bảo mật các giao dịch trực tuyến bằng otp

7/24/2019 Bo mt cc giao dch trc tuyn bng OTP

1/75

HC VIN CNG NGHBU CHNH VIN THNGC S TI THNH PH H CH MINH

---------------------------------------------

N TT NGHIP

H I HCNgnh : Cng NghThng Tin H: Chnh quy

Nin kha : 20062011

ti :

BO MT CC GIAO DCH TRCTUYN BNG OTP

Sinh vin thc hin : Phm Anh TunM ssinh vin : 406170064Gio vin hng dn : Th.s Hunh Trng Tha

Thnh phHChM inh

Nm 2010


2/75

Bo co n tt nghip Li cm n

i

Li cm n

Trc tin em xin thy Hunh Trng Tha tn tnh hung dn v gp trong

qu trnh thc hin n thc tp.Xin chn thnh cm n qu thy c khoa Cng Ngh Thng Tin, Hc Vin

Cng NghBu Chnh Vin Thng c sTP HCM dy dv nhit tnh gip emtrong sut 4 nm hc va qua.

Em cng xin gi li cm n n anh L Duy Hoi, Tng gim c Cng ty cphn Hai Mi Bn v cc nhn vin trong cng ty gip v cung cp ti liu choem trong qu trnh thc tp ti cng ty.

Cui cng con xin cm n ba m, cc em v bn b trong lp ht lng quantm v to iu kin tt nht hon thnh lun vn ny.

TP HCh Minh, nm 2010

Phm Anh Tun


3/75

Bo co n tt nghip Mc lc

ii

MC LC

Li cm n ............................................................................................................ iMC LC ............................................................................................................ ii

DANH SCH HNH NH ................................................................................. 5

DANH SCH CC BNG ................................................................................ viCC THUT NGV CHVIT TT ....................................................... viLI MU ...................................................................................................... 1Chng I. GII THIU ..................................................................................... 2

1. ng c.................................................................................................................... 22. Cc mc tiu ............................................................................................................ 2

3. Cng vic lin quan ................................................................................................. 3

Chng II. KIN THC NN TNG .............................................................. 5

1. Tng quan vxc thc ............................................................................................. 5

1.1 M hnh xc thc ............................................................................................... 51.1.1 Cc cp xc thc ..................................................................................... 71.1.2 Subscriber, RA v CSP ................................................................................ 8

1.1.3 Token ........................................................................................................... 8

1.1.4 Giy y nhim in t ................................................................................. 91.1.5 Ngi xc thc (verifier) ............................................................................. 9

1.2. Token ................................................................................................................. 9

1.2.1 Cc kiu token ........................................................................................... 10

1.2.2 Cc mi e da t token ............................................................................ 101.2.3 Cc cp token ....................................................................................... 11

1.3 Cc mi e da ti vic xc thc ..................................................................... 121.4 Cc thch thc trong vic xc thc .................................................................. 12

2. M ha ................................................................................................................... 13

2.1 Web Security .................................................................................................... 13

2.2 One-Time-Password ......................................................................................... 14

2.3 Cc hm bm bo mt ...................................................................................... 15

2.4 M xc thc thng tin ...................................................................................... 152.5 Advanced Encryption Standard (AES) ............................................................ 16

3. Java Platform, Micro Edition (Java ME) ............................................................... 17

3.1 Configuration ................................................................................................... 17

3.1.1 Connected Device Configuration .............................................................. 18

3.1.2 Connected, Limited Device Configuration ............................................... 18

3.2 Profile ............................................................................................................... 18

3.2.1 Mobile Information Device Profile ........................................................... 193.2.2 Chun ha nn tng ................................................................................... 19

3.3 Phn tch cc ng dng MIDP ......................................................................... 19


4/75


iii

3.4 Tng quan v MIDlet ....................................................................................... 21

3.5 ng gi cc MIDlet ........................................................................................ 223.5.1 Thng tin k khai MIDlet .......................................................................... 22

3.5.2 Tp tin m tng dng ............................................................................. 233.5.3 Cc thuc tnh ca MIDlet ........................................................................ 24

3.6 Bn ghi lu tr(Record Store) ......................................................................... 24

3.6.1 Tng quan .................................................................................................. 243.6.2 Qun l cc bn ghi lu tr ....................................................................... 253.6.3 Lm vic vi cc bn ghi ........................................................................... 27

3.7 Wireless Messaging API (JSR 120) ................................................................. 29

3.8 Push Registry ................................................................................................... 29

Chng III. ONE TIME PASSWORD (OTP)............................................... 311. Khi nim ............................................................................................................... 31

2. Cch to v phn phi cc OTP ............................................................................. 31

3. Cc phng thc sinh ra OTP................................................................................ 313.1 Da trn sng bvthi gian ..................................................................... 313.2 Da trn cc thut ton ton hc ...................................................................... 32

4. Cc phng thc phn phi OTP .......................................................................... 324.1 Phn phi OTP bng SMS ............................................................................... 324.2 OTP trn in thoi di ng ............................................................................. 324.3 OTP trn cc token c quyn ......................................................................... 33

5. Chi tit .................................................................................................................... 335.1 Hthng challenge-response ........................................................................... 33

5.2 Thut ton da trn thi gian ........................................................................... 34

5.3 Thit bxc thc ............................................................................................... 34

Chng IV. PHN TCH V GII PHP XC THC BNG INTHOI DI NG ............................................................................................. 36

1. Phn tch ................................................................................................................ 36

2. Cc yu cu bo mt .............................................................................................. 363. Kin trc tng qut ................................................................................................ 37

4. Gii php ................................................................................................................ 37

Chng V. THIT K...................................................................................... 391. Biu use case ..................................................................................................... 391.1 Use Case 3 - Thc hin xc thc ......................................................................... 41

1.2 Use Case 4 - Sinh OTP .................................................................................... 43

1.3 Use Case 6 - Thc hin ng k ...................................................................... 451.4 Use Case 7 - Ci t MIDlet ........................................................................... 48

2. Cc biu tng tc ............................................................................................ 50

2.1 ng k ............................................................................................................ 50

2.2 Trao i kha .................................................................................................... 51


5/75


iv

2.3 Xc thc ........................................................................................................... 52

Chng VI. TRIN KHAI ............................................................................... 541. OTP Module ........................................................................................................... 54

1.1 MIDlet .............................................................................................................. 54

1.2 Kt ni SMS ..................................................................................................... 55

1.3 Trao i kha .................................................................................................... 55

1.4 Lu trkha b mt chia s .............................................................................. 551.5 Bouncy Castle .................................................................................................. 56

2. Authenticator v Authentication Server ................................................................. 56

2.1 SMS gateway ................................................................................................... 56

2.2 OTP Module ..................................................................................................... 56

3. Trin khai thnghim ............................................................................................ 57

Chng VII. NH GI BO MT ............................................................. 62

1. Mi trng bo mt ............................................................................................... 62

2. Kiu e da ............................................................................................................ 622.1 Cc mi e da ................................................................................................. 622.2 nh gi nguy c bo mt trong cc thnh phn ............................................. 63

3. Cc mc tiu bo mt ............................................................................................. 633.1 Trao i kha .................................................................................................... 63

3.2 Qun l kha b mt ......................................................................................... 643.3 Xc thc ........................................................................................................... 64

4. Cc tn cng c thxy ra ..................................................................................... 64

4.1 Tn cng brute force ........................................................................................ 644.2 Kt hp cc kiu tn cng ................................................................................ 654.3 Tn cng offline ............................................................................................... 65

Chng VIII. KT LUN ................................................................................ 661. nh gi ................................................................................................................. 66

1.1 Tnh khdng................................................................................................... 661.2 Thi gian v chi ph trin khai ......................................................................... 66

1.3 Tnh sn sng, tin cy v khnng mrng ............................................... 66

2. Cc cng vic cn phi lm trong tng lai .......................................................... 66

TI LIU THAM KHO ................................................................................ 67


6/75

Bo co n tt nghip Danh sch hnh nh

5

DANH SCH HNH NH

Hnh 1.1. Gii php xc thc ca Deepnet Security ................................................................... 4

Hnh 2.1. Qu trnh ng k ....................................................................................................... 5

Hnh 2.2. Qu trnh xc thc ...................................................................................................... 6Hnh 2.3. Giao thc bt tay SSL ............................................................................................... 14

Hnh 2.4. M xc thc thng tin (MAC) .................................................................................. 16

Hnh 2.5. Cc Java configuration v profile phbin .............................................................. 17Hnh 2.6. Cc gi MIDP ........................................................................................................... 20

Hnh 2.7. Cc thnh phn phn mm MIDP............................................................................. 20Hnh 2.8. Chu trnh sng ca MIDlet ....................................................................................... 21Hnh 2.9. Cc thnh phn ca mt bMIDlet .......................................................................... 22

Hnh 2.10. Cc bn ghi lu trring v chia sgia cc bMIDlet ....................................... 25Hnh 2.11. Bn trong mt bn ghi lu tr................................................................................ 27Hnh 2.12. Cc thnh phn ca WMA ...................................................................................... 29

Hnh 2.13. Cc thnh phn ca push registry ........................................................................... 30

Hnh 2.14. MIDlet c kch hot thng qua kt ni mng. .................................................... 30

Hnh 4.1. Kin trc tng qut ca xc thc bng in thoi di ng ....................................... 37Hnh 4.2 Xc thc sdng gii php mobile OTP .................................................................. 38

Hnh 5.1 User case tng qut .................................................................................................... 39Hnh 5.2 Use case - Thc hin xc thc ................................................................................... 41

Hnh 5.3 Use case - Sinh OTP .................................................................................................. 43

Hnh 5.4 Use case - ng k .................................................................................................... 46Hnh 5.5 Use Case - Ci t MIDlet ........................................................................................ 48Hnh 5.6 Biu tun t- ng k......................................................................................... 51Hnh 5.7 Biu tng tc - Trao i kha ............................................................................. 51

Hnh 5.8 Biu tun t- ton bqu trnh xc thc ............................................................. 53

Hnh 6.1. ng k ti khon. .................................................................................................... 57

Hnh 6.2. ng k thnh cng .................................................................................................. 58Hnh 6.3. Get challenge ............................................................................................................ 58

Hnh 6.4. Challenge v MAC c sinh ra .............................................................................. 59Hnh 6.5. MOTP trong ln sdng u tin ............................................................................ 59

Hnh 6.7. OTP c sinh ra trn in thoi .............................................................................. 60Hnh 6.8. Sdng OTP ng nhp ...................................................................................... 60Hnh 6.9. Hon thnh xc thc ................................................................................................. 61


7/75

Bo co n tt nghip Danh sch cc bng

vi

DANH SCH CC BNG

Bng 5.1 Use case - Sdng dch v ....................................................................................... 40

Bng 5.2 Use case - Xc thc ................................................................................................... 40

Bng 5.3 Use case - ng k .................................................................................................... 41Bng 5.4 Use case - Thc hin xc thc .................................................................................. 42

Bng 5.5 Use case - Ly thng tin user .................................................................................... 42

Bng 5.6 Use case - Sinh challenge .......................................................................................... 42Bng 5.7 Use case - Sinh OTP ................................................................................................. 43Bng 5.8. Use case - Sinh OTP ................................................................................................ 44Bng 5.9. Use case - Nhp mt khu ngi dng .................................................................... 44Bng 5.10. Use case - Sinh OTP v MAC ................................................................................ 45

Bng 5.11. Use case - TrvOTP ............................................................................................ 45Bng 5.12. Use case - Thc hin ng k................................................................................ 46Bng 5.13. Use Case - Kim tra tnh hp ldliu ngi dng ............................................ 47

Bng 5.14. Use Case - Lu trdliu ngi dng ................................................................. 47

Bng 5.15. Sinh mt khu ......................................................................................................... 47

Bng 5.16. Use Case - Trao i kha chia s.......................................................................... 48Bng 5.17. Use Case - Ci t MIDlet .................................................................................... 49

Bng 5.18. Use Case - Trao i kha ...................................................................................... 49Bng 5.19. Use Case - Lu trmt khu ................................................................................ 50


