Design And Realization Of Security System For Local Characteristic Business System Of China Construction Bank Heilongjiang Branch

In order to meet the needs of CCBS data concentrating, security system for characteristic business of China Construction Bank in Heilongjiang is developed. The aim of the development is to provide database protection, ciphertext storage and check, and to provide transaction security control for local application system. Therefore, local application system can free from CCBS security restriction and avoid passive reform for CCBS security system upgrading. The system application scope comprises:integrated front-end platform system and its front, other local characteristic system, netbank, ATM and interface of integrated front-end system, foreign exchange deals, interface of colleague business associate; accumulation fund system etc.The characteristics of this system are as follows. It has flexibility designation of interface function parameters of application software. For example, data area pointer must be given to data of Mac generation and check, other data areas can be any type memory data. It increases timestamp conception during transfering data validation, improves application system capability against security risk. And it adopts certificate file mode for identification and authentication, and improves system resistibility capability through using RSA algorithm during the process of identification and node key agreement. It can be used for external system interface.Certificate security must be improved as exclusive identification of every node. The certificate adopts double encryption of RSA encryption, signature and password DES encryption, besides password is not stroed, therefore, ensures its security. Node identity uses double protection of certificate and passoword. Application server and front node are of equal importance, startup of security control machine needs certificate and password, therefore, every node’s security is ensured. Certificates issuing is adopted independent system, Windows interface is easy to manipulated, and certificates are stored in Sqlserver2000 database. Security of certificate issuing host computer and storage database should be ensured.