You are on page 1of 10

ng dng ch k s trong bo mt thng tin

Ths. Hong S Tng 1. ng dng ch k s Mt s ng dng trong cuc sng ng dng ch k s c th k n nh bo mt my ch web (khi tin hnh giao dch trn cc website thng mi in t uy tn. Tt c cc thng tin nhy cm s c m ha a ch web thng c dng https k s v m ha email); ng nhp t xa qua VPN, wireless (ch k s lc ny c s dng thay th phng php xc thc km an ton nh username/password). Mt s giao dch trong ngnh ngn hng, chng khon hin nay ang c dng OTP (One Time Password). y l mt gii php tnh th do lc dch v chng ch s cha c mt, trong khi Lut Giao dch in t ra i nm 2005 cng nhn gi tr php l ca chng ch s. V vy, thi gian ti, rt c th cc giao dch ngn hng qua Internet (Internet

banking) cng s ng dng ch k s. Tuy nhin, vi cc t chc ngn hng ang ng dng OTP, gii php m cc CA khuyn co l nn c l trnh chuyn i. Bc u c th s dng song song (chng hn vi nhng giao dch c gi tr tin thp vn dng OTP, nhng giao dch c gi tr tin ln th dng ch k s). V cn bn, ch k s l mt loi ch k in t da trn h thng mt m khng i xng, cha thng tin nh danh ngi ch s hu ch k . Cc thng tin ny c th c lu tr bng nhiu hnh thc khc nhau: di dng file v lu tr trn my tnh; trn cc thit b lu tr c bit (USB token); trn th (smart card); thm ch trn sim in thoi (SIM base CA). Ty nhu cu m mi khch hng chn nhng hnh thc lu tr khc nhau, tuy nhin, SIM base CA c nh gi cao tnh di ng, thun tin do gn lin vi chic in thoi di ng. Trn th gii, SIM base CA c s dng t nhng nm 2001 2002. Quc gia c nhiu SIM base

CA l i Loan, Hn Quc. Theo nh gi ca mt s CA trong nc, Vit Nam c s lng ngi s dng in thoi di ng kh ln do th trng cho SIM base CA kh tim nng. Tuy nhin, c c dch v SIM base CA cn s phi hp gia nh cung cp dch v ch k s v nh cung cp dch v vin thng. i vi cc doanh nghip, ch k s c th c ng dng vo trong hu ht cc hot ng ca cng ty nh: ng nhp bng th thng minh (smart card), windows security logon, trao i cc ti liu nhy cm, trao i email, truy cp t xa qua VPN, Vic trin khai mt h thng PKI i vi cc doanh nghip nh l rt n gin, v li ch m h thng em li rt ln so vi chi ph u t ban u. Quy trnh cp pht chng ch v ng dng chng ch s cng rt n gin. Sau y l mt v d vic s dng chng ch s trao i email trong doanh nghip. Qu trnh s bao gm: xin cp pht chng ch t ngi dng, ngi qun tr cp pht chng ch, ngi dng nh km chng ch

vo trong cc email gi cho ngi khc. Trong v d ny vn s dng m hnh phn lp gm RootCA, SubCA v RA, tuy nhin trong thc t n gin v ph hp vi cc doanh nghip nh, chng ta c th ch cn s dng mt CA m nhim c chc nng ca RootCA v RA. Ban u, ngi dng cn install chng ch ca RootCA vo my tnh.

Hnh 1: Install Certificate Ngi dng truy cp vo trang public ca RA to mt yu cu xin cp pht chng ch

Hnh 2:Ngi dng xin cp pht chng ch

Hnh 4: Khai bo cc thng tin c bn La chn loi chng ch l dnh cho User (ngi s dng bnh thng)

Hnh 3:Chn Browser Certificate Request in cc thng tin c bn nh: First name, Last name, a ch email, y l cc nh danh c gn km vi ngi s dng chng ch.

Hnh 5: La chn loi chng ch, mc bo mt,

Chn lc k, di ca kha v m PIN

Sau khi ngi dng to xong yu cu cp pht chng ch, ngi qun tr s phi truy cp vo trang https://ra.actvn.net/pki/ra thc hin vic k vo yu cu ca ngi dng.

Hnh 6: Chn lc k, chn m PIN Sau khi ng vi tha thun ngi dng do CA ra, bc tip theo s khi to kha b mt cho ngi dng.

Hnh 8: Yu cu xin cp pht chng ch ca ngi dng

Hnh 7: Khi to kha b mt ca ngi dng

Hnh 9: RA k vo yu cu ca ngi dng

Hnh 10: Yu cu c k Sau khi yu cu c k bi RA, ngi qun tr tip tc chuyn yu cu sang cho CA, CA thc hin vic cp pht chng ch

Hnh 12: CA chp nhn cp pht chng ch cho ngi dng Chng ch ca ngi dng c cp pht, sau ngi qun tr phi chuyn chng ch c cp pht v RA Server cng b cho ngi dng.

Hnh 11: CA tip nhn yu cu ca ngi dng t RA Hnh 13: Chng ch ca ngi dng c cp pht

Khi , ngi s dng truy cp vo trang https://ra.actvn.net/pki/pub . S thy c danh sch cc chng ch m CA cp pht (cc chng ch b thu hi s khng c trong danh sch ny)

Ngi dng chn chng ch ca mnh ti v my. Do mi chng ch c mt m PIN khc nhau, m m PIN ny ch c ngi to yu cu cp pht chng ch mi bit, nn nu c ly chng ch ca ngi khc cng khng th s dng c.