8/75

Bo co n tt nghip Thut ngvit tt

vii

CC THUT NG V CH VIT TT

AES (Advanced Encryption Standard) : Chun m ha cao cpAMS (Application Management System) : Hthng qun l ng dng

API (Application Programming Interface) : Giao tip lp trnh ng dngAS (Authentication Server) : My chxc thcAuC (Authentication Center) : Trung tm xc thcCSP (Credential Service Provider) : Nh cung cp dch vy nhimGSM (Global System for Mobile Communications) : Hthng thng tin di ng toncuHMAC (Hash-based Message Authentication Code) : M xc thc thng tin da vohm bmHTTP (Hypertext Transfer Protocol) : Giao thc truyn ti siu vn bnJAD (Java Application Description File) : tp tin m tng dng Java

JAR (Java ARchive File) : tp tin lu trJavaMAC (Message Authentication Code) : M xc thc thng tinMIDP (Mobile Information Device Profile) : Hs thng tin thit bOTP (One Time Password) : Mt khu mt lnPDA (Personal Digital Assistant) : Thit bshtrcc nhnPIN (Personal Identification Number) : Snh danh c nhnSHA (Secure Hash Algorithm) : Thut ton bm an tonSIM (Subscriber Identity Module): Module nhn dng khch hngSMS (Short Message Service) : Dch vtin nhn ngnSP (Service Provider) : Nh cung cp dch v

TLS (Transport Layer Security) : Lp truyn ti an ton


9/75

Bo co n tt nghip Li cm n

Phm Anh Tun06THA1 Trang 1

LI M U

Ngy nay, vi tc pht trin cng nghthng tin mnh m, sbng nca

mng Internet cng vi shi nhp ton din vkinh tth thng mi in tangngy cng pht trin mnh m. Giao dch thng mi in tang l xu hng tt yutrong xu thhi nhp kinh tton cu. Cng vi spht trin th nhu cu vbomt thng tin c nhn khch hng tng ln. Tuy nhin vn bo mt thng tin cnhn trong lnh vc ny cn gp khng t thch thc v trngi. Hu ht cc m hnhxc thc phbin ngy nay vn cn da trn cc ti khon v mt khu c thddng

bnh cp hoc sdng cc m hnh bo mt an ton nhng khng thn thin vingi dng. V th, phi c cc gii php tt hn n gin ha m hnh nhng vnm bo xc thc an ton. Lun vn ny trnh by mt m hnh xc thc da trn mtOne-Time Password MIDlet chy trn mt in thoi di ng xc thc cho bt k

kiu dch vno chy trn Internet.Gii php xut cung cp mt m hnh xc thc mnh m c th thay th

nhiu m hnh xc thc ang c sdng ngy nay. V thgii php ny c thcng dng cho nhiu dch vtrn Internet m yu cu xc thc mnh mnh Internet

banking, thng mi in t, v cc ng dng chnh phin t.Bi lun vn c chia lm 8 chng. Sau y l tm tt m t ca mi

chng. Chng I: Gii thiuPhn gii thiu cung cp cc ng c lm bi lun vn ny, nh ngha cc

vn v mc tiu chnh ca lun vn

Chng II: Kin thc nn tngPhn ny bt u vi tng quan v xc thc m trnh by cc m hnh, khi

nim v thut ngdng trong xc thc in t. Sau trnh by cc cng nghcsdng trong n

Chng III: One Time PasswordChng ny gii thiu vOne-Time Password (OTP), cc cch sinh v phn

phi chng ti ngi dng. Chng IV: Phn tch v gii php xc thc bng in thoi di ngPhn ny trnh by cc khi nim cn thit xc thc bng in thoi di ng.

Sau l phn tch gii php xc thc. Chng V: Thit kThit kgii php thng qua biu Use Case v biu tun t. Chng VI: Trin khaiPhn trin khai trnh by trin khai thnghim hthng xc thc trn mt trang

mua bn n gin.- Chng VII: nh gi bo mt:Phn ny phn tch klng hn cc nguy c v thuc tnh bo mt trong h

thng.- Chng VIII: Kt lun

Phn ny trnh by tng qut vtnh khthi ca hthng v cc cng vic cnphi lm trong tng lai.


10/75

Bo co n tt nghip Chng 1: Gii thiu


Chng I. GII THIU

1. ng c

Cng ngy cng c nhiu dch vchy trn Internet, v rt nhiu trong cc dchvny yu cu xc thc. Hu ht cc gii php xc thc in tphbin nht hinnay l sdng mt ti khon ngi dng v mt khu. Khi sdng cng nhiu dch vth scp username v password m ngi dng cn phi nhcng nhiu. c nhiungi nhn ra rng khng th nh tt c cc cp ny v v th h s dng cngusername v password cho tt ccc dch vhsdng v chn cc password dnh.iu ny lm gim ng kbo mt ca kthut xc thc vn khng my an ton.Tn ti mt vi gii php an ton hn cho xc thc in t nh mt khu mt ln(One-Time-Password hay OTP) hoc cc gii php Smart Card PKI. Chng gii quyt

cc vn vi password, nhng hu ht chng cng lm tng gnh nng cho ngidng. Cc phn cng v phn mm bsung c yu cu ccho ngi dng v nhcung cp dch v v thng thng chng c trng cho mt dch v no v thngi dng cn phi sdng nhiu thit bv thtc khc nhau.

Lun vn ny cgng gii quyt vn ny bng cch nghmt lc xc thc sdng mobile phone nh mt thbi xc thc. Gii php nghkhng yucu thm bt cthit bphn cng no ti pha ngi dng. Bng cch sdng inthoi di ng nh thbi phn cng (hardware token), sxc thc mnh mc thc thc hin vi mt hthng v mt thit bm user c v bit cch sdng.

in thoi di ng c mt vi li thm c thc tn dng trong xc thc

ngi dng nh:- Hu ht mi ngi u c in thoi di ng- in thoi di ng c khnng tnh ton v kt ni m cho php qu trnh t

ng xc thc lm gim gnh nng ca ngi dng.- tn ti cc k thut bo mt tt c xy dng sn trong hthng GSM

m c thc khai thc.

2. Cc mc tiu

Mc tiu chnh ca lun vn ny l tm ra mt gii php an ton xc thcngi dng sdng in thoi di ng nh mt thbi bo mt (security token). c mt vi gii php tn ti s dng in thoi di ng nh mt th bi bo mt,nhng y vn l mt lnh vc vi rt nhiu khnng cha c khm ph trong khacnh ci thin bo mt v tnh thn thin vi ngi dng.

Sdng in thoi di ng trong xc thc ngi dng trong cc dch v trnInternet yu cu kt hp cc cng nghca c Internet v vin thng. iu ny yucu nghin cu cc khi nim c bn ca xc thc, skhc bit gia kin trc Internetv vin thng, v cc giao thc kt ni c sdng gia cc thit bkhc nhau nhmt my tnh v in thoi di ng.

Gii php c la chn c phn tch thng qua nhn dng cc use case, cc


11/75



yu cu h thng v cc biu tng tc. Phn tch c sdng trong giai onthit knh ngha cc thnh phn cn thit v biu lp. Mt s thi hnh thnghim cc chc nng chnh c m t trong giai on phn tch v thit kc

pht trin chng minh khi nim ca gii php l ng n.Thng qua cc nh gi bo mt ca gii php nhn dng cc mi e da c th

xy ra, cc mc tiu bo mt v cc tn cng c thxy ra nhn bit cc im yuv cc lnh vc cn ci thin cho cng vic tng lai v cc gii php tng t.

3. Cng vic lin quan

Sdng in thoi di ng nh mt thbi xc thc l mt chnghin cucng ngy cng trnn th vtrong nhng nm va qua. Kh nhiu gii php tn tiv mt vi gii php p dng OTP cn bn trong mt cch ny hay cch khc tr

nn sn c trn thtrng. Phn ny sxem xt li mt vi gii php m c trn thtrng ngy nay.Free Auth Project to ra mt phin bn MIDlet thc thi gii php OTP ca

h. C mt phin bn mrng ca Mobile OTP (c bit nh l mOTP+) c tora sdng trong cc client SSO (Single Sign On). N sinh ra cc mt khu mt ln(l gi trhash ca thi gian + mt gi trngu nhin + pin) trn cc my in thoi ding cc khnng chy cc chng trnh Java. S sinh ra gi trOTP ny da trnmt nhn t thi gian v yu cu client v server phi ng bv thi gian gii

php ny c thlm vic. ng bthi gian khng phi l mt nhim vddng vgii php c khnng btn cng nu vic ng btht bi.

Mt vi gii php tn ti m OTP c gi ti mt in thoi di ng v csdng thm vi mt mt khu tnh hay cc thbi xc thc khc. NordicEdge AB sdng phng php ny trong gii php OTP ca h. Mc d cc phn cng thm volm gim bt cc thao tc ca ngi dng nhng OTP vn c gi itrn mng trongdng clear text.

Deepnet Security cung cp mt gii php xc thc da trn kin trc tham chiuOATH. Gii php cung cp xc thc hai chiu v htrcOTP da trn skin OTPda theo thi gian. Chi tit ca gii php ny khng c cng khai nhng minh hamc cao ca gii php ny c a ra nh trong hnh sau:


12/75



Hnh 1.1. Gii php xc thc ca Deepnet Security

Mc d mt vi gii php sdng in thoi di ng nh mt thbi OTP tnti nhng vn cn tn ti mt skha cnh cn phi nghin cu ci thin cvn

bo mt v tnh c thsdng c ca m hnh xc thc. Vn cha c gii php noc sdng rng ri v cc cng ty thay thcc gii php xc thc c ca h, ccci thin ln tcc gii php tn ti ccho cng ty v cc khch hng ca hphic chng minh.


13/75

Bo co n tt nghip Chng 2: Kin thc nn tng


Chng II. KIN THC NN TNG

Chng ny cung cp cc thng tin nn tng hiu bi lun vn ny. Cc khinim cn bn ca xc thc c gii thiu v cc cng nghc sdng lin quan

xy dng hthng xc thc cng c trnh by.

1. Tng quan v xc thc

Phn ny trnh by tng quan vcc m hnh trung tm, cc khi nim v cngngh trong xc thc in t. S thch thc ca vic xc thc txa mt ngi dngtrn mt mng mcng c trnh by, cng vi cc phng thc c thc thi rngri nht thc hin iu ny. Nhiu thnh phn trong chng ny c ly ra t[4].

1.1 M hnh xc thc

Sxc thc l sm bo rng thc thkt ni l thc thm c yu cu.Mt hthng c thxc thc mt ngi dng quyt nh nu ngi dng l c

php thi hnh mt giao dch in t hoc ginh quyn truy xut thng tin trn hthng. Bnh thng xc thc v giao dch c thc hin thng qua mt mng mnhInternet, nhng mng cng c thl mt mng ring.

Xc thc bt u vi vic ng k. Mt tin trnh ng k in hnh c chratrong hnh 2.

Hnh 2.1. Qu trnh ng k

User yu cu ti Registration Authority (RA) tr thnh mt ngi ng kca nh cung cp dch v chng nhn (Credential Service Provider - CSP). Nging k c cung cp hoc phi ng k mt thng tin b mt, gi l mt thbi vmt giy chng nhn m rng buc thbi vi ti khon ngi dng. Thbi v giychng nhn c sdng xc thc ngi dng. Lun lun c mi quan hgia RA

v CSP v thng thng chng l cc hm tch bit ca cng chng trnh kim tra


14/75



quyn truy cp.Tn ngi dng c thl tn c xc minh hoc bit hiu. Nu tn m c

kt hp vi nhn dng ca mt ngi thc th tn c xc minh. xc minhtn sdng, ngi dng phi chng minh rng c im nhn dng ny l tht v anhta l ngi c quyn s dng c im nhn dng . Ci ny c gi l bngchng nhn dng v c thc thi bi RA. Ti cp xc thc 1 (xem di y), tnkhng c xc minh v v thtn lun lun c xem nh l b danh. Ti cp 2

phi chr tn nu tn c xc minh nu khng th sdng b danh. Ti cp 3v 4 chcc tn xc minh mi c cho php.

Khi mt ngi dng cn c xc thc anh ta chng minh v s s hu vquyn iu khin mt thbi ti mt ngi xc minh (verifier) thng qua mt giaothc xc thc nh c ch trong Hnh 3. Ngi xc minh sau c thxc nhnrng y ng l ngi sdng c php. Ngi xc minh chuyn xc nhn vnhdanh ca ngi dng ti Relying Party. Xc nhn ny cha thng tin nh danh vngi dng c a ra trong qu trnh ng k. Nu ngi xc nhn v Relying Partyl cng mt thc thth xc nhn ny l ngm nh. nh danh ca ngi dng cngc thc lu trtrong cc giy y nhim nh giy chng nhn kha cng khai m sn c vi ngi dng. Sau Relying Party c thsdng thng tin ny xcthc ngi dng trc tip.

Hnh 2.2. Qu trnh xc thc

Sxc thc chthit lp nh danh, v khng ni bt ciu g vnh danh c cho php lm g, hoc quyn truy xut n c l g. Relying party sdng mtnh danh c xc thc to quyt nh v s phn quyn v iu khin truycp.

Cc thit b hoc phn mm thc hin trn danh ngha ca ngi dng trongqu trnh xc thc trong bi lun vn ny sc gi l client. Ngi xc thc scthc hin nh mt authentication server. Relaying party sl nh cung cp dch vmcung cp cc dch vm ngi dng mun truy cp ti.


15/75



1.1.1 Cc cp xc thc

Cc cp xc thc c s dng phn loi cc m hnh xc thc khcnhau. Cc cp c nh ngha trong thut ngca kt quca cc li xc thc v

sdng sai cc giy chng thc. Trong 4 cp xc thc c nh ngha th cp 1l thp nht v cp 4 l cao nht.- Cp 1 : Khng c sb mt hoc khng ng k trong vic hp lnh

danh cn c xc nhn.- Cp 2 : C sbo mt ng ktrong vic hp lnh danh cn c xc

nhn.- Cp 3 : C sbo mt cao trong vic hp lnh danh cn c xc nhn.- Cp 4 : C sbo mt rt cao trong vic hp lnh danh cn c xc

nhn.

- Cp 1 : Khng c bng chng nh danh ti cp ny, nhng k thutxc thc cung cp mt vi sm bo rng cng mt ngi dng l ang truy xutcng dliu ti mi thi im. N cho php rt nhiu cc cng nghxc thc c sdng v tt ccc phng thc thbi ca cc cp cao hn c thc sdng.Xc thc yu cu ngi dng phi chng minh rng hc quyn iu khin kha. Ccmt khu khng c chuyn trong dng vn bn thng thng, nhng cc phngthc m ha m chng cc tn cng trc tuyn khng c yu cu. V d, cc giaothc mt khu challenge-response n gin l c php.

- Cp 2: Cp 2 cung cp xc thc qua mng txa mt nhn t. ybng chng nh danh c a vo, nhng khng phi yu cu. Vn c rt nhiu cc

cng nghxc thc c thsdng v tt ccc phng thc thbi tcp 3 v 4l c php cng nh cc mt khu v sPIN. Xc thc yu cu ngi dng chngminh thng qua mt giao thc an ton m anh ta iu khin thbi. Cc cuc tn cngnh nghe ln, chuyn tip v phng on trc tuyn c ngn chn.

- Cp 3: Mc 3 cung cp xc thc qua mng txa a nhn t. Schngminh nh danh c yu cu v sxc thc l c da trn sshu ca kha hocmt khu mt ln (OTP) thng qua mt giao thc m ha. Xc thc cp 3 yu cuthbi c bo vbi cc kthut m ha mnh m. iu ny ngn chn cc cuctn cng nghe ln, chuyn tip, phng on trc tuyn, mo danh ngi xc minh vtn cng man-in-the-middle. Yu cu ti thiu l xc thc bao gm 2 nhn t. Cc soft

token, hard token hay OTP token c thc sdng. Ngi dng phi chng minhrng anh ta c quyn iu khin token, v u tin phi mkha token vi mt mtkhu hoc da trn sinh trc hc, hoc cng l mt mt khu trong mt giao thc xcthc an ton, thit lp xc thc 2 nhn t.

- Cp 4: Cp 4 cung cp sm bo xc thc txa qua mng cao nht.N tng tvi cp 3, nhng chc hard token l c php sdng. Cp 4yu cu m ha xc thc mnh mtt ccc bn tham gia v tt ccc dliu nhycm truyn gia cc bn tham gia. Hoc l cng nghkha cng khai hoc l kha ixng c thc sdng. Xc thc yu cu rng tt ccc bn tham gia chng minh

rng hc quyn iu khin token. Cc cuc tn cng nghe ln, chuyn tip, phngon trc tuyn, gimo ngi xc minh v tn cng man-in-the-middle c ngn


16/75



chn.

1.1.2 Subscriber, RA v CSP

Trong khi nim m hnh xc thc, mt ngi yu cu trong mt giao thc xcthc l mt subscriber ti mt vi CSP. Ti thi im no , mt ng vin ng kvi mt RA, ni m xc minh nh danh ca ng vin, in hnh thng qua cc giyxc nhn v bi cc bn ghi trong c sdliu. Qu trnh ny c gi l xc minhnh danh. RA ln lt xc minh nh danh ca ng vin ti mt CSP. Cc ng vinsau trthnh mt subscriber ca CSP.

CSP thit lp mt kthut nh danh duy nht mi subscriber, cc token linquan v cc giy xc nhn c gi ti subscriber . CSP ng k hoc gi chosubscriber mt token c sdng trong mt giao thc xc thc v a cho cc

giy xc thc khi cn thit kt hp token vi nh danh, hoc kt hp nhdanh ti mt vi thuc tnh c xc thc hu ch khc. Subscriber c thc acho cc giy xc nhn in tkt hp vi token ti thi im ng k, hoc ccgiy xc nhn c thc sinh ra sau ny khi cn thit. Cc subscriber c nhim v

bo v cc token ca h. CSP c trch nhim gi cc bn ghi ng k cho misubscriber cho php khi phc cc bn ghi ng k.

Lun lun c mt mi quan h gia RA v CSP. n gin nht v c l ltrng hp phbin nht, RA/CSP l cc hm tch bit ca cng mt thc th. Tuynhin, mt RA c th l mt phn ca mt cng ty hay t chc m ng k ccsubscriber vi mt CSP c lp, hoc mt vi CSP khc nhau. V thmt CSP c th

c mt RA tch hp, hoc n c thc cc mi quan hvi nhiu RA c lp, v mtRA c thc nhiu mi quan hvi cc CSP khc nhau.

1.1.3 Token

Cc token tng qut l mt thm ngi dng shu v c quyn iu khinm c thc sdng trong xc thc nh danh ca ngi dng. Trong xc thc int, ngi dng xc thc ti mt hthng hoc ng dng trn mng. V th, mt tokensdng cho xc thc in tl mt thng tin b mt v token phi c bo v. V

d, token c thl mt kha mt m, m c bo vbng cc m ha n vi mt mtkhu. K la o phi n trm kha dng m ha v bit mt khu c th sdng token.

Cc hthng xc thc thng thng c phn loi bi snhn tm chng sdng. Ba nhn tc xem nh nn tng ca xc thc l :

- Ci g m ngi dng bit (nh mt khu )- Ci g m ngi dng c (nh giy chng minh, kha mt m...)- Ci g m chngi dng mi c (v dvn tay...)

Cc hthng xc thc tch hp tt cba nhn tth mnh mhn cc hthng

chsdng mt hoc hai nhn t.


17/75



1.1.4 Giy y nhim in t

Cc giy y nhim in tl sthay thcc giy y nhim thng thng nhh chiu, bng li xe, giy khai sinh, giy chng minh c s dng trong th gii

in t. Giy y nhim nh danh in tkt hp tn v c thmt vi thuc tnh khcti token. Giy y nhim cho trc ny v token phi c khnng xc minh nh danhca ngi dng. Mt vi kiu giy y nhim c dng phbin hin nay bao gm :

- Kha cng khai nh danh X.509- Giy chng nhn thuc tnh X.509- Kerberos ticket l cc thng ip c m ha

Cc giy y nhim c thc lu trtrong cc th mc hay cc c sd liu.Cc thc thny c thc tin cy hoc khng ph thuc vo cc giy y nhim.Cc i tng c k nh cc chng chl c khnng txc thc v c thc

lu trcc thc thkhng c tin cy, trong khi cc giy y nhim khng c kphi c lu tr trong mt c sd liu hoc th mc ng tin cy m c thxcthc chnh n ti cc relying party hoc ngi xc minh.

1.1.5 Ngi xc thc (verifier)

Trong bt kxc thc giao dch trc tuyn no, ngi xc minh phi xc nhnrng ngi dng shu v c quyn iu khin token m dng xc thc danh tnhca anh ta hoc c ta. Mt ngi dng xc thc danh tnh ca anh ta hoc c ta ti

ngi xc minh bng cch s dng mt token v mt giao thc xc thc. iu nyc gi l chng minh sshu (PoP).

1.2. Token

Cc token l cc vt m ngi dng shu v c quyn iu khin m c thc sdng xc nhn nh danh ca ngi dng. Token l c gib mt chc bit bi ngi dng v v thn cn phi c bo v. V d, token c thl mtmt khu m ngi dng a cho ngi xc minh khi anh ta cn c xc thc.

Cc hthng xc thc c thc nh gi, xp hng bi snhn tm n sdng. Ba nhn tchnh c sdng l:

- Ci g bn bit (password hoc PIN)- Ci g bn c (thnhn vin hoc kha m ha)- Ci g m chc bn c (ging ni, vn tay hay cc sinh trc hc khc)Cng nhiu nhn tc sdng th hthng xc thc cng trnn mng m.

Mt hthng m sdng 2 nhn thoc 3 nhn tc xem nh l cc hthng xcthc mnh m, trong khi mt hthng chsdng mt token c xem nh l mt hthng xc thc yu.

Mt vi h thng a nhn tc thc hin v thmt vi nhn tc a

cho ngi xc minh, hoc mt vi nhn tc thbo vthng tin b mt. V d, mtkhu c thbo vthng tin kha m ha c lu trtrong cc thit bphn cng.


18/75



Mc d chmt nhn tc hin thti ngi xc minh nhng y c xem nh lh thng xc thc 2 nhn t, mt khu v thit bphi c yu cu c thbitc thng tin b mt. Mt kmo danh cn phi n cp thit bv phi bit mt khuc khnng sdng token.

Cc thng tin b mt thng thng hoc l cp kha cng khai hoc cc kha bmt chia s. Trong mt cp kha cng khai v kha ring th kha ring c sdngnh mt token. Ngi xc minh bit kha cng khai ca ngi dng bi mt chngch, c thxc nhn rng ngi dng c kha ring ng v v thngi dng cxc thc. Cc kha b mt chia sc thl cc kha i xng hoc mt khu. Chngc sdng trong cng cch, Nhng v mt khu thng thng bn phi nhdo chng l ci m bn bit thay v ci m bn c. Chng cng dbtn cng trn mnghn v chng c t cc gi trc thc hn cc kha.

1.2.1 Cc kiu token

Cc token c thc chia ra lm 4 loi. Mi loi sdng mt hoc nhiu hn ccnhn txc thc c cp trc y. Cc token xc thc mnh msdng hai hocnhiu hn cc nhn t. Bn kiu token l:

Password token- l mt thng tin b mt m c nhbi ngi dng v cdng xc thc nh danh ca ngi dng. Cc password in hnh cc t, cm thoc cc chui k tno b mt.

One-time-password (OTP)- l mt t, cm thoc chui k tb mt duy nhtm c thc sdng chmt ln. N c gii hn thi gian sng v khng ths

dng sau khi ht thi gian hiu lc. Cc OTP c xem nh bo mt hn ccpassword bnh thng v chng chc sdng mt ln v v thkhng thb tncng chuyn tip.

Soft token- l mt kha m ha c lu trtrn a hoc mt vi mt trngkhc. Ngi dng c xc thc bng cch chng minh sshu v c quyn iukhin kha. Kha soft token c m ha da vo mt kha c ly tmt vi dliu khc. yl mt password in hnh chc bit bi ngi dng v c yucu kch hot token.

