Design And Research Of Subsystems Based On CICS Of Fund Transferring With Security In Internet Banking

Internet banking is an extension and supplement to the traditional bank. It can not only reduce the bank’s cost of operation but can increase the business volume as well. Then bank can gain greater benefits. Internet banking provides inquiry, fund transferring, services of investment to customers through internet technology. Its convenience is more and more favored by a lot of users. Because internet banking is one kind of network application and all of its contents are transmitted through internet, hidden danger of information security exists inevitably in applications of internet banking because of freedom of internet. Especially the application of fund transfer involves movement of funds, so it is much easier to become object of illegal intrusion and attack.Firstly the current development of Internet banking system is analyzed and the importance of transfer service of internet banking to banks. Through horizontal and vertical comparison between security subsystems of fund transferring of internet banking, the security problem of Chinese internet banking is confirmed. On this basis, the overall architecture and subsystems are analyzed based on existing security problems of internet banking. The design and implementation of each subsystem are analyzed with COBOL language, JCL language and ICSF tool in platform of mainframe CICS. The discussion is focused on the key management’s subsystem on how to provide user screen to input keys and how to exchange dynamic keys between front end of internet banking and how to store static keys and dynamic keys safely; password management’s subsystem on how to generate strong password and how to store password safely; authentication’s subsystem on how to authenticate customer’s password safely and improve the mechanism of payee creation; MAC verification’s subsystem on how to make use of ICSF to generate MAC and judge the accuracy of data from transfer request in order to avoid executing the request of fund transferring whose data is changed; audit and risk control’s subsystem on how to generate transaction log and connect systems of interface layer to online monitor transactions of fund transferring and how anti money laundering is done etc.Finally that the security problems of fund transferring from internet banking can be solved well by those subsystems is concluded. Limitations of some subsystems are discussed and solutions are put further.