本文關(guān)鍵詞： 網(wǎng)上銀行 轉(zhuǎn)帳 安全性 大機(jī) 子系統(tǒng)　出處：《復(fù)旦大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：網(wǎng)上銀行是傳統(tǒng)銀行的一種延伸和補(bǔ)充,它不僅可以降低銀行的經(jīng)營(yíng)成本,還可以增加業(yè)務(wù)交易量,從而獲得更大的利益。它是通過(guò)因特網(wǎng)技術(shù)向用戶提供查詢、轉(zhuǎn)帳、投資理財(cái)?shù)确⻊?wù)項(xiàng)目,其方便性越來(lái)越受到廣大用戶的青睞。由于網(wǎng)上銀行是一種網(wǎng)絡(luò)應(yīng)用,它的所有內(nèi)容都通過(guò)互聯(lián)網(wǎng)傳輸,因此在網(wǎng)上銀行應(yīng)用中不可避免地存在著由互聯(lián)網(wǎng)的自由、開(kāi)放所帶來(lái)的信息安全隱患,尤其是轉(zhuǎn)帳應(yīng)用涉及到資金的流動(dòng),更容易成為非法入侵和攻擊的對(duì)象。本文首先分析了網(wǎng)上銀行系統(tǒng)的發(fā)展現(xiàn)狀,突出闡述了網(wǎng)上銀行轉(zhuǎn)帳服務(wù)對(duì)銀行的重要性,通過(guò)橫向和縱向的網(wǎng)銀轉(zhuǎn)帳安全的對(duì)比,然后明確了我國(guó)網(wǎng)銀轉(zhuǎn)帳存在的諸多安全性問(wèn)題。在此基礎(chǔ)上,分析了基于網(wǎng)銀轉(zhuǎn)帳存在的安全性問(wèn)題的總體架構(gòu)和子系統(tǒng)組成�；诖髾C(jī)CICS平臺(tái),以COBOL語(yǔ)言、JCL語(yǔ)言和ICSF工具分析了各個(gè)子系統(tǒng)的設(shè)計(jì)和實(shí)現(xiàn)。其中重點(diǎn)討論了密鑰管理子系統(tǒng)如何提供用戶可視化界面給銀行人員輸入密鑰、與網(wǎng)銀前臺(tái)的動(dòng)態(tài)密鑰傳輸機(jī)制來(lái)更新密鑰、動(dòng)態(tài)和靜態(tài)密鑰的安全性存儲(chǔ)；口令管理子系統(tǒng)如何生成強(qiáng)壯性口令及口令的安全性存儲(chǔ)；身份驗(yàn)證子系統(tǒng)如何更安全地驗(yàn)證用戶口令以及如何完善收款人建立機(jī)制；MAC驗(yàn)證子系統(tǒng)如何利用ICSF生成MAC并判斷轉(zhuǎn)帳請(qǐng)求中數(shù)據(jù)的準(zhǔn)確性以避免執(zhí)行數(shù)據(jù)被篡改的轉(zhuǎn)帳交易；審計(jì)和風(fēng)險(xiǎn)控制子系統(tǒng)如何生成交易日志以及與接口層系統(tǒng)連接實(shí)現(xiàn)轉(zhuǎn)帳交易的在線監(jiān)測(cè)和如何反洗錢等。最后本文得出結(jié)論該網(wǎng)上銀行安全轉(zhuǎn)賬的所有子系統(tǒng)能很好地解決網(wǎng)上銀行轉(zhuǎn)帳存在的安全性問(wèn)題并討論了一些子系統(tǒng)的局限性,提出進(jìn)一步的解決方案。
[Abstract]:Internet banking is an extension and supplement of traditional banks. It can not only reduce the operating cost of banks, but also increase the volume of business transactions, thereby obtaining greater benefits. Investment, financing and other services, its convenience is increasingly popular with the majority of users. Because online banking is a network application, all its content is transmitted through the Internet. Therefore, in the application of online banking, there is inevitably the information security hidden danger brought by the freedom and openness of the Internet, especially the transfer application involves the flow of funds. It is easier to be the object of illegal intrusion and attack. Firstly, this paper analyzes the current situation of the development of the online banking system, highlights the importance of the online banking transfer service to the bank, and compares the security of the net bank transfer between the horizontal and the vertical. On the basis of this, the paper analyzes the overall structure and subsystem composition of the security problem based on the net silver transfer. Based on the CICS platform of the mainframe, the paper analyzes the security problems of the network bank transfer in China. The design and implementation of each subsystem are analyzed by using COBOL language and ICSF tools, and the key management subsystem is discussed how to provide the user visual interface to input the key to the bank personnel. Update key, dynamic and static key security storage with dynamic key transmission mechanism of network bank foreground, how to generate strong password and password security storage by password management subsystem; How to verify user password more safely by authentication subsystem and how to perfect payee establishment mechanism how to use ICSF to generate MAC and judge the accuracy of data in transfer request so as to avoid execution of data tampered transfer transaction; The audit and risk control subsystem how to generate transaction log, how to monitor the transfer transactions online and how to counter money laundering, etc. Finally, this paper concludes that all the subsystems of the online bank security transfer are connected with the interface layer system. It can solve the security problems of online bank transfer and discuss the limitations of some subsystems. Propose further solutions.
【學(xué)位授予單位】：復(fù)旦大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08;TP311.52

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 尚德峰;;淺談網(wǎng)絡(luò)交易欺詐的形式與防范[J];河南機(jī)電高等專科學(xué)校學(xué)報(bào);2011年02期

，

本文編號(hào)：1545194