鄞州银行网上银行发展安全性问题研究
|
摘要
银行业为人类社会的发展带来了一次革命。随着通讯技术和网络技术的发展,以互联网为基础的网络经济给人类社会带来又一次突破性的革命。作为传统金融业与高科技产业相结合的产物,网上银行的出现为传统银行业带来了一种地域无限、空间无限的经营方式,已成为网络经济时代金融业发展的必然选择,是未来银行业发展的重要方向。目前不仅出现了专门的网上银行,传统银行也纷纷开展网上银行业务,使得网上银行不断普及并迅速发展。网上银行作为信息技术发展的产物,在极大方便客户的同时,对其自身的安全性有极高的要求,不仅要面临传统银行业的各种风险,还要抵御来自于网络的各种攻击,因此网上银行的安全成为目前银行业关注的重点问题。本文在详细地介绍了国内外网上银行发展状况的基础上,对于鄞州银行网上银行发展中的安全性问题进行研究,主要完成了以下工作
(1)介绍了网上银行产生的背景和条件,对网上银行的基本概念、发展模式以及主要特征进行阐述,对网上银行的主要业务和功能进行说明,通过与传统银行进行对比,进一步分析了网上银行所具备的优势。
(2)介绍了国内外网上银行的发展现状,通过营业规模、用户规模以及覆盖范围等数据对于网上银行的成长历程和未来发展趋势等进行说明,列举出目前我国网上银行普遍采取的安全措施,如认证技术、安全认证软件和登录方式等手段,对我国网上银行的安全保障技术有简单的认识。
(3)对鄞州银行网上业务状进行介绍,详细分析了鄞州银行网上银行运行过程中面临的各种风险,如法律风险、信用风险、技术风险、安全性风险、环境风险、管理风险、市场信息风险和其他风险等等,对于鄞州银行网上银行的安全性问题有了进一步的认识。
(4)从金融领域、网络系统、操作系统、应用系统、计算机病毒以及管理体制等方面出发,指出了鄞州银行网上银行存在的安全性问题,仔细分析了这些安全问题产生的根源,为进一步增强其安全性提供依据。
(5)结合鄞州银行网上银行的实际情况,综合考虑保障机制、自身建设、技术手段以及用户安全防范意识等方面的因素,给出了提高其安全性可供采用的安全性改进策略,不仅对于提高鄞州银行网上银行安全性具有重要的意义,而且对于提高其他网上银行的系统安全性具有很高的借鉴价值。
Banking industry brought a revolution for the development of human society. With the development of communication and network techniques, the network economy based on Internet has brought a new breakthrough revolution for human society once again. As a combination of traditional financial industry and high-technology industry, the emergence of Internet banking has brought about a new innovative business pattern without regional and space restricted to traditional banking industry, now it has become an inevitable choice of the development of modern financial industry and will be a major trend of future banking. Nowadays with special Internet banks had been established, traditional banks carried out online bank service at the same time, so the Internet bank growing popular and developing rapidly. As a product of information technology, the Internet bank needs higher request of own security while convenience for the user, not only have to face the risks of traditional banking but also to fend off attacks from network, so the ensurance of security of the Internet bank has been a important issue that universally concerned by banking industry. Based on introduced the development status of Internet bank domestic and international, this paper studied the security problems of the Internet bank of Yinzhou Bank, the main achievement were obtained as follows:
(1) This paper introduced the emergence background and condition of internet bank, referred the basic concepts, the development model and the main characteristic of the internet bank, explained the primary service and functions meanwhile. At last compared with traditional bank, the paper analyzed the advantage of internet bank compared to traditional bank.
(2) This paper revised the current status of internet bank domestic and overseas, summarized the development history and tendency of the internet bank based on statistical data of business scale, the number of users and the coverage of area. Then the paper listed security measures adopted by the internet banks of China, such as authentication techniques, safety certification softs and sign certification functions, etc.. and so that builds up an overall understanding of technical safeguard measures of China's internet.
(3) This paper introduced the primary service of the internet bank of Yinzhou Bank, analyzed the various risks of the internet bank of Yinzhou Bank, for instance, the legal risk, the credit risk, the technical risk, the security risk, the environment risk, the management risk, the market information risk and other risks, etc. Through such detail analysis above, the paper presented had a further understanding to the safety problems of the internet bank of Yinzhou Bank.
