| Financial information security is not only related to the economic benefit and competition of financial organizations, but also related to the security of native economy. At the same time, it is a complex system engineering, including technology, management, policy, law and so on, which supplements each other, for the leak of any aspect is harmful to other aspects, and the advance of any aspect is benefit to the advances of other aspects, or contributes to the exposure of corresponding problems so as to solve them. Only for the technical aspect, it not only includes the entity security, but also the security of electronic financial products, electronic financial agreements. In this paper, the management of financial key data, electronic financial agreements and electronic cash systems were researched; and at last, the problems for security risk assessment and management of the financial information systems were discussed.For the method of the financial key data management——secret sharing, the secret sharing scheme with finite secrets, secret sharing scheme with random weights, secret sharing scheme with tree structure, secret sharing scheme with inherited characteristic, asynchronous and publicly verifiable secret sharing scheme were put forward. Compared with the existing secret sharing schemes, the more special cases were considered, and the implement efficiency (such as that of secret sharing scheme with finite secrets, secret sharing scheme with random weights, secret sharing scheme with tree structure) and applicability (such as that of secret sharing scheme with random weights, secret sharing scheme with inherited characteristic, asynchronous and publicly verifiable secret sharing scheme) were necessarily extended in these schemes.For electronic financial agreement, the optimized method was proposed for the electronic agreement subscription model based on PKI by introducing"fair third party", which makes the implement steps of electronic financial agreements or contracts be simplified greatly. And based on this, a model for electronic agreement with the function of authorization was put forward, which improved the flexibility of implementing these agreement-subscribed models further. For the security of electronic cash system, the current degree of research and security requirement for it was discussed first, and then a divisible electronic cash system with the function of entrusting and proxy was put forward based on the blind signature technology. Not only the payment convenience of divisible electronic cash system, but also the flexibility of application is held in this scheme by realizing the function of entrusting and proxy.At last, considering the security actuality of native financial information systems, the problems of risk assessment of information security were analyzed; and then the foreign methods of risk assessment of information security were summed up. At the same time, the differences between domestic and foreign cases were pointed and the corresponding suggestion was put forward.
|
PDF Full Text Request