Online warranty

Warranty policies
Search Products
Product category
Support Online
 

Yahoo

Technology

Yahoo

htt_banle

Yahoo

htt_banle

Nick Skype status

Technology

Nick Skype status

htt_banle

Nick Skype status

htt_banle

0906 613 677

0932 113 977

 
Web Link
News
  • banner
  • banner
  • banner
  • banner
  • banner
  • banner
Loading

Application Protocol Secure Socket Layer (SSL) to encrypt and authenticate communication between client and server when accessing the M-Office. Use of electronic signature technology (public key, private key) for login authentication to the system M-OFFICE. Do not use the traditional style login (Username, Password).

1.Introduction

Application Protocol Secure Socket Layer (SSL) to encrypt and authenticate communication between client and server when accessing the M-Office. Use of electronic signature technology (public key, private key) for login authentication to the system M-OFFICE. Do not use the traditional style login (Username, Password).

2. Describe solutions
2.1. The concept is used in the solution
2.1.1. CA (Certification Authority)
Check the confirmation of a person or an organization by giving a certificate to prove that assertion. CA also offer a file (list of canceled certificates) used to verify that the certificate has not been canceled. To understand this word (CRL), think of it as a list of credit cards that merchants can use to check the customer's credit has been canceled or not.


2.1.2. CSP (Cryptographic Service Provider)
This is a module of the computer used to perform the signing operation, checking signatures, encryption, decryption, along with the one-way hash function.


2.1.3. Certificate sospan> (digital certificate).
Certificate which will contain the secret key (Private Key) and public key (public key). Along with the information providers, who are certified and that certification.


2.1.4. PKI (Public Key Infrastructure)
* PKI enables the use of a public network like the Internet is not secure exchange of data security by using a secret encryption key pair secretly and openly. This key pair is shared by a competent person. Public key authentication provides for identification of the individual or organization and directory services to store, when necessary will cancel.
* PKI provides users a method of electronic transactions and electronic ensure consistent reliability, information integrity, authenticity, access control and validation.


2.1.5. Secret key (Private Key):
* Just like the name, this Key owned your privacy and it is used to encode the information for your own personal use. Only you own it yourself, this Key is not allowed and should not be distributed to anyone.
* When you need to perform the encryption needs of the private information of a secret that I do not want to share that information to anyone. You need to use a Private Key. Conversely if you want to encrypt the information with the purpose of sharing it with some of the objects that you want to share your information to Public Key used to encrypt them and send them. Then they themselves will use its own Private Key to decrypt the goods.
* It is important in this concept is that you distinguish and understand the features and usage of the two types of Keys: Public Key and Private Key.


2.1.6. The public key (public key).
Used to encrypt the information you want to share with anyone. Therefore, you can freely distribute it to whomever you need to share information in encrypted form.


2.1.7. Electronic signature (digital signature)
To prove that a message was actually sent by the sender is not forged by another man. Digital Signatures concept was born. When you use Digital Signatures will be checking the authenticity of a message. The use of Digital Signatures will reduce the risk of fake messages (especially the message that claims a patch for the purpose of a virus or Trojan to you). Because you can easily verify that the message really came from it or not?

A digital signature is a combination of secret key (secret key) and text. It then uses the sender's public key to verify the message. It not only checks, appraisal information about the sender that it can check the contents of the message. Thus you will know that the message has not been tampered and it does not interfere with or modify the contents of the transport process.

Electronic signatures based activities public key technology, which uses digital certificates to sign and encrypt documents and transactions. Here is the operating principle of the use of electronic signatures in information security.

Electronic signing process - SigningFirst, the message (message) is calculated by a one-way hash function (one-way hash function), this functioncalculates the message and returns a summary of the message (message digest), make a one-way hash function sure that the summary of this message is unique and any slightest modification in the message will also cause changes to this summary. Then the sender will use its private key encryption this summary. The following content was coded as "electronic signature" (digital signature) of the message that is signed by the sender.

Electronic signatures will be sent to the recipient with a message.

The process of checking digital signatures - Verification 

When the recipient receives the message, to check the validity of its first recipient will use the sender's public key (public key is often widespread) to decrypt the digital signature. The result of the decoding process the electronic signature is a summary of the message was sent. Then the receiver using one-way hash function to compute the summary of the contents of the message again and then take the results compared with the summary above has been decoded, if the result is the same, then the successful test.

Conversely it can be concluded that a message has been tampered with or altered information on the sending process.

2.1.8. One-way hash function
One-way hash function. First, the message (message) is calculated by a one-way hash function (one-way hash function), this function calculates the message and returns a summary of the message (message digest), make a one-way hash function sure that the summary of this message is unique and any slightest modification in the message will also cause changes to this summary


2.1.9. Encrypt filesEncrypt (encrypt file).

To encrypt a file you need to have public key (public key) of the received file. The sender will use the public key (public key) to encrypt your recipient.


2.1.10. Assuming code files

Decoding file (decrypt files).

To decrypt an encrypted file we need a secret key (Private Key) with the corresponding public key is used for encryption.

2.1.11. Name the file

File Name (sign a file)? Once a digitally signed information you give to people and people to take them and make sure they can not alter the contents of the document after you have signed them. In other words, your data is completely secure, no change.
Like a handwritten signature you can also find information about the signer (like a contract). Digital signatures can be used to authenticate that you can also see electronic information. However, just a small change in the information signature, signature verification will fail, and there will be a warning to the recipient that the information in the document signature has changed from when you sign .

