| With the development of internet, the online security trading has become a new trading pattern. It can significantly reduce transaction costs, improve transparency in the trading of the securities, and break the restrictions of time and space to enable investors to cast off the shackles of the fixed place of business. The online security trading meets the various demands of investors. Developed countries in Europe and America, have emerged to provide a number of online securities trading services, and have achieved good performance. Online securities trading pattern has become a global trend of development of the financial industry.A great deal of bargain information that Internet Stock Exchange involves are transferred on the Internet by electric form. Because of the breadth and openness of Internet, the traditional technologies of transmission,storage,verification and identification are no longer valid. Thus it put forward the new challenge to the safety of the online securities trading. The security problems are becoming the biggest bottlenecks of development of China's online securities transactions. In the field of security, Internet securities transactions technically need a complete security system to achieve the transaction identifier, certification of the two sides, and the achievement of the electronic signature. At present, the only complete security system that can achieve online security trading security is PKI security system which is based on the theory of public key cryptography.This paper introduced the design and realization of the online securities information system based on PKI technology. The system architecture includes four key entities: certificate authentication module, identity authentication module, client module and business modules. Compared with the traditional online securities information system, it has the following improvements. (l)Apply digital certificate and security key from Unified certificate authentication module, and download them to the security devices.(2) Identity Authentication module responsible for user identity authentication and achieve the SSO system. (3)User accesses the securities information system through a client Web browser, client and server-side transmit information through the two-way safe passage encryption to ensure the security of transmission systems. (4)For critical transaction information, the client should use digital signature and the server-side must verify the validity of the digital signature. (5)In order to improve system efficiency, on the one hand all information transmission should use SSL encryption security protocol to encrypt, using symmetric encryption mechanism, on the other hand major digital signature operations are conducted at the client side, server side mainly do verify operations, thereby reduce the password operational burden of server side. The online securities information system concerns the following four aspects: First, authentication and access control, in the course of online securities trading, securities system and user authenticate each other, in order to ensure the correct identity of the transaction. Internet trading service providers assign the authorization to visit the right information according to the identity of the user. The second is confidentiality and integrity, to ensure a lot of personal confidential information involved in the online security trading that are transferred in the public network in the process of transmission are not steal, and to ensure the transaction information is not tampered with midway or resend to carry on deceitful trading .The third is non-repudiation of transactions, those who participate in online securities transactions can not deny any business in the transaction. Securities System can not deny the customer's certain application in a time, and customers can not deny that he had submitted a mandate. Fourth is the secure storage and auditing, the transaction data need secure storage and secure audit to ensure that in the future can be checked for the sensitivity of safety. |
PDF Full Text Request