Design And Implementation Of Centralized Authentication And Authorization Management System For Commercial Bank

In order to further enhance risk control ability of the commercial bank system, improve the running efficiency of the system, save the cost of the software development, and meet the needs of the globalization and collectivization, by the integration for the user of information system, the bank will build unified identities of user and employees, perfect access control and authorization management standard of the business system.The research content of this article is about the completely upgrade for the original teller unified authentication system, It embraces setting up of one-to-one correspondence between original accounts and personnel identities and uniting teller accounts of mainframes, AD accounts, Notes accounts and personnel (or organization) number. Personnel number thus will be the unique identity of every staff. And the centralized authentication and authorization system is established.This article introduces background and significance of the research about the system, including the requirement analysis, the main requirement points, implementing methodology critical scenes, requirement of non-business functions, analysis of running condition and monitoring data of the application system. At the same time, this paper highlights the system overall idea, architecture, database model and overall design. The chapters about overall idea outline the overall conception of the design, the main technical and business features, while the chapters about overall structure describe the physical and logical structure of system by the graph And the chapters about system design include the design of system hardware and software environment. It provides detailed and feasible base for the system development. In addition, the system plans to design and implement the specific functions in sequence.This system adopts three-layer opened platform architecture including WEB server, application server and database server. In the system, the software platform is WEBSPHERE with ORACLE and the operating framework is based on the internal unified architecture platform. The implementation of ORACLE RAC and F5server load balancing technology provide high availability of databases and load balance among application servers. Also it enhances the security of system by implementation of SHA1,3DES, RSA encryption algorithm technology. Additionally, the foreground system is divided into the authentication sub-system and authorization management system. The authentication sub-system allows multiple accesses from the first data center and the second data center improve the availability and fault tolerance for certification. And the authorization management system is based on internal unified framework for development which greater the reusability and consistency of user interface.The system provide strong support to the new application architecture which is more flexible, advanced, high performance and risk tolerance by integration of resources of the bank information system and securing the authentication mechanism. Thus, it will apparently improve the bank’s productivity, security management and customer experience.This system has the following four meanings and values:1. The system will achieve the real promotion of employee unified ID for the bank. It establishes staff coding standard inside the bank. And every employee in the bank has a life-long unique identifier. All changes of employ status and service organization in the human resource management system will immediately reflect on basic business authorization so that control will be centralized.2. The system is helpful to improve the internal user experience and information system operation efficiency. By integrating user management methods of the existing systems, the staff information directly comes from the human resource management system. This will simplify and optimize the user create process. And the user can use the teller number, employee code or alias in any application system for global login, so the user experience and usability will be much better. Unified identity and centralized authorization management make not only the spread configurations centralized but also related management activities more automatic. So the productivity of information system will be advanced obviously.3. This system is helpful for security management overall risk control and rule management ability. Standard management of employee identities and strict access control of employee by his/her apartment will make various business systems share the unified user security policies and rick avoidance and control mechanism. At the same time, it provides a centralized control platform for operational risk monitoring, log auditing and privilege control of basic business.4. The system is beneficial to reducing the cost of the information system development. The unified identity recognition and centralized authentication platform crossing the bank will implement automation and centralization of the employee identification and basic business authorization management, Also it will change the situation that every system used to authenticate user by itself and deny membership from the others. This will result in less cost of development and management. the user cannot identify and general each other, it will effectively reduce the cost of development and management for the information systems.