One-time-password token - l mt hit b phn cng c nhn m sinh ra one-time-password cho qu trnh xc thc. One-Time-Password hoc l c hin thv

c g thcng nh mt password bnh thng hoc c truyn trc tip ttokenti my tnh.Hard token- l mt thit bphn cng m cha kha m ha c bo v. S

xc thc c cung cp bng cch chng minh sshu ca thit bv quyn iukhin i vi kha. Mt password hoc mt sinh trc hc c yu cu kch hotkha.

1.2.2 Cc mi e da t token

Nu ktn cng ginh c quyn iu khin token, chng sc khnng gidng nh l ngi shu token. Cc mi e da ti cc token c thc phn loi


19/75



thnh cc cuc tn cng da trn ba nhn t:- Ci m bn cc thbtrm khi ngi shu hoc c bt chc bi k

cng, V dnh mt ktn cng ngi ginh quyn truy xut ti my tnh ca ngishu c thsao chp mt software token. Mt hardware token c thbtrm hocnhn bn.

- Ci m bn bit c thblktn cng bit. Ktn cng c thon mtkhu hoc PIN. Trng hp m token l thng tin b mt chia s, ktn cng c thginh quyn truy xut ti CSP hoc my xc minh v ginh c cc gi trb mt.Mt k tn cng c th ci t cc phn mm c hi (nh chng trnh keyboardlogger...) tm ly thng tin ny. Cui cng, ktn cng c thquyt nh cc thngtin b mt thng qua tn cng offline cc lu lng mng tcc ln xc thc ca ngidng.

- Ci m chc bn cc thc thay th. Mt ktn cng c thly cmt bn sao chp du vn tay ca ngi dng v to ra mt phin bn thay th.

C mt vi chin lc lm gim bt cc mi e da ny :-Xc thc a nhn tlm tng skh khn cho cc cuc tn cng. Nu mt k

tn cng mun xc thc thnh cng hn ta cn phi bit hoc c tt ccc nhn t.- Cc kthut bo mt vt lc thc thc thi bo vmt token btrm

khng c khnng nhn bn.- Cc mt khu phc tpc thlm gim mc thnh cng ca tn cng on

mt khu. Bng cch yu cu sdng mt khu di m khng xut hin trong cc tin thng dng.

- iu khin bo mt h thng v mngc thc thc thi ngn chn k

tn cng khng ginh c quyn truy xut ti hthng hoc ci cc phn mm chi.

1.2.3 Cc cp token

Cc kiu token khc nhau tha mn cc cp khc nhau ca xc thc phthuc vo khnng btn thng trc cc cuc tn cng. Mt bn tm tt tng qutcp xc thc cho cc token c a ra nh di y :

- Cc mt khu tha mn cc yu cu cho xc thc cp 1 v 2.

- Cc soft token c thc sdng ti cc cp xc thc 1 ti 3, nhng phic kt hp vi mt password hoc sinh trc hc t ti cp 3.- Cc hard token m c kch hot bi mt khu hoc sinh trc tha mn cc

yu cu cho cp xc thc 1 ti 4.

Xc thc bng mt khu th rt ddng c thc thi v thn thin vi ngi sdng, v v thc hu ht cc m hnh xc thc sdng nhiu nht. Nhng v kmo danh chcn mt khu gidanh, n rt khng mnh m. Cc mt khu cnhbi ngi dng v v thn khng thdi v phc tp. iu ny lm cho chngdbtn thng trc cc cuc tn cng nh on mt khu, tn cng mt khu da

trn tin v cc cuc tn cng vt cn.c thsdng mt hard token hay soft token ktn cng phi c c 2 th


20/75



: kha v mt password, hoc token v khnng nhp mt trc sinh hc hp lvotoken. V thcsoft token v hard token l an ton hn so vi cc password. Thmvo mt hard token l mt i tng vt l v ngi shu snhanh chng thng

bo nu n bmt. V thhard token c xem l an ton hn so vi soft token.Cc thit bOne-Time-Password l tng tvi cc hard token. Chng c th

c kch hot bi mt password hoc mt tc nhn sinh hc cung cp xc thc anhn t. Cc OTP khng sdng kha phin chia sv v thkhng an ton nh cchard token.

1.3 Cc mi e da ti vic xc thc

Cc m hnh xc thc l ch ti mt vi mi e da. Chng c th l cccuc tn cng trc tip hoc cc lhng bo mt trong m hnh.

Cc token btrm hoc bnhn bn. Cc password c thbon hoc bchnv nh cp v mt nhn tsinh hc c thbsao chp hoc thay th.C shtng ti RA hoc CSP c thbtn cng.Mt knghe ln c ththeo di giao thc xc thc c gng chn cc thng

ip gia CSP v ngi xc minh c thnm ly token.Mt kmo danh c thtrong vai tr ca ngi dng cgng on mt khu

hoc nh mt ngi xc minh la ngi dng.Mt khijacker c thchim ly mt phin c xc thc hc cc thng

tin nhy cm.

Mt vi bc c thc sdng chng li cc mi e da ny :- Xc thc a nhn tto cho ktn cng kh tha hip cc token.- Gii hn sln ng nhp li v sdng cc mt khu phc tp to cho chng

kh phng on.- Kt ni mng cn c m ha ngn chn nghe ln.- Thc hin xc thc ln nhau cc cuc tn cng man-in-the-middle kh

thc hin.

1.4 Cc thch thc trong vic xc thc

Nh cp trc y xc thc sdng mt khu l m hnh xc thc c sdng rng ri nht ngy nay. N ddng c thc thi v c xem nh l thn thinvi ngi dng, nhng khi nhu cu bo mt ca cp username/password tng ln thtnh thn thin vi ngi dng gim ng k. Password cng l kiu token bo mtkm nht v c mt vi lhng bo mt nghim trng.

Gii php single sign-on (SSO) c xut gii quyt vn , nhng nvn cha c p dng sdng rng ri v khng gii quyt cc vn vbo mt.Mc d n c mt ci thin nhng n khng phi l gii php cho tng lai v nkhng gii quyt cc vn vcc im yu trong bo mt.

Mt vi m hnh xc thc mnh mhn tn ti m thi hnh cc bc xut trn v cn hn thna. Chng gii quyt nhiu vn bo mt lin quan ti cc


21/75



password token, nhng phi chu mt strngi ng k.Sdng chng l tn km cho cpha ngi dng v nh cung cp dch vv

phi thm cc thit bphn cng v cc phn mm chuyn dng c yu cu ti phangi dng v nh cung cp htrcc API v cc giao thc bt tay ring cho mithit b.

Lm mt i stng thch lm cho n khng thhot ng vi cc gii phpkhc.

Chng khng c khnng mrng tt lm cho n kh c thmrng trthnh cc gii php chung.

2. M ha

Phn ny trnh by mt vi khi nim cn bn v m ha m c s dng

trong lun vn ny.

2.1 Web Security

C mt vi cch thc hin bo mt web ngy nay. La chn phbin nht bo mt cc ng dng web l sdng secure Hypertext Transport Protocol (HTTPS).HTTPS khng phi l mt giai thc tch bit m n cp ti s kt hp ca giaothc HTTP bnh thng hot ng trn mt phng thc truyn ti Secure SocketLayer (SSL) c m ha.

SSL c pht trin bi Netscape nh l mt giao thc cung cp mt dch vbo mt end-to-end tin cy trn TCP. SSL Record Protocol cung cp cc dch vbomt c bn ti giao thc lp cao hn nh l HTTP.

SSL sdng mt m cng cng nh RSA trao i cc kha phin m hav xc thc mt phin. Khi cc kha phin c trao i, m ha i xng c sdng bo mt lin kt. Tnh ton vn thng ip c m bo bng cch sdngMessage Authentication Code (MAC) cng da trn mt kha phin.

trao i cc kha phin SSL sdng mt giao thc bt tay. Giao thc nycho php server v client xc thc vi nhau v m phn mt thut ton m ha vthut ta MAC, cc kha phin c sdng bo vphin. Giao thc bao gm mt

chui cc thng ip c trao i bi client v server nh hnh 4.


22/75



Hnh 2.3. Giao thc bt tay SSL

Ngy nay thut ngTransport Layer Security (TLS) c s dng ging nhSSL. TLS l chun ha SSL ca IETF v phin bn u tin ca TLS c thc xemnh l SSLv3.1 v c mt cht khc khc bit so vi SSLv3.

2.2 One-Time-Password


23/75



One-Time-Password (OTP) gii quyt nhiu vn vi cc password bnhthng. Chng c sinh ra bi my tnh do chng xut hin hon ton ngu nhin.Thm vo nh tn ng, mi password chc sdng mt ln. Bng cchthay i mi ln mt password c yu cu. y l mt khi nim quan trng trong

bo mt v n c thbd tm nu mt ai sdng cc thng tin c.Hin nay ang tn ti 3 kiu OTP khc nhau. Kiu u tin sdng thut ton

ton hc sinh ra mt OTP mi tmt mt khu OTP trc . Kiu thhai l datrn ng bthi gian gia server xc thc v client. Kiu thba l da trn mt ththch (challenge), v dnh mt sngu nhin v c a vo trong mt hm mtchiu.

2.3 Cc hm bm bo mt

Sbo mt ca h thng OTP l c da trn tnh khng tho ngc cahm bm bo mt. Mt hm nh vy phi ddng thc hin, nhng khng thnotnh ton o ngc. Mt hm bm nhn ly mt thng ip M vi chiu di bt kv to ra mt thng ip H (M) c chiu di cnh nh l mt kt xut ca hm.

Mt hm bm H phi c cc thuc tnh sau:- H c thc p dng vi mt khi dliu c chiu di bt k.- Kt quca hm H to ra c chiu di cnh.- Hm H(x) phi ddng thc hin vi x bt kcho trc, lm cho vic thc thi

trn cphn cng v phn mm c ththc hin c trn thc t.- Vi bt kgi trh no cho trc, th khng c khnng tm ra gi trx

tha mn H(x) = h.- Vi bt kkhi dliu no cho trc, th khng c khnng tnh ton tmra y x vi H(y) H(x).

- Khng th tnh ton tm ra bt k cp (x,y) no m tha mn H(x) = H(y).

Hm bm bo mt SHA-1Mt trong cc hm bm c s dng nhiu nht v l hm bm c s dng

trong lun vn ny. N c pht trin bi National Institute of Sandards andTechnology (NIST) nm 1993. Mt phin bn c sa li v xut bn nm 1995 vthng thng c cp ti nh SHA-1. Thut ton nhn ly mt thng ip vi

chiu di ti a l 2^64 bit v to ra kt qu l mt thng ip 160-bit.

2.4 M xc thc thng tinMt m xc thc thng tin (Message Authentication Code MAC) c s

dng bo v thng tin khi cc cuc tn cng nh lm sai lch d liu v cc giaodch. S dng mt MAC l thch hp nht khi n l quan trng m bo rng ngigi v ni dung ca thng tin l tht trong khi n ni dng l khng cn thit. V s mha lm tng ti nguyn s dng v th c i khi ngi ta mong mun xc thc mtthng tin m khng cn m ha n. iu ny c th thc hin c bng cch s dng

MAC. MAC l mt khi d liu nh c tnh ton ca mt hm trn thng tin vc m ha vi mt kha chia s gia ngi gi v ngi nhn. Khi d liu ny


24/75



c ni vo thng ip trc khi n c gi. Bn nhn thi hnh cng mt tnh tontrn thng tin nhn c nh bn gi, s dng cng kha chia s, tnh ton mtMAC mi. M nhn c c so snh vi m c tnh ton v nu chng trngkhp th ngi nhn bit rng thng tin c xc thc. S dng MAC c minhha nh trong Hnh 5

Hnh 2.4. M xc thc thng tin (MAC)

HMAC

HMAC c pht trin nh mt kt quca vic tng squan n MAC ctha ktmt m bm m ha nh l SHA-1. HMAC sdng mt kha chia svi

hm bm m ha to ra mt thng ip 160 bit m c sdng nh mt MAC.