(4) From the aspects of financial area, the network system, the operation system, the application system, the virus of computer and administrative system, the paper pointed out the safety problems existed in the internet bank of Yinzhou Bank, then analyzed the origin of these problems carefully and provided basis and foundation so as to enhance the internet bank's security features.
(5) Combined the actual situation of the internet bank of Yinzhou Bank and synthetically considered many factors include the guarantee mechanism, the self-construction status, the technological methods and the self-awareness of users, this paper presented several available strategies for improving the safety performance of the internet bank of Yinzhou Bank. Such strategies above not only have great significance in enhancing the safety performance of the internet bank of Yinzhou Bank but also have important reference value to other internet bank similar.
(1)介绍了网上银行产生的背景和条件,对网上银行的基本概念、发展模式以及主要特征进行阐述,对网上银行的主要业务和功能进行说明,通过与传统银行进行对比,进一步分析了网上银行所具备的优势。
(2)介绍了国内外网上银行的发展现状,通过营业规模、用户规模以及覆盖范围等数据对于网上银行的成长历程和未来发展趋势等进行说明,列举出目前我国网上银行普遍采取的安全措施,如认证技术、安全认证软件和登录方式等手段,对我国网上银行的安全保障技术有简单的认识。
(3)对鄞州银行网上业务状进行介绍,详细分析了鄞州银行网上银行运行过程中面临的各种风险,如法律风险、信用风险、技术风险、安全性风险、环境风险、管理风险、市场信息风险和其他风险等等,对于鄞州银行网上银行的安全性问题有了进一步的认识。
(4)从金融领域、网络系统、操作系统、应用系统、计算机病毒以及管理体制等方面出发,指出了鄞州银行网上银行存在的安全性问题,仔细分析了这些安全问题产生的根源,为进一步增强其安全性提供依据。
(5)结合鄞州银行网上银行的实际情况,综合考虑保障机制、自身建设、技术手段以及用户安全防范意识等方面的因素,给出了提高其安全性可供采用的安全性改进策略,不仅对于提高鄞州银行网上银行安全性具有重要的意义,而且对于提高其他网上银行的系统安全性具有很高的借鉴价值。
Banking industry brought a revolution for the development of human society. With the development of communication and network techniques, the network economy based on Internet has brought a new breakthrough revolution for human society once again. As a combination of traditional financial industry and high-technology industry, the emergence of Internet banking has brought about a new innovative business pattern without regional and space restricted to traditional banking industry, now it has become an inevitable choice of the development of modern financial industry and will be a major trend of future banking. Nowadays with special Internet banks had been established, traditional banks carried out online bank service at the same time, so the Internet bank growing popular and developing rapidly. As a product of information technology, the Internet bank needs higher request of own security while convenience for the user, not only have to face the risks of traditional banking but also to fend off attacks from network, so the ensurance of security of the Internet bank has been a important issue that universally concerned by banking industry. Based on introduced the development status of Internet bank domestic and international, this paper studied the security problems of the Internet bank of Yinzhou Bank, the main achievement were obtained as follows:
(1) This paper introduced the emergence background and condition of internet bank, referred the basic concepts, the development model and the main characteristic of the internet bank, explained the primary service and functions meanwhile. At last compared with traditional bank, the paper analyzed the advantage of internet bank compared to traditional bank.
(2) This paper revised the current status of internet bank domestic and overseas, summarized the development history and tendency of the internet bank based on statistical data of business scale, the number of users and the coverage of area. Then the paper listed security measures adopted by the internet banks of China, such as authentication techniques, safety certification softs and sign certification functions, etc.. and so that builds up an overall understanding of technical safeguard measures of China's internet.
(3) This paper introduced the primary service of the internet bank of Yinzhou Bank, analyzed the various risks of the internet bank of Yinzhou Bank, for instance, the legal risk, the credit risk, the technical risk, the security risk, the environment risk, the management risk, the market information risk and other risks, etc. Through such detail analysis above, the paper presented had a further understanding to the safety problems of the internet bank of Yinzhou Bank.