When you sign a document, a brief message will be generated. The message in essence is an easy check of fingerprints generated by the HASH algorithm that you specify (for example: MD2, MD4, MD5 or SHA-1). This message will encrypt your secret key. As a result, in the encoded file can be one of your signature.

The signature and the original copy of the file can be located somewhere in the file. This file is sent and signed by me in any way to the recipient.

The recipient can verify that your signature and make sure that the data in the file remains intact, unchanged. Recipients can also store files and such signature. If the file has been changed, the signature validation process will fail and report that this file has been changed.

2.1.12. Check the signature

Signature check (verify file). Confirm electronic signature is checked on signature identity and content of the posts. If you use a certificate to sign kh ng exist or change any information in the electronic signature process will not succeed.
Check the validity of digital certificates in the PKI-signature basis, the process usually includes forming a chain to a trusted certificate. Most digital signature does not just include the signer's certificate which can be any of the intermediate CA certificate (Center for Digital Certification).

2.2. Solution Description
2.2.1. User access M-Office
User access to address M-Office installed on the SSL protocol.
For example: https://www.dost-dongnai.net/m-office/
Instead http:// now M-Office be installed on the SSL security protocol

2.2.2. Get the message and the public key
When the User access to the M-Office will receive a message and send a public key from the CA.

2.2.3. Signing and encrypting messages
User using his secret key to sign the message. After signing the message will be encrypted by the public key received from the CA and sent to the CA.


2.2.4. CA decryption and signature checks
CA using its private key to decrypt the message and checks the signature of the User. If the test is successful signature Instant User which account for M-Office. Now that CA will issue a permit to travel to the M-Office.


2.2.5. Licensed travel on M-Office
Based on the operating license of the CA, M-Office will conduct the respective rights granted to User to start a session. The travel permit is valid for only one session.


3. Application SSL protocol on M-OFFICE
3.1. Introduction
Personal digital certificate also allows the user to validate themselves with a web server through the SSL security protocol.

Authentication method based on digital certificates are rated as good, safety and security over traditional authentication methods based on passwords.
With the combination of SSL and user authentication M-OFFICE by digital signature (digital signature) will bring security and safety for the M-OFFICE.
What is SSL?The connection between a Web browser to any point on the Internet go through a lot of stand-alone systems without any protection for the transmission of information. No one, including the user and the Web server have any control over any of the data path and can control whether someone enter the information on line. To protect confidential information over the Internet or any TCP / IP, SSL has incorporated the following elements to establish a secure transaction:
Authentication: ensure the authenticity of the site you will be working at the other end of the connection. Also, the Web site also need to check the authenticity of the user.
Encryption ensures the information can not be accessed by third object. To eliminate eavesdropping information "sensitive" when it is transmitted over the Internet, the data must be encrypted so it can not be read by people other than the sender and the recipient.
Data integrity: ensuring information is not misleading and it must accurately represent the original information sent to.
With the use of SSL, the Web site can provide confidentiality, authentication, and data integrity to the user. SSL is built into the browser and Web server, allowing users to work with Web pages in safe mode. When the Web browser using an SSL connection to the server, the lock icon will appear in the status bar of the browser window and the "http" in the URL entry box changes to "https". A session HTTPS uses port 443 instead of port 80 for HTTP as


3.2. Description Protocol
Originally developed by Netscape, today the Secure Socket Layer (SSL) has been widely used on the World Wide Web for authenticated and encrypted communication between clients and servers. Organizing IETF (Internet Engineering Task Force) has standardized SSL and TLS renamed (Transport Layer Security). Although there is a change in name only but TLS is a new version of SSL. TSL Version 1.0 is equivalent to SSL version

3.2.1. However, the term SSL is used more widely.
SSL is designed as a protocol for security issues can support many applications. SSL protocol operating above TCP / IP and below application protocols such as HTTP upper floors (Hyper Text Transport Protocol), IMAP (Internet Messaging Access Protocol) and FTP (File Transport Protocol). While SSL can be used to support secure transactions for many different applications on the Internet, it is now mainly used for SSL transactions on the Web.

SSL is not a single protocol, which is a set of standardized procedures to perform the following security tasks:
Authentication server: Enables the user to authenticate the server you want to connect. At this point, the browser uses the public key cryptography techniques to ensure that the server's certificate and public ID are valid and are issued by a CA (certificate authority) in the list of trusted client CA. This is very important for users. For example, when sending credit card numbers over the network, users really want to check whether the server will receive the correct information is sent to the server where they are not.

Authentication Client: Enables the server to authenticate the user wants to connect. The server also uses public key cryptography techniques to verify the server's certificate and public ID are valid or not and are issued by a CA (certificate authority) in the list of trusted CA server is not. This is important for providers. For example, when a bank sends the information to provide financial security to customers so they want to check the identity of the recipient.

Encrypt connection: All information exchanged between client and server is encrypted on transmission lines in order to enhance security. This is very important for both parties to the transaction is a private one. In addition, all data sent over an SSL connection is encrypted is protected by automatic mechanism to detect disturbances, changes in the data. (Which is the hash algorithm - hash algorithm).

The SSL protocol includes two children: SSL record protocol and the SSL handshake protocol. SSL record protocol determine the format used to transmit data. SSL handshake protocol (called the handshake protocol) will use SSL record protocol to exchange information between the server and the client for the first time establish SSL connection.

Bookmark and Share

Other news:

 
Newsletter
  • Join our MailList system, you will receive the latest information on products, services and solutions, news, promotion and recruitment of companies Hop Thanh Thinh via email.
Cart

You have not ordered

 

Customer support

htktHow to order

htktTechnical Assistance

htktTechnical advice

htkt Pricing

Advertisement

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner