c s h tng PKI thnh h BK-BioPKI
Phn h sinh trc 1: Xc thc sinh trc trong hot ng ng k ngi dng v ng nhp h thng Phn h sinh trc 2: Sinh kha sinh trc m ha bo mt kha c nhn trong cc hot ng xin cp chng ch v s dng chng ch s Chi tit hot ng ca m hnh tch hp c trnh by trong cc phn di y

7.3. Thit k tch hp phn h sinh trc 1 thm nh vn tay ngi dng
Tch hp phn h sinh trc 1 vo qu trnh ng k ngi dng

113

K m

CSDL

Thm nh Qut vn tay X l nh vn tay Trch chn c trng Thm nh i snh

Vn tay

Kt qu

Hnh 7.2. Phn h sinh trc thm nh vn tay ngi dng

Phn h sinh trc thm nh vn tay c u vo l vn tay sng ca ngi dng. Ngi dng cho vn tay vo thit b qut vn tay, nh vn tay c thu nhn v x l, sau c trng vn tay ca ngi dng s c trch chn. Trong qu trnh k m (enrollment), c trng vn tay c lu vo c s d liu. Cn trong qu trnh thm nh, c trng vn tay s c i snh vi c trng c gi m t c s d liu, t a ra kt qu thm nh. Phn tch thit k tch hp Phn h sinh trc 1
M ha i xng Password c trng vn tay ng k CSDL User ng nhp ... Minutiae

Trch chn c trng

i snh

Gii m

KT QU Password

Hnh 7.3. Tch hp phn h sinh trc 1 thm nh ng nhp ngi dng trong h thng

tch hp phn h ny vo h thng, ta chia phn h thnh hai phn: phn th nht l phn trch chn c trng t vn tay ca ngi dng ly trc tip, phn th hai bao gm qu trnh m ha c trng vn tay, lu vo c s d liu, qu trnh i snh v a ra kt qu. Phn th nht s c thc thi bng cc gi hm chy tin trnh t h thng, phn th hai

114

chnh l giao din tch hp s c thit k trong h thng. Hai phn ny c giao tip thng file text. File text l u ra ca tin trnh phn h cha thng tin cc c trng. File text nh sau: cha nhiu dng (s lng dng ng vi s im c trng), mi dng c 4 s t nhin, phn cch nhau bi 1 du cch, nh sau: ABCD Trong : A v B l ta ca im c trng. C l hng ca im (c 8 hng ng vi cc gi tr t 0 D l kiu c trng (0: im ct, 1: im r nhnh). Thit k kch bn tch hp Kch bn ng k user 1. Ngi dng yu cu ng k user. 2. i tng ph trch ng k user (User Registration) yu cu ngi dng nhp thng tin cn thit (user, password, comfirm password, comman name, email address, country,...). 3. Ngi dng nhp thng tin theo yu cu. 4. User registration kim tra mt s thng tin ngi dng nhp vo. 5. Khi to i tng thm nh vn tay ngi dng. 6. Yu cu ngi dng qut vn tay. 7. Ngi dng qut vn tay. 8. c trng vn tay (Minutiae) ca ngi dng c sinh ra. 9. Minutiae c gi cho User Registration. 10. Minutiae c m ha bng password ca ngi dng. 11. Bm password ca ngi dng. 12. Gi user cho Database access. 13. Gi m bm password cho Database Access. 14. To profile t thng tin ca ngi dng. 15. Gi profile cho Database Access. 16. Gi Minutiae m ha cho Database Access. 17. Database lu tr tt c cc thng tin nhn c ca ngi dng. 7)

115

User Registration : User

Fingerprint Identification

Database Access

1 : Register user() 2 : query information()

3 : Enter information() 4 : Check information()

6 : Query fingerprint()

5 : Init()

7 : Scan fingerprint()

8 : Create minutiae() 9 : Send minutiae

10 : Encrypt minutiae()

11 : Send user 12 : hash password() 13 : Send hash of password 14 : Create user profile() 15 : Send user profile 16 : Send encrypt minutiae 17 : Store user()

Hnh 7.4. Kch bn ng k ngi dng

116

Kch bn ng nhp user

Login user object Fingerprint Identication Database Access

: User 1 : Enter user password() 2 : hash the password() 3 : Send user, hash of password 4 : Query use, hash of password() <<create>> 5 : Send result 6 : Init() 7 : query fingerprint() 8 : Scan fingerprint() 9 : Creat minutiae() 10 : Send minutiae 11 : Get minutiae() 12 : Query encrypted minutiae() 13 : Send encrypted minutiae 14 : Decrypt minutiae()

15 : Matching minutiae() 16 : Send result()

Hnh 7.5. Kch bn ng nhp ngi dng

1. Ngi dng nhp user, password. 2. Password c bm. 3. User, m bm ca password c gi n i tng truy cp c s d liu (Database Access). 4. Database Access thc hin truy vn c s d liu user v m bm password. 5. Kt qu truy vn c gi n cho i tng ph trch login ngi dng (Login user object).

117

6. Nu kt qu truy vn l sai, ngi dng phi nhp li user password, vic nhp li c ti a 2 ln. Nu kt qu truy vn l ng, Login user object khi to i tng thm nh vn tay ngi dng (Fingerprint Identication). 7. Ngi dng c yu cu qut vn tay. 8. Ngi dng qut vn tay. 9. Minutiae ca mu vn tay ngi dng c to. 10. Minutiae c gi n Login user object. 11. Login user object gi hm Minutiae ca Database Access. 12. Database Access truy vn c s d liu. 13. Minutiae trong c s d liu l minutiae c m ha c gi n cho Login user object. 14. Login user object dng password ca ngi dng gii m Minutiae (ly t c s d liu). 15. Minutiae gii m c so snh vi minutiae to ra t vn tay sng ca ngi dng. 16. Kt qu so snh c thng bo cho ngi dng. Nu kt qu t, ngi dng c ng nhp h thng. Nu kt qu khng t, ngi dng c qut li vn tay 2 ln na.

7.4. Thit k tch hp Phn h sinh trc 2 sinh kha sinh trc bo v kha c nhn.
y, phn h sinh trc s c tch hp vo hot ng chc nng c s ca PKI l xin cp chng ch v s dng chng ch. Vic tch hp ny c mc ch bo v kha c nhn bi vn tay ngi dng.

7.4.1. Phn h sinh trc sinh kha bo v kha c nhn

K m
CSDL

Thm nh

Qut vn tay

X l nh vn tay

Trch chn c trng

Sinh tp kha BEK

Thm nh

i snh

Vn tay

Kt qu

Hnh 7.6. Phn h sinh trc hc sinh kha bo v kha c nhn

Phn h sinh trc sinh kha bo v kha c nhn c u vo l vn tay sng ca ngi dng. Ngi dng cho vn tay vo thit b qut vn tay, nh vn tay c thu nhn v x l, sau c trng vn tay ca ngi dng s c trch chn. T c trng vn tay, tp kha

118

BEK (Biometric encryption key) c sinh ra. Trong qu trnh k m (enrollment), tp kha BEK c lu vo c s d liu (lu m bm ca tng kha). Cn trong qu trnh thm nh, tp kha BEK s c i snh vi tp kha BEK (m bm) t c s d liu, t a ra kt qu thm nh.

7.4.2. M hnh tch hp phn h sinh trc sinh kha bo v kha c nhn vo h thng v thit k h thng
M ha i xng Private key Xin cp Tp kha chng ch sinh trc (BEK) S dng chng ch Tht bi T CHI i snh Thnh cng Gii m

Sinh kha sinh trc Vn tay

CSDL

Private key

Hnh 7.7. M hnh tch hp phn h sinh trc 2 sinh kha bo v kha c nhn vo h thng.

Phn h sinh trc sinh kha bo v kha c nhn c tch hp vo h thng mt cch hon ton, thng nht theo ba thnh phn sau: thnh phn qut v thu nhn nh vn tay trc tip t vn tay ngi dng thng qua thit b qut vn tay, thnh phn sinh kha sinh trc hc v thnh phn giao din tch hp vi h tng c s PKI c. Hai thnh phn qut, thu nhn vn tay v sinh kha sinh trc c gi nguyn tch hp v h thng. Ring thnh phn th ba c nhng thay i so vi phn h ban u. C th nh sau: qu trnh k m c tch hp vo hot ng xin cp chng ch (c th l qu trnh to yu cu cp chng ch), v qu trnh thm nh c tch hp vo hot ng s dng chng ch ca h thng PKI. Trong qu trnh xin cp chng ch, tp kha BEK c dng m ha kha c nhn trc khi b bm ra thay v ch b bm ra nh trong qu trnh k m. Cn trong qu trnh i snh, kt qu

119

ca qu trnh ny s l kha c nhn c gii m hoc l NULL (nu i snh khng thnh cng). Nh vy ta cn phi thit k c s d liu lu tr kha c nhn m ha, tp m bm BEKs. Kha c nhn cn c m ha bi tp BEKs gm 125 kha khc nhau. Trong qu trnh s dng, kha c nhn s c gii m t mt trong 125 private m ha. Do , thun tin cho vic lu tr cng nh truy vn c s d liu, ta thit k mt bng ring lu tr kha c nhn. Bng ny c lin kt vi bng tblRequest thng qua trng RA_request_ID. C th c s d liu mi ca chng trnh nh sau: Bng User Trng User Profile Password Fingerprint Bng Request Trng RA RequestID X509Request Kha chnh Yes No Kiu d liu Interger BLOB M t T ng tng, dng lm m yu cu m RA cung cp cho user. c to ra t X509Name bng hm chun ca X509 y l m yu cu RA nhn c t CA ngay khi CA nhn c request. S dng ly chng ch t CA 0: Requested 1: Submitted (Request c gi ln CA v nhn c CA RequestID, ch khi nhn c ci ny ri mi chuyn) 2: Issued (Yu cu c chp nhn) 3: Denied (Yu cu b t chi) Kha ngoi, lin kt nhiu -1 vi bng User. Loi chng ch c yu cu cp 0: chng ch RA 1: chng ch s dng ch k s 2: chng ch s dng m ha thng ip 3: chng ch s dng truy cp t xa Kha chnh Yes No No No Kiu d liu Varchar(20) BLOB Varchar(20) BLOB Tn ngi s dng Lu tr thng tin user theo chun X509Name Lu m bm ca password ng nhp h thng ca user Lu tr vn tay ca user ngay lc ng k M t

CA RequestID

No

Interger

Request Status

No

Interger

User

No

Varchar (20)

Type

No

Interger

120

Bng Certificate Trng Serial Number X509Cert User CA RequestID Kha chnh Yes No No No Kiu d liu Interger BLOB Varchar(20) Integer M t Serial number ca chng ch Lu chng ch dng pem Kha ngoi, lk nhiu 1 vi bng User c ng b t bng Request 1: ang hot ng 2: b hy 3: ht hn 4: ang gia hn 5: ang xin hy Loi chng ch 0: chng ch s dng ch k s 1: chng ch s dng m ha thng ip 3: chng ch s dng truy cp t xa

Cert Status

No

Integer

Type

No

Interger

Bng Kha c nhn Trng ID RARequestID Digist Kha c nhn_Encryptedkey Quan h gia cc bng Kha chnh Yes No No No Kiu d liu Interger Interger Varchar(30) BLOB T ng tng M yu cu RA M bm ca tng c trng vn tay Cha kha c nhn c m ha bi tng c trng vn tay tng ng M t

Hnh 7.8. Quan h gia cc bng trong CSDL

121

7.4.3. Thit k cc kch bn hot ng tch hp

Kch bn qu trnh xin cp chng ch

Qu trnh lu tr kha c nhn nm trong qu trnh to yu cu chng ch. Sau y l kch bn chi tit ca qu trnh ny:
BEKs generator X509Request Creator Database Access

: User 1 : create Request() 2 : send Request 4 : scan fingerprint() 5 : generate BEKs() 6 : send BEKs 7 : encrypt private key()

3 : store Request()

8 : send encrypted private key 9 : store encrypted private key()

10 : hash BEKs() 11 : send BEKs hash code

12 : store BEKs hash code()

Hnh 7.9. Kch bn to yu cu chng ch

1. Khi ngi dng yu cu to yu cu xin cp chng ch, qu trnh to chng ch c thc hin. 2. Yu cu cp chng c chuyn ti i tng giao tip vi c s d liu. 3. Yu cu cp chng ch c lu vo c s d liu. 4. Ngi dng c yu cu qut vn tay. 5. 6. 7. 8. Sinh tp kha bo v kha c nhn (BEKs) t vn tay ca ngi dng. BEKs c chuyn n Request Creator. BEKs c dng lm kha m ha kha c nhn (m ha i xng DES) Tp kha c nhn c m ha c chuyn ti i tng giao tip vi c s d liu 9. Tp kha c nhn m ha c lu vo c s d liu (tng ng vi m yu cu chng ch RA). 10. Tp kha m ha kha c nhn-BEKs c bm tng BEK. 11. Chuyn tp m bm ca BEKs n i tng giao tip vi c s d liu. 12. Lu tp m bm ca BEKs vo c s d liu (tng ng vi m yu cu chng ch RA v tp kha c nhn c m ha).

122

Kch bn qu trnh s dng chng ch

BEKs generation Application Matching Database Access

: User 1 : select certificate() 2 : send serial number 3 : get the BEKs hash code()

4 : send BEKs hash code 5 : scan fingerprint() 6 : send BEKs 7 : hash BEKs() 8 : Match BEKs hash code() 9 : send the matched BEK hash code 10 : query the encrypted private key() 11 : send the encrypted private key

12 : decrypt the encrypted private key() 13 : send private key

Hnh 7.10. Kch bn s dng chng ch

Qu trnh s dng private khi ngi dng cn s dng chng ch trong cc ng dng c th ca chng trnh nh: ng dng ch k s, ng dng truy cp t xa v ng dng m ha thng ip. 1. Ngi dng chn chng ch s s dng t giao din ca mt trong cc ng dng 2. 3. 4. 5. 6. 7. 8. 9. trn. Serial number ca chng ch c chn c gi n i tng giao tip c s d liu (Database access). Da vo serial number, tp m bm BEKs tng ng c truy vn t c s d liu. Tp m bm BEKs c gi n i tng i snh vn tay (Matching). Ngi dng c yu cu qut vn tay i snh. Tp BEKs li c sinh ra t vn tay sng ca ngi dng. Tp BEKs ny c gi n i tng i tng i snh. Tp BEKs ny c bm ln lt tng kha. Ln lt m bm ca tng kha c so snh vi tp m bm BEKs ly t c s d liu. Nu khng c m bm no ging nhau th thng bo t chi cho php s dng kha c nhn (chng ch). Nu c m bm ging vi mt m bm trong tp m bm BEKs ly t c s d liu th tip bc m bm c matching ny c gi n Database access.

123

10. Da vo m bm ny cng vi serial number, kha c nhn c m ha c truy vn t c s d liu. 11. Kha c nhn c m ha ny c gi n cho i tng i snh. 12. BEK tng ng c dng gii m kha c nhn. 13. Gi kha c nhn gii m n ng dng cn s dng.

7.5. Xy dng th nghim ng dng ch k s trong h thng BK-BioPKI v th nghim

y l mt ng dng c bn ca h PKI. Mc ny i su chi tit vo ng dng v s trnh by t nguyn l cho ti thit k ci t ng dng trong h thng BK-BioPKI. Trong ng dng c tch hp yu t sinh trc hc theo hng dng c trng sinh trc hc bo v kha c nhn.

7.5.1. Mc ch ca ch k s
Ch k s ra i cng vi k thut m ha bt i xng, n gii quyt c vn k du c trng trc khng th thc hin c trong h m ha i xng. Ngy nay n tr thnh mt ng dng ph bin trong cc giao dch in t. Mc ny s trnh by mt s khi nim quan trng c lin quan ti ch k s.

7.5.2. Vn xc thc
Cng vi s pht trin mnh m ca mng Internet v cc cng ngh mi, cc giao dch in t cng tng ln khng ngng. m bo cho cc giao dch thnh cng th xc thc l mt i hi tt yu. Ging nh trong cc giao dch truyn thng t trc ti nay, trong giao dch in t cng cn phi c s xc thc ch th v xc thc cc ni dung trao i. Vic xc thc cng tr nn quan trng hn trong mi trng m nh mng Internet vi nhiu kiu tn cng a dng. Trong mt giao dch in t, bi ton xc thc nhm gii quyt hai vn chnh l gi mo thng ip v mo danh. Xc thc, theo [1] l vic gn mt nh danh vi ch th tng ng. Mt thc th c th c xc thc nh cc thng tin nh: - thng tin mt m thc th bit (mt khu) - ci m thc th c (v d nh th tn dng...) - thng tin v thc th (nh c trng vn tay, nhn cu ...) - v tr ca thc th (v d nh khi dng GPS gim st v tr ca thc th) Xc thc thng ip nhm m bo c s ton vn ca ni dung thng ip cng nh ngun gc thng ip. xc thc thng ip c th thc hin theo nhiu cch, cc cch ny c th chia lm 3 loi chnh l: m ha thng ip; m xc thc thng ip (MAC); v cc hm bm. M ha dng trong xc thc: dng chnh bn m ca thng ip xc thc.

124

Vi h m i xng, nu ch c hai bn tham gia trao i thng ip bit kha mt dng m ha thng ip th c th coi thng ip c m c xc thc ngun gc v s ton vn. Trong h m cng khai, ty theo cch dng kha no m m ta c thng ip m ha tha mn mt s tnh cht khc nhau. m bo tnh xc thc cho thng ip M l do ngi A to ra, A s dng kha ring ca mnh m ha M. Khi bn nhn lun xc thc c ngun gc ca M l t A. M xc thc thng ip (MAC): l mt khi d liu c trng cho thng ip c m ha lm du hiu xc thc cho thng ip , khi ny c gn km vi thng ip khi gi i. Ti pha nhn t thng ip nhn c, bn nhn s tnh li m MAC ny kim tra tnh ton vn, trt t d liu v.v... ca thng ip. Cc hm bm: Cc hm bm cng l mt loi du hiu xc thc thng ip. N c to ra t ni dung thng ip, n ch khc vi MAC ch khng cn phi m ha Ngi ta dng m bm ca thng ip to ch k s cho thng ip . Xc thc bng ch k s Ch k s theo chun X.800 v kin trc an ninh cho h thng m - l mt c ch an ninh (security mechanism). N l d liu thm vo hoc dng m ha ca mt n v d liu nhm cho php ngi nhn n v d liu c th kim tra c ngun gc n v d liu v tnh ton vn ca d liu [3]. Ch k s l mt c ch xc thc c dng ph bin trong cc h thng c s dng m ha cng khai. Mt ng dng ch k s gm hai qu trnh: K ln d liu v Kim tra ch k

Qu trnh k s dng thng tin ring ca ngi k (b mt v duy nht). Qu trnh kim tra ch k dng cc thng tin cng khai. c im quan trng ca ch k l n ch c th c to ra t thng tin ring (private) ca ngi k. iu ny cho php chng ph nhn khi kim tra. Ch k s c to ra t kha c nhn (private key) ca ngi k. Do , d liu k khng th c ti ra bi ai khc ngoi ngi c kha c nhn ngi k. Ngi nhn cng khng th to ra ch k ca ngi gi. y l kh nng chng ph nhn v xc thc ngun gc ca ch k s. Trong thc t cc ng dng, ch k thng c to ra t m bm ca thng ip, do m bm ny c trng cho thng ip nn ch k s xc thc c s ton vn ca thng ip, m bo thng ip khng b sa i.

7.5.3. Xc thc trong h PKI

Trong mt h PKI, cc chng ch s c dng trong cc giao dch nhm m bo an ton cho cc giao dch v m bo tnh xc thc. Xc thc y bao gm c xc thc ngi dng ln xc thc ni dung thng ip.

125

Cc phng php m ha cng khai cng vi cc hm bm mt chiu s c s dng thc hin vic xc thc. Trong mt h PKI bnh thng, c th coi kha ring ca mi ngi l du hiu c trng ca ngi v c th em k ln cc thng ip trong giao dch. Trong h PKI c ng dng sinh trc hc, du hiu c trng ca mi ngi s l du hiu sinh trc hc ca ngi , khi kha ring ca mi ngi c th c bo v bi du hiu sinh trc hc ca h hoc du hiu sinh trc hc c th s c s dng lm kha ring. M hnh xc thc trong s qun l chng ch bi CA Trong mt h PKI, CA lm nhim v qun l chng ch s. Mi chng ch cha thng tin v ch s hu n, mt kha cng khai ca ngi ch chng ch v c k xc nhn bi kha ring ca CA. Mi ngi dng trong h PKI u phi c kha cng khai ca CA v CA coi nh c tin tng tuyt i. Chng ch c cp bi CA u c th c kim tra bi bt k ngi dng no. Nn chng ch s c dng xc thc ngi dng. Kt hp vi ch k s, chng ch s gip xc thc c ngi dng ln thng ip. Ty theo yu cu s dng, c th xc thc theo mt trong ba cch: xc thc mt chiu, xc thc hai chiu hay xc thc ba chiu.

Hnh 7.11. Cc m hnh xc thc (a) Xc thc mt chiu; (b) xc thc hai chiu; (c) xc thc 3 chiu

126

7.5.4. Thit k ng dng trn c s h thng BK BioPKI

ng dng ch k s l mt thnh phn trong nhm cc ng dng ca h thng. Hai chc nng chnh h thng cung cp lin quan ti ng dng ny l chc nng k v chc nng kim tra ch k.
<<layer>> BK - BioPKI Applications Digital Signature <<extend>> User Remote Authentication Secure Message Sign <<extend>> Verify Signature

Hnh 7.12. Biu usecase nhm cc chc nng lin quan ti ng dng trn nn PKI

Trong phm vi ti ny, ng dng xc thc s c xy dng nhm xc thc ni dung thng ip v xc thc ngi dng. ng dng c xy dng nm trong h thng BKBioPKI c xy dng t trc. Mc tiu ca vic xc thc trong ng dng ny l: Xc thc s ton vn thng ip; Xc thc ngi k thng ip; Chng ph nhn i vi ngi k. Thut ton bm s dng m bo ch cn sai khc mt bt u vo th chui bit u ra s thay i. Bn nhn bn gi bit mnh ang giao dch vi ai, vic xc thc ngi dng thng qua chng ch s. Thut ton m ha gii m vi cp kha ring cng khai m bo chnh xc: m ha bng kha ny ch c th gii m tr libng kha kia. Kha ring c trng cho ch ca n. Khng c kha ring trng nhau. H thng BK-BioPKI c 1 CA cp chng ch cho cc ngi dng ca h thng, c cc loi chng ch tng ng vi cc ng dng khc nhau. M un ng dng ny nm trong h BK-BioPKI hin c nn n s s dng cc chc nng c lin quan n chng ch. S dng cc hm cc lp c xy dng lm vic vi chng ch s. H thng ny ch c mt CA. coi nh mi client tham gia vo h thng u phi c kha cng khai ca CA v u tin tng vo CA khng iu kin.

127

ng dng xc thc thng ip gia hai client, gi thit l bn gi bit a ch bn nhn (a ch IP, s cng). Qu trnh giao dch s ch c hai bn tham gia: bn gi v bn nhn.

Gii php thc hin xc thc dng ch k s l dng hm bm mt chiu bm ni dung thng ip M ra thnh chui bit gi l Message-Digest (MD) MD ny s c m ha bi kha ring ca ngi k thnh chui bit S. S chnh l ch k ca ngi k ln thng ip M. Xc nhn ch k: thng ip M nhn c s c bm thnh MD. Gii m MD t ch k bng kha cng khai ca ngi k (kha ny bn xc nhn bit trc) sau so khp MD vi MD xem c ng khng. Ch k c xc nhn (verify) l m bo cho s ton vn ni dung ca M v khng nh c ngi to ra ch k. Bi v ch k c xc nhn khi v ch khi MD = MD tc l tha mn ng thi cc iu kin sau: M = M (nu khng th chc chn MD khc MD) Kha cng khai ca ngi k tng ng vi kha ring k. Thit k kch bn ng dng

T cc tin trn, kch bn ng dng c th c m t nh sau: Hai ngi dng ca h thng tham gia vo mt giao dch thng ip c s dng ch k s. Tm gi hai ngi l A v B. A gi cho B thng ip M (l mt file d liu ), A ng thi dng mt chng ch s ca mnh to ch k s. Chnh xc l A dng kha ring PrA (ng vi chng ch CertA ca A c CA xc nhn) k ln M to thnh ch k SA. C M, s Serial ca CertA v SA c gn li v gi cho B. Khi B nhn c file c k v B mun kim tra ch k c ng khng th trc tin, h thng s tch ni dung file v cc thng tin lin quan ti ch k ra. Tip theo B s dng dch v do h thng cung cp ly chng ch CertA v kim tra xem c ng l chng ch hp l hay khng. Sau nu chng ch hp l th B ly kha cng khai PbA ca A t chng ch. B dng PbA kim tra li ch k v file M xc thc xem c phi ng l A k ch k ny khng. Nu chng ch khng hp l hoc nu M khng ton vn hoc khng phi A k chng ch th kt qu vic kim tra s bit c ngay. Tri li ch k l hp l v file M khng b thay i trn ng truyn. im ng lu y l vic th nghim tch hp sinh trc hc vn tay vo ng dng. c trng vn tay c dng m ha kha c nhn. Mi khi cn ly kha c nhn ra k th ngi dng phi qut vn tay h thng ly c trng vn tay ra i chiu v gii m kha c nhn.

7.5.5. Thit k trin khai ng dng

T kch bn trn, ng dng c thit k bao gm hai phn h chnh l phn h gi file gia cc my client v phn h ch k s.

128

CDigitalSignature CDigitalSignatureDlg +m_ListCertforDigitalSignature +m_FileTransferz +m_DigitalSignature 1 1 -m_MessageDigest -m_Signature +m_key: EVP_Pkey +Hash() +HashThread() +Sign() +Verify() <<List>> CertList +Update() +FindCert() 1 * SimpleClientCert

1 CFileTransferz +m_filename +m_filepath -m_sockSend -m_sockRecv +StartSend() +StartRecv() +ThreadSend() +ThreadRecv()

Hnh 7.13. Biu lp ca ng dng ch k s

Hai hot ng chnh ca ng dng l k v kim tra, c thit k hot ng nh sau:

Select a certificate

Select a file to be signed

Retrieve Private key of selected certificate Retrieve certificate's information Sign file (calculate signature)

Hash file (Calculate file's digest ) Retrieve file's info

Combine signature's infomation and file's content into signed file

Hnh 7.14. Biu hot ng to ch k s

129

Qu trnh kim tra nh sau:

Select a signed file

Extract file content and signature's information

Retrieve hash algorithm

Retrieve certificate of signer

Retrieve public key

Calculate file 's digest from file's content

Decrypt signature ( calculate file digest from signature)

Compare two digest

[else] Signature does not match file's content

[identical] Signature verified

Hnh 7.15. Biu hot ng kim tra ch k s

Biu din tin ca ng dng c th hin ti hnh 7.16. Trong pha ly kha, c s dng n c trng vn tay, ngi ch ca kha s phi dng vn tay ca mnh gii m ly ra kha c nhn. nh vn tay sau khi c x l s c trch chn ra cc c trng i snh vi vn tay lc ng k ngi dng. Nu qu trnh i snh thy khp th kha c nhn s c gii m v c ly ra s dng, tri li khng th truy xut c kha c nhn.

130

<<userinterface>> CDigitalSignatureDlg

<<CertificateInfoHandler>> : CertList

<<DigitalSignatureHandler>> : CDigitalSignature

<<DB_access_Handler>> dao : CRADataAccess

<<crypto>> : EVP_Pkey

: User sd Get key 1 : SelectCertificate 2 : findCertificate(pos) 3 : getCertInfo()

4 : certificate info 5 : CreateNewKey()

6 : akey

sd Retrieve private key

Hnh 7.16. Biu din tin qu trnh ly kha k

<<DigitalSignatureHandler>> : CDigitalSignature <<DB_access_Handler>> dao : CRADataAccess BioEncKey

: User sd Retrieve private key 7 : RetrievePriKey(cert's SN, key *) 8 : retrieveEncryptedPrivKey()

<<create>> 9 : createNewObj() 10 : WaitFingerPrn() 11 : aBEKObj 12 : fingerPrn 13 : fingerPrnMatching() 14 : matchResult alt DecryptPrivKey [matched] 15 : Decrypt(encryptedKey)() 16 : DecrptKey()

18 : PrivKey [else]

17 : PrivKey <<destroy>> 19

Hnh 7.17. Biu hot ng truy xut kha c nhn trong ng dng ch k s

131

Sau khi ly c kha, pha k din ra nh m t trong cc mc trn v c th hin c th qua biu din tin sau y.
<<userinterface>> CDigitalSignatureDlg <<DigitalSignatureHandler>> : CDigitalSignature <<crypt>> : EVP_Hash

: User sd Sign 20 : ClickSign 21 : IsPrivKeyRetrieve()

22 : PrivKeyStatus alt [private key retrieved]

23 : WaitforFile() 25 : FileInfo

24 : SelectFile2bSign

<<create>> 26 : CreateNew()

27 : aHashObj 28 : Hash(file) 29 : calculateDgst()

30 : MessageDigest 31 : Sign(MessageDigest)

32 : AppendSignatureIntoFile()

[else] 33 : WarnUserToSelectCertificate() 34 <<destroy>>

Hnh 7.18. Biu din tin cng on k

132

Cng on kim tra ch k khng c yu t sinh trc hc, biu c th nh sau:

<<userinterface>> CDigitalSignatureDlg <<DigitalSignatureHandler>> : CDigitalSignature <<crypt>> : EVP_Hash : CAServer

: User 1 : ClickVerify 2 : VerifySignature()

4 : display file dialog()

3 : WaitforFile()

5 : SelectFileSigned

6 : fileInfo(filename)

7 : ExtractContentAndSgnt()

par Get public key and hash file 8 : createHashObj() 9 : aHashObj 10 : HashFile() 11 : HashData()

12 : MessageDigest

13 : GetCert(SerialNumber) 14 : RetrieveAndCheckCert()

15 : aValidCert 16 : GetPubKey()

17 : DecryptSignature(Pubkey, Sgnt, &MD)

18 : Compare(MessageDigest, MD)

19 : areTwodigestIdentical alt Result [2 digests are identical] 20 : DisplaySignatureVerifiedMessage()

[else]

21 : Warn(SngtNOTmatchData)

Hnh 7.19. Biu kim tra ch k s

133

7.5.6. Th nghim ng dng v kt qu

ng dng c chy th thnh cng. ng dng c xy dng trn nn tng h thng BK BioPKI. Trong ng dng ny, ngi k s phi dng vn tay truy xut kha c nhn ca mnh pha to ch k. Ngi kim tra ch k ly chng ch s ca ngi k thng qua CA thm nh ch k.

Hnh 7.20. Giao din Kt thc qu trnh k

Hnh 7.21. Ch k c ly ra khi kim tra

Nhn xt kt qu: ng dng chy ng nh kch bn thit k ban u. C th pht trin tip ng dng, b sung thm ty chn cho ngi dng v ci thin hiu nng mt s phn h trong ng dng.

134

Chng 8. THIT K V XY DNG CC PHN MM NG DNG AN TON THNG TIN TRONG H BIOPKI
8.1. Tng quan cc ng dng an ton thng tin
Cc ng dng trao i thng tin an ton cn m bo 3 yu cu: ngun, thng tin truyn, ch. Khi truyn thng tin i, ngun cn m bo rng ch c nhng trm ch c cho php mi c th truy cp thng tin truyn, tt c cc trm khc u khng th. Ngc li khi nhn thng tin, ch cng cn m bo rng thng tin ny c to ra bi ng ngun tin nh trc. Tt nhin trong c hai trng hp, thng tin nhn c cng cn c m bo l ging ht nh thng tin c truyn i, khng b thay i gia ng truyn. Xut pht t cc yu cu trn, cc ng dng an ton thng tin da trn c th chia lm 3 loi: ng dng m ha thng tin m bo thng tin c truyn n ch, ng dng k thng tin m bo xc thc ngun tin v ng dng kt hp 2 chc nng trn to mt knh truyn bo mt. Trn c s yu cu ca ti, cn xy dng cc ng dng th nghim thuc cc dng trn nhm mc ch: - Lm ch c cc ng dng ca h tng PKI - Pht trin thnh cc framework ng dng h tng PKI vo cc ni dung c th. Ngoi ra, khi trin khai ng dng BioPKI vo cc ng dng c sn tng cng tnh bo mt cho cc ng dng , ny sinh vn tch hp h thng PKI vi cc h thng c sn ny. th nghim gii php tch hp, ti trin khai mt ng dng cho php s dng BioPKI tng cng bo mt cho qu trnh truy cp t xa ca mt dch v ty ( ci t dch v chat, c th l dch v DB, ... ) Mt xu hng mi xut hin trong cc h thng giao dch in t l a dng ha cc phng thc truy cp thng tin. NSD c th s dng cc cch thc, cc h tng truyn thng khc nhau c th truy cp vo cc CSDL cng nh cc dch v thng tin. Vi cc c im, thng s khc nhau ca cc h tng truyn thng , PKI ni chung v BioPKI ni ring gp mt s kh khn v tc ng truyn, v kh nng x l thit b u cui, v kch thc thng ip, v thi gian p ng, .... V vy, ti trin khai th nghim ng dng PKI trn nn SMS, cung cp c ch trao i thng tin bo mt an ton bng PKI trn nn truyn thng SMS. ng dng ny c th m rng cho nhng h tng truyn thng khc nh MMS, CDMA, ..... Trong chng ny, u tin ng dng k v m ha thng ip s dng cc du hiu sinh trc c trnh by. Tip theo l ng dng tng cng bo mt cho qu trnh truy cp t xa. Cui cng l ng dng PKISMS truyn thng bo mt trn nn SMS.

