Research On PKI Based Banking Enterprise Inner Digital Certificate Management System

In the course of banking enterprise development, the construction of earlyapplications, such as office application, business application, etc..., lack ofcomprehensive and integrated consideration in terms of security, and limited securityat the level of theory and technology, so their security is very fragile. Up to now,security issue is gradually exposed to: (1) Administrator rights over centralized. Witha centralized IT management server and authority, administrators have the ability toharm to the enterprise; (2) some users access to business systems through the desktopsystem, the name/password authentication approach can not meet the requirements tosecurity; (3) the risk of hacker attacks. Hacker steal passwords cause damage; (4) thesecurity of personal file in client; (5) a simple remote access, such as through dial-upor VPN dial-network within banking enterprises and so.Public key infrastructure technology (PKI), using public key encryption, ensuresthe authenticity, integrity, confidentiality and non-repudiation, base on the moderncryptography, establish digital certificate, certificate authority(CA), offers a variety ofsecure services for a wide range of security needs of different users, provide acomplete solution for banking enterprise application security.The objective of this paper is to build a PKI system that support a variety ofapplications for a banking enterprise through the study of the basic principles andarchitecture of public key infrastructure technology, propose a solution to enhancevariety of application security.The needs of the banking enterprise are: first of all to support the AD applicationsmart card logon; second some of the built applications is isolated, some isclient/server structure, and also some is browser/server structure; third operatingsystems that applications running on includes AIX, SOLARIS, LINUX andWINDOWS.In general, applications are usually bind specific information into the certificate of certain items, such as a desktop system need the certificate to bind the loginaccount, another example a business systems need the certificate to bind the businessoperator. In the case of certificate binding specific information, to enhance thesecurity of this application system will be simple because this system can use thespecific information in certificate directly. This paper considers PKI system to supporta wide variety of applications, if taking the above recommendations, all certificateswhich are issued by PKI system have to update because the application system haschanged. In this paper, the application-specific information is removed from thecertificate option, so that certificates issued by PKI system can avoid the fate ofhaving to be updated with the changes of the application system. Based on thebanking enterprise inner digital certificate application system, this paper gives asolution to strong identity authentication: user mapping, other measures to enhancesecurity can use of API of system.As the person in charge of the project, I must to acquire knowledge of the basicprinciples and architecture of PKI technology, study the relevant norms of digitalcertificates, understand the situation of other applications. I have full participation inthe needs analysis, system architecture, system design, system development anddeployment of the various stages of implementation. I have a more in-depthunderstanding the basic principles of the PKI, I have made many constructivesuggestions on this project.This paper in-depth studies the basic principles and architecture of public keyinfrastructure technology. Base on the needs of a banking enterprise, this paper showshow to build a PKI system to enhance securities of various types of applications - thebanking enterprise inner digital certificate application system, that support smart cardlogon to AD, and support a variety of applications. This paper presents its applicationon how to enhance the safety of several cases base on the banking enterprise innerdigital certificate application system.The most distinguishing feature of this paper show the banking enterprise how tobuild a PKI system which can support a variety of applications, also this paperindicate some cases use of the PKI system, that is very useful for some enterprises to construction and use of PKI system.