(4) From the aspects of financial area, the network system, the operation system, the application system, the virus of computer and administrative system, the paper pointed out the safety problems existed in the internet bank of Yinzhou Bank, then analyzed the origin of these problems carefully and provided basis and foundation so as to enhance the internet bank's security features.
(5) Combined the actual situation of the internet bank of Yinzhou Bank and synthetically considered many factors include the guarantee mechanism, the self-construction status, the technological methods and the self-awareness of users, this paper presented several available strategies for improving the safety performance of the internet bank of Yinzhou Bank. Such strategies above not only have great significance in enhancing the safety performance of the internet bank of Yinzhou Bank but also have important reference value to other internet bank similar.
引文
[1]Michels S. Towards a Software Architecture for DRM[J]. Proceedings of the ACM Digital Rights Management workshop DRM,05,2005.
[2]YU Y Y TANG Z A Survey of Research on Digital Rights Management[D].Chinese Jounal of Computers,2005 28 (12)
[3]Jonker H L, Mauw S Core Security Requirements of DRM Systems Symposium on Information on Theroy in the Benelux,June 2004.
[4]Daro Anibal Marra MTI=Department of EECS Chisec Group.A Strong Authentication Mechamism for Conssumer-Facing OnlineTransactons.MAY 16,2005.
[5]李晓峰,关振胜.网上银行的身份认证与安全防范[J].中国金融电脑.2007,8.20-24
[6]http://tech.qq.com/a/20100115/000293.htm.
[7]http://finance.jxnews.com.cn/system/2009/12/04/011261297.shtml.
[8]李庆莉,王冬.多方共建网上银行安全体系[J].中国金融电脑.2007,9.1-4.
[9]田志刚.网上银行安全问题探讨[J].中国金融电脑.2003,4.72-75.
[10]M.Nilsson,A. Adams, S. Herd:Building security and trust in online banking.In:CHI'OS Extended Abstracts on Human Factors in Computing Systems. ACM Press (2005)
[11]C.Ohaya:Managing phishing threats in an organization. In:Proceedings of the 3rd annual conference on Information security curriculum development (2006)
[12]K. B. Bignell:Authentication in an Internet Banking Environment; Towards Developing a Strategy for Fraud Detection. In:Proceedings of the international conference on Internet Surveillance and Protection.IEEE Computer Society (2006)
[13]黄定红.增加网上银行安全性的探讨[J].济南金融.2006,1.65-66.
[14]张晓峰.网上银行安全问题求解[J].金融理论与实践.2008,6.119-120.
[15]徐辉.我国网上银行安全问题及风险防范[J].华南金融电脑.2009,9.78-79.
[16]刘伟.网上银行的发展现状及安全性分析[J]. SCIENCE & TECHNOLOGY INFORMATION.2010,5.88.
[17]http://www.cnbeta.com/articles/119154.htm
[18]http://www.donews.com/net/201101/337579.shtm
[19]姜世芬.网上银行交易系统安全风险及身份认证的研究[D].电子科技大学硕士学位论文.2007,9-10.
[20]么贻聪.基于动态软键盘的口令认证安全客户端的研究与实现[D].吉林大学硕士学位论文,2009,24.
[21]Mohammed A1Zomai, Bander AlFayyadh, Audun Josang et al. An Exprimental investigation of the usability of transaction authorization in online bank security systems[J]. Proceedings of the sixth Australasian conference on Information security, Australia,2008:65-74.
[22]马燕.网上银行交易安全的可用性研究与设计[D].大连海事大学硕士学位论文2010,5-8.
[23]潘竑.动态密码能否助网银安全一臂之力[N].金融时报.2007-07-04(10).
[24]黄连影.我国网上银行安全交易的主要问题与对策[D].西安电子科技大学硕士学位论文.2009,13-15.
[25]http://baike.baidu.com/view/58779.html?wtp=tt.
[26]http:/iwww.sfnb.com.
[27]http://www.bankamerica.com.
[28]http://www.bnpparibas.net.
[29]朱军林.金融创新—网上银行[J].中国经济评论.2003,8.
[30]http://www.iresearch.com.cn/html/Default.html
[31]黄隽.中国银行业稳定效率及其关系研究[J].中国人民大学学报.2008.4.82-88.
