An Information Security Training System Based On The Online Banking Certification

With the continuous development of information technology, information security has become increasingly important. Today, information security has become a multi‐disciplinary technology that involved in computer science, network technology, communication technology and cryptography. Universities and other training institution also contain the security professional courses designed to train information security professionals. This article introduces a information security training system for the teaching.This system is based on the internet banking certification, and thus leads to the background of a series of information security concepts.In accordance with the rules of the CSRC, online transactions safety must be protected. In fact, no matter what kind of security measures are using, online banking is not absolutely safe; it should be a relatively safe environment. This is caused by the use of password transmission; during the transmission there can be many security risks, in order to fundamentally solve the problem, the PKI technology must be used to make online banking a theory Safety and security.PKI (Public Key Infrastructure) is a new security technology, which consists of public key technology, digital certificates, certificate authority (CA) and the security policy on the key.PKI's main purpose is to automatically manage keys and certificates, thus provides a secure network environment, allowing users to use of encryption and digital signature technology in applications. So we can ensure the confidentiality, Integrity and effectiveness of online data.We started from online banking security and then lead to the concept of PKI, PKI further leads to the concept of encryption, digital certificates and digital signatures. These concepts are basic concepts of information security. The purpose of this article is to establish a training system for information security teaching, the students can have an intuitive understanding of these concepts through the training.The training system consists of the PKI system and the online banking system. The PKI system is the heart of the training system, the system achieved several important components of PKI, including the certification authority and the registration authority. Online banking system is divided into online banking web system and online banking application system; provide certification service and application service.The training provided by this system include: to enable students to build their own PKI and operating environment and to do the necessary digital certificate issuance and management all by hand. So the system can visually display PKI's principle and work process; when the PKI environment is ready, the system allows students to apply and create their own server digital certificate and build HTTPS service through the Client and server side. This process enable students to experience the creation and use of digital certificate and to understand the SSL security channel; then students will build a online banking system, the online banking system has a common login mode which uses account and password and a professional login mode uses the certificate and USBKey, students need to apply and download their own personal digital certificate and log in and do the business operations using the certificate. Through the above training the system shows the use of PKI and personal digital certificate in reality applications.The system is based on the practice, takes the practical applications as background and including encryption algorithms, digital certificates, digital signatures and other related knowledge. Students can experience the process of creation and application of the PKI, it has practical function and better teaching effect.