135

8.2. ng dng k v m ha thng ip 8.2.1. Phn tch yu cu truyn thng tin bo mt

Ngy nay, thng mi in t ng vai tr rt quan trng trong cc hot ng kinh t, x hi. C rt nhiu ng dng c xy dng trong lnh vc thng mi in t vi nhiu mc ch khc nhau, nh phc v cho cc ngn hng, chng khon, chnh ph in t H thng PKI c s dng m bo tnh bo mt cho cc dch v ny. Da trn h thng PKI, chng ta c th pht trin rt nhiu ng dng s dng mt m kha cng khai v kha i xng. Mt trong nhng ng dng l ng dng ch k s v m ha thng ip. Phn ny s trnh by v vic thit k v ci t ng dng k v m ha. Trong thc t, gi mt bc th an ton n ngi nhn m m bo tnh b mt v tnh khng th t chi, bc th phi c k v cho vo phong b m bo. iu ny cng c p dng trong truyn thng s dng kha cng khai m bo tnh xc thc.Trc khi gi mt thng ip, ngi gi phi thc hin nhng vic sau: K ln thng ip M ha thng ip c k bng cch s dng mt kha c sinh ngu nhin M ha kha va sinh ra bng kha cng khai ca ngi nhn Gi thng ip c m ha n cho ngi nhn y chnh l cch tip cn k ri m ha thng ip. Cc tnh cht c c th m bo khi s dng phng php ny - Tnh an ton: Vic k v m ha to ra mt mc an ton cao hn l khng kt hp (kt hp hai hm tnh ton lm tng tnh phc tp t lm tng tnh an ton). N m bo tnh b mt v khng th t chi - Tnh hiu qu - Tnh b mt Nhc im ca phng php: Trong phng php k v m ha ny, bn gi phi s dng kha cng khai ca bn nhn m ha thng ip. iu ny s tr nn bt tin nu mun gi thng ip n nhiu ngi cng mt lc. V d nh mt ngn hng mun gi mt thng bo n mt vi khch hng ca h, th h phi s dng kha cng khai ca tng ngi m ha. Cch tip cn ny s lm gim hiu qu. gii quyt vn ny, c th to ra mt nhm kha gia ngn hng v khch hng s dng trong vic phn phi thng ip cho nhiu ngi

136

Hnh 8.1. Nhc im ca k v m ha

8.2.2. Xy dng ng dng k v m ha thng ip s dng du hiu sinh trc

8.2.2.1. M t cc yu cu v chc nng ca h thng Chng trnh c xy dng da trn h tng kha cng khai c, gm cc chc nng c bn ca mt h PKI nh cc chc nng lin quan n chng nhn ngi dng, yu cu chng ch, cp pht v qun l chng ch s v cc chc nng lin quan n kt ni gia RA v CA. c th m ha thng ip mt cch an ton, to v xc thc ch k s cho mt thng ip hoc file th ngi s dng cn phi c cp pht mt chng ch s tng ng vi tng chc nng s dng. Di y l s m t hot ng k v m ha trong h thng BK-BioPKi c xy dng:

Database Server

5.

iv er 's Pu bl ic

ey

CAServer

tS Ge er's end cK b li Pu

et

Re

ce

ey

2.

7. Unsigncrypt File or Message

3. Signcrypt File or Message 4. Send to Reveiver 1. Get Private Key

RAClient

6. Get Private Key

RAClient

Hnh 8.2. S hot ng k v m ha trong h BioPKI

137

8.2.2.2. Qu trnh m ha v gii m thng ip M ha l qu trnh chuyn i mt thng ip ban u thnh mt thng ip b mt m ch c bn gi v bn nhn mi c th nhn bit c. Chng hn nh Alice mun gi thng ip ring cho Bob th Alice phi bit kha cng khai ca Bob. Kha cng khai ny c thng bo rng ri cho mi ngi cng bit, v Bob c th gi kha qua mng m khng phi lo lng. Sau Alice s s dng kha cng khai m ha thng ip v gi cho Bob. Bob nhn c thng ip ca Alice v s dng kha ring ca mnh (tng ng vi kha cng khai ) gii m. 8.2.2.3. Ch k s v xc thc Ch k s l c ch cho php xc thc mt thng ip, hay ni cch khc n cho php chng minh c thng ip l ca chnh ngi gi to nn. Chng hn nh Alice mun to ch k ln thng ip m mnh mun gi cho Bob th c y phi s dng kha ring ca mnh m ha thng ip v gi km theo kha cng khai cho Bob. Bob s dng kha cng khai ca Alice gii m, qu trnh ny chnh l xc thc ch k s, c ngha l chc chn thng ip c k bi Alice Trn y l nhng nguyn l minh ha cho qu trnh m ha/ gii m v k/ xc thc ch k s. Ta c th kt hp vic m ha v ch k s m bo tnh b mt v tnh xc thc Vic s dng m ha i xng ng vai tr rt quan trng trong h thng kha cng khai v nhng gii thut m ha bt i xng thng chm hn rt nhiu so vi cc gii thut m ha i xng. Do vy cn phi kt hp s dng m ha i xng v bt i xng trong tng trng hp to ch k s, cn s dng mt k thut l s dng hm bm. K thut ny cho php to ra mt thng ip ngn gn t thng ip y ban u. Cc gii thut bm l nhng gii thut m ha mt chiu, rt kh thu c thng ip gc t thng ip c bm. L do chnh cn phi to ra nhng thng ip ngn gn: + Vic gi km n vi thng ip gc s gip cho ta c th xc nh c nhng li trong thng ip + N c ng dng to ch k s l thu gn kch thc ch k s cho nh hn so vi thng ip ban u + Nhng gii thut bm nhanh hn bt k gii thut m ha no (k c kha cng khai v kha i xng)

8.2.3. Thit k chi tit cc chc nng ca h thng

138

Application signature numrique et chiffrement le message

Gnration le signature

Chiffrement le message

Dechiffrement le message

Vrification le signature

Evaluation du condens de message

Gnration le cl symtrique

Dchiffrement de la cl symtrique

Dchiffrement du condens

Signature du condens

Chiffrement du message

Dchiffrement du message

Evaluation du condens

Chiffrement de la cl symtrique

Comparaison des condens

Hnh 8.3. Biu phn cp chc nng ca ng dng

* Chc nng m ha v to ch k s Hnh sau m t qu trnh Alice phi thc hin gi mt thng ip c k v m ha cho Bob To ch k s cho thng ip, bao gm 2 bc:

Emetteur

Cl Pub destinaire Gnration de la cl secrte CSym CSym CSym

Chiffrement de la cl CSym par la fonction E : CS=E(CSym, k pub destinaire) Cs

Fichier F Cl prive metteur

Signature par la fonction S : Fs= S(F, k prv metteur )

Fs

Chiffrement Fs par la fonction E :

F = E(Fs, CSym)

Envoi (F,Cs) au destinaire

Hnh 8.4. Qu trnh k v m ha thng ip gi i

139

Hnh 8.5. Qu trnh bm chng ch

+ Xc nh thng ip bm t thng ip gc: mc ch ca vic ny l m bo vic nhn bit thng ip c cn ton vn khng. + K ln thng ip bm: ch k c to ra nh vic m ha thng ip bm bng kha ring ca ngi gi. Ngi ta c th thy trong ch k s tn ca gii thut bm m ngi gi s dng. Kha cng khai ca ngi gi cng c nh km theo ch k s. Nh c nhng thng tin ny m bt k ai cng c th gii m v xc thc ch k s ca ngi gi.

Hnh 8.6. Giao dch Qu trnh k v m ha

140

M ha thng ip: Qu trnh m ha bao gm 3 bc:

Hnh 8.7. Qu trnh m ha thng ip

a. b. c.

To mt kha duy nht (Csym) m ha v gii m s dng cho gii thut m ha i xng M ha thng ip: Tt c cc thng ip (k c thng ip ban u v ch k s) c m ha bng Csym c to trn M ha kha i xng: Csym s c bn nhn s dng gii m thng ip nhn c, do vy cn thit phi m ha Csym bng kha cng khai ca ngi nhn. V Csym c kch thc kh nh so vi thng ip cn gi nn vic s dng kha cng khai m ha Csym l kh thi, hiu qu s dng ca cc gii thut m ha bt i xng l c th chp nhn c

* Chc nng gii m v xc thc ch k s ca mt thng ip Hnh sau m t mt dy cc thao tc m Bob cn thc hin gii m v xc thc thng ip c gi t Alice.

141

Cl priv destinaire

Destinaire

F,Cs

Dchiffrement CSym par la fonction D : CSym =D(CS, k prv destinaire) F CSym

Cl Pub metteur

Dchiffrement Fs par la fonction D : Fs=D(F, CSym)

Fs

Vrification de la signature par la fonction V : F=V(F, k pub metteur)

Fichier F Signature metteur

Hnh 8.8. Qu trnh gii m v xc thc thng ip

Qu trnh gii m thng ip bao gm cc bc sau:

Hnh 8.9. Qu trnh gii m thng ip

142

+ Gii m kha i xng: y l kha duy nht c s dng m ha thng ip. Kha ny c m ha bng kha cng khai ca ngi nhn (Bob). Do vy ch c Bob l c th gii m Csym v s dng n gii m thng ip + Gii m thng ip: Thng ip nhn c (bao gm c thng ip ban u v ch k s) c gii m nh Csym Qu trnh xc thc ch k: Vic xc thc ch k bao gm 3 bc sau:

Hnh 8.10. Qu trnh xc thc ch k

a. Gii m thng ip bm: thng ip bm c m ha nh vo kha ring ca ngi gi. By gi n s c gii m bng kha cng khai ca ngi gi nm trong thng ip b. Xc nh thng ip bm t thng ip nhn c: nh trn ni bm l qu trnh mt chiu, do vy khng th ly li thng ip gc t thng ip bm, do vy bn nhn phi thc hin to li thng ip bm t thng ip nhn c nh s dng gii thut bm c ghi km trong ch k s. c. So snh hai thng ip bm: Thng ip bm va c to s c so snh vi thng ip bm c gii m trn. Nu chng ging nhau th ch k c xc thc cn nu khc nhau th c th thng ip khng c k bi ngi gi hoc thng ip b hng, trong c hai trng hp th thng ip s b loi b.

143

Hnh 8.11. Biu lp ca ng dng

144

cd RA CDialog CDigitalSignatureDlg + + + + + + + + + + + + + + + + + # + + + + + + + + + + + # + + + + isRecv: BOOL isSend: BOOL iv: unsigned char* key: unsigned char* m_CtrlSendProgress: CProgressCtrl m_ctrlStatus: CStatic m_listCtrl: CListCtrl m_pEncryptSymKeyDlg: CEncryptSymmetricKeyDlg* m_ptrMainDlg: CMySimpleClientDlg* m_strEncryptedKey: unsigned char* m_strInputFile: CString m_strPassphase: CString pFileTransferz: CFileTransferz* AddItem(SimpleClientCert&, DWORD) : void CDigitalSignatureDlg(CWnd*) ~CDigitalSignatureDlg() CharStr2HexStr(unsigned char*, int, unsigned char*) : void DoDataExchange(CDataExchange*) : void LoadCertList(void) : int OnBnClickedBtnRecvfile() : void OnBnClickedBtnSendfile() : void OnBnClickedBtnsignz() : void OnBnClickedBtnverifyz() : void OnBnClickedButtondecrypt() : void OnBnClickedButtonencrypt() : void OnBnClickedConnectz() : void OnEncrypt(CString) : void OnFileReceiveEvent(WPARAM, LPARAM) : LRESULT OnFileSendEvent(WPARAM, LPARAM) : LRESULT OnInitDialog(void) : BOOL OnSetProgressBarPosEvent(WPARAM, LPARAM) : LRESULT OnSign() : void OnVerify(CString) : void ResetDlg() : void CDialog CEncryptSymmetricKeyDlg + + + + + + + + + # + + + + + + iv: unsigned char* m_iSN: int m_pMainDlg: CMySimpleClientDlg* m_strEncryptedKey: CString m_strSymKey: CString pkey: EVP_PKey* CEncryptSymmetricKeyDlg(CWnd*) ~CEncryptSymmetricKeyDlg() CharStr2HexStr(unsigned char*, int, unsigned char*) : void DoDataExchange(CDataExchange*) : void HexStr2CharStr(unsigned char*, int, unsigned char*) : void OnBnClickedBtnEncryptkey() : void OnBnClickedBtnGeneratekey() : void OnBnClickedBtnGetpubkey() : void OnBnClickedOk() : void OnEnChangeEditSymkey() : void + + + + + + # #

CFileTransferz + + + + + + + + + + + + + + + + + + + + + + + + + + copyThreadHandle: HANDLE m_hwndParent: HWND m_iNumFile: int m_isConnected: BOOL m_listFileName: CStringList m_pThread: CWinThread* m_socket: SOCKET m_strErrorMessage: CString m_strFileName: CString m_strFilePath: CString sockConnection: CSocket sockSrvr: CSocket CFileTransferz(void) ~CFileTransferz(void) CleanAll() : void InitRecvSide(CString, int) : BOOL InitSendSide(int) : BOOL RecvFileInfo() : int SendFileInfo() : int SetFileName(CString) : void SetFilePath(CString) : void SetObjHandle(HWND) : void StartRecvThread(void) : DWORD StartSendThread(void) : DWORD ThreadRecvFile(LPVOID) : UINT ThreadSendFile(LPVOID) : UINT

CDialog CExtractedSignature str_signAlgorithm: CString str_Signature: CString str_Signer: CString str_SignLen: CString CExtractedSignature(CWnd*) ~CExtractedSignature() DoDataExchange(CDataExchange*) : void OnInitDialog(void) : BOOL

Hnh 8.12.

* bo v kha ring c an ton hn, chng trnh tch hp module sinh trc hc vo. Mi ln to ch k s, v gii m thng ip, ngi dng phi ly c kha ring ca mnh, thay v phi nhp password nh thng thng, ngi s dng phi thc hin qut vn tay ly ra c kha c nhn trong c s d liu.

145

8.2.4. Cc cng ngh s dng trong chng trnh

Chng trnh c xy dng bng ngn ng C++, trn mi trng lp trnh Visual C++ 7.1, s dng cc hm API v mt m ca th vin OpenSSL Cc module chnh ca ng dng: Module v k v m ha mt file: d liu a vo l mt file c kch thc bt k, s c bn gi s dng kha ring k, sau l m ha. File sau khi m ha s ch s Serie ca chng ch ca ngi nhn v kha i xng c m ha. Module gii m v xc thc ch k s: thc hin chc nng gii m file v khi phc li file gc, sau xc thc ch k i km vi file xem c ng l do ngi gi k khng v tr v thng tin ch k .

Hnh 8.13. Giao din chnh ca ng dng

Cc lp chnh c ci t trong ng dng: Lp CertList th hin danh sch cc chng ch ang hot ng ca ngi s dng. Danh sch ny gip cho ngi s dng la chn chng ch s dng cp kha cng khai/ kha ring Lp DigitalSignature bao gm cc phng thc thc hin cc chc nng k, m ha, gii m v xc thc ch k Lp CEncryptedSymKey ci t cc hm sinh kha i xng, yu cu ly chng ch t CA da vo s serie ca chng ch . Sau s thc hin m ha kha i xng va c sinh ra bng kha cng khai Lp CSignature thc hin chc nng bm file, sau s dng kha c nhn ca ngi dng to ch k s t thng ip bm ny

146

 Lp CExtractedSignature th hin thng tin v ch k s sau khi c xc thc

Hnh 8.14. Giao din ng dng thc hin chc nng k

Hnh 8.15. Giao din ng dng s hin th thng tin v ch k s sau khi c xc thc

8.2.5. Th nghim v nh gi
ng dng k v m ha thc hin c yu cu kt hp hay chc nng k v m ha, tch hp vo trong h thng BK-BioPKI v s dng du hiu sinh trc ly kha c

147

nhn. ng dng thc hin c vic m ha v gii m mt cch chnh xc, nhanh v m bo tnh bo mt cao. ng dng th nghim vi cc file c di khc nhau - Vi file c kch thc 1MB, thi gian m ha v gii m l 0.12 s - Vi file c kch thc 10MB, thi gian m ha v gii m l 0.8 s - Vi file c kch thc 100MB, thi gian m ha v gii m l 7.11 s Tuy nhin, thi gian cn ph thuc vo tc x l ca tng my tnh khc nhau.

8.3. ng dng th nghim kim sot bo mt truy cp t xa 8.3.1. Yu cu tng cng bo mt truy cp t xa v gii php

Thng thng, trong mt mng my tnh, c th thc hin truy cp t xa vo mt my ch CSDL (DBServer), ngi dng cn phi c mt ti khon trong DBServer vi mt tn truy nhp v mt mt khu. Nhng trn thc t, mt khu ny rt d b mt, hay b l, v d trong trng hp my tnh ca ngi dng b ci mt tin trnh chy n v nh cp thng tin mt khu . iu ny thc s rt nguy him, v khi , ngi dng s b k xu mo danh, hoc nguy him hn, DBServer s b tn cng. ng dng tng cng bo mt truy cp t xa s dng mt m hnh gii php kim sot truy cp t xa trong ng cnh h thng BK-BioPKI gii quyt vn trn. ng dng th nghim c xy dng gm 3 i tng:

Hnh 8.16. M hnh ng dng kim sot truy cp CSDL t xa trn mng.

- CA trong h thng BK-BioPKI: trong m hnh ng dng ny, CA ng vai tr l trung gian xc thc. - Ngi dng mun thc hin truy cp t xa.

148

- DBServer.

8.3.2.

Phn tch v thit k ng dng th nghim.

Mc ch ca ng dng: ng dng c xy dng vi cc mc ch sau: Xc thc chnh xc ngi dng mun truy cp t xa vo my ch CSDL. To 1 phin giao dch an ton gia ngi dng v DBServer.

Ngay khi phin giao dch kt thc, kha phin cn phi c xa b v tr nn v ngha. Cc chc nng ng vi cc i tng c m t qua biu UseCase sau: Cc i tng tham gia trong kch bn ng dng: Ngi dng: l i tng mun truy cp t xa vo my ch CSDL. u tin, i tng phi xc nh c chnh xc my ch mun truy cp. Ngoi ra, ngi dng cn phi a thng tin v sinh trc hc vn tay ln cho DBServer. CA: i tng ny ng vai tr trung gian xc thc. CA cn phi xc thc chnh xc ngi dng. CA cn phi t sinh kha phin cho phin giao dch gia ngi dng v DBServer. My ch CSDL: Sau khi nhn c kt qu xc thc ca CA, my ch s ng cho ngi dng truy cp trong phin giao dch an ton tng ng.

iu kin thc hin truy cp t xa: c th thc hin truy cp t xa, cn phi tha mn mt s iu kin sau: Ngi dng cn phi c chng ch kiu truy cp t xa trong h thng BK-BioPKI. - c c chng ch ny, cc c trng vn tay ca ngi phi c lu tr CA. (cc c trng ny c gi ln CA trong qu trnh yu cu chng ch). Ngoi ra, cn c nhng c s v h thng nh sau: - B th vin OpenSSL bao gm cc hm v m ha, gii m Blowfish v cc hm c chc nng to knh mt SSL. H thng cn c h qun tr CSDL MySQL.

Tin trnh xc thc: CA sinh ra mt kha phin cho phin giao dch gia User v DBServer. Ngi dng phi gi cc c trng vn tay ln cho CA thc hin thm nh. CA thc hin qu trnh thm nh vn tay s: o o Nu thnh cng: cho php ngi dng truy cp vo DBServer. Nu khng thnh cng: dng tin trnh v t chi truy cp ca ngi dng.

Trong trng hp kt qu thm nh thnh cng, ngi dng c php truy cp vo DBServer trong mt phin giao dch an ton. Khi phin giao dch ny kt thc, kha phin c xa bi CA.

149

8.3.3.

Kch bn ng dng, kch bn th nghim v kt qu th nghim

Utilisateur

CA

Serveur de donnes

le numro de srie du certificat et ladresse IP du Serveur Qurir le certificat

correspondant dans la base de donne.

Crer la cl de session

Dchiffrer la cl de session par la cl prive

Cl de session Chiffrer la cl de chiffre session par la cl publique de lutilisateur

Scanner lempreinte

Chiffrer des caractristiques par la cl de session obtenue

Dchiffrer les caractristiques par la cl de session

Vrifier

Oui

Non Correct

Chiffrer la cl de session par la cl publique du serveur

Dchiffrer la cl de session par la cl prive

Commencer une session de transmission

Les informations chiffres par la cl de session

Commencer une session de transmission

Supprimer la cl de session

Supprimer la cl de session

Hnh 8.17. Kch bn ng dng.

Cc bc ln lt ca m hnh kch bn hot ng c m t nh sau: 1. Ngi dng gi yu cu truy cp t xa ln CA, c km theo s serialnumber ca chng ch ca mnh. 2. CA nhn c yu cu, truy vn trong CSDL ca mnh, tm c chng ch tng ng, ng thi ly c kha cng khai ca chng ch . 3. CA sinh ra mt kha phin, m ha kha phin bng kha cng khai va ly ra c, v gi li cho ngi dng.

150

4. Ngi dng nhn c, dng kha c nhn ca mnh, gii m ly ra c kha phin. 5. Ngi dng thc hin qut vn tay, dng module enrollement trch chn ra c c trng, v m ha c trng vn tay bng kha phin va thu c, v gi ln cho CA. 6. CA dng kha phin, gii m ra c c trng vn tay, sau truy vn trong CSDL ly ra c c trng vn tay tng ng ca ngi dng c t pha xin cp chng ch. CA thc hin thm nh 2 tp c trng ny, a ra kt qu. 7. Nu kt qu l khng chp nhn, CA gi kt qu t chi cho ngi dng, ng thi kt thc tin trnh. Nu kt qu l chp nhn, CA m ha kha phin bng kha cng khai ca DBServer v gi cho DBServer. 8. DBServer dng kha ring ca mnh gii m ra c kha phin. 9. Phin giao dch gia User v DBServer bt u c thc hin vi mi bn u c kha phin. 10. Khi phin giao dch ny kt thc, kha phin b xa i. Trin khai chng trnh: Cc hm lin quan n chng ch: Cc hm s dng X509Certificate GetCertificate(POSITION pos) EVP_Pkey GetPrivateKey(int serialnumber) EVP_Pkey GetPublicKey(X509Certificate Cert) Cc hm lin quan n m ha, gii m: Cc hm s dng SKey GenerateSessionKey() char* EncryptSessionKey(SKey* sk,EVP_Pkey* Pk) SKey DecryptSessionKey(char* buf,EVP_Pkey* pk) char* EncryptFingerMinutiae(Minutiae* mn,SKey sk) Minutiae* DecryptMinutiae(char* buf, SKey sk) Cc hm giao tip gia 3 i tng Cc hm s dng void SendRemoteLoginRequest(int sn,int id) void SendSessionKey(char* sk) void SendEncryptedMinutiae(char* mn)

M t Thu nhn chng ch trong CertList Ly kha c nhn trong chng ch c s SN l serialnumber. Ly kha cng khai t chng ch

M t Sinh kha phin M ha kha phin M ha kha phin bng kha c nhn. M ha c trng vn tay bng kha phin. Gii m c trng vn tay bng kha phin

M t Ngi dng gi yu cu truy cp n CA Gi kha phin m ha Gi c trng m ha.

hiu r hn cch s dng cc hm, chng ta quan st biu sequence sau y:

151

User

RemoteTabDlg : RAClient

CertList : RAClient

CAServer

CertList : CAServer

DBServeur : RAClient

1: Select a certificat() GetCertificate() Certificate Enter Password() GetPrivateKey()

GetSerialNumber()

RemoteLoginButtonClick() Send RemoteLogin Request(SerialNumber) GetClientCertificate(SN) Certificate GenerateSessionKey()

EncryptSessionKey()

Send Session Key() DecryptSessionKey()

Scan Fingerprint() EncryptFingerMinutiae()

Send EncryptedMinutiae() DecryptMinutiae()

Identify() Send Result() succs GetDBSVCertificate() Certificate EncryptSessionKey()

refus

Send SessionKey() DecryptSessionKey()

Hnh 8.18. Biu sequence ca ng dng.

152

Trin khai giao din chng trnh: Giao din chng trnh c xy dng vi mc ch ngi dng tht d s dng. Chng trnh l 1 Tab trong giao din chnh ca chng trnh RA_Client.

Hnh 8.19. Giao din ng dng.

Giao din chng trnh gm c 4 phn chnh sau: A: Danh sch cc chng ch c kiu truy cp t xa. B: Thnh phn xc thc my ch CSDL. C: B phn test giao dch gia DBServer v ngi dng. D: Phm Logon thc hin truy cp t xa. u tin, ngi dng chn chng ch mun dng thc hin truy cp t xa, sau xc thc DBServer cn truy cp n, v chn phm Logon. Nu thnh cng, ngi dng s nhn c thng bo sau:

Hnh 8.20. Thng bo truy nhp thnh cng.

153

Th nghim. ng dng xc thc truy cp t xa ny c th nghim trong mi trng mng LAN ca phng th nghim lin mng ca khoa CNTT trng H BKHN. ng dng c tch hp vo chng trnh RA_Client ca h thng BK-BioPKI. Kt qu th nghim. Qua cc th nghim, kt qu thu c l: DBServer trong h thng BK-BioPKI c bo v mt cch an ton. Vi kch bn trn, ng dng c th trnh c phn ln cc phng thc tn cng. Thi gian thc hin xc thc nhanh.

8.4. ng dng an ton trao i thng tin trn SMS 8.4.1. Yu cu ca ng dng

Cc gii php bo mt thng tin bao gm bo m 3 yu cu: m bo thng tin c truyn chnh xc, m bo thng tin c truyn n ng ch tin mong mun v m bo thng tin c nhn t ng ngun tin. 3 yu cu ny c thc hin da trn vic m ha thng tin. M ha kha i xng thc hin vic m ha v gii m bng cng mt kha chung. Cc gii thut m ha kha i xng thng dng l DES, RSA, ... Nhc im ln nht ca m ha kha i xng l vic trao i kha gia ngun v ch cn c mt knh truyn bo mt ring. khc phc nhc im trn, h thng mt m ha kha cng khai v b mt ra i. Nguyn tc c bn ca phng php m ha ny l qu trnh m ha gii m s dng mt cp kha, trong t kha ny rt kh (i hi mt khi lng tnh ton ln) mi c th suy ra c kha cn li. Mt trong 2 kha c gi l kha b mt, ch c duy nht ch s hu ca kha c bit, kha cn li l kha cng khai, c ph bin cho tt c cc thc th c th tham gia truyn tin. Bi ton ph bin kha c gii quyt. c th s dng kha b mt v kha cng khai mt cch hiu qu, cn c mt h thng chung cho tt c cc thc th tham gia vo truyn tin. H thng ny cn qun l cc lin h gia kha cng khai v cc thc th. Mi lin h ny c biu din bng cc chng ch (certificat). Mt chng ch xc nhn mi lin h gi mt kha cng khai vi mt thc th tham gia truyn tin. Lin h Hnh 8.20 ny c xc thc bi thc th chng thc (Certificate Authority). H thng qun l cc chng ch truyn tin gi l h tng c s truyn tin kha cng khai (Public Key Infrastruture) c cc chc nng c bn l qun l cc yu cu to chng ch, xc thc s dng cc chng ch, qun l cc chng ch. 2 chc nng

154

u tin c thc hin bi RA, vic qun l chng ch c thc hin bi CA. Lin h gia cc CA trong mt h thng PKI c th c trin khai theo cc m hnh n CA, phn cp hoc m hnh CA x nghip. Vi s pht trin ca ngnh vin thng, cc h thng ni trn khng ch s dng h tng truyn thng Internet hoc Intranet thng thng hot ng, m cn s dng cc h tng truyn thng c bit nh GPRS, SMS, MMS, CDMA, ... . Cc h tng truyn thng ny thng b hn ch bi kh nng truyn tin, kh nng x l thng tin ca cc thit b u cui. Vic bo mt thng tin trn cc h tng truyn thng c bit c tin hnh bng cch: i. da vo phn cng ca h tng truyn thng; ii. xy dng giao thc truyn thng da trn PKI cho ph hp vi h tng. Gii php c trnh by y gii quyt vn nu theo cch tip cn (ii). Gii php c thc hin trn h tng truyn tin SMS v c kh nng ng dng trn cc h tng truyn thng khc.

8.4.2.

Gii php truyn thng tin cy bng SMS

H thng ng dng c s h tng kha cng khai bo mt thng tin tin nhn c xy dng trn c s ly h tng kha cng khai lm nn cho ng dng truyn thng tin tin nhn c m ha. Khch hng s dng h thng m ha kha cng khai to ra cp kha cng khai - b mt cho mnh. V c s h tng kha cng khai da trn h thng m ha kha cng khai tin hnh vic cp pht v chng thc kha cng khai cho khch hng. Trn thc t th vi cc thit b c ti nguyn v tc tnh ton ln th vic m ha, chuyn thng tin ng dng c s h tng kha cng khai s din ra rt n gin. Khi A mun chuyn mt thng ip cho B th A ch cn m ha thng ip ca mnh cn gi bng kha cng khai ca B. Khi chc chn ch c B mi c kh nng gii m v thng tin c chuyn di mt cch an ton. Tuy nhin, vi cc thit b nh in thoi di ng th vic m ha c ni dung vn bn bng m kha cng khai ca bn nhn bng thut ton m ha kha cng khai l kh khn. Nguyn nhn l do tc s l hn ch ca in thoi, ngoi ra vi thut ton m ha bt i xng th thi gian thc hin m ha l tng i ln. Do , vic p dng trc tip m ha s dng kha cng khai l khng kh thi. Chnh t cc hn ch trn m nhm nghin cu xut mt phng thc trao i thng tin nh sau: o lm gim thi gian m ha bng h thng m ha cng khai s dng kha cng khai ca ngi nhn, chng ta s s dng m ha bt i xng o Do m ha bt i xng cn c mt kha b mt m ha thng ip cn gi, chnh v vy chng ta phi pht sinh mt kha phin m ha thng tin cn gi. Giao thc truyn thng tin tin nhn c m ha s c tin hnh nh sau: Gi s bn A mun gi cho bn B mt vn bn cn m ha, u tin bn A s pht sinh mt kha phin, sau bn A s m ha ni dung thng tin cn gi bng kha phin y vi thut ton m ha i xng. Kha phin c m ha hai ln bng thut ton m ha kha cng khai vi kha b mt ca bn A v kha cng khai bn B. Sau bn A s

155

gi vn bn v kha c m ha cho bn B. Bn B da vo kha cng khai ca bn A v kha b mt ca mnh gii m kha phin. Qua gii m ni dung vn bn. Gii php kt hp ny c xem l hp l, vic m ha vn bn c kch thc ln s c tin hnh thng qua thut ton m ha i xng, vic m ha kha phin s c tin hnh da trn c s h tng kha cng khai. Do , h thng kt hp c c s h tng kha cng khai trong vic bo mt thng tin tin nhn.

8.4.3.

Phn tch thit k ng dng

H thng ng dng c s h tng kha cng khai trong bo mt thng tin SMS m bo s an ton trong vic truyn thng tin bng tin nhn SMS. H thng cho php khch hng c th ng k giy chng thc, kim tra chng thc c nh thm quyn k thng qua giao thc ng dng khng dy(WAP). H thng c xy dng gm hai phn: PKI-SMS-Website v PKI-SMS-EDSR (chng trnh cho php m ha, gii m, gi v nhn tin nhn SMS trn in thoi di ng). H thng c xy dng trn nn tng ngn ng java v c s d liu Oracle. H thng Website c xy dng trn nn tng Spring. Sau y l biu phn cp h thng PKI-SMS

PKI-SMS-Website

PKI-SMS-EDSR

Hnh 8.21. Biu phn cp h thng PKI-SMS

Kh khn trong vic xy dng h thng PKI-SMS di tin nhn SMS: Nh chng ta bit th vic tin nhn SMS c di ti a ch l 160 k t. Hn na trong giao thc cp n trn th chng ta cn phi chuyn c ni dung tin nhn v kha phin c m ha. Do di hn ch ca tin nhn nn to ra rt nhiu kh khn trong qu trnh xc nh cc thng s u vo cho h thng PKI-SMS(nh kch thc kha phin, kch thc ni dung tin nhn, kch thc kha cng khai) Ngoi ra, do vn an ton trong tng phin giao dch nn kch thc kha phin, kha cng khai cng khng c php qu nh. Bi khi th vic b kha s tr nn d dng hn rt nhiu. Mt yu t cui cng khng th khng nhc n l vn ti nguyn hn ch ca in thoi di ng. Vi nhng chic in thoi c ti nguyn hn ch th vic

156

m ha v gii m vi cc thut ton phc tp, kch thc kha ln tr nn v cng kh khn v bt kh thi. Chnh t cc yu t trn nn vic xy dng h thng PKI-SMS gp phi rt nhiu kh khn trong vic la trn thut ton m ha kha cng khai, thut ton m ha i xng, khch thc kha phin v kch thc kha cng khai-b mt. Chnh v vy, h thng PKI-SMS c xy dng vi s la chn cc thut ton v kch thc kha nh sau: Thut ton m ha kha cng khai RSA: Thut ton m ha kha cng khai RSA da trn kh ca bi ton phn tch mt s ra tha s nguyn t. y l thut ton hay c s dng nht hin nay v n chng minh c tnh n nh cao. m bo an ton cho h thng m ha s dng phng php m ha kha cng khai RSA th s n(module) phi ln. Ti thi im nm 2005, s ln nht c th c phn tch ra tha s nguyn t c di 663 bt vi phng php phn tn trong khi kha ca RSA c di t 512,1024 ti 2048 bt. Vi kha 4096 bt th hu nh khng c kh nng b ph v trong tng lai gn. Do , ngi ta thng cho rng RSA m bo an ton vi iu kin n c chn ln. Nu n c di 256 bt hoc ngn hn, n c th b phn tch trong vi gi vi my tnh c nhn dng cc phn mm c sn. Nu n c di 512 bt, n c th b phn tch bi vi trm my tnh ti thi im nm 1999. m bo an ton i vi h thng PKI-SMS th kch thc kha ti u nn chn l 4096 bt. Tuy nhin vic la chn ny ch hp l i vi cc thit b c ti nguyn ln. Vic m ha v gii m i vi kha 4096 bt c th nghim vi in thoi K750i ca Sony Ericssion vi kch thc ni dung vn bn cn m ha ch l 8 byte l khng th thc hin. Ti nguyn ca in thoi khng cho php vic m ha ni dung thng tin bng thut ton m ha kha cng khai vi kch thc kha l 4096 bt. Chnh v vy m h thng PKI-SMS s s dng kch thc kha cng khai l 512 bt cho thut ton m ha RSA. Vic la chn thng qua th nghim trn in thoi K750i cho thi gian m ha vn bn 8 byte ch mt 3s. y l khong thi gian chp nhn c i vi in thoi di ng. Thut ton m ha ni dung thng tin tin nhn: do thut ton m ha bt i xng, c th l thut ton m ha kha cng khai RSA mt rt nhiu thi gian tin hnh vic m ha v gii m nn vic m ha ni dung thng tin c tin hnh thng qua thut ton m ha i xng DES. Vic la chn thut ton m ha i xng DES l do di 56 bit ca kha l nh. Chnh v vy vic m ha s din ra trong khong thi gian rt nhanh. Hin nay,kha DES b ph trong trong thi gian ngn nht vn l 24 gi, trong khi vi vic phin giao dch ca chng ta ch din ra trong vng cha n 10 giy. iu ny cho php phin giao dch s din ra vi tnh an ton cao ng thi gin ti a cc tnh ton phc tp trn thit b in thoi di ng.

157

 Kch thc kha phin: Kch thc kha phin c la chn l 8 byte(4 k t) l h l. Bi n khng gy ra s kh chu cho khch hng ng thi m bo c tng thi gian m ha kha phin bng thut ton m ha kha cng khai RSA v m ni dng tin nhn bng thut ton DES l chp nhn c. T cc l lun trn, h thng PKI-SMS s c xy dng vi cc thnh phn sau: EDSR. Vic tch h thng ra thnh hai phn l do kh khn trong vn to kha, ng k v chng thc trn in thoi vi thut ton RSA l rt kh khn. Nguyn nhn l do giy chng thc kha cng khai cp bao gm nhiu trng, kch thc tng i ln. Vic chng thc giy chng nhn kha cng khai i vi in thoi di ng li gp vn v ti nguyn. Khi kch thc u vo ln th vic chng thc li bt kh thi trn in thoi. Tuy nhin, do in thoi ngy nay c kh nng kt ni Intener bng giao thc WAP thng qua vic ci t GPRS nn vn c gii quyt. V vy, h thng c chia thnh hai phn. Phn PKI-SMS-Website c dng ng k v chng thc giy chng nhn kha cng khai(c vit bng Spring framework theo chun WAP) Phn PKI-SMS-EDSR c vit bng ngn ng J2me ca Java vi th vic m ha ngun m bouncycastle Thut ton m ha kha cng khai c la chn l RSA Kch thc cp kha cng khai- b mt c la chn l 512 bt Thut ton m ha ni dung tin nhn c la chn l DES Kch thc kha phin l 8 byte

H thng PKI-SMS s c xy dng gm hai phn, phn PKI-SMS-Website v PKI-SMS-

M hnh h thng

158

Hnh 8.22. M hnh h thng PKI-SMS

Biu phn cp chc nng PKI-SMS-Website

Cung cp chng ch kha cng khai

Chng thc chng ch kha cng khai

ng k chng ch kha cng khai

Gia hn v hy b chng ch kha cng khai

Hnh 8.23. Biu chc nng PKI-SMS-Website

159

PKI-SMS-EDSR

M ha, gii m thng tin tin nhn .

Gi v nhn tin nhn

Hnh 8.24. Biu chc nng PKI-SMS_EDSR

Chi tit cc chc nng Tn chc nng 1.1 Cung cp chng ch kha cng khai 1.2 Chng thc chng ch kha cng khai 1.3 ng k chng ch kha cng khai 1.4 Gia hn v hy b chng ch kha cng khai 2.1 M ha, gii m thng tin tin nhn 2.2 Gi v nhn tin nhn Thit k c s d liu Cc bng trong c s d liu CERTIFICATE (Giy chng thc kha cng khai) Tn trng Kiu d liu Cho php trng ID INTEGER Khng MODULE VARCHAR (500) Khng SIGNATURE VARCHAR (500) Khng EXPONENT DATETIME VARCHAR (500) DATE Khng Khng Loi Web Form Web Form Web Form Web Form M t Hin th thng tin v chng ch kha cng khai Hin th kt qu chng thc kha cng khai Hin th thng tin ng k chng ch kha cng khai Hin th thng tin v tnh trng v thi hn ca chng ch kha cng khai Cung cp chc nng m ha v gii m ni dung tin nhn trn in thoi di ng Cung cp chc nng gi v nhn tin nhn trn in thoi di ng

Service Service

Kha chnh C Khng Khng Khng Khng

Ghi ch

EXPDATETI ME

DATE

Khng

Khng

Module cng khai Ch k ca nh thm quyn ln giy chng thc S m cng khai Ngy khch hng ng k giy chng thc kha cng khai Ngy ht hn ca giy chng thc

160

CA_USER () Tn trng ID NAME PHONENUMBER ADDRESS CERTIFICATEID

Kiu d liu INTEGER VARCHAR (100) VARCHAR (20) VARCHAR (500) INTEGER

Cho php trng Khng Khng Khng Khng Khng

Kha chnh C Khng Khng Khng Khng

Ghi ch

M hnh quan h gia cc bng

8.4.4.

nh gi v th nghim

Chc nng thit k Cp chng thc kha cng khai H thng PKI-Website cho php ngi dng ng k kha cng khai thng qua giao thc ng dng khng dy(WAP) Chng thc kha cng khai H thng PKI-Website cho php ngi dng chng thc kha cng khai thng qua giao thc ng dng khng dy(WAP) CA k giy chng thc kha cng khai H thng PKI-Website c dng CA k xc nhn ca mnh thng qua thut ton m ha kha cng khai RSA vi kha b mt ca CA. M ha v gii m thng tin Chng trnh PKI-SMS-EDSR cho php ngi dng thc hin vic m ha, truyn v gii m tin nhn Kch bn th nghim Thit b: in thoi Sony Ericssion K750i, Nokia N72 D liu +D liu ngn: PKISMS +D liu di: PKISMS TEST PROGRAM +Kch thc kha 512 bt

161

+Kch thc kha 1024 bt +Kch thc kha 4096 bt +Kch thc kha phin 8 byte +Kch thc kha phin 16 byte Tnh nng k thut Tc truyn tin Tc truyn tin nhn ph thuc vo nh cung cp dch v. Thi gian truyn tin mt t 3->4 giy. Kt qu thc nghim Vi in thoi SonyEricssion K750i th kt qu c th hin qua bng sau: Kch thc kha 512 bt, Kha phin 8 byte 3s Kch thc kha 1024 bt, Kha phin 8 byte Kch thc kha 2048 bt, Kha phin 8 byte B m phng khng thc hin c B m phng khng thc hin c Kch thc kha 512 bt, Kha phin 16 byte 3s Kch thc kha 1024, Kha phin 16 byte Kch thc kha 4096 bt, Kha phin 16 byte B m phng khng thc hin c B m phng khng thc hin c

Tc m ha

Tc gii m

2s

2s

di tin nhn ti a di tin nhn sau m ha Kt lun

7 k t 145 k t 273 k t >160 Khng th dng Khng th dng

7 k t 145 k t 273 k t >160 Khng th dng Khng th dng

C th

C th

162

Vi in thoi Nokia N72 kt qu cng tng t Sony Ericssion K750i v c th hin qua bng sau: Kch thc Kch thc Kch thc Kch thc Kch thc Kch thc kha 1024, kha 4096 kha 1024 kha 2048 kha 512 kha 512 bt, Kha Kha bt, Kha bt, Kha bt, Kha bt, Kha phin 16 phin 16 phin 16 phin 8 phin 8 phin 8 byte byte byte byte byte byte 3s B m Tc m 3s B m phng ha phng khng thc khng thc hin c hin c 2s B m Tc gii 2s B m phng m phng khng thc khng thc hin c hin c di tin 7 k t 7 k t nhn ti a 145 k t 273 k t 145 k t 273 k t di tin >160 >160 nhn sau m ha Kt lun C th Khng th Khng th C th Khng th Khng th dng dng dng dng

8.5. Kt chng
Cc ng dng c xy dng v th nghim cho thy c th ng dng h thng BioPKI vo cc ng dng c bn ca h thng PKI. Du hiu sinh trc c th c s dng bo v kha c nhn b mt nh trong trng hp ng dng m ha v k thng ip. Du hiu ny c th c s dng tng cng kh nng xc thc trong cc h thng c sn c ch bo mt. Trong cc ng dng cp, vic thu thp v x l du hiu sinh trc dng mc cc b, khng c CSDL chung lu tr cc du hiu sinh trc. Nh vy cc thit b u cui phi c kh nng x l tng i cao (cc th nghim cho thy thi gian x l vi cc thao tc sinh trc thng thng khong vi giy, nu cc thit b c kh nng tnh ton km hn s khng m bo thi gian p ng. Mt hng pht trin trong tng lai l chuyn mt s thao tc x l sinh trc thnh tp trung, to thnh mt h thng thc s. ng dng PKI-SMS chun b sn cho kh nng ny, vi vic thc hin PKI trn h thng truyn thng c bit vi tc truyn tin v kh nng x l ca cc thit b u cui hn ch.

163

Phn IV.

TNG HP CC KT QU V KT LUN

1. Cc kt qu t c ca ti theo cc sn phm ghi trong thuyt minh nhim v.

1.1. Tm tt cc yu cu khoa hc i vi sn phm to ra (kt qu dng II v III)
Tn sn phm: H thng an ninh thng tin da trn m sinh trc hc Bio-PKI (gi tt l H thng an ninh thng tin Bio-PKI), bao gm: Kt qu gii php tch hp c trng vn tay vi m bo mt trong h PKI thnh h BioPKI. Kt qu th nghim Prototype v h tng h thng BioPKI thm nh vn tay trong h BioPKI. Kt qu phn mm my tnh cho h thng BioPKI, phn h sinh trc bao gm: phn mm phn h m ha kha sinh trc hc vn tay BioPKI v phn mm xc thc thm nh vn tay. Cc bo co: Bo co phn tch h thng v hng xy dng ng dng trong xc thc thm nh vn tay v iu khin truy nhp trong h BioPKI; Cc bo co nh k v bo co tng hp ti.

1.2 Kt qu cc sn phm dng cc bo co ng k

- m bo y s lng cc bo co nh k - m bo y s lng v cc sn phm bo co ng k c tng hp trong bo co bao gm : Bo co kho st phn tch v xy dng phng n gii php h thng an ninh thng tin Bio-PKI (chng 1, 2, 3 ,4) Bo co phn tch v thit k h thng an ninh sinh trc hc Bio-PKI (chng 5, 6, 7) Bo co cc ng dng th nghim (chng 8)

1.3 Kt qu cc sn phm ng k
m bo y s lng cc sn phm dng ghi trong thuyt minh v trong hp ng, gm c: 1.3.1. Kt qu v gii php tch hp c trng vn tay vi m bo mt trong h PKI thnh h thng BioPKI ti xut m hnh gii php tch hp c trng vn tay vi h tng kha cng khai thnh h thng BioPKI, c trnh by trong chng 4 v chng 7 ca bo co ny.

164

M hnh h thng BioPKI bao gm cc thnh phn h thng sau: H thng li h tng kha cng khai PKI: H thng li PKI c xy dng theo m hnh kin trc CA vi y cc thnh phn chc nng c bn ca h PKI bao gm: - CA (Certificate Authority): B phn thm quyn pht hnh cc chng ch v chng thc cc chng ch - RA (Registration Authority): B phn thm quyn ng k chng ch, - Certificate Holder- User: ngi s dng trong h thng PKI, ch th chng ch, - Digital Certificate Distribution System: H thng phn phi chng ch s, kho cha H thng li PKI c thit k v lp trnh trn mi trng b th vin m ngun m OpenSSL, theo chun X509. Trong m hnh h BioPKI hin nay RA c vai tr qun l ngui dng, lu tr kha c nhn c bo mt bng sinh trc vn tay. Ton b cc giao thc v cc giao dch c s gia RA v CA c thit k v ci t lm c s tch hp h sinh trc to vo my ngi s dng (users) H thng thm nh xc thc sinh trc vn tay (Fingerprint Biometric System) dng sinh trc vn tay sng c ly trc tuyn t thit b scanner. Hot ng ca h thng sinh trc gm 2 pha chc nng: ng k (enrollement), thm nh xc thc (verification) M hnh tch hp thm nh trc vn tay sng trc tuyn vo h li h tng kha cng khai (gi tn l BK-BioPKI), bao gm 2 phn h sinh trc sau: - Phn h thm nh xc thc trc tuyn vn tay ngi dng c tch hp vo qu trnh ng nhp h thng BioPKI thay password, cc du c trng vn tay c m ha v lu tr ti my user (c gi l Phn h sinh trc 1) -Phn h sinh trc vn tay kt hp vi qu trnh mt m v s dng chng ch s trong h Bio PKI, sinh kha sinh trc m ha bo mt kha c nhn ca ngi dng trong h thng (c gi l Phn h sinh trc 2). Phn mm phn h sinh trc 2 c tch hp vo h BioPKI ti my user, c qun l bi RA v xc thc bi CA (chi tit ca m hnh tch hp s c trnh by trong chng 5 v chng 7 bo co ny)

1.3.2 Kt qu thit k v xy dng th nghim h thng BioPKI (Prototype) kt hp thm nh xc thc vn tay sng, trc tuyn. (Trnh by trong cc chng 5, 6, 7) - Gii php cng ngh thit k, trin khai h thng BK-BioPKI v tch hp m sinh trc hc vn tay vo h tng PKI, xc thc sinh trc vn tay trong h thng BioPKI - Phn tch thit k ton b h thng BK-BioPKI (prototype): phn tch thit k v xy dng ci t th nghim mt h thng BioPKI (tn gi BK-BioPKI) thm nh xc thc vn tay sng ly trc tuyn t thit b Scanner thng dng. H thng BK-BioPKI hot ng trn mi trng mng PTN ti khoa CNTT HBK HN. Ton b h thng c xy dng ci t trn c s cng c b th vin OpenSSL v ngn ng C++ kt hp Matlab

165

1.3.3 Kt qu phn mm my tnh cho h thng BioPKI: phn mm h sinh trc bao gm: phn mm phn h m ha kha sinh trc hc vn tay BioPKI v phn mm xc thc thm nh vn tay (trnh trong cc chng 5 v 7) ti xy dng v ci t ton b phn mm cho h thng BK-BioPKI bao gm cc b phn mm sau: B phn mm c s h li PKI m bo c cc chc nng c bn ca mt c s h tng kha cng khai PKI vi CA n: to yu cu xin cp chng ch, cp pht chng ch, qun l, gia hn chng ch v hy b chng ch. B phn mm h thm nh xc thc vn tay sng, trc tuyn gm cc chc nng ch yu: + Phn mm ng k sinh trc hc vn tay BioPKI + Phn mm m ha + Phn mm xc thc thm nh vn tay BioPKI B phn mm sinh trc trong h thngBioPKI c xy dng thnh 2 phn h thng sinh trc tng ng vi m hnh kt hp 2 phn h sinh trc vo cc hot ng trong h BioPKI. B phn mm tch hp h thng an ninh sinh trc hc Bio-PKI: Thc hin tch hp h thm nh xc thc vn tay vo hot ng cc giao dch ng nhp, xin cp chng ch v s dng chng ch trong h thng. Cc hnh v di y trnh by 2 s din tin lp trnh trong s nhiu s s din tin c thit k v thc hin cc bc trong cc giao dch hot ng trong h thng BioPKI. Chng trnh th nghim sinh trc lng bn tay: Ci t thut ton trch chn c trng, thm nh xc thc sinh trc lng bn tay v th nghim vi CSDL nh lng bn tay (xem chi tit phn ph lc Bo co tng hp.

1.3.4 Phn mm th nghim ng dng ti xy dng th nghim 3 kch bn ng dng an ton bo mt thng tin trong mi trng h thng BK-BioPKI (trnh by chi tit trong chng 7 v chng 8 ca bo co tng hp), gm c: Xc thc ch k s K v m ha bo mt thng ip Kim sot bo v truy cp vo CSDL trn mng Cc kch bn ny c thit k chi tit, c lp trnh ci t v th nghim trong mi trng mng ca h thng BK-BioPKI ti PTN.

1.3.5 Cc kt qu thc nghim trong phng th nghim a/ M t kch bn th nghim

Hin nay ton b h thng tch hp BK-BioPKI c xy dng trong mi trng mng trong PTN theo cu hnh trnh by trn. Ti cc my ngi s dng, dng thit qut vn tay

166

Futronic's FS82 USB 2.0 Fingerprint ly vn tay sng trc tuyn dng cho 2 pha ca h thng: pha ng k v pha thm nh xc thc lin quan n chng ch. Qu trnh th nghim h thng bao gm 2 ni dung ch yu: Th nghim cc hot ng giao dich trong h thng BK-BioPKI thng qua cc ng dng v th nghim nh gi thng k thc nghim cc tham s cht lng h thng thng qua cc o t s t chi sai FRR (False Rejection Rate) v t s chp nhn sai FAR (False Acceptance Rate) Tnh ton thc nghim cc tham s nh gi h thng (%): T s t chi sai FRR =

So truong hop loai bo sai Tong so truong hop

T s chp nhn sai FAR =

So truong hop chap nhan sai Tong so truong hop

a.

Th nghim cc giao dch c s trong h BK-BioPKI v nh gi mc trn ca cc hot ng giao dch trong h thng: Thc hin cc qu trnh ci t CA v RA (5 ln) kim tra mc li trong chng trnh. ng k ngi s dng: 10 ngi. Kim tra cc li pht sinh trong qu trnh t lc ng k ngi dng vo h thng n khi ly c chng ch. Thng k cc li nu xy ra trong qu trnh thc hin giao dch

Th nghim cc ng dng v nh gi thc nghim thamg s cht lng thm nh xc thc sinh trc vn tay trong hot ng h BK-BioPKI Trong mi hot ng h sinh trc bao gm 2 pha : ng k v thm nh xc thc sinh trc. Theo m hnh gii php h BK-BioPKI trnh by trn, h sinh trc bao gm 2 phn h kt hp: phn h thm nh sinh trc ng nhp u vo v phn h thm nh sinh trc gii m truy xut ly kha c nhn (private key) thc hin cc giao dch: ng dng ch k s hoc ng dng bo mt thng ip o Th nghim thm nh sinh trc trong hot ng ng nhp vo h thng: Thc hin ly mu ca 10 ngi s dng nh gi t s chp nhn sai FAR : vi mi ngi dng, th nghim vi 10 mu vn tay khng dng ng k nh gi t s t chi sai FRR : mi ngi th nghim ng nhp 10 ln sau khi ng k vn tay, dng vn tay ng k th nghim v o s trng hp sai o Th nghim thm nh xc thc sinh trc vn tay ngi dng truy xut ly kha c nhn v thc hin ng dng ch k s: sinh kha sinh trc BEK bo mt kha c nhn. 5 ngi s dng yu cu c cp pht chng ch v sau dng chng ch thc hin ch k s.

167

nh gi thc nghim cc tham s cht lng thm nh kha sinh trc truy xut kha c nhn: - nh gi t s chp nhn sai FAR: vi mi ngi dng, th nghim vi 10 mu vn tay khc mu vn tay dng ng k th nghim xc thc v o s ln chp nhn sai - nh gi t s t chi sai FRR: mi ngi th nghim 10 ln thm nh xc thc dng vn tay ng k th nghim truy xut kha c nhn v o s trng hp sai b/ Kt qu thc nghim Kt qu thc nghim nh gi qu trnh thm nh sinh trc trong hot ng ng nhp (login) S ln thc hin 100 100 S t chi sai/ S chp nhn sai 23 19 T s t chi sai FRR(%) 23 T l chp nhn sai FAR (%) 19

Bng 1: Kt qu thc nghim T l FRR v FAR khi ng nhp

Kt qu thc nghim nh gi qu trnh thm nh sinh trc truy xut ly kha c nhn dung trong hot ng ch k s S ln thc hin 100 100 S t chi sai/ S chp nhn sai 23 14 T s t chi sai FRR(%) 23 T l chp nhn sai FAR (%) 14

Bng 2: Kt qu thc nghim T l FRR v FAR khi xc thc kha sinh trc vn tay song trc tuyn gii m truy xut kha c nhn trong hot ng k ch k s

Khi th nghim tng s mu vn tay trong qu trnh ng k (v d ly 3 mu vn tay khi ng k thay cho ly 1 mu trong th nghim trn) th t s li FRR c ci thin gim xung khong 12% - 10%, tuy nhin thi gian tnh li tng ln. Kt qu th nghim trn trong hot ng ca h thng v tnh thc nghim t s cc li pht sinh

Kt qu cho thy hu ht cc giao dch ca h thng (t ci t CA, RA, ng nhp, yu cu cp chng ch, ch l s, truy nht khoa c nhn) hot ng y cc chc nng thit k PKI, khng xy ra li, hot ng trn tru c bit l cc kt ni gia CA-RA (cc giao dch v chng ch) v gia cc RA vi nhau (ch k s) S ln ci t 5 S ln li 5 T l (%) 0

Bng 3 . Kt qu nh gi qu trnh ci CA

S ln ci t 5

S ln li 5

T l (%) 0

Bng 4. Kt qu nh gi qu trnh ci RA

168

Tuy nhin trong qu trnh thc hin cho thy c mt s ln cn li xy ra trong qu trnh ng k vn tay khi to yu cu (request) gi ln CA. y l li qu trnh ng k sinh trc (enrollment) vn tay ngi dng vo yu cu v l li lin quan n thut ton sinh trc. Li ny hon ton c th khc phc c thng qua vic ci thin thut ton trch chn c trng v chng trnh x l sinh trc.

nh gi kt qu thc nghim Qua cc kt qu th nghim trong phng th nghim v h thng BK-BioPKI c th cho thy ton b h thng nn tng li PKI c thc hin tt, hot ng kh hon thin , cc giao dch t ci t, cp chng ch, xc thc chng ch, nhn chung hot ng n nh v khng c li. Cc chc nng ca mt h thng BioPKI c thc hin tng i hon chnh v m bo cc hot ng xc thc sinh trc vn tay sng trong h thng BK-BioPKI cc mc khc nhau. Hot ng ton b h thng BK-Biopki c kim nghim qua cc thc nghim vi cc sinh trc vn tay sng trc tuyn v t bc u kh quan. iu kim nghim thc t m hnh gii php h thng BioPKI xut v qu trnh phn tch thit k h thng t kt qu tt. Tuy nhin, v nh gi cc tham s hiu nng h thng vn cn c li qu trnh sinh trc, th hin li do x l cha ht cc trng hp ngoi l. Thc nghim vi vn tay sng cho thy t s li FRR v FAR trong c 2 qu trnh hot ng xc thc sinh trc t l li vn cn tng i cao. chnh l vn cn tip tc ci tin v h thm ng xc thc sinh trc Trong iu kin cu hnh h thng trong mi trng phng th nghim, thi gian thc hin thut ton cn ln (khong gn 40s). Hiu nng v thi gian x l sinh trc cn chm th hin ch yu do phn tch hp cc thut ton sinh trc (vit bng Matlab) vo h PKI ch mc m hnh tch hp.

2. Kt qu phi hp vi Malaysia.
2.1. c im qu trnh hp tc
- V tin thi gian bt u thc hin nhim v ngh nh th ca 2 pha Malaysia v Vit Nam c s chnh lch: Nhim v ca pha Malaysia thc hin t 2005, thc hin trc mt nm so vi nhim v ca pha Vit Nam. - Khi nhim v pha Vit Nam chnh thc bt u th pha Malaysia ang l giai on cui ca nhim v ti pha Malaysia xut trong nhim v hp tc Ngh nh th v pha Malaysia kt thc ti ny 2006. - Pha bn tip tc nghin cu v lnh vc ny v t 6-2007 pha Malaysia c kinh ph thc hin ti th hai (theo ti liu bn cung cp, thi gian ca ti tip theo ny l t 15/6/2007 n 30/5/2008), bi vy n 5/2007 pha bn mi xc tin tip tc cc hot ng trao i hp tc qua mail. - Ch nhim ti pha Malaysia c thay i, hin nay l ng Dr. Ong Thian Song, Gim c iu hnh trung tm nghin cu CBB

169

- Pha Malaysia tip tc nhit tnh trong hp tc thc hin nhim v NT vi Vit Nam. - Pha bn cha thc hin c on ra sang Vit Nam nh d kin v l do kinh ph ca pha bn.

2.2. Cc hot ng phi hp nghin cu

Pha MMU t chc Hi tho trao i phi hp nghin cu 2 bn ti Malaysia trong thi gian 20-21/ 9/ 2007 xc tin tng cng hp tc, gp g trao i c th v phi hp cc cng vic nghin cu ca c hai bn

MMU-HUT Joint Seminar, 20th - 21th September 2007 CBB-FIST, Multimedia University (Melaka Campus), Malaysia Pha i hc Bch khoa H ni tham gia trnh by 3 bo co trao i nghin cu ti hi tho ny, bao gm: o H.Lan Nguyen, BioPKI based information security system using fingerprint biometric authentication o Q.Trung HA, Using online fingerprint authentication to protect private key for digital signature. o H.Lan Nguyen and Q.Trung Ha, BioMetric verification based remote authentication Thng 12/ 2007 v thng 5/2008: Theo k hoch duyt, pha VN c 2 on cng tc sang Malaysia lm vic phi hp nghin cu v h thng thm nh sinh trc (chi tit nu trong bo co phn ph lc) Kt qu nghin cu phi hp l trao i v phng n, xy dng m hnh v trao i cc thut ton, hin cha c s trao i kt hp phn mm c th no trong h BKBioPKI hin nay thc hin c trao i phn mm hoc tch hp kt qu 2 bn, theo ngh ca pha trng MMU cn chun b k bn cam kt (MMA) gia MMU v HUT (HBK HN). Hin nay cho n thng 12-2008, hai bn trao i bn tho v i iu kin k. Cho n nay, pha MMU cha c on sang HBK HN vi l do kinh ph v thi gian. Hai bn MMU v HUT nht tip tc pht trin Hp tc vi Malaysia trong thi gian ti trong khun kh ti KC0111 tip tc nghin cu pht trin h thng BioPKI trong giai on tip t 2008-2009.

2.3. Tip tc pht trin Hp tc vi Malaysia

V hp tc vi Malaysia t 6/2007 n 6/2008 (xem trnh by chi tit ph lc bo co ny) nhim v hp tc nghin cu tin hnh theo mc trao i tch hp cc kt qu v phng n v phi hp thc hin pht trin phn mm ca c 2 pha. Hin nay c 2 bn (HBK HN v MMU) tho lun v ngh tip tc nghin cu pht trin h thng BioPKI trong giai on tip t 2008-2009.

170

3. Cc kt qu khc
3.1 o to thc s
Theo hng ca ti cho n nay c 6 lun vn Thc s bo v tt nghip: 1. Trn Tun Vinh Kha 2003-2005 bo v 2006 Tn lun vn: "Nghin cu gii php an ninh thng tin da trn hng tip cn sinh trc hc kt hp m cng khai PKI vi c im sinh trc vn tay" 2. Nguyn Anh Ti Kha 2004-2006 bo v 2006 Tn lun vn: "Nghin cu phng php thm nh xc thc sinh trc ch k vit tay ng dng trong giao dch in t" 3. V Thanh Thng Kha 2005-2007 bo v 12- 2007 Tn lun vn: "Nghin cu thut ton m ha bo mt nng cao AES v xy dng ng dng thut ton da trn cng ngh nhng" 4. L Quang Tng Kha 2006-2008 bo v 11- 2008 Tn lun vn: "Xy dng gii php ng dng xc thc sinh trc hc trong c s h tng kha cng khai da trn h thng OpenCA" 5. L Trn V Anh Kha 2006-2008 bo v 11- 2008 Tn lun vn: "Nghin cu gii php ng dng h tng kha cng khai PKI trong h thng thanh ton in t lin ngn hng" 6. H Tin Dng Kha 2006-2008 bo v 11- 2008 Tn lun vn: "H mt kha cng khai v ch k s" Cc n k s tt nghip ngnh CNTT- HBK HN thc hin theo hng ti: Mt s lng ng o khong 20 n tt nghip ca sinh vin cc kha (K46, K47, K48) c trong danh sch tham gia ti (Phn I) bo v tt nghip K s CNTT HBK HN t kt qu kh v gii.

3.2. Cc bi bo khoa hc [1] Thi Hong Lan NGUYEN, Thi Thu Hng NGUYEN An Approach to Protect Private Key using Fingerprint Biometric Encryption Key in BioPKI based Security System, bi bo c nhn trnh by v s ng trong k yu Hi ngh quc t: IEEE-10th International Conference on Control, Automation, Robotics and Vision (ICARCV 2008), December 17-20, 2008 in Hanoi, Vietnam. [2] Nguyn Th Hong Lan, Bi Thnh t, L Tin Dng, Xy dng h thng an ninh thng tin da trn sinh trc vn tay v h tng kha cng khai BioPKI, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn thng ICT.rda 2008, H Ni 8- 9/8/2008 (bi bo ang chnh sa theo kin ca phn bin ng trong K yu) [3] Nguyn Th Hong Lan, Trn Hi Anh, Mt gii php thm nh vn tay trc tuyn trong h thng BK-BioPKI v ng dng kim sot truy cp t xa, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn

171

thng ICT.rda 2008, H Ni 8- 9/8/2008 (bi bo ang chnh sa theo kin ca phn bin ng trong K yu)
[4]. Nguyn Th Hong Lan, Hong Trn c, V mt ng dng m ha bo mt thng ip trong h thng BK-BioPKI, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn thng ICT.rda 2008, H Ni 89/8/2008. [5]. H Quc Trung, Nguyn Trung Dng, Trao i thng tin an ton v bo mt trn h tng SMS, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn thng ICT.rda 2008, H Ni 8- 9/8/2008. [6]. Nguyn Linh Giang, V Ngc H, Mt gii php kt hp chng ch sinh trc vo h thng PKI, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn thng ICT.rda2008, H Ni 8- 9/8/2008. 3.3 Hi tho m rng
ti t chc 1 hi tho m rng bo co kt qu ca ti vi cc ni dung sau thng bo nh sau:

XEMINAR
H thng an ninh thng tin BioPKI da trn sinh trc hc vn tay kt hp vi c s h tng kha cng khai PKI
ti KHCN theo ngh nh th hp tc vi Malaysia v H thng an ninh thng tin da trn sinh trc hc Bio-PKI (Bio-PKI Based Information Security System), Khoa Cng ngh thng tin HBK HN, t chc Xeminar trnh by cc chuyn v cc kt qu nghin cu ca ti. Thi gian : a im : 8h30, ngy th su 20/ 6/ 2008. Phng hi tho C10, i hc Bch khoa H Ni S 1 i C Vit, Hai B Trng, H Ni Ni dung Xeminar gm cc chuyn : Gii php an ninh da trn sinh trc hc (Biometric) v m hnh h thng an ninh thng tin BK-BioPKI Phn tich xy dng h tng h thng PKI, h c s tch hp sinh trc hc Thit k xy dng phn h sinh trc sinh vn tay: sinh kha sinh trc v thm nh xc thc sinh trc vn tay trc tuyn Thit k xy dng prototype h thng BK-BioPKI trn c s tch hp phn h sinh trc vn tay vo h PKI trong mi trng mng phng th nghim. Mt s kch bn ng dng th nghim v bo mt an ton thng tin trn c s h thng BK-BioPKI: Ch k s, m ha bo mt thng ip, bo mt tin nhn SMS, kim sot truy cp t xa.

172

Kt qu hp tc vi Malaysia.

KNH MI TON TH CC QU V QUAN TM N D V NG GP KIN CHO TI

4. Tm tt v s dng kinh ph
Ton b bo co v kinh ph ti s c trnh by chi tit trong bo co ti chnh, phn di y ch nu tm tt v s dng kinh ph ca ti Khon 1. Thu khon chuyn mn: thanh ton xong. Tng kinh ph thanh ton l 374.950.000 VN (Ba trm by mi t triu chn trm nm mi nghn ng) Khon 2. Nguyn vt liu, vt t, nng lng: thanh ton xong. Tng kinh ph thanh ton l 62.035.160 VN (Su mi hai triu khng trm ba mi lm ngn mt trm su mi ng) Khon 3. Thit b, my mc chuyn dng: thanh ton xong bao gm: 1 Server IBM, 1 UPS 6KVA, cc thit b qut nhn dng vn tay FX3000. Tng kinh ph thanh ton l 177.735.000 VN (Mt trm by mi by triu by trm ba mi lm ngn ng) Khon 4. on ra: thanh ton xong. Tng kinh ph thanh ton l 88.807.170 VN (Tm mi tm triu tm trm linh by nghn mt trm by mi ng) Khon 5. on vo: v l do pha bn cha vo, ngh v c chuyn kinh ph sang thu khon chuyn mn kinh ph l 25.000.000 VN (Hai mi lm triu ng) Khon 6. Chi khc: thanh ton xong (tr phn chi ph nh gi, kim tra, nghim thu xin ngh tm ng trc, s quyt ton sau). Tng kinh ph l 96.442.000 VN (Chn mi su triu bn trm bn mi hai nghn ng) Tng kinh ph ca ton b ti thanh ton v tm ng l 789,969,330 VN (By trm tm mi chn triu chn trm su mi chn nghn ba trm ba mi ng)

5 . Kt lun v hng pht trin

5.1. Nhn xt nh gi chung
ti hon thnh nhim v ra m bo v s lng v cht lng ng k v cc sn phm KHCN. Ton b h thng c th nghim t kt qu bc u trong mi trng mng phng th nghim. Tuy nhin kt qu th nghim cho thy t l li xc thc vn tay sng cn ln, y l mt trong cc vn mu cht phi tip tc nghin cu ci thin trong thi gian ti. ti pht trin c th hn cc ni dung di y so vi ni dung ng k v phn mm my tnh:

173

V phn mm tch hp sinh trc trong h thng: h thng BK-BioPKI xy dng bao gm 2 phn h sinh trc kt hp 2 gii php sinh trc trong h BioPKI V phn mm th nghim ng dng: hin nay xy dng v th nghim 3 kch ng dng an ton bo mt thng tin trong mi trng h thng BK-BioPKI gm: Xc thc ch k s; K v m ha bo mt thng ip; Kch bn th nghim kim sot bo v truy nhp CSDL trn mng. V sinh trc lng bn: xy dng th nghim 1 chng trnh trch chn c trng v thm nh sinh trc lng bn tay, s dng nh lng ban tay ly t CSDL.

Tnh mi, tnh sng to ca ti: hng nghin cu BioPKI l vn ang c quan tm trn th gii, cc ti liu v h thng an ninh thng tin da sinh trc hc hin cha nhiu v thng ng kn do yu cu bo mt. Kt qu ca ti ng gp tnh mi trn m hnh gii php tch hp h thng BioPKI thm nh xc thc sinh trc vn tay sng. l h BioPKI thng mi, cho n hin nay da trn cc thng tin cng b, y l nhng kt qu u tin nghin cu Vit Nam v lnh vc ny

5.2. V tin thc hin

tng cng c hiu qu trong hp tc vi Malaysia v ti c iu kin th nghim v hon thnh tt nhim v theo ngh nh th, ti lm vn bn ngh xin php c iu chnh ra hn thi gian thc hin ti n 6/2008 trong iu kin ton b kinh ph c duyt, khng b sung thm kinh ph, nh vy thi gian thc hin ti l trn 24 thng nh d kin. Nhim v ti c php ca B KHCN, theo c cng vn s 3397/BKHCNXHTN, k ngy 27/12/2007 cho php gia hn thi gian thc hin nhim v ti n 6/2008, nh vy ti c iu kin thi gian y 24 thng thc hin nh d kin ban u. ti hon thnh cc cng vic nghin cu theo ng k hoch c php n 6-2008. Kt qu nghin cu ca ti c trnh by trong Hi tho m rng bo co kt qu nghin cu c t chc v thng bo trn mng vo 20- 62008.

5.3 Hng pht trin

ti t cc kt qu kh quan trng bc u phng th nghim, m ra mt trin vng nghin cu pht trin mi c ngha v h thng an ninh thng tin da trn sinh trc hc BioPKI v ng dng thc t Kt qu ca ti nhim v ngh th l c s c tip tc theo hng nghin cu BioPKI trong giai on tip theo trong khun kh ti KC0111. Cc hng pht trin nghin cu trong thi gian ti trong ti KC0111

174

Xy dng h li PKI theo cc cng ngh v chun cng nghip OpenCA ph hp vi cc kh nng s trin khai h h tng kha cng khai PKI Vit Nam Nghin cu pht trin m hnh BioPKI vi xc thc a sinh trc Xy dng h tch hp h thng BioPKI trn c s h li PKI OpenCA Thit k h xc thc sinh trc s dng cng ngh nhng (Etoken USB) Kho st v xy dng cc ng dng thc t c th a h thng ra ng dng.

o o o o

175

TI LIU THAM KHO

[1] PhD Alex Stoianow, PhD Ann Cavoukian, Biometric Encryption: A positive Sum Technology that Achieves Strong Authentication, Security AND Privacy, Information and Privacy Commissioner/Ontario, March 2007. [2] William Stallings. Cryptography and Network Security Principles and Practices, Fourth Edition. Prentice Hall, November 16, 2005 [3] F. Hao, R. Anderson, J. Daugman, Combining cryptography with biometrics effectively, Computer Laboratory - University of Cambridge, No. 640, 7-2005. [4] Martin Drahansk, Biometric Security System Fingerprint Recognition Technology, PhD thesis, Brno University of Technology, Czech Republic, March 2005. [5] Yoshifumi Ueshige, A Study on Biometrics Authentication in BioPKI, Institute of Systems & Information Technologies, KYUSHU, 2005 [6]. Michael Goh Kah Ong, Tee Comie, Andrew Teoh Beng Jin, David Ngo Chek Ling, An automated palmprint recognition system, Journal of Image Vision Computing, No.23, pp 501-515, Jan. 2005. [7] Uludag, Anil K. Jain et al Biometric Cryptosystems: Issues and Challenges, Proceedings of the IEEE, Vol.92, No. 6, pp. 948-960, June 2004.. [8] Anil K. Jain and Arun Ross, Multibiometric Systems, Journal Communications of the ACM, Vol. 47, No. 1 2004. [9] K. Delac, M.Grgic, A survey of biometric recognition methods, 46th International Symposium Electronics in Marine, ELMAR-2004, Zadar, Croatia. pp 1-6, June 2004. [10] D.Maltoni, D.Maio, A.K.Jain, S.Prabhakar, Handbook of Fingerprint Recognition, Springer, New York, 2003. [11]. Suranjan Choudhury, Kartik Bhatnagar and Wasim Haque, Public Key Infrastructure Implementation and Design. M&T Books, 2002. [12]. C.Adam, S.Lloyd, Understanding PKI: Concept, Standard and Develoyment Consideration, 2nd ed. , Addition Wesley 2002. [13] Parvathi Ambalakat, Security of Biometric Authentication Systems, 21st Computer Science Seminar SA1-T1-1, 2002. [14] F. Hao, C.W. Chan, Private key generation from on-line handwritten signatures, Information Management & Computer Security - Nanyang Technological University, Singapore, 2002. [15] Yuliang He, Jie Tian, Xiping Luo, Tanghui Zhang. Image enhancement and minutiae matching in fingerprint verification, Pattern Recognition Letter, 2002. [16] Pravir Chandra, Matt Messier, John Viega. Network Security with OpenSSL, OReilly 2002.

176

[17]: Sharath Pankanti, Salil Prabhakar, and Anil K.Jain, On the Individuality of Fingerprints, IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 805-812, 2001. [18] Carl Ellison, Bruce Schneier. Ten Risks of PKI. Computer Security Journal Volume XVI, Number 1, 2000. [19] Serge Aumont, Roland Dirlewanger, Olivier Porte. Laccs scuris aux donnes. JRES 1999. [20] Lin Hong, Yifei Wan, Anil Jain, Fingerprint Image Enhancement, Algorithm and Performance Evaluation, IEEE transaction on Pattern Analysis and Machine Intelligence, vol. 20, no. 8, pp.777789, May 1998. [21] Recommendation X.800. Security architecture for open systems interconnection for CCITT. ITU, 1991 [22] O'Reilly - Network Security with Open SSL [23] OpenSSL, http://www.openssl.org [24] MySQL: http://www.mysql.com [25] Wikipedia, the free encyclopedia: http://en.wikipedia.org

177

PH LC
PH LC A. Hng dn s dng PH LC B. Ti liu k thut pht trin h thng

178

MC LC
1. CI T. ......................................................................................................................... 2

1.1. Yu cu cu hnh................................................................................................2 1.2. Ci t MySimpleCA ..........................................................................................2 1.3. Ci t MySimpleRA ..........................................................................................5

2. NG NHP: .................................................................................................................. 8 2.1. RA:............................................................................................................................ 8 2.2. CA............................................................................................................................. 8 3. S DNG CHNG TRNH CHNH:............................................................................. 9 3.1. Chng trnh RA: ......................................................................................................... 9 3.1.1. Lm vic vi cc yu cu. ................................................................................. 9 3.1.2. Lm vic vi cc chng ch: ............................................................................ 10 3.2. Chng trnh CA: ....................................................................................................... 11 3.2.1. Lm vic vi cc Request................................................................................ 11 3.2.2. Lm vic vi TAB Certificate: .......................................................................... 12

1. CI T.
1.1. Yu cu cu hnh
Microsoft Windows 2000/XP/2003

MySQL version 5.02 tr ln

1.2. Ci t MySimpleCA

Khi ng chc nng Setup Wizard ca MySimpleCA:

Tip theo, thc hin cc bc trong Setup Wizard

o Cu hnh c s d liu:
MySQL server: a ch my ch dch v MySQL MySQL port: cng dch v MySQL Username: tn ti khon MySQL Password: mt khu cho ti khon MySQL Databasse name: tn c s d liu s to

o Cu hnh cng dch v ca CA: y l cng m CA server ch kt ni t RA.

o t cc thng tin bn trong chng nhn s gc:

Common Name: tn CA Email Address: a ch th in t. Country: m quc gia, ch c 2 k t. V d: VN, JP, US, UK, AU

State: tn tnh thnh, bang. Locality: tn a phng Organization: tn t chc Organizatioal Unit: tn n v trong t chc.

o Cu hnh kha cho chng nhn s gc v t mt khu qun tr

Sau khi hon thnh cc bc ci t, cn khi ng li chng trnh.

1.3. Ci t MySimpleRA
Ci t MySimpleRA tin hnh cc bc nh sau Cu hnh cho chng trnh: thng tin nh danh, cp kha cng khai/c nhn, c s d liu..

ng k RA vi CA: gi file request ca RA ti CA CA to chng nhn s tng ng. Ti CA, to chng nhn s cho RA nh sau

Nhp file ng k ca RA v ghi kt qu ra file chng nhn s ca RA.

Ly chng nhn s gc ca CA dng cho cu hnh RA:

c cc chng nhn s ca RA v CA t file cu hnh cho MySimpleRA:

Sau khi nhp cc chng nhn s RA v CA, qu trnh ci t cho MySimpleRA hon tt.

2. NG NHP:
2.1. RA:
u tin s c form yu cu nhp username v password:

Ngi dng s nhp username v mt khu, nu nhp sai lin tip 3 ln th chng trnh s t thot.

2.2. CA.
i vi chng trnh CA, ngi dng ch cn nhp mt khu ca CA (lc Setup chn, v mc nh l admin).

3. S DNG CHNG TRNH CHNH:

3.1. Chng trnh RA:
Giao din ca chng trnh c chia ra thnh cc TAB tng ng, hin ti ang c 3 TAB l: Request: Dng qun l cc yu cu ca cc Client. Certificate: Dng qun l cc chng ch ca Client. Remote Login: Dng thc hin ng dng truy cp t xa

u tin, kt ni vi chng trnh CA, ngi dng cn phi chn nt Connect. Sau khi chn, chng trnh s c kt ni vi chng trnh CA, nhng chng trnh s bo li nu chng trnh ca CA cha ch nghe (chp nhn cc kt ni n n).

3.1.1. Lm vic vi cc yu cu.

lm vic vi cc Request, ngi dng chn Tab Request. Cc chc nng ng vi Tab Request ngi dng c th chn l: To yu cu chng ch: Khi cha c chng ch hoc mun to thm chng ch ngi dng chn chc nng ny. Khi chng trnh s hin th ra cc ca s yu cu ngi dng nhp thng tin, hon tt qu trnh to yu cu cp chng ch. Xa yu cu: Nu pht hin ra yu cu va to cha chnh xc, ngi dng c th chn chc nng ny hy yu cu .

Xc nhn yu cu v gi ln cho CA: Sau khi chc chn v tnh ng n ca yu cu, ngi dng chn chc nng ny chng trnh RA gi yu cu ln cho CA. Xut yu cu ra file: Dng xut 1 yu cu ra file. Nhn thng tin chng ch: Ngi dng s chn chc nng ny kim tra xem yu cu va gi ln c CA ng cha, nu c chp nhn th lp tc ngi dng s c c chng ch ng vi yu cu .

Giao din ca chng trnh ng vi TAB Request:

3.1.2. Lm vic vi cc chng ch:

10

Cc chc nng ng vi TAB Certificate ngi dng c th chn l: Xin gia hn: Sau khi thy chng ch ca mnh s dng sp ht hn, ngi dng c th gi yu cu xin gia hn ln cho CA. Kim tra yu cu gia hn: Sau khi xin gia hn, ngi dng phi dng chc nng ny kim tra xem c CA ng cha. Nu c ng th chng ch c gia hn thm 1 thi gian (mc nh ca phin bn hin thi l 1 nm). Xin hy: Nu mun hy chng ch, ngi dng chn chc nng ny gi yu cu xin hy ln cho CA. Kim tra yu cu hy: Tng t, sau khi xin hy, ngi dng phi dng chc nng ny kim tra xem c CA ng cha.

3.2. Chng trnh CA:

Tng t giao din ca chng trnh RA, chng trnh CA cng lm vic vi cc TAB chc nng. Ban u, phi n nt Start CA Server nghe v cho php cc RA kt ni n. Chng ta s ln lt tm hiu cc chc nng c th ca chng trnh:

3.2.1. Lm vic vi cc Request.

11

Cc chc nng ng vi TAB Request: Xa yu cu: Khi khng chp nhn yu cu , CA s dng chc nng ny xa yu cu i. Chp nhn yu cu v cp chng ch: CA s dng chc nng ny khi chp nhn yu cu xin cp chng ch . Import yu cu t dng file: S a yu cu vo bng dng file.

3.2.2. Lm vic vi TAB Certificate:

Cc chc nng m ngi dng c th thc hin ng vi TAB Certificate : Xut chng ch ra dng file. T chi yu cu ca chng ch: Cc yu cu c dng nh xin gia hn hoc xin hy, nu t chi cc yu cu , CA s chn chc nng ny. Chp nhn yu cu ca chng ch: Tng t, chp nhn cc yu cu , CA chn chc nng ny. Lc thng tin hin th: Khi c qu nhiu thng tin c hin th ra, trnh ri mt, ngi dng c th dng b lc v ch cho hin th ra cc kiu chng ch m mnh mun lm vic vi.

12

13

MC LC
MC LC ............................................................................................................................... 1 DANH MC CC HNH V, BIU ................................................................................... 3 1. GII THIU ........................................................................................................................ 5 1.1 1.2 1.3 1.4 Mc ch ................................................................................................................. 5 Phm vi ................................................................................................................... 5 T vit tt ................................................................................................................ 5 Tham kho .............................................................................................................. 5

2. BIU TRIN KHAI........................................................................................................ 7 3. BIU LP .................................................................................................................... 9 3.1 Cc lp xy dng t th vin OpenSSL ................................................................. 9 3.1.1 Cc lp lin quan n giao thc bo mt SSL ..................................................... 9 3.1.2 Lp v chng ch s X509 .................................................................................. 10 3.1.3 Cc lp qun l m ha v bm ......................................................................... 11 3.1.4 Cc lp biu din cc thnh phn trong chng ch s X509 .............................. 12 3.1.5 Cc lp qun l vic hy b hay gia hn chng ch s X509 ............................. 13 3.2 Thit k cc lp lin quan ti CAServer................................................................ 14 3.2.1 Cc lp giao din ca chc nng setup h thng v ng k, ng nhp s dng h thng .............................................................................. 14 3.2.2 Cc lp giao din ca cc tab chc nng lin quan n qun l chng ch ............................................................................................................ 15 3.2.3 Giao din ca s cc chc nng thit lp cu hnh h thng khi tin hnh ci t ban u cho h thng ........................................................ 16 3.2.4 Giao din mn hnh hin th thng tin chi tit v chng ch, thng tin chung v danh sch chng ch b thu hi....................................................... 18 3.2.5 Cc lp k tha t lp CList............................................................................... 20 3.2.6 Lp chnh ca CAServer..................................................................................... 21 3.2.7 Lp qun l cu hnh ca CAServer ................................................................... 22 3.3 Thit k lp ca RAClient ..................................................................................... 22 3.3.1 Cc lp thuc phn thit lp ci t RA.............................................................. 23 3.3.2 Lp cha thng s cu hnh ............................................................................... 25 3.3.3 Cc lp lin quan ti chc nng ng nhp, ng k ........................................ 26 3.3.4 Lp lm vic vi c s d liu ........................................................................... 27 3.3.5 Lp qun l thng tin user .................................................................................. 28 3.3.6 Lp qun l danh sch cc chng ch ................................................................ 28 3.3.7 Lp qun l danh sch cc chng ch b hy...................................................... 29 3.3.8 Lp chnh ca RAClient ...................................................................................... 30 3.3.9 Lp hin th ni dung chng ch.......................................................................... 33 3.4 Cc lp thuc v cc ng dng trong h thng .................................................... 33

3.4.1 ng dng bo mt thng ip ........................................................................... 33 3.4.2 ng dng bo v truy nhp t xa ...................................................................... 35 3.4.3 ng dng ch k s v m ha thng ip........................................................ 36 4. DIN BIN CC CA S DNG ....................................................................................... 37 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10 ng k ngi dng mi vo h thng................................................................. 37 ng nhp ............................................................................................................ 38 To yu cu chng ch.......................................................................................... 39 Gia hn chng ch................................................................................................. 40 Thu hi chng ch ................................................................................................. 42 Pht hnh chng ch ............................................................................................. 43 Ly chng ch........................................................................................................ 43 Truy cp t xa ....................................................................................................... 44 Ch k s............................................................................................................... 45 ng xut.............................................................................................................. 49

5. THIT K C S D LIU............................................................................................. 50 5.1 CAServer .............................................................................................................. 50 5.1.1 Bng tblCertificate............................................................................................... 50 5.1.2 Bng tblCRL:....................................................................................................... 50 5.1.3 Bng tblRequest ................................................................................................. 50 5.1.4 M t tm tt cc hot ng lin quan tng tc n CSDL:............................. 50 5.2 RAClient................................................................................................................ 51 5.2.1 Bng user............................................................................................................ 51 5.2.2 Bng request....................................................................................................... 51 5.2.3 Bng Certificate .................................................................................................. 52 5.2.4 Bng Kha c nhn ............................................................................................ 52 5.2.5 Quan h gia cc bng ...................................................................................... 53

DANH MC CC HNH V, BIU

Hnh 2-1. Biu trin khai ca h thng BK-BioPKI ............................................................ 7 Hnh 2-2. CAServer ................................................................................................................ 7 Hnh 2-3. RAClient.................................................................................................................. 7 Hnh 2-4. Cc file lib, dll cn dng ca OpenSSL.................................................................. 8 Hnh 3-1. Cc lp lin quan n giao thc bo mt SSL ....................................................... 9 Hnh 3-2. Lp chng ch ca CA .......................................................................................... 10 Hnh 3-3. Qun l m ha v bm........................................................................................ 11 Hnh 3-4. X509Name v CNameProfile................................................................................ 12 Hnh 3-5. X509NameEntry v X509Time ............................................................................. 12 Hnh 3-6. Qun l hy b hay gia hn .................................................................................. 13 Hnh 3-7. Cc lp giao din chc nng setup h thng ....................................................... 14 Hnh 3-8. Lp CcertTabDlg v CCRLTabDlg ....................................................................... 15 Hnh 3-9. Lp CrequestTabDlg v CIssueCertDlg ............................................................... 15 Hnh 3-10. Cc lp giao din ca s cc chc nng thit lp cu hnh h thng (1) .......... 16 Hnh 3-11. Cc lp giao din ca s cc chc nng thit lp cu hnh h thng (2) .......... 17 Hnh 3-12. Cc lp giao din hin th thng tin chi tit chng ch (1) ................................... 18 Hnh 3-13. Cc lp giao din hin th thng tin chi tit chng ch (2) ................................... 19 Hnh 3-14. Cc lp k tha hin th danh sch yu cu, chng ch................................ 20 Hnh 3-15. Lp chnh ca CAServer : khi to kt ni, lng nghe yu cu v tr li yu cu t client .................................................................................................. 21 Hnh 3-16. Lp qun l cu hnh ca CAServer................................................................... 22 Hnh 3-17. Lp CMySimpleClientApp................................................................................... 22 Hnh 3-18. CSetupClienTabDlg ............................................................................................ 23 Hnh 3-19. CsetupClient ....................................................................................................... 24 Hnh 3-20. ClientConfig ........................................................................................................ 25 Hnh 3-21. CloginDlg ............................................................................................................ 26 Hnh 3-22. CUserRegisterDlg ............................................................................................... 27 Hnh 3-23. CRADataAccess ................................................................................................. 27 Hnh 3-24. CProfileDialog ..................................................................................................... 28 Hnh 3-25. CCertificateTabDlg.............................................................................................. 28 Hnh 3-26. CRevocationListTabDlg ...................................................................................... 29 Hnh 3-27. Client................................................................................................................... 30 Hnh 3-28. ClienList .............................................................................................................. 31 Hnh 3-29. CMySimpleClientDlg, CmySimpleClientApp ....................................................... 31 Hnh 3-30. Cc lp thuc v cc Tab chc nng ca RAClient ........................................... 32 Hnh 3-31. Cc lp hin th ni dung chng ch s .............................................................. 33 Hnh 3-32. ............................................................................................................................. 33 Hnh 3-33. ............................................................................................................................. 34 Hnh 3-34. ............................................................................................................................. 34

Hnh 3-35. ............................................................................................................................. 35 Hnh 3-36. ............................................................................................................................. 36 Hnh 4-1. Biu din tin hot ng ng k ngi dng mi vo h thng .................... 37 Hnh 4-2. Biu din tin hot ng ng nhp ................................................................ 38 Hnh 4-3. To yu cu chng ch ......................................................................................... 39 Hnh 4-4. Gi yu cu gia hn.............................................................................................. 40 Hnh 4-5. Nhn yu cu........................................................................................................ 40 Hnh 4-6. Gia hn chng ch................................................................................................. 41 Hnh 4-7. Thu hi chng ch ................................................................................................. 42 Hnh 4-8. Pht hnh chng ch............................................................................................. 43 Hnh 4-9. Ly chng ch ....................................................................................................... 43 Hnh 4-10. Truy cp t xa..................................................................................................... 44 Hnh 4-11. K........................................................................................................................ 45 Hnh 4-12. Ly kha c nhn................................................................................................ 46 Hnh 4-13. K........................................................................................................................ 47 Hnh 4-14. Kim tra ch k................................................................................................... 48 Hnh 4-15. ng xut pha CA.............................................................................................. 49 Hnh 4-16. Ngi dng thot khi h thng ......................................................................... 49 Hnh 5-1. Quan h gia cc bng ........................................................................................ 53

1.
1.1

GII THIU
Mc ch

y l ti liu thit k ca h thng BK-BioPKI. Ti liu dng ch yu cho cc thnh vin tham gia pht trin h thng 1.2 Phm vi

Ti liu ny ni ti h thng BK-BioPKI. y l h thng c pht trin th nghim s dng c im sinh trc vo bo mt, xc thc trong h PKI. N l mt h PKI xy dng theo kin trc CA n, ng thi c tch hp sinh trc hc vn tay vo. H thng cho php ngi dng ng k vo h thng, xin cp chng ch c xc nhn ca CA v s dng chng ch trong cc giao dch nht nh 1.3 T vit tt

PTN: phng th nghim. PKI: Public Key Infrastructure. RA: Registration Authority. CA: Certification Authority. CRL: Certificate Revocation List. 1.4 Tham kho

[1].http://www.staruml.com [2]. www.openssl.org. [3]. Grady Booch, James Rumbaugh, Ivar Jacobson. The Unified Modeling Language User Guide SECOND EDITION. Prentice Hall, November 16, 2005.

2.

BIU TRIN KHAI

<<device>> CAServer <<SSL>> 1 <<device>> Application server (DB server) 1 <<SSL>> <<SSL>> * <<LAN>> * <<device>> RAClient <<LAN>> 1 * <<device>> RAClient

<<SSL>>

<<device>> RAClient

Hnh 2-1 Biu trin khai ca h thng BK-BioPKI

<<device>> CAServer <<artifact>> CAServer.exe <<C API>> <<execution environment>> MySQL Server <<import>> <<modelLibrary>>

OpenSSL

Hnh 2-2 CAServer

<<device>> RAClient <<artifact>> RAClient.exe <<C API>> <<import>> <<execution environment>> MySQL Server <<modelLibrary>>

OpenSSL

Hnh 2-3 RAClient

<<modelLibrary>>

OpenSSL

<<artifact>> libeay.lib

<<artifact>> ssleay.lib

<<artifact>> ssleay32.dll

<<artifact>> libeay32.dll

Hnh 2-4 Cc file lib, dll cn dng ca OpenSSL

3.
3.1.

BIU LP
Cc lp xy dng t th vin OpenSSL y l mt s lp c xy dng t th vin OpenSSL s dng cc hm API theo ngn ng C dng cho m ha, giao thc SSL v X.509. Cc lp c xy dng bao gm: SSLConnection: dng cho kt ni SSL. SSLContext: dng cho cu hnh kt ni SSL. X509NameEntry: biu din mt thnh phn trong inh danh. X509Name: biu din nh danh ca thc th trong PKI. X509Request: biu din mt yu cu chng nhn s. X509Extension: biu din mt thnh phn m rng ca chng nhn s theo chun X.509. X509ExtensionList: biu din danh sch cc thnh phn m rng. X509Revoked: biu din mt chng nhn s b hy trong CRL

X509RevokedList: biu din tp cc chng nhn s b hy. X509CRL: biu din CRL X509Time: biu din i tng thi gian theo chun ASN.1 dng trong chng nhn s X.509. X509Certificate: biu din chng nhn s X.509. EVPHash: dng cho to chui bm. EVP_PKey: dng qun l cp kha c nhn/cng khai. CnameProfile SimplePKICert X509CRLInfo 3.1.1. Cc lp lin quan n giao thc bo mt SSL
cd Common SSLConnection # # + + + + + + + + + + + + + + + m_bpAcc: BIO* m_ssl: SSL* Accept(SSLContext&, SSLConnection&) : BOOL Attach(SSL*) : void Bind(UINT) : BOOL Clear() : int Connect(SSLContext&, char*, int) : BOOL Create(SSLContext&) : BOOL Detach() : SSL * Free() : void GetShutdown() : int PostConnectionCheck(char*) : long Read(char*, int) : int Shutdown() : int SSLConnection(void) ~SSLConnection(void) Write(char*, int) : int # + + + + + +

SSLContext m_ctx: SSL_CTX* Free() : void Init(char*, char*, char*, char*, char*, int, int) : BOOL Init(X509*, X509*, EVP_PKEY*, int, int) : int SSLContext(void) ~SSLContext(void) verify_callback(int, X509_STORE_CTX*) : int

Hnh 3-1 Cc lp lin quan n giao thc bo mt SSL

3.1.2. Lp v chng ch s X509

cd Common X509Certificate SimplePKICert + + + + + + + + + + + + + + + + + + + + m_certID: UINT m_requestID: UINT GetIssuerName(CString&) : void GetIssuerName() : X509_NAME * GetNotAfter(CString&) : void GetNotAfter() : ASN1_UTCTIME * GetNotBefore(CString&) : void GetNotBefore() : ASN1_UTCTIME * GetPubkeyAlgorithm(CString&) : void GetPubkeyModulus(CString&) : void GetSerialNumber() : long GetSignatureAlgorithm(CString&) : void GetString(CString&) : void GetSubjectName(CString&) : void GetSubjectName() : X509_NAME * operator=(SimplePKICert&) : SimplePKICert& SetSerialNumber(long) : void SimplePKICert() SimplePKICert(X509*) SimplePKICert(X509Certificate&) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + m_pCert: X509* AddExt(X509_EXTENSION*, int) : int AddExt(X509Extension&, int) : int CheckPrivateKey(EVP_PKEY*) : int Cmp_Issuer(X509*) : int Cmp_Issuer_and_Serial(X509*) : int Cmp_SubjectName(X509*) : int d2i(unsigned char**, long) : X509* d2i(FILE*) : X509* DeleteExt(int) : X509_EXTENSION * GetCertificateType(EVP_PKEY*) : int GetExt(int) : X509_EXTENSION * GetExt_by_NID(int, int) : int GetExt_by_Obj(ASN1_OBJECT*, int) : int GetExtCount() : int GetIssuerName() : X509_NAME * GetNotAfter() : ASN1_UTCTIME * GetNotBefore() : ASN1_UTCTIME * GetPubKey() : EVP_PKEY * GetSerialNumber() : ASN1_INTEGER * GetSignatureType() : int GetSubjectName() : X509_NAME * GetVersion() : long Hash_Issuer_and_Serial() : unsigned long Hash_IssuerName() : unsigned long Hash_SubjectName() : unsigned long i2d(unsigned char**) : int i2d(FILE*) : int operator=(X509Certificate&) : X509Certificate& PEMRead(FILE*, pem_password_cb, void*) : int PEMRead(char*, int, pem_password_cb, void*) : X509 * PEMWrite(FILE*) : int PEMWrite(char*, int) : int Print(FILE*) : int Print(char*, int) : int SetIssuerName(X509_NAME*) : int SetIssuerName(X509Name&) : int SetNotAfter(ASN1_UTCTIME*) : int SetNotBefore(ASN1_UTCTIME*) : int SetPubKey(EVP_PKEY*) : int SetSerialNumber(ASN1_INTEGER*) : int SetSubjectName(X509_NAME*) : int SetSubjectName(X509Name&) : int SetVersion(long) : int Sign(EVP_PKEY*, EVP_MD*) : int Sign(EVP_PKey&, EVP_MD*) : int Sign(EVP_PKey&) : int Verify(EVP_PKEY*) : int X509Certificate(void) X509Certificate(X509Certificate&) X509Certificate(X509*) ~X509Certificate()

Hnh 3-2 Lp chng ch ca CA

10

3.1.3. Cc lp qun l m ha v bm
cd Common EVP_PKey + + + + + + + + + + + + + + + + + + + + + + + + + + m_pkey: EVP_PKEY* Assign(int, char*) : int CompareParams(EVP_PKEY*, EVP_PKEY*) : int CompareParams(EVP_PKey&, EVP_PKey&) : int CopyParams(EVP_PKEY*, EVP_PKEY*) : int CopyParams(EVP_PKey&, EVP_PKey&) : int Create() : int d2i_Privkey(int, unsigned char**, long) : int d2i_Pubkey(int, unsigned char**, long) : int Decrypt(unsigned char*, unsigned char*, int) : int Encrypt(unsigned char*, unsigned char*, int) : int EVP_PKey(void) EVP_PKey(EVP_PKEY*) EVP_PKey(EVP_PKey&) ~EVP_PKey(void) GetBits() : int GetPointer() : EVP_PKEY* GetSize() : int GetType() : int i2d_PrivateKey(unsigned char**) : int i2d_PublicKey(unsigned char**) : int PEM_Read_PrivateKey(FILE*, pem_password_cb, void*) : int PEM_Read_PrivateKey(char*, int, pem_password_cb, void*) : int PEM_Write_PrivateKey(FILE*, EVP_CIPHER*, unsigned char*, int, pem_password_cb, void*) : int PEM_Write_PrivateKey(char**, EVP_CIPHER*, unsigned char*, int, pem_password_cb, void*) : int PEM_Write_PublicKey(unsigned char*, int) : int

EVPHash + + + + + + + m_ctx: EVP_MD_CTX m_hashType: EVP_MD* AddData(void*, int) : void EVPHash(int) ~EVPHash(void) GetHash(char*, unsigned int*) : void GetHashHex(CString&) : void

Hnh 3-3. Qun l m ha v bm

11

3.1.4. Cc lp biu din cc thnh phn trong chng ch s X509

cd Common X509Name + m_name: X509_NAME* + + + + + + + + + + + + EVP_PKey::CNameProfile CNameProfile(void) CNameProfile(X509_NAME*) CNameProfile(X509Name*) CNameProfile(CNameProfile&) GetCommonName(CString&) : int GetCountry(CString&) : int GetEmail(CString&) : int GetLocality(CString&) : int GetOrganization(CString&) : int GetOrganizationUnit(CString&) : int GetState(CString&) : int GetString(CString&) : int

+ AddEntry(X509NameEntry*, int, int) : int + AddEntry(X509_NAME_ENTRY*, int, int) : int + Create() : BOOL + d2i(unsigned char**, int) : BOOL + DeleteEntry(int) : X509_NAME_ENTRY* + Dup() : X509Name * + EntryCount() : int + GetEntry(int) : X509NameEntry* + GetIndex(int, int) : int + GetIndex(ASN1_OBJECT*, int) : int + GetText(int, char*, int) : int + GetText(ASN1_OBJECT*, char*, int) : int + Hash() : unsigned long + i2d(unsigned char**) : int + OneLine(char*, int) : char * + operator=(X509Name&) : X509Name& + operator=(X509_NAME&) : X509Name& + Print(BIO*, int) : int + X509Name(void) + X509Name(X509_NAME*) + X509Name(X509Name*) + ~X509Name(void) friend + operator==(X509Name&, X509Name&) : int

Hnh 3-4 X509Name v CNameProfile

cd Common X509NameEntry # + + + + + + + + + + + + + + m_ent: X509_NAME_ENTRY* GetData() : ASN1_STRING* GetObject() : ASN1_OBJECT* GetPointer() : X509_NAME_ENTRY * operator=(X509NameEntry&) : X509NameEntry& operator=(X509_NAME_ENTRY&) : X509NameEntry& SetData(int, unsigned char*, int) : int SetObject(ASN1_OBJECT*) : int txt2nid(char*) : int X509NameEntry(X509_NAME_ENTRY*) X509NameEntry(X509NameEntry*) X509NameEntry(int, unsigned char*) X509NameEntry(char*, unsigned char*) X509NameEntry(ASN1_OBJECT*, int, unsigned char*, int) ~X509NameEntry(void) # + + + + + + + + + X509Time m_pTme: ASN1_UTCTIME* Create() : BOOL GetString(char**) : int GetTime(int&, int&, int&, int&, int&, int&) : void operator=(X509Time&) : X509Time& operator=(ASN1_UTCTIME&) : X509Time& X509Time(void) X509Time(ASN1_UTCTIME*) X509Time(X509Time&) ~X509Time(void)

Hnh 3-5 X509NameEntry v X509Time

12

3.1.5. Cc lp qun l vic hy b hay gia hn chng ch s X509

cd Common X509Rev oked + + + + + + + + + + + + + + + + + + + + + m_revoked: X509_REVOKED* AddExt(X509_EXTENSION*, int) : int Create() : void d2i(unsigned char**, long) : X509_REVOKED * DeleteExt(int) : X509_EXTENSION * Detach() : X509_REVOKED * Free() : void GetExt(int) : X509_EXTENSION * GetExtByCritical(int, int) : int GetExtByNID(int, int) : int GetExtByObj(ASN1_OBJECT*, int) : int GetExtCount() : int GetRevokeDate(CString&) : int GetSerial() : long i2d(unsigned char**) : int operator=(X509Revoked&) : X509Revoked& SetRevokeDate(time_t) : void SetSerial(long) : int X509Revoked(void) X509Revoked(X509_REVOKED*) ~X509Revoked(void) + + + + + + X509Extension m_ext: X509_EXTENSION* Detach() : X509_EXTENSION* operator=(X509Extension&) : X509Extension& X509Extension() X509Extension(X509V3_CTX*, char*, char*) ~X509Extension(void)

X509CRLInfo + + + + + + + + + + + + + + m_crlInfo: X509_CRL_INFO* Create() : void d2i(unsigned char**, long) : X509_CRL_INFO * Free() : void i2d(unsigned char**) : int SetExtList(X509ExtensionList&) : void SetIssuerName(X509_NAME*) : void SetIssuerName(X509Name&) : void SetLastUpdate(time_t) : void SetNextUpdate(time_t) : void SetRevokedList(X509RevokedList&) : void SetVersion(long) : void X509CRLInfo(void) ~X509CRLInfo(void)

Hnh 3-6 Qun l hy b hay gia hn

13

3.2. Thit k cc lp lin quan ti CAServer 3.2.1. Cc lp giao din ca chc nng setup h thng v ng k, ng nhp s dng h thng
cd GUI CDialog Class Model::CSetupTabDlg + + + # # + + + + + m_pMainDlg: CMySimpleCADlg* CSetupTabDlg(CWnd*) ~CSetupTabDlg() DoDataExchange(CDataExchange*) : void OnInitDialog() : BOOL OnRegisterRA() : void OnRemove() : void OnSetup() : void OnViewCAcert() : void PreTranslateMessage(MSG*) : BOOL # # + + + # # # Class Model::CLoginDlg m_nLoginCount: int m_pConfig: CAConfig* m_strPassword: CString CLoginDlg(CAConfig*, CWnd*) ~CLoginDlg() DoDataExchange(CDataExchange*) : void OnBnClickedOk() : void OnOK() : void CDialog

CDialog Class Model::CRegisterRADlg + + + + + + # + + # # # m_nRAValidityDays: UINT m_pConfig: CAConfig* m_strRACertPath: CString m_strRAReqPath: CString CRegisterRADlg(CAConfig*, CWnd*) ~CRegisterRADlg() DoDataExchange(CDataExchange*) : void OnBrowseCert() : void OnBrowseREQ() : void OnCancel() : void OnInitDialog() : BOOL OnOK() : void + + + + + # + + + #

CDialog Class Model::CRequestExtern m_hParent: HWND m_lstCtl: CListCtrl m_pMainDlg: CMySimpleCADlg* CRequestExtern(CWnd*) ~CRequestExtern() DoDataExchange(CDataExchange*) : void HandlerViewCertInfo(void) : void insert() : void OnContextMenu(CWnd*, CPoint) : void OnInitDialog() : BOOL

CDialog Class Model::CAboutDlg + # CAboutDlg() DoDataExchange(CDataExchange*) : void

Hnh 3-7. Cc lp giao din chc nng setup h thng

14

3.2.2. Cc lp giao din ca cc tab chc nng lin quan n qun l chng ch
cd GUI CDialog Class Model::CCertTabDlg + + + + + + + + + + + + + + + + + + + + + + + + + # + + m_chkActive: CButton m_chkExtended: CButton m_chkViewAll: CButton m_chkWaitExtend: CButton m_chkWaitRevoke: CButton m_lstCtl: CListCtrl m_pMainDlg: CMySimpleCADlg* AddListItem(SimpleCACert&, DWORD) : void CCertTabDlg(CWnd*) ~CCertTabDlg() HandlerCertRevoke() : void HandlerExportCert() : void HandlerViewCertInfo() : void LoadAllItems() : void LoadItemsByStatus(CButton&, int, CString) : void OnBnClickedCertAccept() : void OnBnClickedCertDenie() : void OnBnClickedCertExport() : void OnBnClickedCheckAccepted() : void OnBnClickedCheckActive() : void OnBnClickedCheckRequestextended() : void OnBnClickedCheckRevokereq() : void OnBnClickedCheckViewall() : void OnContextMenu(CWnd*, CPoint) : void OnDestroy() : void OnInitDialog() : BOOL OnLvnItemchangedListCert(NMHDR*, LRESULT*) : void OnTimer(UINT) : void

CDialog Class Model::CCRLTabDlg + + + + + + + + + + + + + # + m_lstCtl: CListCtrl m_pMainDlg: CMySimpleCADlg* AddListItem(SimpleCA_CRL&, DWORD) : BOOL CCRLTabDlg(CWnd*) ~CCRLTabDlg() HandlerCreateCRL() : void HandlerDeleteCRL() : void HandlerExportCRL() : void HandlerViewCRLInfo() : void LoadAllItems() : void OnBnClickedCrlCreate() : void OnBnClickedCrlDelete() : void OnContextMenu(CWnd*, CPoint) : void OnInitDialog() : BOOL OnLvnItemchangedListCrl(NMHDR*, LRESULT*) : void

Hnh 3-8 Lp CcertTabDlg v CCRLTabDlg

cd GUI CDialog Class Model::CRequestTabDlg + + + + + + + + + + + + + # + m_lstCtl: CListCtrl m_pMainDlg: CMySimpleCADlg* AddListItem(CertRequest&, DWORD) : BOOL CRequestTabDlg(CWnd*) ~CRequestTabDlg() HandlerDeleteRequest() : void HandlerImportRequest() : void HandlerIssueCert() : void LoadAllItems() : void OnBnClickedRequestDelete() : void OnBnClickedRequestImport() : void OnBnClickedRequestIssue() : void OnContextMenu(CWnd*, CPoint) : void OnInitDialog() : BOOL OnReceiveRequest(WPARAM, LPARAM) : HRESULT CDialog Class Model::CIssueCertDlg + + + + + + + + + + + + m_dwDaysValid: DWORD m_pReq: CertRequest* m_strCommonName: CString m_strCountry: CString m_strEmail: CString m_strLocality: CString m_strOrganization: CString m_strOrganizationUnit: CString m_strState: CString CIssueCertDlg(CertRequest*, CWnd*) ~CIssueCertDlg() OnBnClickedOk() : void

Hnh 3-9 Lp CrequestTabDlg v CIssueCertDlg

15

3.2.3. Giao din ca s cc chc nng thit lp cu hnh h thng khi tin hnh ci t ban u cho h thng
cd GUI CDialog Class Model::CWizardCADNDlg + + + + + + + + + + m_commonName: CString m_country: CString m_emailAddress: CString m_locality: CString m_organization: CString m_organizationUnit: CString m_state: CString CWizardCADNDlg(CWnd*) ~CWizardCADNDlg() OnEnChangeCommon() : void

CDialog Class Model::CWizardDlg + + +m_dlgCADN + + + + + + + + CDialog + + + +m_dlgDatabase+ + + + + + # # + + m_dlgCACertInfo: CWizardCertInfoDlg m_dlgCADN: CWizardCADNDlg m_dlgCAServer: CWizardCAServerDlg m_dlgDatabase: CWizardDatabaseDlg m_dlgExecute: CWizardExecuteDlg m_dlgWelcome: CWizardWelcomeDlg m_hIcon: HICON m_rcBorder: CRect m_setupCA: CSetupCA m_step: int CreateWizardStepDlg(CDialog*, UINT) : void CWizardDlg(CWnd*) ~CWizardDlg() GotoStep(int) : void InitSteps() : void OnBnClickedBack() : void OnBnClickedCancel() : void OnBnClickedFinish() : void OnBnClickedNext() : void OnInitDialog() : BOOL OnOK() : void UpdateButtonState() : void UpdateData(BOOL) : BOOL

Class Model::CWizardDatabaseDlg + + + + + + + # + # m_nDBPort: UINT m_strDBName: CString m_strPassword: CString m_strServerHost: CString m_strUsername: CString CWizardDatabaseDlg(CWnd*) ~CWizardDatabaseDlg() OnCancel() : void OnEnChangeDbName() : void OnOK() : void

Hnh 3-10 Cc lp giao din ca s cc chc nng thit lp cu hnh h thng (1)

16

cd GUI CDialog Class Model::CWizardCertInfoDlg + + + + + +m_dlgCACertInfo + + m_nHashAlgorithm: int m_nKeySize: int m_nValidityDays: UINT m_passphrase: CString m_passphraseConfirm: CString CWizardCertInfoDlg(CWnd*) ~CWizardCertInfoDlg()

CDialog Class Model::CWizardDlg + + + + + + + + + + + + + + + + + + + # # + + m_dlgCACertInfo: CWizardCertInfoDlg m_dlgCADN: CWizardCADNDlg m_dlgCAServer: CWizardCAServerDlg m_dlgDatabase: CWizardDatabaseDlg m_dlgExecute: CWizardExecuteDlg m_dlgWelcome: CWizardWelcomeDlg m_hIcon: HICON m_rcBorder: CRect m_setupCA: CSetupCA m_step: int CreateWizardStepDlg(CDialog*, UINT) : void CWizardDlg(CWnd*) ~CWizardDlg() GotoStep(int) : void InitSteps() : void OnBnClickedBack() : void OnBnClickedCancel() : void OnBnClickedFinish() : void OnBnClickedNext() : void OnInitDialog() : BOOL OnOK() : void UpdateButtonState() : void UpdateData(BOOL) : BOOL

CDialog +m_dlgExecute + + + + + Class Model::CWizardExecuteDlg m_bCreateDB: bool m_bGenCert: bool m_bWriteConfig: bool CWizardExecuteDlg(CWnd*) ~CWizardExecuteDlg()

+m_dlgCAServer CDialog Class Model::CWizardCAServ erDlg + + + m_nCAPort: UINT CWizardCAServerDlg(CWnd*) ~CWizardCAServerDlg()

+m_dlgWelcome CDialog Class Model::CWizardWelcomeDlg + + CWizardWelcomeDlg(CWnd*) ~CWizardWelcomeDlg()

Hnh 3-11 Cc lp giao din ca s cc chc nng thit lp cu hnh h thng (2)

17

3.2.4. Giao din mn hnh hin th thng tin chi tit v chng ch, thng tin chung v danh sch chng ch b thu hi
cd GUI CDialog Class Model::CView CRLDetailDlg + # + + # +m_detailDlg + # # # m_lstCtrlRvkCert: CListCtrl m_pCRL: X509CRL* CViewCRLDetailDlg(CWnd*) ~CViewCRLDetailDlg() InitData() : void LoadData(X509CRL*) : void OnCancel() : void OnInitDialog() : BOOL OnOK() : void

CDialog Class Model::CView CRLDlg + + + + + + + + # m_crl: X509CRL m_detailDlg: CViewCRLDetailDlg m_generalDlg: CViewCRLGeneralDlg m_tabMain: CMyTabCtrl CViewCRLDlg(X509CRL&, CWnd*) ~CViewCRLDlg() InitTab() : void OnExportCRL() : void OnInitDialog() : BOOL

CDialog Class Model::CView CRLGeneralDlg +m_generalDlg + + + + + + + + + # # # # m_lstCtrlCRL: CListCtrl m_mapValues: CMap<INT, INT, CString, CString> m_pCRL: X509CRL* m_stcHeader: CTransStatic m_strDetail: CString CViewCRLGeneralDlg(CWnd*) ~CViewCRLGeneralDlg() InitData() : void LoadData(X509CRL*) : void OnCancel() : void OnCtlColor(CDC*, CWnd*, UINT) : HBRUSH OnInitDialog() : BOOL OnOK() : void

CDialog Class Model::CView CertGeneralDlg + + + + + + + + + + + + + + + + + + # # # # m_rcBorder: CRect m_stcBeginDuration: CTransStatic m_stcBorder: CStatic m_stcCertInfo: CTransStatic m_stcEndDuration: CTransStatic m_stcIssuedBy: CTransStatic m_stcIssuedByValue: CTransStatic m_stcIssuedTo: CTransStatic m_stcIssuedToValue: CTransStatic m_stcValidFrom: CTransStatic m_stcValidTo: CTransStatic m_strBeginDuration: CString m_strEndDuration: CString m_strIssuedBy: CString m_strIssuedTo: CString CViewCertGeneralDlg(CWnd*) ~CViewCertGeneralDlg() LoadData(SimplePKICert*) : void OnCancel() : void OnInitDialog() : BOOL OnOK() : void OnPaint() : void

+m_stcHeader CStatic +m_stcIssuedToValue +m_stcIssuedByValue +m_stcBeginDuration +m_stcEndDuration +m_stcValidFrom +m_stcIssuedTo +m_stcIssuedBy +m_stcValidTo +m_stcCertInfo Class Model::CTransStatic # # + + # + + m_clrText: COLORREF m_font: CFont CTransStatic() ~CTransStatic() OnPaint() : void SetFont(LPCTSTR, int, BOOL, BOOL, BOOL) : BOOL SetTextColor(COLORREF) : void

Hnh 3-12 Cc lp giao din hin th thng tin chi tit chng ch (1)

18

cd GUI CDialog CDialog Class Model::COptionsCertDlg # + + + + # + m_bDirty: BOOL m_nCRLUpdate: UINT COptionsCertDlg(CWnd*) ~COptionsCertDlg() IsDirty() : BOOL OnCancel() : void OnEnChange() : void +m_tabCertDlg # # + + + + + + + + +m_tabSystemDlg + CDialog Class Model::COptionsDlg + + + + + + + + # # m_hIcon: HICON m_pConfig: CAConfig* m_tabCertDlg: COptionsCertDlg m_tabMain: CMyTabCtrl m_tabSystemDlg: COptionsSystemDlg COptionsDlg(CAConfig*, CWnd*) ~COptionsDlg() InitTab() : void OnInitDialog() : BOOL UpdateData(BOOL) : BOOL CDialog Class Model::CView CertDlg + + + + + + + + + # m_cert: SimplePKICert m_pageDetail: CViewCertDetailDlg m_pageGeneral: CViewCertGeneralDlg m_tabMain: CMyTabCtrl CViewCertDlg(SimplePKICert&, CWnd*) ~CViewCertDlg() InitTab() : void OnCancel() : void OnExportCert() : void OnInitDialog() : BOOL + + + + # + + Class Model::COptionsSystemDlg m_bChangePassphrase: BOOL m_bDirty: BOOL m_CAPort: UINT m_DBHost: CString m_DBName: CString m_DBPassword: CString m_DBPort: UINT m_DBUsername: CString m_strConfirmPassphrase: CString m_strNewPassphrase: CString m_strOldPassphrase: CString COptionsSystemDlg(CWnd*) ~COptionsSystemDlg() IsChangePassphrase() : BOOL IsDirty() : BOOL OnCancel() : void OnEnChange() : void OnEnChangePass() : void CTabCtrl Class Model::CMyTabCtrl +m_tabMain + + + + + + +m_tabMain + # # + + m_arrayTab: CTypedPtrArray<CObArray, CDialog*> m_pFont: CFont* AddItem(UINT, CDialog*) : void CMyTabCtrl() ~CMyTabCtrl() DrawItem(LPDRAWITEMSTRUCT) : void GetPage(INT) : CDialog * OnSelchange(NMHDR*, LRESULT*) : BOOL OnSelchanging(NMHDR*, LRESULT*) : BOOL SetFont(int, LPCTSTR) : void ShowPage(INT) : void CDialog Class Model::CView CertDetailDlg +m_pageDetail # + # + # + + + # + # # # # m_fnDetail: CFont m_lstDetail: CListCtrl m_mapDetail: CMap<INT, INT, CString, CString> m_nShowType: int m_pCert: SimplePKICert* m_strDetail: CString CViewCertDetailDlg(CWnd*) ~CViewCertDetailDlg() InitData() : void LoadData(SimplePKICert*) : void OnCancel() : void OnCbnSelchangeShowType() : void OnCtlColor(CDC*, CWnd*, UINT) : HBRUSH OnInitDialog() : BOOL

Hnh 3-13 Cc lp giao din hin th thng tin chi tit chng ch (2)

19

3.2.5. Cc lp k tha t lp CList Cc lp ny hin th danh sch cc yu cu,danh sch cc chng ch c trong c s d liu, danh sch cc chng ch b hy.Vic truy cp vo c s d liu c thc hin thng qua lp CADataAccess
cd CA CDialog CList + # # + + AddRequest(char*, int, int) : POSITION + + DeleteRequest(POSITION) : BOOL + # ImportItem(char*, int, UINT, CString, int) : POSITION + +m_lstRequest + + ReadDatabse() : BOOL + RequestList(void) + + ~RequestList(void) + + UpdateStatusRequest(POSITION) : BOOL + + +dao + + Class Model::CCADataAccess + + dao: CCADataAccess m_mysql: MYSQL* + + + + + + + + + + + + + + + m_DBHost: CString m_DBName: CString m_DBPassword: CString m_DBPort: uint m_DBUserName: CString m_mysql: MYSQL* CCADataAccess(void) ~CCADataAccess(void) CCADataAccess(CString, CString, CString, CString, uint) CreateConnection() : bool CreateDB(void) : bool ReadCertificate() : MYSQL_RES* ReadRequestCert(void) : MYSQL_RES* WriteRowToCAConfig(int, char*, int) : bool WriteSNToCAConfig(int, int) : bool +dao +m_lstCert CList Class Model::CertList + + + # + + + + + + + # + + + + + dao: CCADataAccess m_mysql: MYSQL* m_pConfig: CAConfig* AddCert2DB(SimpleCACert&, int) : int AddTemp2DB(void) : int CertList(void) ~CertList(void) FindCert(int) : POSITION FindCertByStatus(int, POSITION) : bool FindCertID(int) : int FindCertSeNum(int) : POSITION ImportCert(char*, int, UINT, UINT, UINT, int, BOOL, CTime&) : POSITION MakeCert(CertRequest&, DWORD) : POSITION MarkRevoked2DB(int) : BOOL ParseTime(char*, int, CTime&) : BOOL ReadDatabse() : BOOL UpdateFingerId(int, int) : void + + + + + + + + + + Class Model::CRL_List m_mysql: MYSQL* m_pCertList: CertList* m_pConfig: CAConfig* AddCRL2DB(X509CRL&) : int CRL_List(void) ~CRL_List(void) DeleteCRLAt(POSITION) : BOOL ImportCRL(char*, int, int) : POSITION MakeCRL(X509CRL&) : BOOL ReadDatabse() : BOOL + + + + # # # # # # # # # # + Class Model::RequestList Class Model::CMySimpleCADlg dao: CCADataAccess* m_fLoadDB: BOOL m_hIcon: HICON m_lstCert: CertList m_lstCRL: CRL_List m_lstRequest: RequestList m_pConfig: CAConfig* m_pServer: CAServer* m_ptabCert: CCertTabDlg* m_ptabCRL: CCRLTabDlg* m_ptabReqExtern: CRequestExtern* m_ptabRequest: CRequestTabDlg* m_ptabSetup: CSetupTabDlg* m_tabCtrl: CMyTabCtrl CMySimpleCADlg(CWnd*) ~CMySimpleCADlg() InitCA() : BOOL IsLoadDB() : BOOL OnAppExit() : void OnCancel() : void OnClose() : void OnOptions() : void OnPaint() : void OnQueryDragIcon() : HCURSOR OnServerStart() : void OnServerStop() : void OnSysCommand(UINT, LPARAM) : void OnTabChange(NMHDR*, LRESULT*) : void SetButtonState(int) : void +m_lstCRL CList

Hnh 3-14 Cc lp k tha hin th danh sch yu cu, chng ch

20

3.2.6. Lp chnh ca CAServer Cc lp ny c nhim v duy tr hot ng ca CA, khi to kt ni, lng nghe yu cu t client v tr li cc yu cu . CAServer giao tip vi RAClient thng qua knh truyn thng bo mt SSL.
cd CA Class Model::CAServ er # + # # # + + # # # # + + + # # # # # + + + + + + + # # # + # # + + # m_bStopServer: volatile BOOL m_CritSection: CCriticalSection m_ctx: SSLContext m_lstClientThreads: CList<CWinThread*> m_nServerPort: int m_pConfig: CAConfig* m_pMainDlg: CMySimpleCADlg* m_pServerThread: CWinThread* m_sConnectSocket: CMySocketCA m_sslClient: SSL* m_sslServer: SSLConnection CAServer(void) ~CAServer(void) ConvertHex2Str(unsigned char*, int, unsigned char*) : BOOL DeleteCertHandler(CAServer*, SSLConnection&, BOOL&, int) : int DoServerLoop(SSLConnection&, CAServer*) : int ExtendCertHandler(CAServer*, SSLConnection&, BOOL&, int) : int GetCertHandler(CAServer*, SSLConnection&, BOOL&, int) : int GetCRLHandler(CAServer*, SSLConnection&, BOOL&) : int InitServer() : BOOL LogonSendID(CAServer*, SSLConnection&, BOOL&, int) : bool OnAccept() : void OnClose() : void OnRecvRequest(char*, int, int) : int OnSend() : void OnStart() : void ReadCommand(SSLConnection&, char*, int, BOOL&, BOOL&) : int ReceiveMinuHandler(CAServer*, SSLConnection&, bool&, CString) : bool ReceiveRequestHandler(CAServer*, SSLConnection&, BOOL&, int) : int ReceiveVerifyHandler(CAServer*, SSLConnection&, bool&, CString) : bool SSLClientThreadProc(LPVOID) : UINT SSLServerThreadProc(LPVOID) : UINT Start(int) : void Stop() : void verifyUser(int, CString, CAServer*) : bool

CAsyncSocket Class Model::CMySocketCA + + # # + m_pWnd: CDialog* CMySocketCA() ~CMySocketCA() OnAccept(int) : void OnSend(int) : void SetParent(CDialog*) : void #m_sConnectSocket

Hnh 3-15 Lp chnh ca CAServer : khi to kt ni, lng nghe yu cu v tr li yu cu t client

21

3.2.7. Lp qun l cu hnh ca CAServer

cd CA Class Model::CAConfig + + + + + + + + + + + + + + + + + + + + + + + + + m_CApassphrase: CString m_CApassphraseHash: CString m_CAPort: UINT m_certCA: SimplePKICert m_certSSLServer: SimplePKICert m_crlPeriod: DWORD m_DBHost: CString m_DBName: CString m_DBPassword: CString m_DBPort: UINT m_DBUsername: CString m_dwSerial: DWORD m_fSystemConfig: BOOL m_keyCA: EVP_PKey m_keySSLServer: EVP_PKey m_mysql: MYSQL* m_szRegPath: LPCTSTR CAConfig(void) ~CAConfig(void) ChangePassphrase(LPCTSTR) : BOOL LoadConfig() : BOOL ReadRegSetting() : BOOL SaveConfig() : BOOL UpdateRowConfig(MYSQL*, int, char*, int) : BOOL WriteRegSetting() : BOOL

CWinApp Class Model:: CMySimpleCAApp +m_config + + + + + + + m_config: CAConfig m_mysql_conn: MYSQL* CMySimpleCAApp() ~CMySimpleCAApp() ExitInstance() : int InitInstance() : BOOL InitOpenSSL() : void

Hnh 3-16 Lp qun l cu hnh ca CAServer 3.3. Thit k lp ca RAClient

cd RA CWinApp CMySimpleClientApp + + + + + + + + + + + + + bAdmin: bool bRegisted: bool m_bGetNew: bool m_client: Client m_config: ClientConfig m_DBserver: bool m_mysql_conn: MYSQL* m_strContentID: CString CMySimpleClientApp() ~CMySimpleClientApp() ExitInstance() : int InitInstance() : BOOL InitOpenSSL() : void

Hnh 3-17 Lp CMySimpleClientApp

22

Kiu MYSQL BOOL BOOL ClientConfig Cstring BOOL Client

Tn m_mysql_conn bRegisted bAdmin m_config m_strContentID m_bGetNew m_client DB

ngha bin dng kt ni vo

=1:Admin =0:User lu tr cc thit lp

=FALSE lin tc,ko thy g kh quan dng cho kt ni SSL

Bng 3-1 Cc thng s ca lp CmySimpleClientApp

3.3.1. Cc lp thuc phn thit lp ci t RA

cd RA CDialog CSetupClientTabDlg + + + # # + # # + + m_pMainDlg: CMySimpleClientDlg* CSetupClientTabDlg(CWnd*) ~CSetupClientTabDlg() DoDataExchange(CDataExchange*) : void OnCancel() : void OnImportCerts() : void OnInitDialog() : BOOL OnOK() : void OnRemove() : void OnSetupClient() : void

Hnh 3-18 CSetupClienTabDlg

23

cd RA CSetupClient + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + m_CAHost: CString m_CAPort: UINT m_DBHost: CString m_DBName: CString m_DBPassword: CString m_DBPort: UINT m_DBserver: bool m_DBUsername: CString m_mysql: MYSQL* m_nHashAlgorithm: int m_nKeySize: int m_pClientRequest: SimpleClientRequest* m_pkeyClient: EVP_PKey* m_strCommon: CString m_strCountry: CString m_strEmail: CString m_strFQDN: CString m_strLocality: CString m_strOrganization: CString m_strOrganizationUnit: CString m_strPassphrase: CString m_strReqPath: CString m_strState: CString CleanDB(MYSQL*, LPCTSTR) : BOOL CleanRegistry() : BOOL Cleanup(MYSQL*, LPCTSTR) : BOOL CreateClientReq() : BOOL CreateDB() : BOOL CSetupClient(void) ~CSetupClient(void) WriteConfig() : BOOL WriteRegSetting() : BOOL WriteRowConfig(MYSQL*, int, char*, int) : BOOL

CDialog CSetupClientDlg + + + + + + + + + + + + + + + + + + + + + + + + # + + + + + + m_DataAccess: CRADataAccess m_DBserver: BOOL m_nCAPort: UINT m_nDBPort: UINT m_nHashAlgorithm: int m_nKeySize: int m_SetupClient: CSetupClient m_strCAHost: CString m_strCommon: CString m_strCountry: CString m_strDBName: CString m_strDBPassword: CString m_strDBUsername: CString m_strEmail: CString m_strLocality: CString m_strOrganization: CString m_strOrganizationUnit: CString m_strPassphrase: CString m_strPassphraseConfirm: CString m_strReqPath: CString m_strState: CString n_strDBHost: CString CSetupClientDlg(CWnd*) ~CSetupClientDlg() DoDataExchange(CDataExchange*) : void OnBnClickedRadio1() : void OnBnClickedRadio2() : void OnBrowseREQ() : void OnEnChangeCommon() : void OnEnChangeDbname() : void OnOK() : void +m_SetupClient

Hnh 3-19 CsetupClient Kiu tn m_DBHost, m_DBUsername, m_DBPassword, m_DBName, m_CAPort, m_mysql m_CAHost. ngha

Thng s

24

CString

m_strCommon; m_strEmail; m_strCountry;m_strState; m_strLocality;m_strOrganization; m_strOrganizationUnit; m_strPassphrase m_strReqPath *m_pClientRequest m_pkeyClient Bng 3-2 M t lp CsetupClient

cc thng tin ca client admin

CString CString SimpleClientRequest EVP_PKey

ng dn ca file request

3.3.2. Lp cha thng s cu hnh

cd RA ClientConfig + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + m_CAHost: CString m_CAPort: UINT m_Clientpassphrase: CString m_ClientpassphraseHash: CString m_DBHost: CString m_DBName: CString m_DBPassword: CString m_DBPort: UINT m_DBserver: bool m_DBUsername: CString m_fSystemActive: BOOL m_fSystemSetup: BOOL m_keyClient: EVP_PKey m_keyUser: EVP_PKey m_mysql: MYSQL* m_nUserID: int m_pcertCA: X509Certificate* m_pcertClient: X509Certificate* m_pCertUser: X509Certificate* m_pCRL: X509CRL* m_strPassword: CString m_strUser: CString m_szRegPath: LPCTSTR p_user_profile: CNameProfile* ChangePassphrase(LPCTSTR) : BOOL ClientConfig(void) ~ClientConfig(void) LoadConfig() : BOOL ReadRegSetting() : BOOL UpdateRowConfig(MYSQL*, int, char*, int) : BOOL WriteRegSetting() : BOOL CWinApp CMySimpleClientApp + + + + + + + + + + + + + bAdmin: bool bRegisted: bool m_bGetNew: bool m_client: Client m_config: ClientConfig m_DBserver: bool m_mysql_conn: MYSQL* m_strContentID: CString CMySimpleClientApp() ~CMySimpleClientApp() ExitInstance() : int InitInstance() : BOOL InitOpenSSL() : void

+m_config

Hnh 3-20 ClientConfig

25

3.3.3. Cc lp lin quan ti chc nng ng nhp, ng k

cd RA CDialog CLoginDlg + + # # + + + + + + + # + + + + + + + + + + # + + + + + bSuccess: bool m_mysql: MYSQL* m_nLoginCount: int m_pConfig: ClientConfig* m_strPassword: CString m_username: CString AddProfile(CString, CString, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR) : BOOL CLoginDlg(ClientConfig*, CWnd*) ~CLoginDlg() ConvertHex2Str(unsigned char*, int, unsigned char*) : BOOL ConvertStr2Hex(unsigned char*, int, unsigned char*) : BOOL DoDataExchange(CDataExchange*) : void HuongMoi(double, int) : int IsUserRegisted(CString) : bool khoangcach(Minutiae, Minutiae) : long khoangcach(Minutdc, Minutdc) : long khoangcach(Minutiae, Minutdc) : long LoadUserConfig(void) : void Nearest(Minutiae, Minutiae*, int) : int OnBnClickedOk() : void OnBnClickedRegister() : void OnLogin() : void OnOK() : void OnRegister() : void RegisterUser(CString, CString) : bool ScanFinger(CString) : bool VerifyUser() : void xoaytructoado(Minutiae, Minutiae, Minutiae*, Minutdc*, int) : void

Hnh 3-21 CloginDlg tn hm hoc bin void CLoginDlg::VerifyUser() ngha kim tra xem m_username v m_strPassword c ng ko,tr v bin bSuccess username ng nhp m s ln login, =3 th out bin config c ly t cmysimpleclientapp.m_config pass =1:truy nhp ok =0:truy nhp tht bi ng k user v pass vo CSDL kim tra trong CSDL xem ng k cha

CString m_username MYSQL *m_mysql; int m_nLoginCount; ClientConfig m_pConfig CString m_strPassword; BOOL bSuccess bool CLoginDlg::RegisterUser(CString passphrase, CString username) bool CLoginDlg::IsUserRegisted(CString username)

Bng 3-3 M t lp CloginDlg

26

cd RA CDialog CUserRegisterDlg + + + + + + + + + + + + + + + # + # + m_combobox: CComboBox m_mysql: MYSQL* m_reg_confirm_passphrase: CString m_reg_passphrase: CString m_reg_username: CString m_strCommon: CString m_strCountry: CString m_strEmail: CString m_strLocality: CString m_strOrganization: CString m_strOrganization_unit: CString m_strState: CString check_emailaddress(CString) : bool CUserRegisterDlg(CWnd*) ~CUserRegisterDlg() DoDataExchange(CDataExchange*) : void OnBnClickedRegfinger() : void OnInitDialog(void) : BOOL OnOk() : void

Hnh 3-22 CUserRegisterDlg 3.3.4. Lp lm vic vi c s d liu

cd RA CRADataAccess + + + + + + + + + + + + + + + + + + + + + + + + + + + m_ClientReq: SimpleClientRequest* m_DBHost: CString m_DBName: CString m_DBPassword: CString m_DBport: int m_DBserver: bool m_DBUser: CString m_mysql: MYSQL* m_Password: CString m_Pkey: EVP_PKey* m_User: CString Change_Request_Status(int, int) : bool CleanDB(MYSQL*, CString) : bool CRADataAccess(void) ~CRADataAccess(void) CreateConn2DB(void) : bool CreateDB(void) : bool Get_Private_key(int, CString, EVP_PKey*) : bool Get_Private_key_By_SN(int, EVP_PKey*, CString) : bool Insert_Certificate(int, SimpleClientCert*, int, CString, int) : bool Insert_Fingerprint(unsigned char*, CString) : bool Insert_privatekey(int, EVP_PKey*, CString) : bool Insert_Request(CString, SimpleClientRequest*, EVP_PKey*, CString, int) : int MovePrivateKeyANDType(int) : bool Read_user_profile(CString) : CNameProfile * Update_CA_RequestID(int, int) : bool Writeclientconf(void) : bool

Hnh 3-23 CRADataAccess

27

3.3.5. Lp qun l thng tin user

cd RA CDialog CProfileDialog # + + + + + + + + + + + + # + + + # + m_bDirty: BOOL m_mysql: MYSQL* m_nid: int m_strCommonName: CString m_strCountry: CString m_strEmailAddress: CString m_strLocality: CString m_strOrganization: CString m_strOrganizationUnit: CString m_strState: CString m_strTitle: CString CProfileDialog(CWnd*) ~CProfileDialog() DoDataExchange(CDataExchange*) : void IsDirty() : BOOL NextUser(void) : int OnEnChange() : void OnInitDialog() : BOOL OnOK() : void CDialog ProfileTab_Dlg + + + + + + + + # # + + m_pMainDlg: CMySimpleClientDlg* m_strcommon: CString m_strcountry: CString m_stremail: CString m_strlocality: CString m_strorganization: CString m_strOrganizationunit: CString m_strstate: CString DoDataExchange(CDataExchange*) : void OnInitDialog(void) : BOOL ProfileTab_Dlg(CWnd*) ~ProfileTab_Dlg()

Hnh 3-24 CProfileDialog 3.3.6. Lp qun l danh sch cc chng ch

cd GUI CList RA::CCertList + + + + + + + +m_lstCert + m_mysql: MYSQL* CCertList(void) ~CCertList(void) FindCertByStatus(int, int, POSITION) : bool FindCertByType(int, bool*, POSITION) : bool ReadDatabase(void) : BOOL ReadUserData(CString) : BOOL UpdateCertDB(SimpleClientCert&) : BOOL

CDialog RA::CCertificateTabDlg + + + + + + + + + + + + + # + + + + + + + + + + + + + # + m_cboType: CComboBox m_chkActive: CButton m_chkExtended: CButton m_chkViewAll: CButton m_chkWaitExtend: CButton m_chkWaitRevoke: CButton m_lstCert: CCertList m_lstCtrl: CListCtrl m_pMainDlg: CMySimpleClientDlg* AddItem(SimpleClientCert&, DWORD) : void AddListItem(SimpleClientCert&, DWORD) : void CCertificateTabDlg(CWnd*) ~CCertificateTabDlg() DoDataExchange(CDataExchange*) : void LoadAllItems() : void LoadItemsByStatus(CButton&, int, CString, int) : void LoadItemsByType(int, bool*) : void OnBnClickedCertDelete() : void OnBnClickedCertExtend() : void OnBnClickedCertGetdel() : void OnBnClickedCertGetextern() : void OnBnClickedChkActive() : void OnBnClickedChkExtended() : void OnBnClickedChkViewall() : void OnBnClickedChkWaitExtend() : void OnBnClickedChkWaitRevoke() : void OnCbnSelchangeCboType() : void OnInitDialog(void) : BOOL OnLvnItemchangedListRa(NMHDR*, LRESULT*) : void

Hnh 3-25 CCertificateTabDlg

28

3.3.7. Lp qun l danh sch cc chng ch b hy

cd RA CDialog CRev ocationListTabDlg + + + + + # # # + + + # # m_lstCtrl: CListCtrl m_pMainDlg: CMySimpleClientDlg* AddListItem(X509CRL&) : BOOL CRevocationListTabDlg(CWnd*) ~CRevocationListTabDlg() DoDataExchange(CDataExchange*) : void OnCancel() : void OnContextMenu(CWnd*, CPoint) : void OnCRLExport() : void OnCRLUpdate() : void OnCRLView() : void OnInitDialog() : BOOL OnOK() : void

Hnh 3-26 CRevocationListTabDlg

29

3.3.8. Lp chnh ca RAClient

cd RA Client + + + + + + + + + + + + + + + + + + + + + + + + + +m_client CDialog CMySimpleClientDlg + # # + + + + + + + + + + + + + + + + + + + + # + + # # # # # # # # # # + # m_client: Client m_fLoadDB: BOOL m_hIcon: HICON m_lstCert: CCertList m_lstClient: ClientList m_lstRequest: RequestList m_nPort: int m_pConfig: ClientConfig* m_ptabApplication: CApplicationTabDlg* m_ptabCertificate: CCertificateTabDlg* m_ptabClientObject: CClientObjectTabDlg* m_ptabCRL: CRevocationListTabDlg* m_ptabDSz: CDigitalSignatureDlg* m_ptabManageUser: CManageUserTabDlg* m_ptabProfile: ProfileTab_Dlg* m_ptabRemote: CRemoteLoginTabDlg* m_ptabSetup: CSetupClientTabDlg* m_str_status: CString m_strHost: CString m_tabCtrl: CMyTabCtrl m_tabSecure: CSecureMessageTabDlg* CMySimpleClientDlg(CWnd*) ~CMySimpleClientDlg() DoDataExchange(CDataExchange*) : void InitClient() : BOOL IsLoadDB() : BOOL OnAppExit() : void OnCancel() : void OnClose() : void OnConnect() : void OnDisconnect() : void OnInitDialog() : BOOL OnOK() : void OnOptions() : void OnPaint() : void OnQueryDragIcon() : HCURSOR OnRemotelogon() : void OnSysCommand(UINT, LPARAM) : void m_bConnected: BOOL m_ctx: SSLContext m_pConfig: ClientConfig* m_ssl: SSLConnection Close() : void Connect(char*, int) : BOOL ConvertStr2Hex(unsigned char*, int, unsigned char*) : BOOL DeleteCert(int) : bool ExtendCert(int) : bool GetCert(int, SimpleClientCert**) : BOOL GetCertBySN(int, SimpleClientCert**) : BOOL GetCRL(X509CRL**) : BOOL GetDeleteRequest(int) : bool GetExternRequest(int) : bool Initialize() : BOOL IsConnected() : BOOL ReadCommand(SSLConnection&, char*, int, BOOL&, BOOL&) : int SendExternRequest(int) : bool SendFingerMinutiae(int) : bool SendLogOn(int, char*) : bool SendMinutiae(CString, int) : bool SendRemoteFinger(int, unsigned char*) : bool SendRequest(X509Request&, int) : int SendTest(void) : bool SendVerify(CString, int) : bool

Hnh 3-27 Client

30

cd RA CList ClientList + + + + # + + + + + + + + # + + # # m_mysql: MYSQL* ClientList(void) ~ClientList(void) DeleteCertAt(POSITION) : bool DeleteFromDB(ClientObject&) : BOOL DeleteProfileAt(POSITION) : BOOL DeleteRequestAt(POSITION) : bool MakePkey(POSITION, EVP_PKey&, CString, CString) : bool MakeRequest(POSITION, EVP_PKey&, EVP_MD*) : BOOL ReadDatabase() : BOOL ReadUserData(CString) : BOOL SetProfileAt(LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR, POSITION) : BOOL UpdateCert2DB(ClientObject&) : BOOL UpdateProfile2DB(ClientObject&) : BOOL UpdateRequestID(ClientObject&) : BOOL WritePkey2DB(ClientObject&) : bool WriteProfile2DB(ClientObject&) : BOOL WriteRequest2DB(ClientObject&) : BOOL

Hnh 3-28 ClienList

cd RA ClientConfig + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + m_CAHost: CString m_CAPort: UINT m_Clientpassphrase: CString m_ClientpassphraseHash: CString m_DBHost: CString m_DBName: CString m_DBPassword: CString m_DBPort: UINT m_DBserver: bool m_DBUsername: CString m_fSystemActive: BOOL m_fSystemSetup: BOOL m_keyClient: EVP_PKey m_keyUser: EVP_PKey m_mysql: MYSQL* m_nUserID: int m_pcertCA: X509Certificate* m_pcertClient: X509Certificate* m_pCertUser: X509Certificate* m_pCRL: X509CRL* m_strPassword: CString m_strUser: CString m_szRegPath: LPCTSTR p_user_profile: CNameProfile* ChangePassphrase(LPCTSTR) : BOOL ClientConfig(void) ~ClientConfig(void) LoadConfig() : BOOL ReadRegSetting() : BOOL UpdateRowConfig(MYSQL*, int, char*, int) : BOOL WriteRegSetting() : BOOL CWinApp CMySimpleClientApp + + + + + + + + +m_config + + + + + bAdmin: bool bRegisted: bool m_bGetNew: bool m_client: Client m_config: ClientConfig m_DBserver: bool m_mysql_conn: MYSQL* m_strContentID: CString CMySimpleClientApp() ~CMySimpleClientApp() ExitInstance() : int InitInstance() : BOOL InitOpenSSL() : void

Hnh 3-29 CMySimpleClientDlg, CmySimpleClientApp

31

cd RA CDialog CView CRLDetailDlg + # + + # # + # # # m_lstCtrlRvkCert: CListCtrl m_pCRL: X509CRL* CViewCRLDetailDlg(CWnd*) ~CViewCRLDetailDlg() DoDataExchange(CDataExchange*) : void InitData() : void LoadData(X509CRL*) : void OnCancel() : void OnInitDialog() : BOOL OnOK() : void +m_detailDlg CDialog CView CRLGeneralDlg + + + + + + + # + + # # # # # m_lstCtrlCRL: CListCtrl m_mapValues: CMap<INT, INT, CString, CString> m_pCRL: X509CRL* m_stcHeader: CTransStatic m_strDetail: CString CViewCRLGeneralDlg(CWnd*) ~CViewCRLGeneralDlg() DoDataExchange(CDataExchange*) : void InitData() : void LoadData(X509CRL*) : void OnCancel() : void OnCtlColor(CDC*, CWnd*, UINT) : HBRUSH OnInitDialog() : BOOL OnLVNChangeItem(NMHDR*, LRESULT*) : void OnOK() : void

+m_generalDlg

CDialog CView CRLDlg + + + + + + # + + # m_crl: X509CRL m_detailDlg: CViewCRLDetailDlg m_generalDlg: CViewCRLGeneralDlg m_tabMain: CMyTabCtrl CViewCRLDlg(X509CRL&, CWnd*) ~CViewCRLDlg() DoDataExchange(CDataExchange*) : void InitTab() : void OnExportCRL() : void OnInitDialog() : BOOL

+m_tabMain CTabCtrl CMyTabCtrl + + + + + + + # # + + m_arrayTab: CTypedPtrArray<CObArray, CDialog*> m_pFont: CFont* AddItem(UINT, CDialog*) : void CMyTabCtrl() ~CMyTabCtrl() DrawItem(LPDRAWITEMSTRUCT) : void GetPage(INT) : CDialog * OnSelchange(NMHDR*, LRESULT*) : BOOL OnSelchanging(NMHDR*, LRESULT*) : BOOL SetFont(int, LPCTSTR) : void ShowPage(INT) : void

Hnh 3-30 Cc lp thuc v cc Tab chc nng ca RAClient

32

3.3.9. Lp hin th ni dung chng ch

cd RA CDialog CView CertDlg + + + + + + # + + + # m_cert: SimplePKICert m_pageDetail: CViewCertDetailDlg m_pageGeneral: CViewCertGeneralDlg m_tabMain: CMyTabCtrl CViewCertDlg(SimplePKICert&, CWnd*) ~CViewCertDlg() DoDataExchange(CDataExchange*) : void InitTab() : void OnCancel() : void OnExportCert() : void OnInitDialog() : BOOL CView CertDetailDlg +m_pageDetail # + # + # + + + # # + # # # # # # m_fnDetail: CFont m_lstDetail: CListCtrl m_mapDetail: CMap<INT, INT, CString, CString> m_nShowType: int m_pCert: SimplePKICert* m_strDetail: CString CViewCertDetailDlg(CWnd*) ~CViewCertDetailDlg() DoDataExchange(CDataExchange*) : void InitData() : void LoadData(SimplePKICert*) : void OnCancel() : void OnCbnSelchangeShowType() : void OnCtlColor(CDC*, CWnd*, UINT) : HBRUSH OnInitDialog() : BOOL OnLvnItemchangedLstdetail(NMHDR*, LRESULT*) : void OnOK() : void

CDialog

Hnh 3-31 Cc lp hin th ni dung chng ch s 3.4. Cc lp thuc v cc ng dng trong h thng 3.4.1. ng dng bo mt thng ip

CDUCSOCKET +m_Parent : CDialog * +CDUCSOCKET() +~CDUCSOCKET() +OnSend(in nErrorCode : int) +OnConnect(in nErrorCode : int) +OnAccept(in nErrorCode : int) +OnReceive(in nErrorCode : int) CWindowChatDLg +classCWindowChatDLg : CRuntimeClass +m_ListChat : CListBox +m_sock : CDUCSOCKET * +m_MySerial : int +m_YourSerial : int +m_pMainDlg : CSecureMessageTabDlg * +m_strlinechat : CString +m_connected : bool +m_myprivatekey : EVP_PKey * +m_publickey : EVP_PKey * +m_nuser : CString +CWindowChatDLg(in mainDLg : CSecureMessageTabDlg*, in sock : CDUCSOCKET*, in pParent : CWnd* = 0) +~CWindowChatDLg() #DoDataExchange(in pDX : CDataExchange*) +OnBnClickedSend() : void +OnReceive() +OnInitDialog() : BOOL +OnConnect() +OnLbnSelchangeList1() : void +OnBnClickedCancel() : void

Hnh 3-32

33

MySimpleClient::COFFLINESOCK +m_parent : CDialog * +m_sockser : CSocketser * +COFFLINESOCK() +~COFFLINESOCK() +OnReceive(in nErrorCode : int) +OnDisconnect()

MySimpleClient::COfflineDlg +classCOfflineDlg : CRuntimeClass +m_MySerial : int +m_nuser : CString +m_pMainDlg : CSecureMessageTabDlg * +m_sock : COFFLINESOCK * +f : FILE * +GetRuntimeClass() : CRuntimeClass * +COfflineDlg(in lan : CSecureMessageTabDlg*, in sock : COFFLINESOCK*, in serial : int, in user : CString, in pParent : CWnd* = 0) +~COfflineDlg() #DoDataExchange(in pDX : CDataExchange*) +OnReceive() +OnInitDialog() : BOOL +ConvertStr2Hex(in chIn : unsigned char*, in inlen : int, in pchout : unsigned char*) : BOOL +OnBnClickedOk() : void

Hnh 3-33

MySimpleClient::CSocketser +m_pMainDlg : CSecureMessageTabDlg * +m_critsec : CCriticalSection +m_sockserver : CDUCSOCKET * +m_pServerThread : CWinThread * +m_bStopServer : bool +m_socketclient : SOCKET #m_lstClientThreads : CList<CWinThread*> #m_nServerPort : int +m_pConfig : ClientConfig * +m_guestserial : int +m_userrecevie : CString +m_bufoffline : char * +m_offlinesoc : COFFLINESOCK * +CSocketser() +~CSocketser() +Initserver() : bool +Start(in nport : int) +ServerThreadProc pParam : LPVOID) : UINT (in +ClientThreadProc(in pParam : LPVOID) : UINT +DoServerLoop(in mainDlg : CSecureMessageTabDlg*, inout sock : CDUCSOCKET, in pThis : CSocketser*) : int +Stop()

Hnh 3-34

34

3.4.2. ng dng bo v truy nhp t xa

MySimpleClient ::CRemoteLoginTabDlg +classCRemoteLoginTabDlg : CRuntimeClass +m_pMainDlg : CMySimpleClientDlg * +m_lstCtrl : CListCtrl +m_strTXTSend : CString +m_strSVName : CString +m_iSVPort : int +m_lstReceive : CListBox +m_iMySerialNumber : int +deskey : unsigned char * +desks : des_key_schedule -m_sConnectSocket : CMySocket -m_sListenSocket : CMySocket +strIPClient : CString +strStatus : CString +CRemoteLoginTabDlg(in pParent : CWnd* = 0) +~CRemoteLoginTabDlg() #DoDataExchange(in pDX : CDataExchange*) +OnBnClickedBtnlisten () : void +LoadAllItems() +AddItem(inout obj : SimpleClientCert, in itemData : DWORD) +OnBnClickedBtnconnect () : void +OnBnClickedBtnsend() : void +OnBnClickedButtonLogon() : void +OnAccept() +OnConnect() +OnClose() +OnReceive() +OnSend() #OnInitDialog() : BOOL +OnBnClickedButtonMahoa() : void +OnBnClickedButtonGiaima () : void +select_random_key(in key : char*, in b : int) +select_random_iv(in iv : char*, in b : int) +ConvertStr2Hex(in chIn : unsigned char*, in inlen : int, in pchout : unsigned char*) : BOOL +ConvertHex2Str(in chIn : unsigned char*, in inlen : int, in pchout : unsigned char*) : BOOL +OnFileSendEvent(in wparam : WPARAM, in lparam : LPARAM) : LRESULT +OnFileReceiveEvent(in wparam : WPARAM, in lparam : LPARAM) : LRESULT +OnBnClickedButtonSendfile () : void +OnBnClickedButtonReceivefile () : void +OnBnClickedButtonDisconnect () : void #OnOK()

MySimpleClient::CMySocket -m_pWnd : CDialog * +CMySocket() +~CMySocket() +SetParent(in pWnd : CDialog*) #OnAccept(in nErrorCode : int) #OnConnect(in nErrorCode : int) #OnClose(in nErrorCode : int) #OnReceive(in nErrorCode : int) #OnSend(in nErrorCode : int)

Hnh 3-35

35

3.4.3. ng dng ch k s v m ha thng ip

cd RA CDialog CDigitalSignatureDlg + + + + + + + + + + + + + + + + + # + + + + + + + + + + + # + + + + isRecv: BOOL isSend: BOOL iv: unsigned char* key: unsigned char* m_CtrlSendProgress: CProgressCtrl m_ctrlStatus: CStatic m_listCtrl: CListCtrl m_pEncryptSymKeyDlg: CEncryptSymmetricKeyDlg* m_ptrMainDlg: CMySimpleClientDlg* m_strEncryptedKey: unsigned char* m_strInputFile: CString m_strPassphase: CString pFileTransferz: CFileTransferz* AddItem(SimpleClientCert&, DWORD) : void CDigitalSignatureDlg(CWnd*) ~CDigitalSignatureDlg() CharStr2HexStr(unsigned char*, int, unsigned char*) : void DoDataExchange(CDataExchange*) : void LoadCertList(void) : int OnBnClickedBtnRecvfile() : void OnBnClickedBtnSendfile() : void OnBnClickedBtnsignz() : void OnBnClickedBtnverifyz() : void OnBnClickedButtondecrypt() : void OnBnClickedButtonencrypt() : void OnBnClickedConnectz() : void OnEncrypt(CString) : void OnFileReceiveEvent(WPARAM, LPARAM) : LRESULT OnFileSendEvent(WPARAM, LPARAM) : LRESULT OnInitDialog(void) : BOOL OnSetProgressBarPosEvent(WPARAM, LPARAM) : LRESULT OnSign() : void OnVerify(CString) : void ResetDlg() : void CDialog CEncryptSymmetricKeyDlg + + + + + + + + + # + + + + + + iv: unsigned char* m_iSN: int m_pMainDlg: CMySimpleClientDlg* m_strEncryptedKey: CString m_strSymKey: CString pkey: EVP_PKey* CEncryptSymmetricKeyDlg(CWnd*) ~CEncryptSymmetricKeyDlg() CharStr2HexStr(unsigned char*, int, unsigned char*) : void DoDataExchange(CDataExchange*) : void HexStr2CharStr(unsigned char*, int, unsigned char*) : void OnBnClickedBtnEncryptkey() : void OnBnClickedBtnGeneratekey() : void OnBnClickedBtnGetpubkey() : void OnBnClickedOk() : void OnEnChangeEditSymkey() : void + + + + + + # #

CFileTransferz + + + + + + + + + + + + + + + + + + + + + + + + + + copyThreadHandle: HANDLE m_hwndParent: HWND m_iNumFile: int m_isConnected: BOOL m_listFileName: CStringList m_pThread: CWinThread* m_socket: SOCKET m_strErrorMessage: CString m_strFileName: CString m_strFilePath: CString sockConnection: CSocket sockSrvr: CSocket CFileTransferz(void) ~CFileTransferz(void) CleanAll() : void InitRecvSide(CString, int) : BOOL InitSendSide(int) : BOOL RecvFileInfo() : int SendFileInfo() : int SetFileName(CString) : void SetFilePath(CString) : void SetObjHandle(HWND) : void StartRecvThread(void) : DWORD StartSendThread(void) : DWORD ThreadRecvFile(LPVOID) : UINT ThreadSendFile(LPVOID) : UINT

CDialog CExtractedSignature str_signAlgorithm: CString str_Signature: CString str_Signer: CString str_SignLen: CString CExtractedSignature(CWnd*) ~CExtractedSignature() DoDataExchange(CDataExchange*) : void OnInitDialog(void) : BOOL

Hnh 3-36

36

4.

DIN BIN CC CA S DNG

4.1. ng k ngi dng mi vo h thng

CLoginDlg CUserRegisterDlg ftrScanApiEx.exe CRADataAcess

: User

1 : OnRegister()

<<create>> 2 : DoModal()

User data: - User - Password - Confirm password - Information for creating profile

3 : User data <<destroy>> 4 : OnOK() 5 : Check the information()

IsUserRegister(): Check the user is registed or not

6 : User Data 7 : IsUserRegister()

8 : Hash the password()

Add profile(): creat X509Name & write all user data to database (should move to CRADataAccess)

9 : Add profile()

10 : ScanFinger() 11 : Init()

12 : Fingerprint <<destroy>> 13 : Close()

14 : Minutiae.txt <<file>> 15 : Insert_finger()

Hnh 4-1 Biu din tin hot ng ng k ngi dng mi vo h thng

37

4.2. ng nhp

CLoginDlg

ftrScanApiEx

: User 1 : User, password 2 : Onlogin()

3 : Verify user() 4 : Message 5 : Init() <<create>> 6 : Fingerprint 7 : Extract Minutiae() 8 : Minutiae.txt 9 : Matching()

10 : Message

Hnh 4-2 Biu din tin hot ng ng nhp

38

4.3. To yu cu chng ch
CClientObjectTabDlg CCreateRequestDlg CMySimpleClientApp CScan_FingerPrintDlg ImageProcessing SimpleClientRequest CRADataAccess RequestList

: User 1 : OnRequestCreate() <<create>> 2 : DoModal() 3 : p_user_profile

4 : OnBnClickedBtnscanFingerprint()

<<create>> 5 : DoModal() 6 : OnInitDialog()

7 : PrepareView()

8 : OnBnClickedScan()

10 : Fingerprint

9 : ScanThreadFunc()

11 : OnBnClickedStop() 12 : OnBnClickedProcessimage() 13 : doProcessImage() 14 : doenhancement()

15 : doBinazi()

16 : SetOrient()

17 : smootBoneImage()

18 : coreDetection()

19 : create_keys() <<destroy>> 20 : OnOK()

21 : temp.txt 22 : Certificate's type <<destroy>> 23 : OnOK()

24 : MakeRequest() 25 : p_user_profile 26 : Insert_Request() 27 : m_strUser,m_strPassword

28 : Insert_privatekey()

29 : RemoveAll()

30 : ReadUserData() 31 : LoadAllItem()

Hnh 4-3 To yu cu chng ch

39

4.4. Gia hn chng ch

cl : CertList certTabDlg : CertificateTabDlg mainDlg : CMySimpleRADlg RA : RAClient RADBAccess RASSLConnection

: User 1 : selectCert

2 : clickExtend

3 : getCertInfo() 4 : certInfo

5 : extendReq(certSN)

<<create>> 6 7 : sendExtendReq()

9 : updateDB()

10 11 : updateCertStatus()

Hnh 4-4 Gi yu cu gia hn

CASSLConnection

CAServer

CertList

SimpleCACert

CA_DBAccess

12 : extendReq 13 : findCert()

14 : position <<create>> 15

16 17 : modifyStatus()

18 : updateDB()

Hnh 4-5 Nhn yu cu

40

extendingCerts

CADlg

CAServer

BDAccess

: CA Admin 19 : clickExtend() 20 : clickAccept() 21 : extend() 22 : update()

Hnh 4-6 Gia hn chng ch

41

4.5. Thu hi chng ch

CertTabDlg
RAClient SSLConnection

CAServer

CADlg

DB Access

CRL : CA Admin

: User 1 : Revoke cert() 2 : select cert

3 : certInfo() 4 : sendReq()

5 : revoke request

6 : receive request()

7 : CA's response

8 : Update request into DB()

9 : return

10 : Update certificate() 11 : Change certificate's status()

12 : select revoke request

change status of certificate into "waiting for revoke"

14 : revoke cert()

13 : clickRevoke

15 : Update DB()

16 : return 17 : Update GUI()

18 : clickUpdateCRL 19 : UpdateCRL() 20 : Update()

Hnh 4-7 Thu hi chng ch

42

4.6. Pht hnh chng ch

CARequestList SimpleCACert CA-Databse CACerList

: CA Admin

1 : Select request()

2 : Check status()

3 : Create Cert() <<create>> 4 : Add2DB()

5 : Add to CertList()

6 : Update Status()

7 : Update Request status in DB()

Hnh 4-8 Pht hnh chng ch 4.7. Ly chng ch

RARequestList SimpleClientRequest RACertList RAClient : CAServer SimpleCACert CACertList

: User 1 : Select Request() 2 : Create() <<create>> 3 : ca_request_id() 4 : Get Cert 5 : GetCertHandler()

6 : FindCert()

8 : Certificate 9 : insertCert()

7 : Create() <<create>>

10 : changeReqStatus()

Hnh 4-9 Ly chng ch

43

4.8. Truy cp t xa
<<interface>> RemoteLoginTabDlg RACertList RADatabase RAClient CAServer SimpleCACert CACertList CADatabase DBServer

: User 1 : Init remote login() 2 : Select certificate() 3 : SelectCertificate() 4 : Enter Password() 5 : Get private key()

6 : private key() 7 : Send Logon() <<message>> 8 : LOGON SEND ID: serialnumber

9 : Get Certificate()

10 : Create certificate() <<create>> 11 : Get public key()

12 : Create session key()

13 : Encrypt session key()

14 : session key 15 : Session key() 16 : Decrypt session key()

17 : Scan fingerprint()

18 : Extract finger's features()

19 : Encrypt features() 20 : SendRemoteFinger()

21 : SEND REMOTE FINGER <<message>> 22 : Decrypt finger's features() 23 : Query finger's features()

24 : Verify finger's features()

25 : result

26 : Encrypt session key() 27 : session key 28 : Decrypt session key()

29 : ready 31 : Begin transaction()

30 : Begin transaction()

32 : finish transaction() 33 : delete session key()

Hnh 4-10 Truy cp t xa

44

4.8. Ch k s
<<userinterface>> CDigitalSignatureDlg <<CertificateInfoHandler>> : CertList <<DigitalSignatureHandler>> : CDigitalSignature <<DB_access_Handler>> dao : CRADataAccess <<crypt>> : EVP_Pkey

: User sd Get key 1 : SelectCertificate 2 : findCertificate(pos) 3 : getCertInfo()

4 : certificate info 5 : CreateNewKey()

sd Retrieve private key

Hnh 4-11 K

45

<<DigitalSignatureHandler>> : CDigitalSignature

<<DB_access_Handler>> dao : CRADataAccess

BioEncKey

: User sd Retrieve private key 7 : RetrievePriKey(cert's SN, key *) 8 : retrieveEncryptedPrivKey()

<<create>> 9 : createNewObj() 10 : WaitFingerPrn() 11 12 : fingerPrn 13 : fingerPrnMatching() 14 : matchResult alt DecryptPrivKey [matched] 15 : Decrypt(encryptedKey)() 16 : DecrptKey()

18 : PrivKey

17 19 <<destroy>>

[else]

Hnh 4-12 Ly kha c nhn

46

<<userinterface>> CDigitalSignatureDlg

<<DigitalSignatureHandler>> : CDigitalSignature

<<crypt>> : EVP_Hash

: User sd Sign 20 : ClickSign 21 : IsPrivKeyRetrieve()

22 alt [private key retrieved] 24 : SelectFile2bSign

23 : WaitforFile() 25 : FileInfo

<<create>> 26 : CreateNew()

27 28 : Hash(file)

29 : calculateDgst()

30 : MessageDigest 31 : Sign(MessageDigest)

32 : AppendSignatureIntoFile()

[else] 33 : WarnUserToSelectCertificate() 34 <<destroy>>

Hnh 4-13 K

47

<<userinterface>> CDigitalSignatureDlg

<<DigitalSignatureHandler>> : CDigitalSignature

<<crypt>> : EVP_Hash

: CAServer

: User 1 : clickVerify 2 : verifySignature()

3 : waitforFile()

4 : selectFile

5 : fileInfo(filename)

6 : extractSignt()

par Get public key and hash file 7 : createHashObj() 8 9 : hashFile() 10 : hashData()

11

12 : getCert(SerialNumber) 13 : retrieveAndCheckCert()

14 15 : getPubKey()

16 : decryptSignature(Pubkey, Sgnt, &MD)

17 : compare(MessageDigest, MD)

18 alt Result [2 digests are identical] 19 : displayResult()

[else]

20 : Warn(SngtNOTmatchData)

Hnh 4-14 Kim tra ch k

48

4.10. ng xut

oCADlg : CMySimpleCADlg : CA Admin 1 : Exit() 2 <<destroy>>

Hnh 4-15 ng xut pha CA

oRADlg : CMySimpleClientDlg : User 1 : Exit() <<destroy>> 2

Hnh 4-16 Ngi dng thot khi h thng

49

5.

THIT K C S D LIU

5.1. CAServer 5.1.1. Bng tblCertificate Tn trng SerialNumber RequestID X509Cert Cert_Status Kha chnh Yes No No No Int Int BLOB Int Kiu M t Lu tr s sn ca chng ch. Lu tr m ca yu cu tng ng vi yu cu trong bng Ni dung ca chng ch. Trng thi ca chng ch: 0: ang hot ng. 1: ang xin gia hn 2: ang xin hy 3: b hy Ngy chng ch b hy

Revoke date 5.1.2. Bng tblCRL: Tn trng Date_signed CRL

No

Datetime

Bng 5-1 tblCertificate

Kha chnh Yes No

Kiu Datetime BLOB

M t Ngy CRL c CA k ri a vo kho cha CRLs Ni dung ca chng ch.

Bng 5-2 tblCRL 5.1.3. Bng tblRequest Tn trng RequestID Kha chnh Yes Int Kiu M t M yu cu do chng trnh t sinh ra khi nhn c 1 yu cu t RA. Trng thi ca yu cu: 0: ang ch i. 1: c chp nhn. 2: b t chi. Dng yu cu chun X509.

Status

No

Int

X509Request

No

BLOB

Bng 5-3 tblRequest 5.1.4. M t tm tt cc hot ng lin quan tng tc n CSDL: + Khi nhn c yu cu xin cp chng ch: Chng trnh s sinh ra mt m gi l requestID v lu yu cu vo bng tblRequest vi trng thi status=0.

50

Khi CA chp nhn th s chuyn status thnh 1 v t sinh ra mt chng ch vi 1 s Serial Number v ghi vo bng tblCertificate, ng thi c lin kt 1-1 vi bng tblRequest bng thnh phn requestID, v bin trng thi Cert_Status l 0. + Khi nhn c yu cu xin gia hn chng ch: Chuyn gi tr trng Cert_Status thnh 1 Clien ang xin gia hn Nu chp nhn gia hn th chuyn Cert_Status thnh 0 & set trng revoke_date Chng ch c chp nhn gia hn v chng ch by gi l c gi tr hot ng + Khi nhn c yu cu xin chm dt s dng chng ch: Chuyn Cert_Status thnh 2. Nu ng th chuyn Cert_Status thnh 4 5.2. RAClient 5.2.1. Bng user Trng User Profile Password Fingerprint Kha chnh Yes No No No Kiu d liu Varchar(20) BLOB Varchar(20) BLOB M t Tn ngi s dng Lu tr thng tin user theo chun X509Name Lu m bm ca password ng nhp h thng ca user Lu tr vn tay ca user ngay lc ng k

Bng 5-4 user 5.2.2. Bng request Trng RA RequestID X509Request CA RequestID Kha chnh Yes No No Kiu d liu Interger BLOB Interger M t T ng tng, dng lm m yu cu m RA cung cp cho user. c to ra t X509Name bng hm chun ca X509 y l m yu cu RA nhn c t CA ngay khi CA nhn c request. S dng ly chng ch t CA 0: Requested 1: Submitted (Request c gi ln CA v nhn c CA RequestID, ch khi nhn c ci ny ri mi chuyn) 2: Issued (Yu cu c chp nhn) 3: Denied (Yu cu b t chi) Kha ngoi, lin kt nhiu -1 vi bng User.

Request Status

No

Interger

User

No

Varchar (20)

51

Type

No

Interger

Loi chng ch c yu cu cp 0: chng ch RA 1: chng ch s dng ch k s 2: chng ch s dng m ha thng ip 3: chng ch s dng truy cp t xa Bng 5-5 Request

5.2.3. Bng Certificate Trng Serial Number X509Cert User CA RequestID Cert Status Kha chnh Yes No No No No Kiu d liu Interger BLOB Varchar(20) Integer Integer M t Serial number ca chng ch Lu chng ch dng pem Kha ngoi, lk nhiu 1 vi bng User c ng b t bng Request

Type

No

1: ang hot ng 2: b hy 3: ht hn 4: ang gia hn 5: ang xin hy Loi chng ch Interger 0: chng ch s dng ch k s 1: chng ch s dng m ha thng ip 3: chng ch s dng truy cp t xa Bng 5-6 Certificate

5.2.4. Bng Kha c nhn Trng ID RARequestID Digist Kha c nhn_Encryptedkey Kha chnh Yes No No No Kiu d liu Interger Interger Varchar(30) BLOB M t T ng tng M yu cu RA M bm ca tng c trng vn tay Cha kha c nhn c m ha bi tng c trng vn tay tng ng

Bng 5-7 Kha c nhn

52

5.2.5. Quan h gia cc bng

Hnh 5-1 Quan h gia cc bng

53

6.

6 C T CC CHC NNG

6.1. Cc chc nng lin quan ti ng nhp ngi dng

User authentication Guest Register

User CA Admin

Login

Logout

RA Admin

6.1.1. Register Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin ng k (register) Khch Khch cha c ti khon cn ng k s dng cc chc nng h thng cung cp Khch cha c ti khon s dng h thng H thng to mt ti khon cho ngi khch H thng khng to ti khon cho ngi khch. 1. Khch chn ng k ti khon t mn hnh Login. 2. H thng hin th form ng k trng khch in thng tin ng k. 3. Khch nhp cc thng tin trn form ng k t bn phm, qut vn tay ly mu. 4. H thng to ti khon mi cho ngi khch nu khch chn ng ng k bc 3. 4.1. Vn tay c h thng x l, trch c trng m ha kha c nhn 4.2. Cc c trng c bm v lu vo c s d liu i snh sau ny. 5. Kt thc ca s dng. 3.1. Ngi khch c th chn thot ng k bt k lc no trong ca s dng kt thc ca s dng m khng ng

Ngoi l

54

k c ti khon. 3.2. Ngi khch c th xa thng tin trong form in li trc khi chn ng . 3.3. Nu tn ng nhp c, hoc mt khu khng khp nhau: H thng thng bo li cho ngi s dng v tr li bc 2. Tn sut s dng 6.1.2. Login Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin ng nhp Khch Khch ng nhp s dng cc chc nng ca h thng Khch c ti khon Khch ng nhp vo h thng v c s dng cc quyn tng ng ca mnh Khch khng ng nhp c vo h thng 1. Ngi khch chy chng trnh 2. H thng hin th form ng nhp 3. Ngi khch in thng tin ng nhp, qut vn tay ly mu vn tay, la chn ng ng nhp. 4. H thng kim tra thng tin ng nhp, trch c trng vn tay v i snh vi cc c trng ca ngi dng lu trong c s d liu kim tra ngi dng. 5. Nu kim tra thy ng ng th ngi c ng nhp vo h thng, tri li s bo li. 3.1. Nu tn khng tn ti th h thng bo li v ngi khch quay li bc 2. 3.2. Ngi khch c th thot khi qu trnh Login bt k lc no nu chn thot t form login. 3.3. Ngi khch c th thay i thng tin ng nhp bt k lc no trc lc chn ng ng nhp. Cao Thp

Ngoi l

Tn sut s dng

55

6.1.3. Logout Tn ca s dng Tc nhn M t Tin Kt qu Lung s kin Ngoi l Tn sut s dng ng xut Ngi dng Ngi dng thot khi h thng khi kt thc phin lm vic Ngi dng ng nhp vo h thng Ngi dng ra khi h thng Ngi dng chn Thot Khng c Cao

6.2 Cc chc nng lin quan ti yu cu chng ch

Certificate Request

Request Certificate

User

<<include>>

<<include>>

Send Request

Create Request

6.2.1. To yu cu chng ch Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin To yu cu chng ch Ngi dng ca h thng Ngi dng to mt yu cu xin cp chng ch cho bn thn theo nh dng X509. Ngi dng Login vo h thng Mt yu cu chng ch s theo chun X509 c to ra Khng to yu cu chng ch s 1. Ngi dng chn to yu cu chng ch t giao din ca chng trnh. 2. H thng ly thng tin chung v ngi dng t c s d liu.

56

3. H thng hin th form ngi dng nhp thng tin b sung ngoi thng tin v ngi dng trn cho chng ch. 4. Ngi dng chn kiu chng ch, c 3 kiu: Ch k s, truy cp t xa, m ha thng ip. 5. H thng sinh cp kha c nhn v cng khai cho ngi dng 6. H thng dng c trng vn tay m ha kha c nhn v lu vo c s d liu. 7. Kha c nhn c dng k ln yu cu 8. Yu cu c lu vo c s d liu. Kt thc thnh cng. Ngoi l Tn sut s dng Cao

6.2.2. Gi yu cu chng ch cho CA Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin Gi yu cu chng ch cho CA Ngi dng Ngi dng gi yu cu cp chng ch ln cho CA duyt cp. RA kt ni vi CA v c yu cu chng ch ca ngi dng. Yu cu chng ch c gi ti CA. Yu cu chng ch khng gi ti c CA 1. Ngi dng chn gi yu cu xin cp chng ch cho CA t giao din chng trnh, nu l chng ch thuc kiu truy cp t xa th s yu cu qut vn tay ly c trng vn tay. 2. H thng ly yu cu cp chng ch s t c s d liu v gi lnh yu cu cp chng ch cho CA 3. H thng gi yu cu cp chng ch cho CA qua knh kt ni vi CA. 4. RA nhn li m yu cu t knh kt ni vi CA v lu vo c s d liu. Kt thc thnh cng. Kt ni gia CA v RA b li, kt thc tht bi. Ngi dng s phi kch hot li ca s dng. Cao

Ngoi l Tn sut s dng

57

6.3 Cc chc nng lin quan ti qun l chng ch

Certificate Management

Manage Certificate <<extend>> Issue Certificate <<extend>> CA Admin

Revoke Certificate <<extend>> Extend Certificate

Get Certificate

User

6.3.1 Pht hnh chng ch Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin Pht hnh chng ch CA Admin CA Admin chp nhn mt yu cu cp chng ch. Trong c s d liu cha cc yu cu cp chng ch Mt chng ch s c CA k xc nhn. Yu cu chng ch khng c k xc nhn ca CA. 1. CA Admin chn mt yu cu trong danh sch ch cp chng ch trn form hin th danh sch ca CA cp chng ch.. 2. H thng ly yu cu cp chng ch t trong c s d liu tng ng vi s la chn ca CA Admin 3. H thng hin th form cha thng tin v yu cu chng ch CA Admin duyt cp. 4. CA Admin kim tra ni dung thng tin trn yu cu cp chng ch. 5. CA Admin chn ng cp chng ch. Nu CA Admin chn dng th kt thc tht bi. 6. H thng to chng ch mi t yu cu cp ny.

58

7. Chng ch mi c lu vo c s d liu. 8. Yu cu c xa khi danh sch ch cp. Giao din c cp nht. Kt thc thnh cng.. Ngoi l 6.1. Nu cp kha ca chng ch khng hp l th kt thc tht bi. 7.1. Nu chng ch khng lu c vo c s d liu th kt thc tht bi. Cao

Tn sut s dng 6.3.2 Thu hi chng ch Tn ca s dng Tc nhn M t

Thu hi chng ch Ngi dng, CA.Admin Khi ngi dng yu cu hoc khi CA Admin thy cn thit hy b hiu lc ca mt chng ch s ang lu hnh, CA Admin c th hy b hiu lc ca chng ch, a n vo danh sch cc chng ch b thu hi. Chng ch c yu cu thu hi tn ti. C kt ni gia RA v CA. Chng ch b thu hi, a vo danh sch CRL. Chng ch khng c a vo CRL. 1. Ngi dng yu cu thu hi chng ch, hoc CA Admin t quyt nh thu hi chng ch. 2. Nu ngi dng yu cu, RA s gi yu cu thu hi chng ch v s serial ca chng ch cn thu hi ln CA. 3. Nu CA Admin t quyt nh thu hi, CA Admin s chn chng ch thu hi t danh sch chng ch trn giao din ca h thng. H thng s bit s serial chng ch cn thu hi. 4. H thng c t c s d liu ra chng ch vi s serial tng ng, nh du thu hi chng ch, chuyn chng ch sang CRL. 5. CA gi thng bo kt qu thu hi chng ch cho ngi dng. Kt thc thnh cng. 4.1. S serial khng hp l: s serial ca chng ch trong CRL, kt thc tht bi. 4.2. CA Admin khng ng thu hi chng ch khi nhn c yu cu t RA. CA s gi thng bo t chi yu cu cho ngi dng. Kt thc tht bi. Trung bnh

Tin Kt thc thnh cng Kt thc tht bi Lung s kin

Ngoi l

Tn sut s dng

59

6.3.3 Gia hn chng ch Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin Gia hn chng ch Ngi dng, CA Admin. Khi chng chi ht han hoc sp ht han, ngi dung yu cu CA gia han thi gian s dung chng chi C kt ni gia RA v CA. Chng ch tn ti. Chng chi c gia han Chng chi khng c gia hn 1. Ngi dng chn chng ch cn gia hn t danh sch` chng ch trn giao din ca chng trnh. 2. Ngi dng yu cu gia hn chng ch t giao din chng trnh. 3. RA gi yu cu gia hn chng ch & s serial ca chng ch cn gia hn ln CA 4. CA nhn c yu cu th gi thng bo nhn c cho RA, thay i trng thi chng ch trong c s d liu thnh chng ch ch gia hn. 5. CA Admin quyt nh c gia hn cho chng ch hay khng 6. Nu CA Admin khng ng gia hn th gi thng bo t chi cho ngi dng. Kt thc tht bi. 7. Nu CA Admin ng gia hn th chng ch c gia hn mt nm k t thi im c gia hn.. 8. CA cp nht vo c s d liu ni dung v trng thi ca chng ch, cp nht trng thi ca chng ch trn giao din. Kt thc thnh cng. Ngoi l Tn sut s dng Thp

6.3.4 Ly chng ch s dng Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin Ly chng ch Ngi dng Ngi dng yu cu ly chng ch t CA. C kt ni gia CA v RA. Ngi dng nhn c chng ch hoc bit c chng ch khng c cp hay khng c gia hn. Ngi dng khng nhn c chng ch v cng khng bit c chng ch c b t chi hay khng. 1. Ngi dng chn yu cu chng ch hoc yu cu gia

60

2. 3.

4. 5.

hn t giao din ca chng trnh. Ngi dng chn gi lnh yu cu ly chng ch ln CA t giao din ca chng trnh. RA gi lnh ly chng ch cng vi m yu cu nu l chng ch mi, hoc cng vi s serial ca chng ch nu l chng ch gia hn. CA nhn yu cu. Nu cng vi lnh ly chng ch l m yu cu th CA tm trong c s d liu m yu cu tng ng xem

chng ch c cp hay ang ch cp hoc b t chi. 5.1. Nu ng vi m yu cu l chng ch ang ch cp hoc b t chi cp th CA tr li thng bo v tnh trng ca yu cu cho RA. Kt thc thnh cng. 5.2. Nu chng ch c cp th CA gi tr li thng bo cho RA nhn chng ch v gi ni dung chng ch v cho ngi dng. Kt thc thnh cng. 6. Nu cng vi lnh ly chng ch l s serial ca chng ch th CA tm trong c s d liu xem chng ch ng vi s serial ang trng thi no. 6.1. Nu chng ch c gia hn th CA gi li cho RA. Kt thc thnh cng. 6.2. Nu chng ch cha c gia hn th CA gi thng bo cha c gia hn cho RA. Kt thc thnh cng. Ngoi l Tn sut s dng Mt kt ni gia CA v RA trong qu trnh gi nhn thng ip. Kt thc tht bi. Cao

61

6.4. Cc chc nng lin quan ti ng dng trn nn PKI

Application Digital Signature <<extend>> <<extend>> User Remote Authentication Encrypt Message Sign

Verify Signature

6.4.1. To ch k s Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin To ch k s Ngi dng ca h thng Ngi dng dng chng ch k ln file, to ra ch k s. Ngi dng Login vo h thng, c chng ch c CA cp. Ch k s c to ra v nh km file c k, c th dng xc thc. Khng to c ch k s. 1. Ngi dng chn mt chng ch dng k t danh sch cc chng ch dng cho vic k trn giao din ca h thng. 2. Ngi dng kch hot chc nng k ca h thng bng cch bm nt k trn giao din. 3. H thng ly s serial number ca chng ch chun b cho qu trnh k. 4. H thng hin th hp thoi cho ngi dng chn file k. 5. Ngi dng chn 1 file k. 6. H thng bm ni dung ca file c chn. 7. H thng ly kha c nhn tng ng vi chng ch dng k t c s d liu sau dng kha ny m ha chui bm t file to thnh ch k. 8. Ch k v cc thng tin c lin quan c ghi km vi file c k vo mt file mi. File ny sau c th dng xc thc vi ngi dng khc trong cng h thng.

62

9. Kt thc thnh cng. Ngoi l Tn sut s dng 6.4.2. Xc thc ch k Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin Kim tra ch k s Ngi dng ca h thng Ngi dng dng kim tra mt file cng vi ch k s nh km xc thc ngi k v s ton vn ca file. Ngi dng Login vo h thng, nhn c file c ch k s. Xc thc c ch k s hoc khng nh c ch k s khng khp vi ni dung ca file v chng ch dng k. Khng bit c ch k s c ng hay khng. 1. Ngi dng kch hot chc nng k ca h thng bng cch bm nt k trn giao din. 2. H thng hin th hp thoi ngi dng chn mt file c k. 3. H thng tch file v ch k cng vi cc thng tin lin quan ra. 4. H thng dng thng tin trong ch k v file thc hin qu trnh kim tra ch k s. 5. H thng kim tra tnh hp l ca chng ch dng k. 6. H thng bm file, dng kha cng khai trong chng ch k gii m ch k v so snh kt qu vi m bm ca file. 7. Nu ch k v file hp l th ch k c xc thc, tri li th khng, kt thc thnh cng. Ngoi l 1.1. Ngi dng c th dng vic kim tra trong qu trnh thc hin ca s dng bt k lc no trc lc ng chn file c k. 2.1. Nu file c chn khng fi l file ng nh dng qui nh trong h thng th vic kim tra ch k tht bi. Ca s dng dng li. Tn sut s dng 6.4.3. M ha thng ip Ngi dng c th dng vic k trong qu trnh thc hin ca s dng bt k lc no trc lc ng chn file c k.

63

a)To knh gi thng ip Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin To knh gi thng ip Ngi dng ca h thng Ngi dng to knh kt ni n my c user cn gi,ly public ca chng ch cn gi Ngi dng Login vo h thng, c chng ch c CA cp, bit cng v a ch IP ca my cn gi To knh chat thnh cng,ly c public key chng ch ca ngi cn nhn. Khng to c knh chat hoc khng ly c public key 1. Ngi dng khi to knh kt ni 2. Nhp s Serial ca chng ch ngi c yu cu chat 3. H thng ly s serial number ca chng ch ,yu cu CA cp cho chng ch s dng cho knh chat 4. H thng hin th hp thoi chat

Ngoi l Tn sut s dng b) Bo mt v lu tr thng ip Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin Bo mt v lu tr Ngi dng ca h thng Nhn c thng ip,dng private key ca chng ch tng ng gii m,v dng public key m ha tin gi i Ngi dng Login vo h thng, c chng ch c CA cp ng knh chat c lp thnh cng. M ha v gii m thnh cng Gii m li hoc khng lu c vo file 1. H thng ngi gi: nhn thng ip, thm time stamp vo u mi thng ip+ tn user,ri m ha c cm.Mi cm m ha s c thm vo serial number u ri gi 2. H thng ngi nhn : nhn c c cm gi,tach ly serial number,so snh vi serial number ca chng ch mnh ang nm,nu trng th tch ly phn tin m ha,dng private key gii m,ri a vo ca s cht,nu khng trng serial number th lu tr vo file. Trong khi chat c th hy ca s chat.

Ngoi l Tn sut s dng

64

c)Nhn tin nhn offline Tn ca s dng Tc nhn M t Tin Kt thc thnh cng Kt thc tht bi Lung s kin Nhn tin offline Ngi dng ca h thng Ngi dng ng nhp h thng,t hin tin nhn offline ca ngi dng Ngi dng Login vo h thng, c chng ch c CA cp. Gii m v hin tin thnh cng Khng gii m c 1. Ngi dng ng nhp h thng 2.H thng kim tra trong s cc chng ch ca ngi dng,c chng ch no c tin nhn c lu ra file 3. Ly privatekey tng ng gii m cc tin nhn 4. Hin th hp thoi tin nhn. 5. Xa file lu tr.

Ngoi l Tn sut s dng 6.4.4. Xc thc truy cp t xa Tn ca s dng Tc nhn M t Tin Nhn tin offline Ngi dng ca h thng Ngi dng mun truy cp vo my Database Server, v c CA xc thc, c s dng sinh trc hc vn tay. Ngi dng Login vo h thng, c chng ch thuc kiu truy cp t xa c CA cp. C mt DB Server ng k trc vi CA. Ngi dng truy cp thnh cng vo DB Server v s hu 1 kha phin thc hin giao dch trong phin vi DB Server. Khng c php truy nhp vo DB Server. 1. u tin User gi yu cu mun thc hin truy cp t xa ln CA bng cch gi km theo s Serial Number ca chng ch tng ng v ID ca DB Server m User mun thc hin truy cp t xa. 2. CA nhn c thng tin, da vo s SN , truy vn vo CSDL ca CA ly ra c chng ch tng ng. 3. CA sinh ra mt kha phin ngu nhin. 4. CA m ha kha phin bng Public key (ca User ) v gi n cho User.

Kt thc thnh cng Kt thc tht bi Lung s kin

65

5. User nhn c s dng Private key ca mnh gii m ra c kha phin. 6. User thc hin qut vn tay c c c trng vn tay. 7. M ha c trng vn tay bng kha phin v gi i cho CA. 8. CA dng kha phin gii m v ly ra c c trng vn tay. 9. CA s truy vn vo CSDL v ly ra c thng tin c trng vn tay (m User ny gi ln t lc ng k xin cp chng ch), CA s thc hin i snh vn tay v a ra kt qu chp nhn hay khng chp nhn. 10. Nu kt qu l khng chp nhn th CA gi thng bo cho User l khng chp nhn v dng tin trnh. 11. Nu kt qu l chp nhn, CA s gi thng bo chp nhn cho User. 12. CA lc ny cng s m ha kha phin bng Public key ca DB Server v gi cho DB Server tng ng. T lc ny tr i, CA khng cn tham gia vo kch bn na. 13. User sau khi nhn c thng tin xc thc thnh cng ca CA, s m ha mt khu (m c ng k vi DB Server t lc u) bng kha phin v gi n cho DB Server. 14. DB Server nhn t CA kha phin c m ha bng public key, s dng private key ca mnh gii m v ly ra c kha phin. 15. Khi nhn c thng tin t User, s dng kha phin gii m ra c mt khu, v truy vn vo CSDL xc thc mt khu (so snh thng tin bm ri c lu trong CSDL). 16. Sau gi thng tin xc thc v cho User. 17. K t y bt u phin giao dch gia DB Server v User, mi thng tin gi i trn ng truyn u c m ha bng kha phin . 18. Sau khi kt thc phin giao dch, DB Server s xa thng tin kha phin i. Ngoi l Tn sut s dng Thp

66

7.

CHNG TRNH TH NGHIM THM NH SINH TRC LNG BN TAY (PALMPRINT)

1. Gii thiu v h thng Mt m hnh h thng an ninh sinh trc c m hnh nh hnh 1.1. Trong c cc qu trnh: - Thu nhn c im sinh trc: nh nh, ghi m ging ni, . - K np: l qu trnh tch cc c trng sinh trc, c th thc hin m ha ri lu vo c s d liu. - i snh: l qu trnh so snh mu c trng trong CSDL vi mu sinh trc ly vo sau ny, xc nh c phi l ngi hay khng?

Hnh 1.1. Qu trnh ca mt h an ninh sinh trc H thng thm nh sinh trc lng bn tay ny s c xy dng da trn 2 pha chnh: ng K np (Enrollment) v i snh (Matching). ng k (Hnh 1.2) Qu trnh k np l qu trnh nhp thng tin ngi s dng cng nh a nh lng bn tay vo. H thng thc hin trch cc c trng sinh trc t nh lng bn tay. i vi thut ton h thng thc hin trch 4 loi c trng khc nhau lin quan n khong cch, cu trc v ng bn tay. Cui cng h thng lu nhng c trng v thng tin ngi dng vo CSDL.

67

Hnh 1.2. Qu trnh ng k ngi dng i snh (Hnh 1.3) pha ny, cc c trng hnh nh thu nhn s c em i snh vi c s d liu c sn thng qua qu trnh ng k. Qu trnh i snh c th thc hin theo nhiu cch nh so snh sai khc v ta , khong cch,. Kt qu s c tr li u ra di dng ng hoc sai (tng ng vi vic h thng xc nh rng thng tin sinh trc c phi ca ngi hay khng)

Hnh 1.3. Qu trnh thm nh ngi dng 2. Chng trnh palmprint Ngn ng Hin ti chng trnh c xy dng da trn 2 ngn ng l C# v Matlab 7.8 Cch ci t Ci t chng trnh chnh Ci t MCR (Matlab Compiler Runtime) 7.8 Ci t .Net Framework 2.0

68

- Ci t MySQL Server 5.0 tr ln - Ci t MySQL Connector 5.0 tr ln Cch hot ng ca chng trnh: - Kt ni CSDL: l qu trnh kt ni vi c s d liu ( y chng trnh dng c s d liu MySQL) (hnh 2.1). Cc qu trnh kt ni vi CSDL bao gm cc bc: o Bc 1: Nhp a ch IP v cng ca MySQL. Thng thng a ch Server l localhost (ngay ti my c nhn), cng mc nh l 3306. iu ny cn ch khi ci MySQL Server. o Bc 2: Nhp user name v password truy cp vo c s d liu MySQL. o Bc 3: Nhp tn CSDL cha c s d liu v c trng lng bn tay ca ngi s dng. Chng trnh c th to mi mt CSDL nu cha tn ti hoc truy cp vo mt CSDL c

Hnh 2.1. Mn hnh kt ni CSDL Sau khi kt ni thnh cng vi CSDL, chng trnh s chy mn hnh chnh ca chng trnh bao gm 3 chc nng l Enrollment, Verify v Delete User nh hnh di y. Trong 2 chc nng chnh ca chng trnh l Enrollment (k np ngi dng) v Verify (thm nh) o Enrollment (k np ngi dng): l pha dng ghi nhn ngi dng vo h thng cng nhng thng tin sinh trc thu nhn c o Verify (thm nh): l pha dng thm nh ngi dng. Thc hin ly mt nh u vo (chn nh c), trch c trng v so snh vi c trng ca ngi s dng c trong CSDL Delete User (xa ngi dng): thc hin xa ngi s dng khi h thng hoc xa ton b CSDL. Exit: thot chng trnh.

o o -

Enrollment (K np ngi dng): thc hin lu ngi dng v thng tin sinh trc ngi vo h CSDL (Hnh 2.2). N bao gm cc bc nh sau:

69

o o

Bc 1: Nhp thng tin ngi dng bao gm cc thng tin v ID, tn, ngh nghip. Trong thng tin v ID l phi duy nht (c thc hin kim sot tnh duy nht) Bc 2: Nhp ng dn nh lng bn tay ngi . C th chn nh thng qua nt chn file bn cnh Bc 3: Nhn nt Save bt u qu trnh thc hin. Chng trnh s thc hin trch c trng, lu thng tin ngi v thng tin c trng vo CSDL Nu thc hin thnh cng, chng trnh s thng bo thnh cng (Successful). Nu nh b li, chng trnh s thng bo khng trch c c trng.

Hnh 2.2. Mn hnh ng k ngi dng Verify (thm nh): thm nh xem nh lng bn tay u vo c phi l ca mt ngi no y hay khng (hnh 2.3) o Bc 1: Nhp ID ca ngi s dng cn thm nh o Bc 2: Nhp ng dn nh lng bn tay cn trch c trng (c th chn qua tnh nng chn bn cnh) o Bc 3: Chng trnh trch c trng t nh u vo o Bc 4: Chng trnh thc hin i snh c trng trch c vi c trng ca ngi c ID cho Nu kt qu ng a ra kt qu c ng ngi hay khng (nu ng a ra thng tin ca ngi ) Nu sai chng trnh bo khng phi ngi

70

Hnh 2.3. Mn hnh thm nh ngi dng Delete User (xa ngi dng): thc hin xa ngi dng khi CSDL o Chn hin danh sch ngi s dng trong CSDL (viewList) bao gm ID v tn mi ngi s dng (Xem hnh di) o Nhp ID v/hoc tn ngi s dng C th ch cn nhp hoc ID ngi s dng hoc tn ngi s dng l Nu nhp c 2, chng trnh thc hin kim tra c tn v ID, nu c 2 cng trng th mi thc hin xa Lu : khi nhp tn, nu c 2 ngi trng tn, chng trnh s xa c 2 ngi s dng o Thc hin xa ngi s dng theo tn/ID c Thc hin xa ngi s dng Nu ngi s dng khng tn ti, chng trnh thng bo khng tn ti ngi dng Nu qu trnh xa b li, chng trnh thng bo li Hng pht trin ca h thng Hn ch ln nht hin ti ca h thng chnh l kh nng ly nh trc tip t thit b. Trong tng lai, h thng c pht trin thc hin ly nh lng bn tay v x l trc tip t thit b thu nhn. Mc d kt qu thut ton kh tt (cc t l sai st nh hn 10%) nhng tng tnh kh thi cho h thng th thut ton trch c trng v thm nh cn c ci tin tng chnh xc cho h thng

3. -

71

i vi nhng c trng t nh lng bn tay, hin ti h thng lu trc tip nhng c trng vo CSDL. Vic ny to ra nguy c ln khi truy cp CSDL t xa hoc my tnh b xm nhp. Do mt vn quan trng l cn m ha nhng c trng ny trc khi lu hay truyn i nhm hn ch ti a kh nng b mt hoc l thng tin c trng sinh trc. Ngn ng hin ti thc hin l C# v Matlab. Trong thi gian ti, h thng chuyn sang dng ngn ng VC thun tin cho qu trnh nghin cu tch hp vo h thng BioPKI cng nh kt hp a sinh trc

Kt lun Bn bo co m t kh y h thng thm nh sinh trc lng bn tay thi im hin ti, nhng g t c cng nh nhng hn ch. Ngoi ra bo co cn trnh by nhng mc ch pht trin tip theo ca h thng gip h thng hot ng chnh xc hn v a vo h thng BioPKI TI LIU THAM KHO [1] David D.Zang Palmprint Authentication, Kluwer Academic Publishers, 2004 Ti liu chnh cho thut ton ca h thng [2] Palmprint Image Database PolyU II: http://www.comp.polyu.edu.hk Ni c CSDL nh v lng bn tay [3] Detection Edge Algorithms: http://www.cim.mcgill.ca/~dparks/CornerDetector/index.htm [4] Jain, A. K. (28-30 April 2004), "Biometric recognition: how do I know who you are?", Signal Processing and Communications Applications Conference, 2004

4.

72

B GIO DC V O TO
Trng i hc Bch khoa H Ni

BO CO TM TT
ti nhim v theo ngh nh th

H thng an ninh thng tin da trn sinh trc hc Bio-PKI (Bio-PKI Based Information Security System)
M s: 12/2006/H-NT

Ch nhim ti PGS. TS Nguyn Th Hong Lan Khoa Cng ngh thng tin, i hc Bch khoa H Ni

H Ni 1 - 2009
1

Mc lc
I. THNG TIN CHUNG V TI ............................................................................................5 II. TNH CP THIT CA TI..............................................................................................6 III. MC TIU V YU CU CA TI NHIM V NGH NH TH ..........................6 III.1. Mc tiu ca nhim v ti.............................................................................................6 III.2. Tm tt cc yu cu sn phm ca ti ng k trong thuyt minh nhim v (kt qu dng II v III)......................................................................................7 IV. NI DUNG NGHIN CU.....................................................................................................7 IV.1. Nghin cu tng quan........................................................................................................7 IV.2. Xy dng m hnh gii php .............................................................................................8 IV.3. Phn tch thit k h thng BioPKI v xy dng phn mm c s h thng BioPKI .......8 IV.4. Xy dng kch bn v th nghim ng dng h BK-BioPKI trong mi trng mng PTN .............................................................................................................9 V. CCH TIP CN V TRIN KHAI THC HIN TI ..................................................9 V.1. Cc tip cn v phng php nghin cu ...........................................................................9 V.2. Tm tt qu trnh thc hin ti nhim v tin ng k trong thuyt minh.........10 VI. TNG HP CC KT QU T C...........................................................................10 VI.1. Kt qu v gii php tch hp c trng vn tay vi m bo mt trong h PKI thnh h thng BioPKI............................................................................................10 VI.2. Kt qu thit k v xy dng th nghim h thng BioPKI (Prototype) kt hp thm nh xc thc vn tay sng, trc tuyn. ..........................................................12 VI.2.1. Gii php cng ngh thit k v trin khai h thng BK-BioPKI ............................12 VI.2.2. Phn tch thit k ton b h thng BK-BioPKI (prototype)....................................13 VI.3. Kt qu phn mm my tnh cho h thng BioPKI.........................................................16 VI.4. Phn mm th nghim ng dng.....................................................................................18 VI.5. Cc kt qu thc nghim trong phng th nghim...........................................................19 VI.5.1. M t kch bn th nghim .......................................................................................19 VI.5.2. Kt qu thc nghim.................................................................................................20 VI.6. Kt qu hp tc vi Malaysia ..........................................................................................21 VI.6.1. c im qu trnh hp tc.......................................................................................21 VI.6.2. Cc hot ng hp tc phi hp nghin cu ............................................................22 VI.7. Kt qu o to ................................................................................................................23 VI.7.1. o to thc s ..........................................................................................................23 VI.7.2. o to bc i hc...................................................................................................23 VI.8. Cc bi bo khoa hc.......................................................................................................23 VII. KT LUN V HNG PHT TRIN ............................................................................24 VII.1. Nhn xt nh gi chung ................................................................................................24 VII.2. Tin thc hin............................................................................................................24 VII.3. Hng pht trin ............................................................................................................25

DANH SCH CC CN B V SINH VIN THAM GIA THC HIN TI

A. DANH SCH CC CN B THAM GIA TRC TIP 1. PGS.TS Nguyn Th Hong Lan 2. TS Nguyn Linh Giang 3. TS H Quc Trung 4. ThS Bng Qunh Mai 5. ThS Nguyn Anh Hon 6. TS Ng Hng Sn 7. KS Nguyn Th Hin Khoa CNTT, HBK HN, ch nhim ti Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN

B. DANH SCH CC CN B THAM GIA T VN 1. PGS. TS ng Vn Chuyt 2. ThS Vn Uy 3. ThS Ng Minh Dng Khoa CNTT, HBK HN Khoa CNTT, HBK HN Vin Khoa hc hnh s, B Cng An

C. DANH SCH CC SINH VIN THAM GIA THC HIN TI C1. Cc sinh vin i hc Tt c cc sinh vin i hc tham gia ti di y u hon n tt nghim theo hng ti v t kt qu loi kh hocgii. Danh sch nhm sinh vin K46 tham gia ti: 1. L Anh Tun TTM K46 2. Ng Trng Cnh TTM 3. Nguyn Sinh Chung Tin Php 4. Nguyn Vn Hnh KSCLC Danh sch nhm sinh vin K47 tham gia ti: 1. Nguyn Thc Hiu TTM K47 2. Nguyn Quang Th TTM 3. Phm Quang Thnh TTM 4. Nguyn Hong Anh Tin Php 5. Phm S Lm KSCLC Danh sch nhm sinh vin K48 tham gia thit k pht trin h thng BioPKI v tham gia vit bo co tng hp ti: 1. L Tin Dng (trng nhm) TTM K48 2. Bi Thnh t TTM 3. Nguyn Th Thu Hng KSTN 4. Trn Hi Anh Tin Php 5. Dng Vn Tin Php 6. Hong Trn c TTM 7. Ng Tin Dng TTM 8. Trn Nguyn Ngc TTM

C2. Cc sinh vin cao hc 1. Trn Tun Vinh 2. Nguyn Anh Ti 3. V Thanh Thng 4. L Quang Tng 5. L Trn V Anh 6. H Tin Dng Cao hc CNTT - kha 2003-2005 bo v 2006 Cao hc CNTT - kha 2004-2006 bo v 2006 Cao hc CNTT - kha 2005-2007 bo v 12- 2007 Cao hc CNTT - kha 2006-2008 bo v 11- 2008 Cao hc CNTT - kha 2006-2008 bo v 11- 2008 Cao hc CNTT - kha 2006-2008 bo v 11- 2008

I. THNG TIN CHUNG V TI

1. Tn ti

H thng an ninh thng tin da trn sinh trc hc Bio-PKI (Bio-PKI Based Information Security System)
M s: 12/ 2006/ H-NT 2. Ch nhim ti: PGS. TS Nguyn Th Hong Lan Hc hm, hc v, chuyn mn: PGS.TS ngnh Cng ngh Thng tin Chc danh: Ph Trng khoa Cng ngh Thng tin, i hc Bch Khoa H Ni in thoi c quan: (84. 4) 38.68.25.96 in thoi nh ring: (84. 4) 38.32.89.25 Email: lannth@it-hut.edu.vn 3. C quan ch tr i hc Bch Khoa H Ni, Khoa Cng ngh Thng tin S 1 ng i C Vit, H Ni 4. H v tn Ch nhim pha i tc nc ngoi: TS. Ong Thian Song Chc danh: Gim c iu hnh Trung tm nghin cu Sinh trc hc (CBB) Trng i hc a phng tin Malaysia (MMU) Tel: +606-252.33.43 Fax: +606-231.88.40 Emal: tsong@mmu.edu.vn 5. C quan i tc nc ngoi: Trng i hc a phng tin Malaysia (Malaysia Multimedia University -MMU), Trung tm nghin cu Sinh trc hc v Sinh Tin hc (Center of Biometrics and Bioinformatics CBB) Khoa Khoa hc v Cng ngh thng tin (Faculty of Information Science and Technology - FIST) Malaysia Multimedia University (MMU), Jalan Ayer Keroh Lama, 75450 Melaka Malaysia http:///www.mmu.edu.my 6. Thi gian thc hin ti: T 6/2006 n 6/2008 7. Tng kinh ph thc hin ti: 800.000.000 VN Tng kinh ph cp 2006: 450.000.000 VN Tng kinh ph cp 2007: 350.000.000 VN ti nhn c cp kinh ph n 2008.

II. TNH CP THIT CA TI

Nhng nm cui ca th k XX v u th k XXI chng kin s ln mnh vt bc ca mng Internet c v quy m v cht lng. Internet c ng dng rng ri trn ton th gii mi ngnh ngh, lnh vc kinh t, x hi v an ninh. Tnh ph bin rng ri khin Internet v ang l nn tng c s cho cc giao dch thng mi ton cu v cc ng dng ca giao dch in t to thnh mt hnh thc x hi o vi cc c trng ring bit. c trng ca Internet l tnh o v tnh t do trnh b iu chnh bi lut php, mi ngi u c th tham gia v t li du vt c nhn ca mnh. Vic xc thc mi c nhn qua mng thng thng ch s dng password l kh khn, nn nguy c xy ra gi mo nh danh, b la o trc tuyn l rt cao. y l va l im mnh v cng l im yu ca giao dch in t qua mng Internet. Trong iu kin cng ngh thng tin v truyn thng pht trin vn bo mt an ton thng tin v an ninh mng l mt trong nhng vn thi s cp bch ang c nhiu quc gia quan tm v c phng din php l ,v c phng din k thut v cng ngh. Trong nhng nm gn y cc ti phm cng ngh cao ngy cng gia tng, vn nghin cu cc gii php nhm m bo an ton thng tin, bo mt d liu trong cc giao dch in t qua mi trng mng cng tr nn cp thit. Mc d c nhiu gii php c nghin cu v pht trin, nhiu sn phm cng ngh c nghin cu v ng dng, tuy nhin vn ny vn lun l vn thi s v thch thc. Gii php an ninh da trn cc du hiu sinh trc hc l mt trong cc hng nghin cu mi ang c th gii quan tm pht trin v p dng.

III. MC TIU V YU CU CA TI NHIM V NGH NH TH

Nghin cu h thng an ninh thng tin (BioPKI Based Information Security System) da trn s kt hp cc c trng sinh trc hc con ngi vi h tng c s bo mt kha cng khai PKI l hng nghin cu mi cho php mang li nhng u im hn cc h thng PKI hin c v an ton bo mt, v tnh xc thc thm nh ch th con ngi trong cc giao dch in t qua mng my tnh. Mc tiu ca ti nhim v theo ngh nh th hp tc vi Malaysia theo nh hng nghin cu vn ny.

III.1. Mc tiu ca nhim v ti

Nghin cu xut phng n kt hp cc c trng ca vn tay vi m bo mt kha cng khai PKI to kha m sinh trc, mt gii php cho h BioPKI. Xy dng th nghim h tng c s h thng an ninh thng tin da BioPKI (protoptype). Thit k v xy dng th nghim phn mm h thng BioPKI da trn m sinh trc hc nhm hng ti cc ng dng trong thm nh xc thc sinh trc hc v kim sot truy cp dng trong cc lnh vc an ninh, thng mi in t, ngn hng, giao dch in t, chnh ph in t. Kt hp nghin cu ca 2 pha Vit Nam v Malaysia, th nghim pht trin ng dng h thng BioPKI. 6

III.2. Tm tt cc yu cu sn phm ca ti ng k trong thuyt minh nhim v (kt qu dng II v III)

Tn sn phm: H thng an ninh thng tin da trn m sinh trc hc Bio-PKI (gi tt l H thng an ninh thng tin Bio-PKI) Cc sn phm kt qu bao gm: - Kt qu gii php tch hp c trng vn tay vi m bo mt trong h PKI thnh h BioPKI. - Kt qu th nghim Prototype v h tng h thng BioPKI thm nh xc thc vn tay trong h BioPKI. - Kt qu phn mm my tnh cho h thng BioPKI, h sinh trc bao gm: phn mm ng k, m ha kha sinh trc vn tay BioPKI v phn mm thm nh xc thc vn tay. - Cc bo co: Bo co phn tch thit k h thng v hng ng dng trong thm nh xc thc vn tay trong cc giao dch in t, kim sot truy nhp; Cc bo co nh k v bo co tng hp ti.

IV. NI DUNG NGHIN CU

IV.1. Nghin cu tng quan
Ni dung phn ny c trnh by trong 3 chng ca bo co tng hp bao gm cc nghin cu tng quan, tng hp cc ti liu nghin cu t cc bi bo v ti liu trn th gii nhng nm gn y v cc lnh vc lin quan n mc tiu nhim v ti. - Kho st v giao dch in t, cc yu cu an ninh thng tin trong giao dch in t qua mng. o Kho st v thng mi in t, giao dch in t trn th gii o Tnh hnh pht trin cc giao dch in t Vit Nam v c s php l o Nhu cu v an ton bo mt thng tin trong giao dch in t o Khi qut v cc gii php cng ngh bo mt an ton thng tin v an ninh mng - Sinh trc hc v h thng an ninh bo mt thng tin da trn sinh trc hc o Tng quan v sinh trc hc v h thng sinh trc hc (Biometric System) o nh gi hiu nng v cht lng hot ng ca h sinh trc hc o H thng an ninh bo mt da trn trc hc (Biometric based Security System) C s h tng kha cng khai PKI v vn an ton trong h thng PKI o H mt m kha cng khai o C s h tng kha cng khai (Public Key Infrastructure) o Cc giao dch in t trong h tng kha cng khai v vn an ton thng tin

IV.2. Xy dng m hnh gii php

Nghin cu phn tch cc hng tip cn BioPKI kt hp xc thc sinh trc vi c s h tng kha cng khai PKI v xy dng m hnh gii php h thng BioPKI, ni dung chi tit phn ny c trnh by trong chng 4 ca bo co tng hp, bao gm cc phn sau: Nghin cu phn tch cc hng tip cn h thng BioPKI theo cc ti liu nghin cu Gii php 1: i snh c trng sinh trc thay mt khu xc thc ch th Gii php 2: kt hp k thut nhn dng sinh trc vi k thut mt m, m ha bo mt kha c nhn Gii php 3: dng sinh trc hc sinh kha c nhn. xut m hnh tch hp h sinh trc vn tay kt hp gii php 1 v gii php 2 vo h tng kha cng khai PKI thnh h BK-BioPKI. xut gii php cng ngh xy dng h thng BK-BioPKI ca ti trn c s xy dng h li PKI dng OpenSSL kt hp vi phn mm h thng thm nh xc thc sinh trc vn tay sng trc tuyn dng thit b qut thng dng, gi thnh thp, d kh thi, dng ngn ng C++ kt hp vi Matlab.

IV.3. Phn tch thit k h thng BioPKI v xy dng phn mm c s h thng BioPKI
Phn phn tch thit k xy dng h thng BK-BioPKI c trnh by chi tit trong cc chng 5, 6, 7 ca Bo co tng hp, gm cc ni dung chnh di y: Phn tch thit k v xy dng phn mm h xc thc sinh trc vn tay trong h BKBioPKI: o Phn tch thit k v xy dng phn mm phn h sinh trc 1 (theo gii php 1): H thm nh c trng vn tay sng trc tuyn trong h thng BK-BioPKI o Phn tch thit k v xy dng phn mm phn h sinh trc 2 (theo gii php 2): H sinh kha sinh trc, m ha bo mt kha c nhn trong h BK-BioPKI. Phn tch thit k xy dng h thng h tng kha cng khai PKI trn mi trng OpenSSL v cc giao dch c s trong h thng BK-BioPKI: o Phn tch thit k cc thnh phn chc nng ca h thng BK-BioPKI o Thit k xy dng v lp trnh phn mm c s cc chc nng hot ng h thng BK-BioPKI. Thit k cc tnh hung giao dch v xy dng cc giao thc trong cc giao dch o Thit k v lp trnh ci t cc thnh phn chnh phn mm c s v cc giao thc, giao dch c s ca h thng BK-BioPKI, bao gm: Thit lp h thng CA, RA, khi ng hot ng, Qun l chng ch (CA): cp mi, gia hn, thu hi chng ch ng k ngi dng (user)

o Thit k xy dng v lp trnh phn mm ti my ngi dng trong h thng BK-BioPKI bao gm cc chc nng ch yu sau: Thit lp RA ng nhp, ng xut chng trnh Xin cp chng ch Xin gia hn chng ch Xin thu hi chng ch S dng chng ch trong cc giao dch (ch k s, bo mt thng ip) Qun l ngi dng: ng k, sa i, xa b ngi dng. Thit k tch hp ton b h thng an ninh thng tin BK-BioPKI v th nghim o Xy dng h thng theo m hnh xut gm 2 phn h sinh trc vn tay tch hp vo c s h tng PKI thnh h BK-BioPKI trong hot ng sau: Phn h sinh trc 1, i snh c trng sinh trc thay mt khu xc thc ch th c tch hp vo hot ng ng nhp ca h BK-BioPKI Phn h sinh trc 2, sinh kha sinh trc hp mt m bo v kha c nhn c tch hp vo trong cc giao dch xin cp chng ch v s dng chng ch trong h BK-BioPKI o Thit k ci t tch hp phn mm phn h sinh trc 1 o Thit k ci t tch hp phn mm phn h sinh trc 2 trong h thng BKBioPKI.

IV.4. Xy dng kch bn v th nghim ng dng h BK-BioPKI trong mi trng mng PTN
Ni dung phn ny c trnh by chi tit trong chng 8 ca Bo co tng hp - Xy dng th nghim lp trnh ng dng ch k s trong h thng BK-BioPKI - Xy dng kch bn th nghim v lp trnh ng dng m ha thng ip - Xy dng kch bn th nghim v lp trnh ng dng kim sot bo mt truy cp t xa

V. CCH TIP CN V TRIN KHAI THC HIN TI

V.1. Cc tip cn v phng php nghin cu
Cn c vo yu cu nhim v thc hin qu trnh nghin cu, chng ti thc hin phng php tip cn t vn tng th n phn tch c th, tip cn t ngoi vo trong h thng, th hin nh sau: - T nghin cu kho st v nghin cu tng hp l thuyt n xy dng phng n - T nghin cu xy dng m hnh gii php v phng din l thuyt n gii php cng ngh thc thi - T phn tch thit k ton b h thng n thc hin xy dng v lp trnh ci t h thng h thng li PKI trn c s s dng b phn mm th vin OpenSSL. 9

T nghin cu th nghim cc thut ton sinh trc, xy dng phn mm h thng sinh trc vn tay n nghin cu thit k tch hp phn mm sinh trc vo PKI thnh h thng BioPKI. T kch bn n xy dng cc ng dng th nghim h BioPKI trong phng th nghim

H thng BioPKI ca ti c trin khai xy dng h thng theo cc phin bn n gin n phc tp, theo tin qua 4 giai on t phin bn BioPKI Ver.1 n BioPKI Ver.4 vi cc chc nng c pht trin tch hp dn dn t n gin n phc tp hn.

V.2. Tm tt qu trnh thc hin ti nhim v tin ng k trong thuyt minh

Giai on 1: t thng 6 n thng 12-2006: Phin bn h thng BioPKI Ver.1 o Nghin cu v th nghim cc thut ton: Thu nhn vn tay, trch chn c trng, sinh kha sinh trc v thm nh xc thc vn tay o Nghin cu cc hng tip cn h thng BioPKI o Xy dng phng n v mi trng phn mm h thng BioPKI da trn b th vin m OpenSSL v ngn ng C++ Giai on 2: t thng 1-2007 n 6-2007: Phin bn h thng BK-BioPKI Ver.2 o Phn tch thit k cc m un c s h tng h thng PKI: CA, RA User o Tip tc nghin cu v th nghim cc thut ton sinh trc hc vn tay o Xy dng v thit k phn mm phn h sinh trc hc (Biometric) bao gm: K m sinh trc v thm nh vn tay trong h thng BK-BioPKI Giai on 3 v 4: t 7/2007 n 6/2008 Phin bn h thng BK-BioPKI Ver. 3.1 v phin bn Ver.4 kt hp h thng v th nghim ng dng o Phn tch thit k pht trin v lp trnh ton b Protoptye c s h tng h thng BK-BioPKI trong mi trng mng PTN o Phn tch thit k pht trin phn h sinh trc Biometric vi 2 mun v th nghim vo ng dng h thng Ver.4 o Phn tch thit k tch hp phn h sinh trc vo ton b h thng BK-BioPKI phin bn Ver.4 o Xy dng m hnh kch bn v th nghim 3 ng dng trong h BK-BioPKI Ver.4

VI. TNG HP CC KT QU T C
VI.1. Kt qu v gii php tch hp c trng vn tay vi m bo mt trong h PKI thnh h thng BioPKI.
ti xut m hnh gii php tch hp c trng vn tay vi h tng kha cng khai thnh h thng BioPKI. 10

CA for Public Keys Client

Biometrics Devices Extraction Biometric key Storage -Biometric Verification

Server

Computer Network

CSDL CA CSDL BioInfor

CA for Biometrics Information

Hnh 1. Khung lm vic ca h thng BioPKI trong mi trng mng

Hnh 2. M hnh mc khung cnh h thng an ninh thng tin da trn sinh trc hc BioPKI

M hnh h thng BioPKI bao gm cc thnh phn h thng sau: H thng li h tng kha cng khai PKI: H thng li PKI c xy dng theo m hnh kin trc CA vi y cc thnh phn chc nng c bn ca h PKI bao gm: - CA (Certificate Authority): B phn thm quyn pht hnh cc chng ch v chng thc cc chng ch - RA (Registration Authority): B phn thm quyn ng k chng ch, - Certificate Holder- User: ngi s dng trong h thng PKI, ch th chng ch, - Digital Certificate Distribution System: H thng phn phi chng ch s, kho cha 11

H thng li PKI c thit k v lp trnh trn mi trng b th vin m ngun m OpenSSL, theo chun X509. Trong m hnh h BioPKI hin nay RA c vai tr qun l ngui dng, lu tr kha c nhn c bo mt bng sinh trc vn tay. Ton b cc giao thc v cc giao dch c s gia RA v CA c thit k v ci t lm c s tch hp h sinh trc to vo my ngi s dng (users) H thng thm nh xc thc sinh trc vn tay (Fingerprint Biometric System) Dng sinh trc vn tay sng c ly trc tuyn t thit b scanner. Hot ng ca h thng sinh trc gm 2 pha chc nng: + Pha ng k sinh trc (Enrollment): - ng k ngi dng - Ly du vn tay sng trc tuyn t thit b qut thng dng - X l nh trch chn c trng - M ha c trng - Lu tr m c trng + Pha thm nh xc thc (Verification - Authentication): - Ly du vn tay sng trc tuyn t thit b qut - X l nh trch chn c trng - i snh thm nh trc tuyn (online) xc thc vn tay ca ch th ngi dng M hnh BioPKI: xut m hnh gii php tch hp thm nh sinh trc vn tay sng trc tuyn vo h li h tng kha cng khai (gi tn l BK-BioPKI), bao gm 2 phn h sinh trc sau: - Phn h thm nh xc thc trc tuyn vn tay ngi dng c tch hp vo qu trnh ng nhp h thng BioPKI thay password, cc du c trng vn tay c m ha v lu tr ti my user (c gi l Phn h sinh trc 1) - Phn h sinh trc vn tay kt hp vi qu trnh mt m v s dng chng ch s trong h BioPKI, sinh kha sinh trc m ha bo mt kha c nhn ca ngi dng trong h thng (c gi l Phn h sinh trc 2). Phn mm phn h sinh trc 2 c tch hp vo h BioPKI ti my user, c qun l bi RA v xc thc bi CA (chi tit ca m hnh tch hp s c trnh by trong chng 5 v chng 7 bo co tng hp)

VI.2. Kt qu thit k v xy dng th nghim h thng BioPKI (Prototype) kt hp thm nh xc thc vn tay sng, trc tuyn.
VI.2.1. Gii php cng ngh thit k v trin khai h thng BK-BioPKI
Theo m hnh trnh by trn, gii php v cng ngh, mi trng phn mm thit k v trin khai h thng bao gm: - Cu hnh mng cc b cho h thng BK-BioPKI trong giai on ny bao gm mt my Server v cc my Client (users) kt ni hot ng trong mi trng mng tc nghip ti phng th nghim khoa CNTT HBK HN. Tt c cc my trong phng th nghim c ci t mi

12

trng lp trnh Windows XP SP1, b cng c lp trnh Microsoft visual studio 2003, h qun tr c s d liu MySQL. - H thng li PKI vi kin trc CA n c xy dng trn c s b th vin m OpenSSL - nh vn tay sng c ly trc tuyn qua thit b qut vn tay vi cc thng s k thut sau: Scaner Futronic model 9880, Futronic's FS82 USB 2.0 Fingerprint scanner with scanning window size is 16x24mm; Image resolution is 480x320 pixel, 500 DPI; Raw fingerprint image file size is 150K byte; with Live Finger Detection (LFD). u ra thit b qut Futronic's FS82 USB 2.0 ch cung cp nh vn tay theo nh dng file *.bmp, khng c phn mm x l nh km theo b qut. - B phn mm x l nh vn tay v phn mm h thng sinh trc gm cc thut ton c thit k v ci t bng ngn ng C++ vi Windows 2003 v Matlab.

VI.2.2. Phn tch thit k ton b h thng BK-BioPKI (prototype)

Qu trnh phn tch thit v xy dng h thng BK-BioPKI bao gm cc ni dung: Thit k xy dng h thng li PKI; Thit k xy dng phn mm h sinh trc vn tay dng thit b qut Futronic's FS82 USB 2.0 Fingerprint scanner; Thit k xy dng v ci t lp trnh h thng tch hp BK-BioPKI theo m hnh tch hp xut. H thng BK-BioPKI bao gm mt c s h tng kha cng khai PKI vi CA n, c cc chc nng PKI c bn: to yu cu xin cp chng ch, cp pht chng ch, qun l vic gia hn chng ch v hy b chng ch v tch hp cc chc nng ca phn h sinh trc hc. Phn di y s trnh by mt s s chnh ca h thng BK-BioPKI ( trnh by chi tit trong bo co tng hp cc chng 5, 6, 7 trong bo co tng hp). o Biu phn cp chc nng h thng BK-BioPKI phn CA (Hnh 3). o Biu phn cp chc nng h thng BK-BioPKI phn RA-Client Hnh 4). o Biu cc tnh hung s dng cc giao dch c s trong h thng BK-BioPKI (Hnh 5). o S m hnh tch hp thm nh xc thc sinh trc vn tay (Phn h sinh trc 1) vo qu trnh ng nhp v thm nh ngi dng user (Hnh 6). o S m hnh tch hp thm nh xc thc sinh trc vn tay trc tuyn kt hp vi mt m trong qu trnh xin cp chng ch, s dng chng ch trong h BK-BioPKI (Hnh 7).

13

Hnh 3. Biu phn r chc nng ca h thng BK BioPKI (b phn CA)

Chc nng ca RA-Client

Thit lp RA

ng nhp

Xin cp chng ch

Qun l chng ch

S dng chng ch

Qun l ngi dng

To chng ch RA

ng nhp

To yu cu cp chng ch

Gia hn chng ch

ng k

Ly chng ch RA, CA

ng xut

Gi yu cu cp chng ch

Hy b chng ch

Xa ngi dng

Thit lp knh SSL

Ly chng ch

Hnh 4. Biu phn cp cc chc nng RA-Client

14

User authentication Guest Register

Certificate Request Request Certificate User User Management

CA Admin

User

Login

<<include>> <<include>> Send Request RA Admin

Modify profile

Logout

Create Request

Delete user

RA Admin Setup

SetupCA CA Admin

SetupRA

RA Admin

Certificate Management Manage Certificate CA Admin <<extend>> Issue Certificate <<extend>> Extend Certificate <<extend>>

<<layer>> BK - BioPKI Applications Digital Signature <<extend>> User Remote Authentication Get Certificate Secure Message Sign <<extend>> Verify Signature

Revoke Certificate

User

Hnh 5. Cc tnh hung s dng giao dch trong h thng BK-BioPKI

Trong biu ny, cc chc nng ca h thng gn lin vi cc tc nhn bao gm: ngi qun tr CA (CA Amin), ngi qun tr RA (RA Admin) v cc ngi s dng (Users) ca h thng.

M ha i xng Password c trng vn tay ng k CSDL User ng nhp ... Minutiae

Trch chn c trng

i snh

Gii m

KT QU Password

Hnh 6. Tch hp phn h sinh trc 1 thm nh ng nhp ngi dng trong h thng

15

M ha i xng Private key Xin cp Tp kha chng ch sinh trc (BEK) S dng chng ch Tht bi T CHI i snh Thnh cng Gii m

Sinh kha sinh trc Vn tay

CSDL

Private key

Hnh 7. M hnh tch hp phn h sinh trc 2 sinh kha bo v kha c nhn trong h thng.

VI.3. Kt qu phn mm my tnh cho h thng BioPKI

ti xy dng v ci t ton b phn mm cho h thng BK-BioPKI bao gm cc b phn mm sau: B phn mm c s h li PKI m bo c cc chc nng c bn ca mt c s h tng kha cng khai PKI vi CA n: to yu cu xin cp chng ch, cp pht chng ch, qun l, gia hn chng ch v hy b chng ch. B phn mm h thm nh xc thc vn tay sng, trc tuyn gm cc chc nng ch yu: + Phn mm ng k sinh trc hc vn tay BioPKI + Phn mm m ha + Phn mm xc thc thm nh vn tay BioPKI

B phn mm sinh trc trong h thng BioPKI c xy dng thnh 2 phn h thng sinh trc tng ng vi m hnh kt hp 2 phn h sinh trc vo cc hot ng trong h BioPKI.

16

B phn mm tch hp h thng an ninh sinh trc hc Bio-PKI: Thc hin tch hp h thm nh xc thc vn tay vo hot ng cc giao dch ng nhp, xin cp chng ch v s dng chng ch trong h thng. Cc hnh v di y trnh by 2 s din tin lp trnh trong s nhiu s s din tin c thit k v thc hin cc bc trong cc giao dch hot ng trong h thng BioPKI. Chng trnh th nghim sinh trc lng bn tay: Ci t thut ton trch chn c trng, thm nh xc thc sinh trc lng bn tay v th nghim vi CSDL nh lng bn tay (xem chi tit phn ph lc Bo co tng hp.

BEKs generation

Application

Matching

Database Access

: User 1 : select certificate() 2 : send serial number 3 : get the BEKs hash code()

4 : send BEKs hash code 5 : scan fingerprint() 6 : send BEKs 7 : hash BEKs() 8 : Match BEKs hash code() 9 : send the matched BEK hash code 10 : query the encrypted private key() 11 : send the encrypted private key

12 : decrypt the encrypted private key() 13 : send private key

Hnh 8. S din tin kch bn s dng chng ch trong BioPKI

17

Login user object

Fingerprint Identication

Database Access

: User 1 : Enter user password() 2 : hash the password() 3 : Send user, hash of password 4 : Query use, hash of password() <<create>> 5 : Send result 6 : Init() 7 : query fingerprint() 8 : Scan fingerprint() 9 : Creat minutiae() 10 : Send minutiae 11 : Get minutiae() 12 : Query encrypted minutiae() 13 : Send encrypted minutiae 14 : Decrypt minutiae()

15 : Matching minutiae() 16 : Send result()

Hnh 9. S din tin kch bn ng nhp ngi dung trong BioPKI.

VI.4. Phn mm th nghim ng dng

ti xy dng th nghim 3 kch bn ng dng an ton bo mt thng tin trong mi trng h thng BK-BioPKI (trnh by chi tit trong chng 7 v chng 8 ca bo co tng hp), gm c: - Xc thc ch k s - K v m ha bo mt thng ip - Kim sot bo v truy cp vo CSDL trn mng Cc kch bn ny c thit k chi tit, c lp trnh ci t v th nghim trong mi trng mng ca h thng BK-BioPKI ti PTN.

18

VI.5. Cc kt qu thc nghim trong phng th nghim

VI.5.1. M t kch bn th nghim
Hin nay ton b h thng tch hp BK-BioPKI c xy dng trong mi trng mng trong PTN theo cu hnh trnh by trn. Ti cc my ngi s dng, dng thit qut vn tay Futronic's FS82 USB 2.0 Fingerprint ly vn tay sng trc tuyn dng cho 2 pha ca h thng: pha ng k v pha thm nh xc thc lin quan n chng ch. Qu trnh th nghim h thng bao gm 2 ni dung ch yu: Th nghim cc hot ng giao dich trong h thng BK-BioPKI thng qua cc ng dng v th nghim nh gi thng k thc nghim cc cht lng h thng thng qua cc o FRR (False Rejection Rate) v FAR (False Acceptance Rate) Tnh ton thc nghim cc thng s nh gi h thng (%): FRR = FAR =
So truong hop loai bo sai Tong so truong hop

So truong hop chap nhan sai Tong so truong hop

a.

Th nghim cc giao dch c s trong h BK-BioPKI v nh gi mc trn ca cc hot ng giao dch trong h thng: Thc hin cc qu trnh ci t CA v RA (5 ln) kim tra mc li trong chng trnh. ng k ngi s dng (10 ngi), kim tra cc li pht sinh trong qu trnh t lc ng k ngi dng vo h thng n khi ly c chng ch. Thng k cc li nu xy ra trong qu trnh thc hin giao dch

b. Th nghim cc ng dng v nh gi thc nghim thng s cht lng thm nh xc thc sinh trc vn tay trong hot ng h BK-BioPKI Trong mi hot ng h sinh trc bao gm 2 pha: ng k v thm nh xc thc sinh trc. Theo m hnh gii php h BK-BioPKI trnh by trn, h sinh trc bao gm 2 phn h kt hp: phn h thm nh sinh trc ng nhp u vo v phn h thm nh sinh trc gii m ly kha c nhn (private key) thc hin cc giao dch: ng dng ch k s hoc ng dng bo mt thng ip o Th nghim thm nh sinh trc trong hot ng ng nhp vo h thng: Thc hin ly mu ca 10 ngi s dng nh gi FAR: vi mi ngi dng, th nghim vi 10 mu vn tay khng dng ng k nh gi FRR: dng vn tay ng k th nghim 10 ln v o s trng hp sai 19

o Th nghim thm nh xc thc sinh trc vn tay ngi dng truy xut kha c nhn trong ng dng ch k s: Ly chng ch ca 5 ngi s dng nh gi FAR: vi mi ngi dng, th nghim vi 10 mu vn tay khng dng ng k nh gi FRR: dng vn tay ng k th nghim 10 ln v o s trng hp sai

VI.5.2. Kt qu thc nghim

5.2.1 Kt qu thc nghim nh gi qu trnh thm nh sinh trc trong hot ng ng nhp (login) S ln thc hin S t chi sai/ S chp nhn sai 100 29 100 27 T l FRR(%) 29 27 T l FAR (%)

Bng 1: Kt qu thc nghim T l FRR v FAR khi ng nhp

5.2.2 Kt qu thc nghim nh gi qu trnh thm nh sinh trc truy xut ly

kha c nhn dung trong hot ng ch k s

S ln thc hin S t chi sai/ S chp nhn sai 50 23 50 7 T l FRR(%) 46 14 T l FAR (%)

Bng 2: Kt qu thc nghim T l FRR v FAR khi xc thc kha sinh trc vn tay song trc tuyn gii m truy xut kha c nhn trong hot ng k ch k s

5.2.3. Kt qu th nghim trn trong hot ng ca h thng v tnh thc nghim t l cc li pht sinh
Kt qu cho thy hu ht cc giao dch ca h thng (t ci t CA, RA, ng nhp, .) khng xy ra li, hot ng trn tru c bit l cc kt ni gia CA-RA (cc giao dch v chng ch) v gia cc RA vi nhau (ch k s) S ln ci t 5 S ln li 5
Bng 3 . Kt qu nh gi qu trnh ci CA

T l (%) 0

S ln ci t 5

S ln li 5

T l (%) 0

Bng 4. Kt qu nh gi qu trnh ci RA

20

Tuy nhin trong qu trnh thc hin cho thy c mt li xy ra trong qu trnh ng k vn tay khi to yu cu (request) gi ln CA. y l li qu trnh ng k sinh trc (enrollment) vn tay ngi dng vo yu cu v l li lin quan n thut ton sinh trc. Li ny hon ton c th khc phc c thng qua vic ci thin thut ton trch chn c trng v chng trnh x l sinh trc S ln thc hin 10 S ln li 2 T l (%) 20

Bng 5. T l li vi qu trnh ng k sinh trc (enrollment)

5.2.4 nh gi kt qu thc nghim

Qua cc kt qu th nghim trong phng th nghim v h thng BK-BioPKI c th cho thy h thng nn tng li PKI c thc hin tt, hot ng kh hon thin, cc giao dch t ci t, cp chng ch, xc thc chng ch, nhn chung hot ng n nh v khng c li. Cc chc nng ca mt h thng BioPKI c thc hin tng i hon chnh v m bo cc hot ng xc thc sinh trc vn tay sng trong h thng BK-BioPKI cc mc khc nhau. iu chng t m hnh gii php h thng BioPKI v qu trnh phn tch thit k h thng t kt qu tt. Hot ng ton b h thng BK-BioPKI c kim nghim qua cc thc nghim vi cc sinh trc vn tay sng trc tuyn v t bc u kh quan. Tuy nhin, v nh gi cc tham s hiu nng h thng vn cn c li qu trnh sinh trc, th hin t l li do x l cha ht cc trng hp ngoi l. Thc nghim vi vn tay sng cho thy t l li FRR v FAR trong c 2 qu trnh hot ng xc thc sinh trc t l li vn cn tng i cao. chnh l vn cn tip tc ci tin v h thm nh xc thc sinh trc Trong iu kin cu hnh h thng trong mi trng phng th nghim, thi gian thc hin thut ton cn ln (khong gn 40s). Hiu nng v thi gian x l sinh trc cn chm th hin ch yu do phn tch hp cc thut ton sinh trc (vit bng Matlab) vo h PKI ch mc m hnh tch hp.

VI.6. Kt qu hp tc vi Malaysia
VI.6.1. c im qu trnh hp tc
V tin thi gian bt u thc hin nhim v ngh nh th ca 2 pha Malaysia v Vit Nam c s chnh lch: Nhim v ca pha Malaysia thc hin t 2005, nhim v ca pha Vit nam c chnh thc bt u 6-2006, MMU thc hin trc mt nm so vi nhim v ca pha Vit Nam. Khi nhim v pha Vit Nam chnh thc bt u th pha Malaysia ang l giai on cui ca nhim v ti pha Malaysia xut trong nhim v hp tc Ngh nh th v pha Malaysia kt thc ti ny 2006.

21

Pha bn tip tc nghin cu v lnh vc ny v t 6-2007 pha Malaysia c kinh ph thc hin ti khc (theo ti liu bn cung cp, thi gian l t 15/6/2007 n 30/5/2008), bi vy n 5/2007 pha bn mi xc tin tip tc cc hot ng trao i hp tc qua mail. Ch nhim ti pha Malaysia c thay i, hin nay l ng Dr. Ong Thian Song, Gim c iu hnh trung tm nghin cu CBB v pha Malaysia tip tc nhit tnh trong hp tc thc hin nhim v NT vi Vit Nam Pha bn cha thc hin c on ra sang Vit Nam nh d kin v l do pha bn cha thu xp c kinh ph.

VI.6.2. Cc hot ng hp tc phi hp nghin cu

Pha MMU t chc Hi tho trao i phi hp nghin cu 2 bn ti Malaysia trong thi gian 20-21/9/2007 xc tin tng cng hp tc, gp g trao i c th v phi hp cc cng vic nghin cu ca c hai bn MMU-HUT Joint Seminar, 20th - 21th September 2007 CBB-FIST, Multimedia University (Melaka Campus), Malaysia Pha i hc Bch khoa H ni tham gia trnh by 3 bo co trao i nghin cu ti hi tho ny, bao gm: o H.Lan Nguyen, BioPKI based information security system using fingerprint biometric authentication o Q.Trung HA, Using online fingerprint authentication to protect private key for digital signature. o H.Lan Nguyen and Q.Trung Ha, BioMetric verification based remote authentication Thng 12/2007 v thng 5/2008: Theo k hoch duyt, pha VN c 2 on cng tc sang Malaysia lm vic phi hp nghin cu v h thng thm nh sinh trc (chi tit nu trong bo co phn ph lc) Kt qu nghin cu phi hp l trao i v phng n, xy dng m hnh v trao i cc thut ton, hin cha c s trao i kt hp phn mm c th no trong h BK-BioPKI hin nay. thc hin c trao i phn mm hoc tch hp kt qu 2 bn, theo ngh ca pha trng MMU cn chun b k bn cam kt (MMA) gia MMU v HUT (HBK HN). Hin nay cho n thng 12-2008, hai bn trao i bn tho v i iu kin k. Cho n nay, pha MMU cha c on sang HBK HN v l do kinh ph v thi gian. Hai bn MMU v HUT nht tip tc pht trin Hp tc vi Malaysia trong thi gian ti trong khun kh ti KC0111 tip tc nghin cu pht trin h thng BioPKI trong giai on tip t 2008-2009.

22

VI.7. Kt qu o to
VI.7.1. o to thc s
Theo hng ca ti cho n nay c 6 lun vn Thc s bo v tt nghip: 1. Trn Tun Vinh Kha 2003-2005 bo v 2006 Tn lun vn: "Nghin cu gii php an ninh thng tin da trn hng tip cn sinh trc hc kt hp m cng khai PKI vi c im sinh trc vn tay" 2. Nguyn Anh Ti Kha 2004-2006 bo v 2006 Tn lun vn: "Nghin cu phng php thm nh xc thc sinh trc ch k vit tay ng dng trong giao dch in t" 3. V Thanh Thng Kha 2005-2007 bo v 12- 2007 Tn lun vn: "Nghin cu thut ton m ha bo mt nng cao AES v xy dng ng dng thut ton da trn cng ngh nhng" 4. L Quang Tng Kha 2006-2008 bo v 11- 2008 Tn lun vn: "Xy dng gii php ng dng xc thc sinh trc hc trong c s h tng kha cng khai da trn h thng OpenCA" 5. L Trn V Anh Kha 2006-2008 bo v 11- 2008 Tn lun vn: "Nghin cu gii php ng dng h tng kha cng khai PKI trong h thng thanh ton in t lin ngn hng" 6. H Tin Dng Kha 2006-2008 bo v 11- 2008 Tn lun vn: "H mt kha cng khai v ch k s"

VI.7.2. o to bc i hc
Nhiu n k s tt nghip ngnh CNTT- HBK HN thc hin theo hng ti: Mt s lng ng o khong 20 n tt nghip ca sinh vin cc kha (K46, K47, K48) c trong danh sch tham gia ti bo v tt nghip K s CNTT HBK HN, tt c u t kt qu kh hoc gii.

VI.8. Cc bi bo khoa hc
[1] Thi Hong Lan NGUYEN, Thi Thu Hang NGUYEN An Approach to Protect Private Key using Fingerprint Biometric Encryption Key in BioPKI based Security System, trnh by v ng trong k yu Hi ngh quc t: IEEE-10th International Conference on Control, Automation, Robotics and Vision (ICARCV 2008), December 17-20, 2008 Hanoi-Vietnam, ISBN-1-4244-2287-6 Library of Congress: 2008902134, 2008 IEEE. [2] Nguyn Th Hong Lan, Bi Thnh t, L Tin Dng, Xy dng h thng an ninh thng tin da trn sinh trc vn tay v h tng kha cng khai BioPKI, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn thng ICT.rda 2008, H Ni 8- 9/8/2008. [3] Nguyn Th Hong Lan, Trn Hi Anh, Mt gii php thm nh vn tay trc tuyn trong h thng BK-BioPKI v ng dng kim sot truy cp t xa, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn thng ICT.rda 2008, H Ni 8- 9/8/2008. 23

[4]. Nguyn Th Hong Lan, Hong Trn c, V mt ng dng m ha bo mt thng ip trong h thng BK-BioPKI, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn thng ICT.rda 2008, H Ni 89/8/2008. [5]. H Quc Trung, Nguyn Trung Dng, Trao i thng tin an ton v bo mt trn h tng SMS, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn thng ICT.rda 2008, H Ni 8- 9/8/2008. [6]. Nguyn Linh Giang, V Ngc H, Mt gii php kt hp chng ch sinh trc vo h thng PKI, Trnh by ti Hi tho Quc gia ln th t v Nghin cu pht trin v ng dng Cng ngh thng tin v Truyn thng ICT.rda2008, H Ni 8- 9/8/2008.

VII. KT LUN V HNG PHT TRIN

VII.1. Nhn xt nh gi chung
ti hon thnh nhim v ra m bo v s lng v cht lng ng k v cc sn phm KHCN. Ton b h thng c th nghim t kt qu trong mi trng mng phng th nghim ( trnh by chi tit trong phn VI trn). ti pht trin thm cc ni dung di y so vi ni dung ng k v cc phn mm my tnh: o V phn mm tch hp sinh trc trong h thng: h thng BK-BioPKI xy dng bao gm 2 phn h sinh trc kt hp 2 gii php trong h BioPKI o V phn mm th nghim ng dng: hin nay xy dng th nghim 3 kch bn ng dng an ton bo mt thng tin trong mi trng h thng BK-BioPKI gm: Xc thc ch k s; K v m ha bo mt thng ip; Kch bn th nghim kim sot bo v truy nhp CSDL trn mng. o V sinh trc lng bn tay: xy dng th nghim chng trnh trch chn c trng v thm nh sinh trc lng bn tay Tnh mi, tnh sng to ca ti: hng nghin cu BioPKI l vn ang c quan tm trn th gii, cc ti liu v h thng an ninh thng tin da trn sinh trc hc hin cha nhiu v thng ng kn do yu cu bo mt. Kt qu ca ti ng gp tnh mi trn m hnh gii php tch hp h thng BioPKI thm nh xc thc sinh trc vn tay sng. l h thng mi, n hin nay da trn cc thng tin cng b y l nhng kt qu u c trin khai nghin cu Vit Nam v lnh vc ny.

VII.2. Tin thc hin

tng cng c hiu qu trong hp tc vi Malaysia v ti c iu kin th nghim v hon thnh tt nhim v theo ngh nh th, ti lm vn bn ngh xin php c iu chnh gia hn thi gian thc hin ti n 6/2008 trong iu kin ton b kinh ph c duyt, khng b sung thm kinh ph. Nhim v ti c php ca B KHCN, theo c cng vn s 3397/BKHCNXHTN, k ngy 27/12/2007 cho php gia hn thi gian thc hin nhim v ti n 24

6/2008, nh vy ti c iu kin thi gian y 24 thng thc hin nh d kin ban u. ti hon thnh cc cng vic nghin cu theo ng k hoch c php n 62008. Kt qu nghin cu ca ti c trnh by trong Hi tho m rng bo co kt qu nghin cu c t chc v thng bo trn mng vo 20-6-2008.

VII.3. Hng pht trin

Kt qu ti t cc kt qu kh quan trng bc u phng th nghim m ra mt trin vng nghin cu pht trin mi c ngha ng dng thc t Kt qu ca ti nhim v ngh th l c s c tip tc theo hng nghin cu ny trong giai on tip theo trong khun kh ti KC0111. Cc hng pht trin nghin cu trong thi gian ti trong ti KC0111 o Xy dng h li PKI theo cc cng ngh v chun cng nghip ph hp vi cc kh nng s trin khai h PKI Vit Nam o Nghin cu pht trin m hnh BioPKI v xy dng h tch hp BioPKI trn c s h li PKI thng dng (v d h PKI trn c s OpenCA) o ng dng cng ngh nhng cho h sinh trc (Etoken USB) o Kho st v xy dng cc ng dng thc t c th a h thng ra ng dng.

25