Hnh 14: Danh sch cc chng ch c cp pht Hnh 16: Ngi dng ti chng ch v my Chng ch ny tun th theo cc chnh sch m CA ra nh: Policy 1.2.3.3.4, Policy 1.2.3.3.5, Policy 1.2.3.3.6, Policy 1.2.3.3.7. Vi chng ch ny, ngi dng c th dng xc thc i vi cc Website yu cu xc thc thng qua TLS, bo v email hay ng nhp vo Windows s dng Smartcard.

Hnh 15: Thng tin chng ch ca ngi dng

Trong v d ny chng ta s dng Outlook Express gi th v nh km ch k s ca ngi dng. s dng ch k s ta phi install chng ch ca ngi dng vo my. Sau la chn chng ch ngi dng k v m ha email nh hnh di

Hnh 18: Thc hin vic gi email km ch k s Ngi dng c yu cu nhp kha b mt, m bo rng y l chng ch ca ngi dng ch khng phi ca ngi khc.

Hnh 17: S dng chng ch bo v email Thc hin vic gi email c km theo ch k s v m ha ni dung email. Email s c thm 2 biu tng: ch k v m ha nh hnh di Hnh 19: Kha b mt ca ngi dng Ngi nhn s nhn c mt email vi ni dung b m ha

gin v t c hiu qu an ton, bo mt thng tin cn gi i.

2. Thc trng ng dng ch k s Vit Nam


Ngoi vic l mt phng tin in t c php lut tha nhn v tnh php l, ch k s cn l mt cng ngh m ha v xc thc rt mnh. N c th gip bo m an ton, bo mt cao cho cc giao dch trc tuyn, nht l cc giao dch cha cc thng tin lin quan n ti chnh. Hin ti cng ngh ch k s ti Vit Nam c th s dng trong cc giao dch mua bn hng trc tuyn, u t chng khon trc tuyn, chuyn tin ngn hng, thanh ton trc tuyn. Ngoi ra, B Ti chnh cng p dng ch k s vo k khai, np thu trc tuyn qua mng Internet v cc th tc hi quan in t nh khai bo hi quan v thng quan trc tuyn m khng phi in cc t khai, ng du ca cng ty v n c quan thu ch np t khai ny.

Hnh 20: Email c m ha khi n ngi nhn c c ni dung bc th, ngi nhn phi c c kha cng khai ca ngi gi.

Hnh 21: Ni dung email c gii m Qua v d trn, chng ta c th thy vic s dng ch k s rt n

Trong tng lai ti Vit Nam ch k s c th s dng vi cc ng dng chnh ph in t. Khi cn lm th tc hnh chnh hay mt s xc nhn ca c quan nh nc, ngi dn ch cn ngi nh khai vo mu n v s dng ch k s ca mnh gi l xong. i vi dch v chng thc ch k s cng cng ch c th s dng trong cc giao dch in t lin quan n ngi s dng c nhn v t chc, doanh nghip, trong cc giao dch gia ngi dn, doanh nghip vi cc c quan nh nc. Ring cc giao dch ni b ca cc c quan nh nc hoc gia cc c quan nh nc vi nhau l cc giao dch c th, khng dng c h thng chng thc cng cng m phi dng h thng ring. s dng ch k s cn phi ng k chng ch s v to kha b mt lu vo trong PKI Token vi cc nh cung cp dch v chng thc ch k s. Cc chng trnh ng dng phi h tr chc nng k s, khi vic s dng kh n gin, ngi k

ch cn cm thit b Token vo cng USB, nhp PIN code bo v Token v chn lnh k s trong chng trnh ng dng. Ch k s khng ging ch k bnh thng ch mi ln k, ngi s dng s dng kha b mt to ch k v mi ln k s l mt ch k khc nhau. Da vo cc cng c phn mm c cung cp, cc i tc c th kim tra chng ch xc nh ch k. Cch kim tra l so snh tnh ng nht ca kha cng khai trn cc ch k s ca ngi gi vi kha cng khai ca trung tm chng thc ch k s (Root Certification Authority - Root CA). Hin nay Vit Nam c 5 nh cung cp dch v chng thc ch k s cng cng l VNPT/VDC, Viettel, Bkis, Nacencomm v FPT. Cc n v ny a ra th trng y cc loi ch k s phc v k khai thu qua mng, giao dch ngn hng, chng khon, hi quan in t, k v m ha email, vn bn... p ng cho cc i tng c nhn, t chc, doanh nghip v cc trang web.

KT LUN
Hin nay, vic p dng mt m ha kha cng khai v dch v chng thc in t m bo an ton thng tin trong cc hot ng giao dch in t l gii php c nhiu quc gia trn th gii s dng. Vit Nam, tnh hnh trin khai c s h tng kha cng khai (PKI) v chng thc in t (CA) c nh gi l i ng hng v bi bn, nhng tin vn cn chm. Thc t Vit Nam vic trin khai dch v chng thc in t mi ch mt s c quan nh nc, c quan thuc chnh ph. Cn cc doanh nghip cng c s dng chng thc in t nhng cn t v u l mua ca cc t chc cung cp. Vic trin khai cc dch v cung cp chng thc in t yu cu mt s u t lu di v nghim tc mi mang li kt qu nh mong mun. Phn kh khn nht trong trin khai dch v ny l khu t chc thc hin v thay i nhn thc ca con ngi. Tnh php l ca

ch k s v dch v chng thc in t cng l mt vn ang c t ra. Ti liu tham kho 1. Carlisle Adams and Steve Lloyd: Understanding PKI second edition: Concepts, Standards, and Deployment Considerations 2.Website http://www.openca.org 3.Website http://www.openca.info

10

You might also like