2.5 Advanced Encryption Standard (AES)

AES l mt trong cc thut ton phbin nht cho m ha i xng ngy nay.N c thit kbi Daemen v Rijmen nm 1998 v c chn l thut ton chunmi cho chnh phMnm 2002. AES m ha cc khi dliu 128 bit v c thcsdng vi kha c chiu di t128 n 256 bit.


25/75



3. Java Platform, Micro Edition (Java ME)

Java ME l mt tp hp cc API pht trin cc ng dng Java trn cc thitbvi ti nguyn hn hp nh in thoi di ng, PDA hay cc thit btng t. Tp

hp cc cng nghv c tbao gm trong Java ME c thc kt hp to chocc nh pht trin c th cu trc mt mi trng khi thc hin Java (Java runtimeenvironment) hon chnh m ph hp vi cc yu cu ca cc thit bcth.

Java ME c chia lm 3 phn: configuration, profile v cc API ty chn,cung cp thng tin c tvcc API v cc hthit bkhc nhau. Mt configurationc thit kcho mt kiu thit bxc nh da trn cc hn chvbnhv nnglc x l. N ch ra rng mt my o Java (JVM) c thddng c thddng sdng trn cc thit bm htrcu hnh. N cng chra mt tp cc API ca Java 2Platform, Standard Edition (J2SE) m c thc sdng, cng nh cc API thmvo m c th cn thit. Cc nh sn xut thit b chu trch nhim chuyn cc cu

hnh ny vo thit bca h.Cc profile th r rng hn cc configuration. Mt profile da trn mt cu hnhv cung cp thm cc API ph, nh l giao tip ngi dng, blu trcnh, v btcthg khc m cn thit pht trin cc ng dng chy trn thit b.

Cc API ty chn nh ngha cc r rng cc tnh nng thm vo m c th c thm vo trong mt configuration c th(hoc profile). Ton b configuration,

profile v cc API ty chn m c thi hnh trn mt thit bcthc gi l mtstack. V d, mt stack c thl CLDC/MIDP + Mobile Media API.

Hnh 2.5. Cc Java configuration v profile phbin

3.1 Configuration

Mt configuration chra mt my o Java (JVM) v mt vi tp cc API ct li


26/75



cho mt h cc thit b xc nh. Hin ti configuration c hai loi l: CDC(Connected Device Configuration) v CLDC (Connected, Limited Device

Configuration).

Cc configuration v profile ca J2ME tng qut c m t trong thut ngca dung lng b nh ca chng. Thng thng mt lng ti thiu ca ROM vRAM c chr.

3.1.1 Connected Device Configuration

Mt thit bthuc cu hnh ny c t nht 512KB bnhROM v 256 KB bnhRAM, v mt vi kiu kt ni mng. CDC c thit kcho cc thit bgingnh cc bgii m tn hiu truyn hnh, cc hthng nh vtrn t, v cc PDA cao

cp. CDC c tmt JVM y (nh c nh ngha trong Java Virtual MachineSpecification, 2nd edition) phi c htr.CDC c pht trin di Java Community Process. tm hiu thm vCDC,

c ththam kho tihttp://java.sun.com/products/cdc.CDC 1.0.1 l nn tng ca stack Personal Profile 1.0. Personal Profile 1.0 tng

bnhyu cu ti thiu ln ti 2.5MB ROM v 1MB RAM, v yu cu mt kt nimng mng mv thm mt mn hnh hin thgiao tip ngi dng (GUI) trn mtthit bm c thhtrapplet hin th.

3.1.2 Connected, Limited Device ConfigurationCLDC l configuration m bao gm in thoi di ng, my nhn tin, cc PDA

v cc thit btng tkhc. CLDC mc tiu nhm n cc thit bnhhn cc thitbc htrtrn CDC. Ci tn CLDC m tchnh xc vcc thit bny, cc thitbhn chvbnh, nng lc CPU, kch thc mn hnh, thi lng pin v kt nimng.

CLDC c thit kcho cc thit bvi 160KB n 512KB tng dung lng bnh, bao gm ti thiu 160KB ROM v 32KB RAM.

Thc thi tham chiu ca CLDC da trn mt JVM nhgi l KVM. Tn ca n

xut pht tmt thc t l mt JVM m kch thc chtnh bng kilobyte thay vmegabyte. Trong khi CLDC l mt c t ti liu, th KVM c xem nh mt muc tphn mm. Bi v kch thc nhca n, KVM khng ththc hin mi cngvic m JVM c thlm trong thgii J2SE.

3.2 Profile

Mt profile c phn lp ngay trn nh ca mt configuration, thm vo ccAPI v cc c tcn thit pht trin cc ng dng cho mt hcc thit bxc nh.
http://java.sun.com/products/cdchttp://java.sun.com/products/cdchttp://java.sun.com/products/cdchttp://java.sun.com/products/cdc


27/75



3.2.1 Mobile Information Device Profile

Theo c tMIDP2.0 (JSR-118), mt Mobile Information Device c cc ctnh sau:

- Mt bnhROM ti thiu 256KB thc thi MIDP- Mt bnhRAM ti thiu 128 KB- Mt bnhc khnng ghi ti thiu 8KB cho dliu cnh- Mt mn hnh vi phn gii t nht 96x54 pixel- Mt t dung lng lu trdliu u vo bi bn phm hoc mn hnh cm

ng- Kt ni mng hai chiu

in thoi di ng, my nhn tin l cc v d v mt thit bMIDP. C haiphin bn ca MIDP: MIDP 1.0 (JSR 37) v MIDP 2.0 (JSR 118). Nhiu thit bhin

nay v tt ccc thit btng lai shtrMIDP 2.0. So snh vi MIDP 1.0, cc tnhnng ca MIDP 2.0 c mt sci thin, bao gm htrmultimedia, mt API giao tipngi dng game mi, htrkt ni HTTPS v cc tnh nng khc. Quan trng nht,MIDP 2.0 hon ton tng thch ngc vi MIDP 1.0.

3.2.2 Chun ha nn tng

Vi qu nhiu cc configuration, profile v c bit l cc API ty chn, cchno chng ta bit cc API no l hin ang c sdng trn mt thit bno ? Cu

trli tSun ti cu hi ny l c tJSR 185 (http://jcp.org/jsr/detail/185.jsp), vichJava Technology for the Wireless Industry (JTWI). c tny cgng chunha cc chng phn mm mang sgn kt ti thgii J2ME. Mt thc thi thamchiu v mt TCK (bcng ckim tra tnh tng thch) ca mt chng phn mmhp nht c to ra vi JSR 185. Nh c thin ti, mt thit b tun theo JTWI

phi c MIDP 2.0 vi CLDC 1.0 (hoc CLDC 1.1), v phi h trWMA (WirelessMessaging API 1.0JSR 120). Nu mt thit bJTWI mun sdng API video v mthanh ti ng dng chng cng phi htrMobile Media API (MMAPI).

Trong thhtip theo ca J2ME, mt khi nim c gi l cc Building Blockc a ra thay thcc configuration v profile. Mt Building Block ch l mt

tp con ca mt J2SE API. V d, mt Building Block c thc to tmt tp conca gi java.io trong J2SE. Theo khi nim, mt Building Block miu tmt lngthng tin t hn mt configuration. Sau cc profile sc xy dng trn nh camt tp cc Building Block chkhng phi l mt configuration.

3.3 Phn tch cc ng dng MIDP

Cc API sn c vi mt ng dng MIDP n t cc gi trong c CLDC vMIDP nh c chtrong hnh sau. Cc gi c nh du vi mt du + l cc gimi trong CLDC 1.1 v MIDP 2.0.
http://jcp.org/jsr/detail/185.jsphttp://jcp.org/jsr/detail/185.jsphttp://jcp.org/jsr/detail/185.jsphttp://jcp.org/jsr/detail/185.jsp


28/75



Hnh 2.6. Cc gi MIDP

CLDC nh ngha cc API li, hu ht c ly tJ2SE, bao gm cc lp ngnngcn bn nh java.lang, cc lp vxl lung nh java.io, v cc tin ch n gintjava.util. CLDC cng c tmt API mng tng qut trong javax.microedition.io.

Cc hng sn xut thit bcng c thcung cp cc Java API truy xut cctnh nng trn cc thit b ring. Sau cc thit bMIDP c thchy mt vi kiung dng khc nhau. Hnh 7 chra cc ng dng c thchy trn thit bMIDP.

Hnh 2.7. Cc thnh phn phn mm MIDP

Mi thit bchy mt vi kiu hiu hnh v cc ng dng gc chy trc tiptrn lp ny. Nhiu kiu thit bkhc nhau c hiu hnh v cc ng dng gc caring n.

Lp trn hiu hnh ca thit b l CLDC (bao gm JVM) v cc MIDP

API. Cc ng dng MIDP sdng chcc CLDC v MIDP API. Cc ng Java caring tng thit bcng c thsdng cc Java API c cung cp bi hng sn xut.


29/75



3.4 Tng quan v MIDlet

Cc ng dng MIDP c xem nh l mt thc th ca lpjavax.microedition.midlet.MIDlet. Cc MIDlet c mt chu trnh sng ring, m cphn nh thng qua cc phng thc v hnh vi ca lpMIDlet.

Mt phn mm nhgi l trnh qun l ng dng chu trch nhim iu khinvic ci t, thc thi v chu trnh sng ca cc MIDlet. Cc MIDlet khng c quyntruy xut ti trnh qun l ng dng. Mt MIDlet c ci t bng cch di chuyn cctp tin class ca n vo mt thit b. Cc tp tin class ny sc ng gi thnh mttp tin JAR, cng vi mt tp tin m t(vi phn mrng .jad) m tni dung cafile JAR.

Mt MIDlet stri qua cc trng thi sau:- Khi MIDlet chun b chy, mt thc th c to. Cc hm khi to caMIDlet chy, v MIDlet trong trng thi tm dng.

- Tip theo, MIDlet svo trng thi hot ng sau khi trnh qun l ng dnggi hmstartApp().

- Trong khi MIDlet trng thi hot ng, trnh qun l ng dng c th tmngng thc thi bng cch gi hmpauseApp(). iu ny lm MIDlet trli trng thitm dng. Mt MIDlet c thtt mnh vo trng thi tm dng bng cch gi hmnotifyPaused().

- Trong khi MIDlet trng thi tm dng, trnh qun l ng dng c th gi

startApp()t MIDlet trli trng thi hot ng.- Trnh qun l ng dng c th kt thc thc thi mt MIDlet bng cch gihm destroyApp(). Mt MIDlet c th t dng chy bng cch gi hmnotifyDestroyed().

Hnh 2.8 chra cc trng thi ca mt MIDlet v schuyn i gia chng.

Hnh 2.8. Chu trnh sng ca MIDlet


30/75



3.5 ng gi cc MIDlet

Cc MIDlet c trin khai trong cc bMIDlet. Mt bMIDlet l mt tp hpcc MIDlet vi thm mt vi thng tin. C hai file lin quan. Thnht l mt file m

tng dng, l mt file vn bn. File thhai l mt file JAR m cha tt ccc tp tinclass v ti nguyn m to nn bMIDlet. Ging nh bt k file JAR no, mt fileJAR ca mt b MIDlet c mt file k khai. Hnh 2.9 ch ra lc ca mt bMIDlet.

Hnh 2.9. Cc thnh phn ca mt bMIDlet

ng gi mt bMIDlet bao gm 3 bc:Cc tp tin class v ti nguyn m to nn cc MIDlet c ng gi vo mt

file JAR. Thng thng, bn ssdng cng cdng lnhjarthc hin iu ny.Thm cc thng tin cn thit trong lc chy vo file k khai ca JAR. Tt ccc

JAR u bao gm mt file k khai.Mt tp tin m tng dng c sinh ra. Tp tin ny vi phn mrng .jad m

tbMIDlet.

3.5.1 Thng tin k khai MIDlet

Thng tin c lu trtrong tp tin k khai ca mt MIDlet bao gm cc cptn v gi trca n. Mt v dca tp tin k khai nh sau:

Manifest-Version: 1.0Ant-Version: Apache Ant 1.7.1

Created-By: 16.3-b01 (Sun Microsystems Inc.)

