Introduction: This paper introduces the security technology and scheme commonly adopted by Network Bank, analyzes the security requirement of general network banking system from two angles of data and business logic, and introduces the security design scheme of PPDRR as security model. Through reading this article, the reader not only can understand the security system architecture and related technology which the Internet bank commonly adopt, but also has the certain guiding significance to the development actual security application system.
Summary
With China's accession to the WTO, foreign banks to enter the Chinese market, domestic banks more and more of the business transplanted to the Internet bank, so the demand for online banking is increasing. However, the open characteristics of the Internet, so that online banking is facing various risks, it can be said that security is the largest online bank assessment elements. So a set of perfect security system is a must for online banking.
This paper introduces the security technologies and schemes commonly used by internet banks at home and abroad, and analyzes the security requirements of general online banking system from two angles of data and business logic, and introduces the security design scheme based on PPDRR as security model. The main security technologies include SSL data encryption, CFCA digital certificate authentication, dynamic password technology, role-based access control mechanism and so on. Through reading this article, the reader not only can understand the security system architecture and related technology which the Internet bank commonly adopt, but also has the certain guiding significance to the development actual security application system.
An overview of security systems for online Banking
Background
Security is the basis of online banking application promotion, the security system of online banking is to ensure that the data of the online banking system is not illegally accessed or modified, and that the business process is carried out according to the procedures stipulated by the Bank.
Network and information security involves a wide range of areas, in terms of security technology to achieve the goal, generally can include the following 6 aspects, or called security Service model, namely: Identity authentication, authorization control, audit confirmation, data confidentiality, data integrity and availability.
In order to ensure the network and information security of internet banking, banks generally adopt multi-level system structure of online banking security system. Can be divided into: Network layer, System layer and application layer three levels. The components of the network layer include: physical circuits, routers, switches, network management software, firewalls, encryption machines and so on; The system layer is mainly composed of host, operating system, database, anti-virus software and other components. The application layer consists of Web server, application Server, Internet banking system software, RA Server, dynamic password server and so on.
Business Logic Security Requirements
Business logic security is mainly to protect the online banking business logic according to specific rules and procedures to be accessed and processed.
Identity Certification Requirements
Before the two sides carry out the transaction, first of all to be able to confirm the identity of the other parties to the transaction identity can not be counterfeit or disguised. At the same time the client is susceptible to Trojan virus, ordinary static password authentication can not meet the security needs of network banks. The network silver system needs more effective authentication system.
Access Control requirements
Access control is the core security policy in the network banking security subsystem, and access to critical networks, systems and data must be effectively controlled, which requires the system to be able to recognize the identity of the visitor, authorize it carefully, and track any access. Network banking system access control requirements are reflected in the following areas:
Business card and card data maintenance must designate a dedicated management personnel;
Enterprise users can not access to personal transactions;
Personal Network Silver users can not access the business user-oriented transactions;
Batch business card-making operation and business card-making data export can only be operated by the system administrator of dynamic password management;
The teller establishes the card information and the Customer Information Association should take the authorization mechanism.
Transaction repeat submission Control requirements
Duplicate transaction submission is the same transaction was repeatedly submitted to the network banking system. The repeated submission of the query class will consume more system resources for no reason, and the result will be much more serious after the transaction of the management or financial class is repeatedly submitted. The repeated submission of the transaction may be unintentional, or it may be a deliberate attack.
The Network bank security subsystem must control the number of times of management and financial transaction submission, this control is to effectively eliminate the user's misoperation, but also can not affect the user under normal circumstances of a transaction for multiple submissions.