The identity authentication security of online banking relies on digital certificate systems and dynamic password systems. Online banking uses digital certificates as user credentials, and uses digital signatures for transactional data integrity protection. Application security gateway for the online banking system provides business technological support for encryption of data transmission.
The client uses the intelligent password key or the SD card signature control to sign and encrypt important transaction data. The server adopts the signature verification server to confirm the validity of the user identity submitted by the data and acts as the online banking transaction confirmation and post-audit to ensure the authenticity of the user transaction data to achieve anti-counterfeiting, tamper-resistance, and non-repudiation.
■ Login authentication security
Online banking users can use the different tools to complete signature and encryption of important data. For example, computer or laptop user can use smart password key, tablet users or mobile phone users can use SD encryption card. Login processes generally requires user name password, dynamic password, digital certificates, etc. to enhance the safety of online banking transactions. The user's digital certificate and private key are stored in the smart password key or SD card to avoid keys being copied or stolen.
Two-factor authentication, passwords and physical hardware, effectively guarantees the access and transaction security. Illegal process cannot complete the access or transaction even if the user password information was acquired, because there is no physical USBKey. USBKey currently has 2 versions, v.1 and v.2. The difference between v.1 and v.2 is that v.2 has an LCD display and buttons of confirmation, cancellation, up, down and other function buttons. LCD screen will display transaction information of important data. Users can view the transaction information and confirm by pressing the "confirm" button to complete the digital signature. This move can effectively prevent remote hijacks. Transactions can only be completed with the digital signature by pressing the ‘confirm’ button. Without it, transaction will be refused.
■ SD Encryption Card
It functions as the USBkey. It is mainly used in mobile devices such as smart phones and tablet pc
■ Encryption of digital signature
The client signs or encrypts the important transaction data of the online banking using the smart password key or the SD card, and the server uses Sansec authentication server to decrypt and verify the transaction data and confirm the identity of the user who submits the relevant data. As an assurance of online banking transaction confirmation and auditing, the inspection process ensures the authenticity of user transaction data and can meet the security requirements such as anti-counterfeiting, tampering, non-repudiation and confidentiality when accessing or trading via online banking.
Reformation of existing online banking system is shown as following:
● SSL application security gateway: Sansec security gateway products support RSA, SM2, and SSL security connection to protect safety of data transmission.
● Sign and Verify Server: Sansec’s signature and verification products support RSA and SM2 signature verification to ensure the validity of users, integrity and non-repudiation of online transaction.
● Financial Cryptographic Server: Sansec financial cryptographic products support SHA1, SM3, and dynamic tokens.
● USB Key: Sansec USBkey supports RSA and SM2 to store user certificates and perform signatures.
● Browser Client SSL and Signature Control.