MIDlet-1: MobileOTP,MobileOTP.png,motp.MobileOTPMIDlet-Vendor: pat109


31/75



MIDlet-Name: MOTP

MIDlet-Version: 1.0

MicroEdition-Configuration: CLDC-1.1

MicroEdition-Profile: MIDP-2.0

Cc thuc tnh phm tphin bn phn mm, tn lp, v cc thng tin khc vbMIDlet. Cc thuc tnh sau bt buc phi c:

MIDlet-Name: thuc tnh ny cp ti tn ca ton bbMIDlet, khng phichtn ca mt MIDlet

MIDlet-Version: m t phin bn ca b MIDlet. N l mt s m bn chntheo dng major.minor.micro.

MIDlet-Vendor: y l tn ca bn hoc cng ty ca bn.MIDlet-n: vi mi MIDlet trong bMIDlet, tn hin th, tn file icon, v tn lp

c lit k y. Cc MIDlet phi c nh sbt u t1.MicroEdition-Configuration: thuc tnh ny m t cc cu hnh J2ME m b

MIDlet c thchy. Nhiu tn cu hnh c thc lit k tch bit bi khong trng.MicroEdition-Profile: thuc tnh ny m t tp cc profile m MIDlet c th

chy. Vi cc ng dng MIDP 2.0, th gi trcho thuc tnh ny lMIDP-2.0. ccng dng c th chy trn profile c hn MIDP 1.0, ta s dng MIDP-2.0 MIDP-1.0.

3.5.2 Tp tin m t ng dng

Cc thuc tnh trong bMIDlet c sdng bi phn mm qun l ng dngchy cc MIDlet trong mt bMIDlet. Thng tin m tng dng cha cc thngtin m gip mt thit bhoc ngi dng quyt nh np mt bMIDlet hay khng.Bi v thng tin m tng dng l mt tp tin tch bit so vi bMIDlet JAR, nn nddng cho mt thit bnp vo v kho st tp tin trc khi ti bMIDlet v.

Rt nhiu thng tin trong m tng dng phi ging nh thng tin m trongbMIDlet JAR. V d, thng tin m tng dng phi cha cc thuc tnh MIDlet-Name, MIDlet-Version v MIDlet-Vendor. Thm vo , n phi bao gm cc thuctnh sau:

MIDlet-Jar-URL: y l URL ni m bMIDlet JAR c thc tm thy

MIDlet-Jar-Size: y l kch thc, tnh theo byte ca bMIDlet JAR.Thng tin m tng dng c th ty chnh cha cc thuc tnh MIDlet-Description,MIDlet-Icon,MIDlet-Info-URL, vMIDlet-Data-Size.

Cc thit bv cc chng trnh m phng rt khc nhau trong cch qun l ccthng tin m tbMIDlet. i khi qu trnh ci t c ththt bi nu bt ktrngno trong thng tin m tkhng chnh xc, nhng trong mt strng hp khc c th

bqua. Mt cng cnh J2ME Wireless Toolket l cc khu ch trong vic to ccthng tin m tng chun.

Cc thng tin m tng dng cng rt c ch trong vic trin khai OTA (overthe air). Mt thit b(v ngi dng) c thti v kim tra thng tin m ttrc khi

quyt nh ton bbMIDlet JAR sc ti vv ci t hay khng.


32/75



3.5.3 Cc thuc tnh ca MIDlet

C mt thuc tnh khc c thc s dng trong MIDlet m khng phi trong thng tin k khai v m tng dng. Bn c ththm cc thuc tnh m c ngha

vi MIDlet. Cc MIDlet c thly cc gi trca cc thuc tnh ny thng qua phngthc getAppProperty() trong lp javax.microedition.MIDlet. Mt thuc tnh c thc lit k trong thng tin m tng dng, thng tin k khai JAR hoc chai. Nuthuc tnh c lit k trong chai th gi trtthng tin m tng dng sc sdng. Ni chung, ta nn lu trcc thuc tnh ca ng dng v trong tp tin m tngdng. Bi v skhc bit trong bMIDlet JAR, th thng tin m tng dng c thddng thay i sa i hnh vi ca cc MIDlet. V d, bn c thlu trmt URLhoc cc thng tin cu hnh khc trong thng tin m tng dng.

V d, bn t mt thuc tnh c trng cho mt ng dng trong thng tin m tng dng nh sau:

Jargoneer.url:http://www.dict.org/bin/DictBn trong MIDlet, bn c thly gi trca thuc tnh ny nh sau:String url = getAppProperty (Jargoneer.url);Thay i URL l ddng bi v ta chcn thay i thng tin m tng dng,

m n chl mt tp tin vn bn. Khng cn m ngun bin dch li.

3.6 Bn ghi lu tr (Record Store)

3.6.1 Tng quan

Trong MIDP, bnhcnh tp trung xung quanh cc bn ghi lu tr. Mt bnghi lu trl mt c sdliu nhm cha cc mu dliu c gi l cc bn ghi.Cc bn ghi lu tr c biu din bi cc thc th ca

javax.microedition.rms.RecordStore. Phm vi ca mt bn ghi lu trc thgii hntrong mt bMIDlet hoc c chia sgia cc bMIDlet. Ni cch khc, bn c thgii hn mt MIDlet chc thtruy xut cc bn ghi lu trm c to bi mtMIDlet trong cng mt b, hoc bn c thcho php cc MIDlet tcc bkhc chia smt bn ghi lu tr. Hnh 2.10 chra mi quan hgia cc bMIDlet v cc

bn ghi lu tr.
http://www.dict.org/bin/Dicthttp://www.dict.org/bin/Dicthttp://www.dict.org/bin/Dicthttp://www.dict.org/bin/Dict


33/75



Hnh 2.10. Cc bn ghi lu trring v chia sgia cc bMIDlet

Cc bn ghi lu trc nhn dng bi tn. Cc bn ghi lu trtrong mt bMIDlet th tn ca chng phi l duy nht.

3.6.2 Qun l cc bn ghi lu tr

Lp RecordStore phc vcho hai mc ch. u tin, n nh ngha mt API thao tc cc bn ghi ring bit. Thhai, n nh ngha mt API (hu ht l cc phngthc tnh) qun l cc bn ghi lu tr.

a. M, ng v xa cc bn ghi lu tr

mmt bn ghi lu tr, bn n gin chcn gi tn n.public static RecordStore openRecordStore(String recordStoreName,

boolean createIfNecessary) throws RecordStoreException,RecordStoreFullException, RecordStoreNotFoundException

Nu bn ghi lu tr cha tn ti, tham screateIFNecessary quyt nh mtbn ghi lu trmi sc to hay khng. Nu bn ghi lu trcha tn ti v thamscreateIfNecessarylfalse, th mt ngoi lRecordStoreNotFoundExceptionsca ra.

M sau y dng mmt bn ghi lu trc tn l Address:RecordStore rs = RecordStore.openRecordStore (Address, true);Bn ghi lu trsc to nu n khng tn ti.Mt bn ghi lu trang mc thc ng li bng cch gi phng thc

closeRecordStore() . Nh vi bt cthg c thc mv ng, mt tng hay l ng cc bn ghi lu trkhi bn hon thnh cc cng vic vi n. Bnhv


34/75



nng lc xl l c hn trn cc thit bnh, v thbn nn nhdn dp cc bn ghilu trkhi c th. Bn chc chn skhng gimt bn ghi lu trkhi MIDlet khngcn tn ti.

tm ra tt ccc bn ghi lu trang hin c vi mt bMIDlet cthno, ta dng phng thc listRecordStores():

public static String[] listRecordStores()

Cui cng, xa mt bn ghi lu tr ta s dng phng thcdeleteRecordStore() . Bn ghi lu trv cc bn ghi n cha sc xa.

b. Chia s cc bn ghi lu tr

Cc bn ghi lu trcng c mt chphn quyn. Chphn quyn mcnh lAUTHMODE_PRIVATE, c ngha l mt bn ghi lu trchc thtruy xut t

cc MIDlet trong cng mt bMIDlet m to ra bn ghi lu tr.Cc bn ghi lu tr c th chia s bng cch thay i chphn quyn tiAUTHMODE_ANY, m c ngha l bt k cc MIDlet khc trn thit b c th truyxut ti bn ghi lu tr.

Bn c th to mt bn ghi lu tr chia s s dng phng thcopenRecordStore()trong lpRecordStore:

public static RecordStore openRecordStore(String recordStoreName,

boolean createIfNecessary, byte authMode, boolean writable)throws RecordStoreException, RecordStoreFullException,

RecordStoreNotFoundException

Cc tham sauthModev writeablechc sdng nu bn ghi lu trc to, iu ny ng rng bn ghi lu trkhng tn ti v createIfNecessary ltrue. Bn c ththay i chphn quyn v cwriteableca mt ca mt bn ghilu tr mbng cch sdng phng thc sau:

public void setMode(byte authmode, boolean writable)

throws RecordStoreException

Ch rng chmt MIDlet thuc vbm to ra bn ghi lu trmi c ththay i cc chphn quyn v cwriteable.

Tuy nhin cch no bn c thtruy xut cc bn ghi lu trchia s? Phngthc openRecordStore()cui cng scung cp cu trli:

public static RecordStore openRecordStore(String recordStoreName,String vendorName, String suiteName)

throws RecordStoreException, RecordStoreNotFoundException

truy xut cc bn ghi lu trchia s, bn cn bit tn ca chng, tn ca bMIDlet m to ta chng, v tn ca vendor ca bMIDlet . Cc tn ny phi l ccthuc tnhMIDlet-NamevMIDlet-Vendortrong thng tin k khai v m tng dngca bMIDlet JAR.

c. Kch thc bn ghi lu tr

Cc bn ghi lu trbao gm cc bn ghi, m mi bn ghi n gin chl mt


35/75



mng cc byte. Trn mt thit bhn chvlu tr, bn schc chn mun quan tmn kch thc ca cc bn ghi lu trca bn. tm ra sbyte c sdng bimt bn ghi lu tr, ta sdng phng thc sau trn mt thc thRecordStore:

public int getSize()

Bn c thtm ra khng gian cn li l bao nhiu thng qua hm sau:public int getSizeAvailable()

3.6.3 Lm vic vi cc bn ghi

Cc bn ghi n gin chl mt mng cc byte. Mi bn ghi trong mt bn ghilu trc mt snguyn nhn dng. Hnh 2.11 chra mt biu ca mt bn ghi lutrvi 4 bn ghi.

Hnh 2.11. Bn trong mt bn ghi lu tr

a. Thm cc bn ghi

thm mt bn ghi mi, s dng phng thc addRecord() vi mt mngbyte dliu:

public int addRecord(byte[] data, int offset, int numBytes)throws RecordStoreNotOpenException,

RecordStoreException,

RecordStoreFullExceptionBn ghi c thm vo sc chiu di numBytes, bt u ti offsetca mng d

liu data. Snhn dng ID ca bn ghi mi c trv. Hu ht cc hot ng trnbn ghi cn ID ny nhn dng mt bn ghi cth.

Khng c chiu di ti a ca mt bn ghi, tuy nhin sc gii hn da trnlng khng gian cn li trn thit bdnh cho cc bn ghi lu tr.

on m sau minh ha cch thm mt bn ghi mi ti mt bn ghi lu trctn l rs. N to mt mng byte tmt chui, v sau ghi ton bsbyte vo bnghi mi.


36/75



String record = "This is a record";

byte[] data = record.getBytes();

int id = rs.addRecord(data, 0, data.length);

b. c d liu t cc bn ghi

Bn c thc cc dliu tmt bn ghi bng cch cung cp ID ca bn ghiti phng thc sau:

public byte[] getRecord(int recordId)

throws RecordStoreNotOpenException,

InvalidRecordIDException,

RecordStoreException

Phng thc ny trvmt mng byte cha dliu trong bn ghi vi ID c

yu cu. Mt phin bn khc ca phng thc ny l t dliu ca bn ghi vo mtmng m bn cung cp:public int getRecord(int recordId, byte[] buffer, int offset)

throws RecordStoreNotOpenException,

InvalidRecordIDException,RecordStoreException

Phng thc ny trvsbyte m c sao chp vo mng ca bn. Nu mngbn cung cp khng ln gibn ghi mt ngoi lArrayOutOfBoundsExceptionsc nm ra. Bn c thtm ra kch thc ca mt bn ghi cthnh trc y

bng cch gi phng thcgetRecordSize().