[32]邱智.论我国商业银行网上银行业务的发展策略[D].西南财经大学硕士学位论文.2000.12,13-18.
[33]http://www.cfca.com.cn,中国金融认证中心知识普及专栏.
[34]董莉莉.基于PKI技术的银行安全网上交易系统研究[D].复旦大学硕士学位论文.2008.7-12.
[35]巴塞尔银行监管委员会文献汇编[M].中国金融出版社.2002年版.
[36]齐爱民,陈文成.网络金融法[M].湖南大学出版社.2002年版.
[37]李华.我国网上银行的风险防范研究[D].武汉大学硕士学位论文.2004,13-17.
[38]中国银行业监督委员会令[2006]第5号:《电子银行业务管理办法》
[39]余素梅.网上银行业务安全的法律保障机制研究[M].武汉大学出版社.2006年版.
[40]杨开霞.我国网上银行技术风险监管的博弈分析[J].金融经济.2007,5.
[41]黄连影.我国网上银行安全交易的主要问题与对策[D].西安电子科技大学硕士学位论文.2009,17-28.
[42]胡建华.我国网上银行安全体系的设计与实施[D].北京邮电大学硕士学位论文.2009.7-11.
[43]王金良.网上银行风险及防范对策[J].大众科技.2009.3.53-54.
[44]崔壮.网上银行信用风险及其防范对策[J].银行金融.2010,2.130.
[45]尹龙.我国对网络银行进行监管的难点及必要性[J].经济研究参考.2001,31.
[46]江伟.信息时代网络银行的安全问题与防范措施[J].贺州学院学报.2008,2.
[47]袁会.网上银行业务风险分配的法律思考[J].今日南国.2008,7.
[48]吕志祥,何红金.我国网上银行安全保障机制探析[J].财经视线.2010,3.
[49]乔立新,袁爱玲,冯英浚.建立网络银行操作风险内部控制系统的策略[J].商业研究.2003,8.
[50]郇涛,房世晖.浅论网上银行业务监管[J].济南金融.2002,5.
[51]李元,罗诚.对我国网上银行安全认证问题的思考[J].财政与金融研究.2003,9期.
[52]夏令武.我国网上银行的发展与监管[J].中国金融半月刊.2003,6.
[53]胡松华.基于J2EE平台网上银行数据加密技术的研究与实现[D].西安科技大学硕士学位论文.2006.15-18.
[54]李景春.北京农行网上银行系统安全设计与实现[D].四川大学工程硕士学位论文.2003,19-24.
[2]YU Y Y TANG Z A Survey of Research on Digital Rights Management[D].Chinese Jounal of Computers,2005 28 (12)
[3]Jonker H L, Mauw S Core Security Requirements of DRM Systems Symposium on Information on Theroy in the Benelux,June 2004.
[4]Daro Anibal Marra MTI=Department of EECS Chisec Group.A Strong Authentication Mechamism for Conssumer-Facing OnlineTransactons.MAY 16,2005.
[5]李晓峰,关振胜.网上银行的身份认证与安全防范[J].中国金融电脑.2007,8.20-24
[6]http://tech.qq.com/a/20100115/000293.htm.
[7]http://finance.jxnews.com.cn/system/2009/12/04/011261297.shtml.
[8]李庆莉,王冬.多方共建网上银行安全体系[J].中国金融电脑.2007,9.1-4.
[9]田志刚.网上银行安全问题探讨[J].中国金融电脑.2003,4.72-75.
[10]M.Nilsson,A. Adams, S. Herd:Building security and trust in online banking.In:CHI'OS Extended Abstracts on Human Factors in Computing Systems. ACM Press (2005)
[11]C.Ohaya:Managing phishing threats in an organization. In:Proceedings of the 3rd annual conference on Information security curriculum development (2006)
[12]K. B. Bignell:Authentication in an Internet Banking Environment; Towards Developing a Strategy for Fraud Detection. In:Proceedings of the international conference on Internet Surveillance and Protection.IEEE Computer Society (2006)
[13]黄定红.增加网上银行安全性的探讨[J].济南金融.2006,1.65-66.
[14]张晓峰.网上银行安全问题求解[J].金融理论与实践.2008,6.119-120.