Vi mt bn ghi lu trrsv ID bn ghi idcho trc, y l cch truy xutdliu ca bn ghi:byte[] retrieved = new byte[rs.getRecordSize(id)];

rs.getRecord(id, retrieved, 0);

String retrievedString = new String(retrieved);

c. Xa v thay th cc bn ghi

Bn c th xa mt bn ghi bng cc cung cp ID ca n ti hmdeleteRecord(). Bn cng c th thay th d liu trong mt bn ghi ang tn ti sdng phng thc sau:

public void setRecord(int recordId, byte[] newData, int offset, int numBytes)

throws RecordStoreNotOpenException,InvalidRecordIDException,

RecordStoreException,

RecordStoreFullException

d. Ly thng tin bn ghi trong bn ghi lu tr


37/75



RecordStore theo di mt bin m cc bm n sdng gn cc ID bnghi. Bn c thtm ra ID ca bn ghi tip theo bng cch sdnggetNextRecordID().V bn cng c thtm ra bao nhiu bn ghi tn ti trongRecordStorebng cch gi

getNumRecord().

3.7 Wireless Messaging API (JSR 120)

Wireless Messaging API (WMA) l mt gi ty chn cho Java ME cho phpcc thit bdi ng kt ni trn mt giao tip khng giy nh SMS. WMA da trnGeneric Connection Framework v c tp trung cho CLDC. Tt ccc thnh phnca WMA c cha trong mt gi c chra nh trong Hnh 2.12.

Hnh 2.12. Cc thnh phn ca WMA

3.8 Push Registry

Push Registry l mt kthut c bao gm trong MIDP 2.0 m cho php ccMIDlet c khi chy tng. Push registry qun l vic khi ng MIDlet da trnmng v thi gian m cho php mt kt ni mng n hoc mt cnh bo da trn thigian nh thc mt MIDlet.

Push registry l mt phn ca h thng qun l ng dng (applicationmanagement systemAMS), l phn mm chu trch nhim cho mi chu ksng chomi ng dng (ci t, khi ng, thc thi, xa b). Push registry l thnh phn caAMS m trnh by push API v theo di vic ng k push. Hnh 2.13 tm tt ccthnh phn ca push registry.


38/75



Hnh 2.13. Cc thnh phn ca push registry

Hot ng ca push registry c thc m ttheo 3 bc:- MIDlet c ng k vi mt cng v mt giao thc, nh vy nu bt k

thng ip no n trn cng v giao thc xc nh nh ng k, phn mm qun lng dng (AMS) trn in thoi di ng struyn n ti MIDlet. Vic ng k cngc thc hin tnh bng cch sdng tp tin m tng dng Java ME (JAD).

- Server gi mt thng ip ti mt thit bxc nh sdng mt giao thc vcng cthm ng dng MIDlet c ng k lng nghe.

- Sau khi thng ip c chuyn ti thit b, AMS gi ng dng MIDlet, m ng k lng nghe ti cng v giao thc cth. Ngay khi thng ip ctruyn ti MIDlet, trch nhim ca n l xl thng ip.

Hnh 2.14 chra cch mt MIDlet c kch hot thng qua mt kt ni mng.

Hnh 2.14. MIDlet c kch hot thng qua kt ni mng.


39/75

Bo co n tt nghip Chng 3: One time password (OTP)


Chng III. ONE TIME PASSWORD (OTP)

1. Khi nim

Mt khu mt ln (OTP) hay mt khu ng l mt mt khu m chc dngv hp lcho chmt phin ng nhp hoc mt giao dch. Mc ch ca OTP l trnh cc nhc im thng gp trong cc mt khu truyn thng (mt khu tnh).Cc OTP c sinh ra bi my tnh v v thchng hon ton ngu nhin. Thm vo, cc OTP chc sdng mt ln do chng min nhim trc cc cuc tncng nh nghe ln hay man-in-the-middle. iu c ngha l, nu mt ktn cng

bit c mt khu (OTP) m c dng ng nhp vo mt dch vhay mtphin giao dch th anh ta khng th s dng n ng nhp bi v mt khu khng cn hp l. Tuy nhin, dng OTP cng c trngi ca n l mt ngi bnh

thng kh c thnhcc mt khu ny. V thcn phi c thm cc cng nghOTP c thc p dng khthi.

2. Cch to v phn phi cc OTP

Thut ton to ra OTP in hnh sdng sngu nhin. iu ny l cn thitbi v nu khng th c th ddng on ra cc OTP sau ny nu bit c ccOTP trc . Vchi tit th c rt nhiu cc thut ton cthsinh ra OTP. Diy l cc phng php sinh ra cc OTP:

- Da trn sng bvthi gian gia my chxc thc v cc client to raOTP (cc OTP chhp ltrong mt khong thi gian ngn).

- Sdng mt thut ton ton hc to ra mt khu mi da trn cc mt khutrc (cc OTP l mt chui v phi c s dng theo mt th t c nhtrc).

- Sdng thut ton ton hc m mt khu mi c sinh ra da trn mt ththch. (v dnh mt sngu nhin c chn bi my chxc thc) v/hoc mt bm.

C mt scch thng bo cho ngi dng cc OTP tip theo. Mt vi hthng sdng cc token in tc bit m ngi dng c thmang theo, chng sinhra cc OTP v hin th s dng mt mn hnh nh. Cc h thng khc s dng cc

phn mm m chy trn in thoi di ng ca ngi dng. Cng c hthng sinh racc OTP trn my chri sau gi n ngi dng qua tin nhn SMS hay cc knhtruyn thng khc.

3. Cc phng thc sinh ra OTP

3.1 Da trn s ng b v thi gian

Mt hthng OTP da trn sng bvthi gian thng lin quan n cc


40/75



thit bphn cng nhc gi l cc token bo mt (v dnh mi ngi dng cpht cho mt token c nhn m sinh OTP). Bn trong token l mt ng hmc ng bvi ng h trn my chxc thc. Trn cc h thng OTP ny, thigian l mt yu trt quan trng trong thut ton v thvic sinh ra mt khu da trnthi gian hin ti. Token ny c thl mt thit bc quyn bn, hoc l mt inthoi di ng hoc cc thit bdi ng tng tm chy cc phn mm c quyn,

phn mm min ph hoc ngun m.

3.2 Da trn cc thut ton ton hc

Mi OTP c thc to tcc OTP trc c s dng. Mt v d,chng sdng mt hm mt chiu (gi l f). H thng OTP lm vic bng cch btu vi mt ht ging s, sau ln lt sinh ra cc mt khu.

f(s), f(f(s)), f(f(f(s))), ...Nu mun mt chui mt khu khng c gii hn, mt hn ging mi c thc chn li sau khi tp mt khu sinh ra bi ht ging s ht.

Nu mt k tn cng thy mt OTP, anh ta c th truy xut chmt ln trongmt khong thi gian, nhng n trnn v dng sau khi khong thi gian ht hn.ly c mt khu tip theo trong chui mt khu, anh ta phi tm ra cch tnhton hm nghch o f-1. V f c chn l hm mt chiu nn iu ny cc kkh thc hin. Nu f l mt hm bm m ha, iu ny dng nh khng ththc hin.

Cc h thng OTP schallenge-response s yu cu ngi dng cung cp trli cho mt th thc thch c a ra. V d, iu ny c th thc hin bng cch

nhp gi trm token sinh ra vo chnh token . trnh trng lp, mt bmc thm vo, v thnu mt ai nhn c cng challenge hai ln, th vn sinh rac cc OTP khc nhau.

4. Cc phng thc phn phi OTP

4.1 Phn phi OTP bng SMS

Mt cng ngh c s dng ph bin phn phi cc OTP l dch v tin

nhn SMS. Bi v SMS l mt phng tin truyn thng phbin, n sn c hu nhtrn tt ccc thit bcm tay. Tin nhn SMS c khnng ln ti tt ckhch hngvi tng chi ph thc thi thp, tuy nhin SMS s dng chun m ha A5lx m ccnhm hacker c thgii m trong mt vi pht thm ch l mt vi giy, hoc SMScng c thkhng m ha bi cc nh cung cp dch v.

4.2 OTP trn in thoi di ng

Sdng in thoi c thlm gim chi ph trin khai hthng OTP bi v huht ngi dng shu mt chic in thoi di ng cho mc ch m thoi. Vi

b vi x l mnh m v b nh ln ca cc in thoi di ng v PDA ngy nay,


41/75



chng hon ton tha mn cc yu cu vnng lc xl v bnhsinh ra v lutrcc OTP. Vi in thoi di ng bn c thci nhiu phn mm sinh OTP ca cchng khc nhau, do vi mt chic in thoi di ng bn c thnhiu dch vkhcnhau tit kim chi ph. Tuy nhin, in thoi di ng c dng lm token c thbmt, bh hng hay bn trm.

4.3 OTP trn cc token c quyn

Ngy nay nhiu cng ty cho ra i cc gii php phn phi OTP ti khchhng thng qua cc token c quyn ca h. EMV bt u s dng mt thut tonchallenge-response sdng trong thtn dng chu u. Cn trong lnh vc iukhin truy xut trong mng my tnh, RSA Security a ra sn phm SecurID l mtkiu token ng btheo thi gian. Cng ging nh tt ccc kiu token khc th cc

token ny cng c thbmt, hng hc hay bn trm, thm vo cng c sbttin trong khi token bht pin (trong trng hp khng thxc pin, hoc pin bhngphi thay th, trong mt vi trng hp ton btoken phi c thay th).

5.Chi tit

Trong phn ny chng ta s tm hiu v hai h thng sinh OTP ph bin: hthng challenge-response v thut ton da vo thi gian.

5.1 H thng challenge-response

Mt h thng challenge-response c bn l mt h thng mt m ni m mychgi thng ip l mt thng tin ththch c m ha ti cc client (challenge).Sau cc client c thgii m challenge vi cng cca h. Ngi dng scm bo rng y l mt knh truyn hp lm c thc thi bi mt my chngtin cy. Sau hphi nhp mt khu b mt v kt hp vi challenge va nhn cri m ha chng. y chnh l mt khu mi ti thi im v sc ngi dnggi i nh l mt cu trli (response).

sinh ra cc OTP, th cc challenge m c gi bi my ch phi l duynht. Sau y l hai challenge v d.

V dchallenge thnhty l my A, mt khu b mt ca bn l g?Client kt hp challenge v mt khu b mt ca anh ta v dnh 123456,

thng ip trthnh y l my A, mt khu b mt ca bn l g?123456, sau m ha n. Vi m hnh ny sau khi ng nhp, ngi dng cn mt challenge micho mt phin ng nhp mi. Nu nh challenge mi vn ging nh mt challengetrc th response vn l y l my A, mt khu b mt ca bn l g?123456.iu ny c thbnhng ktn cng li dng tn cng hthng.

Sau y l mt challenge tt hn.y l my A, thi gian : 26/6/2010 03:20:30, mt khu b mt ca bn l


42/75



g?Challenge ny bao gm mt mc thi gian khi n c gi. Sau kt hp vi

mt khu b mt ri m ha v gi cho my ch. Anh ta c thi mt challenge mim khng thtrng lp vi challenge trc . Challenge tip theo c thl y lmy A, thi gian : 26/6/2010 04:25:30, mt khu b mt ca bn l g?.

Nu ktn cng bt c thng tin m ha ca response c y l my A, mtkhu b mt ca bn l g?123456, th thng tin ny cng khng cn hu ch. Bi vtrn my chstheo di cc response v sbit c response ny c sdngmt ln trc , do khng thsdng li.

Vpha my ch, khi ny chgi challenge n stnh ton OTP bng cch kthp challenge c sinh ra v kha b mt ca client c lu trtrong c sdliu,sau lu trOTP ny nh mt khu ca client. Khi my chnhn c response tngi dng (OTP) n s so snh vi OTP c lu tr trong c s d liu chongi dng , nu trng khp th xc thc thnh cng v thit lp mt khu ny c sdng ri khng sdng li na.

5.2 Thut ton da trn thi gian

i vi kiu h thng ny, ngi dng phi mang theo mt thit b token mhin thchnh xc OTP ti thi im hin ti. Cc OTP c hin thtrn mn hnhlun lun thay i trong mi 60 giy (hoc c thtrong mt tlkhc). Mt vi kiutoken yu cu mt s nhn dng c nhn (PIN) c nhp vo c th kch hotchnh xc OTP trong thit b. Ngi dng phi nhp sPIN ca anh ta m chanh ta

bit trc khi thut ton bn trong token c gi tnh ton chnh xc OTP ti thiim .C mt li thtrong hthng OTP da trn thi gian l ngi dng khng

phi qun l challenge tmy ch. Mi ln token c kch hot (vi khng thng tinchallenge), ngi shu thit bc thnhn c mt OTP m c thc s dngxc thc.

Nhng nhc im ca h thng ny l n c th b tn cng trong mtkhong thi gian ngn nu nh ktn cng bt c OTP m ngi dng gi i. Bivy hthng ny cn gii hn cho ngi dng chc sdng OTP ti hthng chmt ln ti mt thi im.

Tuy nhin, chai kiu sinh OTP ny (hthng challenge-response v thut tonda trn thi gian) u c mt im chung l ngi dng cn phi s dng mtcng cnh l mt token phn cng hay phn mm tnh ton ra mt mt khu khc(OTPchallenge). Bi v scn thit ca hm bm hoc cc thut ton m ha v giim (nh MD4, MD5, DES, RSA ) lm cho OTP sinh ra qu phc tp so vi tr nhca con ngi.

5.3 Thit b xc thc

i vi h thng OTP nh h thng challenge-response, chui cc mt khu


43/75



c to ra bi client, m c kt hp bi mt gi trht ging vi mt mt khu bmt m chclient bit. Gi trsau khi kt hp ny c chy thng qua cc hm bmnh MD4 hoc MD5 sinh ra tun tcc mt khu OTP. Trong khi OTP c sinh ratcc thut ton da theo thi gian, chui cc mt khu c to bng cch tnh tonm ha mt sduy nht ca thit b(sserial ca token) vi ngy v gihin ti.

Vi cc l do ktrn, sphc tp ca cc hm bm hoc thut ton m ha vgii m lm cho con ngi kh c thtnh ton ra cc OTP cho hhoc gii m ccthng tin cn thit. Do cn c cc thit bxc thc thc hin cc nhim vny.

V dnh SecurID (mt thit btoken ca RSA Security). N sinh ra mt khumi sau mi 60 giy. Bvi xl bn trong c thtnh ton m ha ca sserial catoken vi thi gian hin ti. Vi s serial duy nht, token ny c thm bo rngchnh n l ngi shu token. Vi gi trthi gian, n c thm bo chng li cccuc tn cng nh nghe ln, cgng ly mt khu trc . Mt phin bn mi caSecurID c tng thm sphc tp bng cch bao gm mt m PIN m chngi shu mi bit. Trc khi kch hot thit bsinh ra OTP, ngi dng phi nhp mPIN ca anh ta xc thc rng anh ta chnh xc l ngi shu thit b.

C mt vi kiu thit bkhc c sdng trong hthng challenge-response.Ngi dng nhn mt thng ip challenge tmy chsau nhp challenge vothit b. Thit bsny chu trch nhim tnh ton ra response (OTP). Ngi dng ckt quc hin thtrn mn hnh ng nhp vo hthng.

iu quan trng cn phi ch y l chng trnh sinh OTP trn client vserver phi cung thut ton chng c th cng hot ng.


44/75

Bo co n tt nghip Chng 4: Phn tch v Gii php xc thcbng in thoi di ng

Chng IV. PHN TCH V GII PHP XC THC BNG INTHOI DI NG

1. Phn tch

Xc thc hai nhn tang ngy cng c dng phbin trong cc ng dngyu cu xc thc mnh m. Nhiu gii php xc thc hai nhn tngy nay cung cp s

bo mt tt hn cho ngi dng, nhng thng thng n cng i hi ngi dng phic nhiu kin thc c th s dng cc token trn pha ngi dng. M hnh xcthc trong chng ny ssdng in thoi di ng nh mt token bo mt thcthi xc thc hai nhn tm khng yu cu ngi dng phi c thbt kmt thit b

phn cng thm no hoc kin thc c thsdng token.Trong x hi ngy nay in thoi di ng trthnh thit bquan trng v l

phng tin rnht trong truyn thng. Do , hthng xc thc sdng in thoi ding nh thit bphn phi mt khu slm cho con ngi trnh c scn thitv phin phc khi phi mang theo mt thit bdi ng ph. Thay vo hc thsdng lun in thoi di ng nh l mt thit bxc thc m bo an ton trong ccgiao dch v bo mt dliu truy xut. Thm vo , trong thc tmi ngi thngshu mt chic in thoi hn l c mt chic my tnh v hc thmang chng i

bt ku. Vi vic sdng cc my tnh cng cng trong cc qun internet hay trongth vin chng to cho my tnh khng thch hp cho cha cc thng tin xc thcan ton khi ngi dng phi sdng cc my tnh cng cng thc hin xc thc.

Nhng bng cch sdng in thoi di ng vi mt my tnh, c thto thnh mtthbi an ton m c thtn dng bi ngi dng ng nhp an ton v ddng ti

bt kdch vno trn internet.

2. Cc yu cu bo mt

Trong mt h thng xc thc th chc nng bo mt l mc ch chnh. Diy l cc yu cu bo mt cho hthng xc thc.

- Cc mt khu phi c m bo chng li cc cuc tn on mt khu, nhcc cuc tn cng tin.

- Cc thng ip v cc thng tin xc thc phi c bo vchng li cc cuctn cng replay.

- Giao thc xc thc phi c khnng ngn chn nghe ln.- Cc kha b mt chia sphi khng c l.- Mt giao thc xc thc ti thiu hai nhn tphi c sdng.- Xc thc ln nhau phi c htr.- Giao thc phi c khnng chng li cc cuc tn cng session hijacking.- Tt ccc dliu nhy cm phi c m ha.


45/75


3. Kin trc tng qut

Hnh 4.1 chra cc thnh phn chnh v kin trc c bn ca gii php xc thcc dng trong lun vn ny.

Hnh 4.1. Kin trc tng qut ca xc thc bng in thoi di ng

Ngi dng phi truy xut ti mt my tnh c kt ni vi Internet v shu

mt chic in thoi di ng vi mt SIM card cn hot ng. Thng qua trnh duyttrn my tnh, ngi dng c thtruy xut dch vweb m c cung cp bi cc nhcung cp dch v. Nh cung cp dch v(SP) c kt ni ti mt my chxc thc(AS) m chu trch nhim qun l xc thc i din cho SP. AS cng c kt ni timng GSM m cho php n kt ni ti in thoi di ng ca ngi dng.

Khi thit kmt m hnh bo mt m sdng hai thit btch bit, ta nn ktni chng trn hai mng khc nhau. iu ny rt quan trng m bo rng cngmt ngi dng ang iu khin chai thit bny. Yu cu c gi trn mt knhtruyn thng v p ng c gi trn mt knh truyn thng khc. Phin trn knhyu cu phi lin quan ti phin trn knh p ng c c mt xc thc hp l.Mi quan hny t c bng cch m bo rng c mt vng lp kn i thng quatt cc cc thnh phn tham gia vo vn xc thc. Vng lp bt u tthit byucu dch v, l my tnh ca ngi dng, ri i thng qua mng ti SP v AS, sau qua in thoi di ng ri quay trli thit bban u bng cch ngi dng nhpkt quc hin thtrn in thoi di ng vo trnh duyt trn my tnh.

4. Gii php

Cc thtc xc thc sdng OTP c trnh by nh trong hnh 4.2


46/75


Hnh 4.2 Xc thc sdng gii php mobile OTP

Hnh 4.2 chra mt phin xc thc thnh cng ca mt client sdng gii phpmobile OTP. Yu cu y l ngi dng c mt ti khon v OTP MIDlet c ci t trn in thoi ca ngi dng. Khi client mun truy xut dch vtrn SP

th nh danh ca client c yu cu. Client p ng li bng cch g username caanh ta ln trnh duyt. Thng tin sau c chuyn tip ti AS ni chu trch nhimxc thc. Da trn nh danh ca client AS ssinh ra mt challenge, thng thng lmt sngu nhin an ton da trn thng tin ti khon ca client, v mt OTP tngng.

Mi ln xc thc gi trca challenge c sinh ra khc nhau do gi trOTPc sinh ra lun lun thay i. Cui cng gi trm xc thc thng tin (MAC) datrn kha b mt c tnh ton trn gi trOTP. AS gi ba gi trchallenge, MAC,OTP ti Authenticator t s chuyn tip gi tr challenge v MAC ti client. Ti

pha client, da trn gi trnhn c client tnh ton OTP. Sau tnh ton gi tr

MAC v so snh vi gi trMAC m n nhn c tAuthenticator. Nu gi trMACtrng khp th client c thxc thc c AS v AS chng minh c rng n shu kha b mt chia s. Client sau gi OTP trli Authenticator. Nu gi trtnhc khng trng khp vi gi trMAC nhn c th qu trnh xc thc c bqua.Khi Authenticator nhn c OTP n so snh vi gi trOTP n nhn c tAS, nutrng khp n s thng bo vi SP l client c xc thc. Vn xc thc lnnhau gia client v server t c v phin c chuyn trli cho SP m ng cho ngi dng truy xut dch v.


47/75

Bo co n tt nghip Chng 5: Thit k


Chng V. THIT K

1. Biu use case

Hnh 5.1 User case tng qut

Hnh 5.1 a ra mt ci nhn tng qut ca cc user case chnh sc sdngtrong bi lun vn. Cc bng 5.1 ti 5.3 sm t cc kch bn chnh xc thc vng k. Chai kch bn ny bt u vi vic ngi dng sdng dch vm yucu xc thc. Khi user tng tc vi h thng user ng vai tr nh mt tc nhn(actor), mc d qu trnh truyn thng lun lun qua client. Cn khi cc thnh phnclient kt ni m khng c sxut hin ca user th client li ng vai tr l tc nhn.

Tn use case 1. Sdng dch v

M t Mt user yu truy xut ti mt dch vm yu cu xc thc

Cc tc nhn User

Service Provider (SP)Authenticator

iu kin SP cn c kt ni ti mt AuthenticatorClient cn cung cp ng cc giy y nhim

Chui skin chnh:

1. User bt u truy xut dch v


48/75

Bo co n tt nghip Chng 5: Thit k


2. SP chuyn tip yu cu ti Authenticator3. Authenticator bt u qu trnh xc thc

(Bt u user case 2: Xc thc)4. Authenticator xc thc user thnh cng

5. SP cho php user quyn truy xut dch vNgoi l:

3a. Client cha ng k(Bt u user case 4: ng k)

4a. Authenticator tchi xc thc cho user v truy xut ti dch vbkhc t.

Bng 5.1 Use case - Sdng dch v

Use Case 2. Xc thc

M t Qu trnh xc thc user da trn gii php mobile OTP

Cc tc nhn User

Client

Authenticator

iu kin SP cn c kt ni ti mt AuthenticatorClient cn cung cp ng cc giy y nhim

Chui skin chnh:1. User c yu cu cung cp mt username

2. Use case 3 Thc hin xc thc c bt u3. Authenticator gi mt challenge v MAC ti Client4. Client tnh ton OTP v gi li OTP trli5. Authenticator thi hnh ph chun gi trOTP nhn c tClient

Ngoi l:4a. Gi trMAC khng chnh xc, xc thc tht bi5a. Gi trOTP khng hp l, xc thc tht bi

Bng 5.2 Use case - Xc thc

Use Case 5. ng k

M t Mt user ng k ti khon ti dch vmobile OTP

Cc tc nhn User

Authenticator

iu kin SP cn c kt ni ti mt AuthenticatorUser cn cung cp dliu hp l

Chui skin c

bảo mật các giao dịch trực tuyến bằng otp

Documents