[15]徐辉.我国网上银行安全问题及风险防范[J].华南金融电脑.2009,9.78-79.
[16]刘伟.网上银行的发展现状及安全性分析[J]. SCIENCE & TECHNOLOGY INFORMATION.2010,5.88.
[17]http://www.cnbeta.com/articles/119154.htm
[18]http://www.donews.com/net/201101/337579.shtm
[19]姜世芬.网上银行交易系统安全风险及身份认证的研究[D].电子科技大学硕士学位论文.2007,9-10.
[20]么贻聪.基于动态软键盘的口令认证安全客户端的研究与实现[D].吉林大学硕士学位论文,2009,24.
[21]Mohammed A1Zomai, Bander AlFayyadh, Audun Josang et al. An Exprimental investigation of the usability of transaction authorization in online bank security systems[J]. Proceedings of the sixth Australasian conference on Information security, Australia,2008:65-74.
[22]马燕.网上银行交易安全的可用性研究与设计[D].大连海事大学硕士学位论文2010,5-8.
[23]潘竑.动态密码能否助网银安全一臂之力[N].金融时报.2007-07-04(10).
[24]黄连影.我国网上银行安全交易的主要问题与对策[D].西安电子科技大学硕士学位论文.2009,13-15.
[25]http://baike.baidu.com/view/58779.html?wtp=tt.
[26]http:/iwww.sfnb.com.
[27]http://www.bankamerica.com.
[28]http://www.bnpparibas.net.
[29]朱军林.金融创新—网上银行[J].中国经济评论.2003,8.
[30]http://www.iresearch.com.cn/html/Default.html
[31]黄隽.中国银行业稳定效率及其关系研究[J].中国人民大学学报.2008.4.82-88.
[32]邱智.论我国商业银行网上银行业务的发展策略[D].西南财经大学硕士学位论文.2000.12,13-18.
[33]http://www.cfca.com.cn,中国金融认证中心知识普及专栏.
[34]董莉莉.基于PKI技术的银行安全网上交易系统研究[D].复旦大学硕士学位论文.2008.7-12.
[35]巴塞尔银行监管委员会文献汇编[M].中国金融出版社.2002年版.
[36]齐爱民,陈文成.网络金融法[M].湖南大学出版社.2002年版.
[37]李华.我国网上银行的风险防范研究[D].武汉大学硕士学位论文.2004,13-17.
[38]中国银行业监督委员会令[2006]第5号:《电子银行业务管理办法》
[39]余素梅.网上银行业务安全的法律保障机制研究[M].武汉大学出版社.2006年版.
[40]杨开霞.我国网上银行技术风险监管的博弈分析[J].金融经济.2007,5.
[41]黄连影.我国网上银行安全交易的主要问题与对策[D].西安电子科技大学硕士学位论文.2009,17-28.
[42]胡建华.我国网上银行安全体系的设计与实施[D].北京邮电大学硕士学位论文.2009.7-11.
[43]王金良.网上银行风险及防范对策[J].大众科技.2009.3.53-54.
[44]崔壮.网上银行信用风险及其防范对策[J].银行金融.2010,2.130.
[45]尹龙.我国对网络银行进行监管的难点及必要性[J].经济研究参考.2001,31.
[46]江伟.信息时代网络银行的安全问题与防范措施[J].贺州学院学报.2008,2.
[47]袁会.网上银行业务风险分配的法律思考[J].今日南国.2008,7.
[48]吕志祥,何红金.我国网上银行安全保障机制探析[J].财经视线.2010,3.
[49]乔立新,袁爱玲,冯英浚.建立网络银行操作风险内部控制系统的策略[J].商业研究.2003,8.
[50]郇涛,房世晖.浅论网上银行业务监管[J].济南金融.2002,5.
[51]李元,罗诚.对我国网上银行安全认证问题的思考[J].财政与金融研究.2003,9期.
[52]夏令武.我国网上银行的发展与监管[J].中国金融半月刊.2003,6.
[53]胡松华.基于J2EE平台网上银行数据加密技术的研究与实现[D].西安科技大学硕士学位论文.2006.15-18.
[54]李景春.北京农行网上银行系统安全设计与实现[D].四川大学工程硕士学位论文.2003,19-24.