PKI/CA ensures the Security of Financial Capital system 01/17 Update SLTechnology News&Howtos

PKI/CA ensures the Security of Financial Capital system

2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

1. Security requirements

In order to strengthen the centralized control of internal funds, group enterprises will establish their own financial capital system to manage and transfer funds within the group. However, due to the extensiveness and openness of the network, there are many security risks in the process of capital information circulation in the network, such as unable to confirm the true and effective identity of users, illegal users can steal financial information through the network, can impersonate legitimate users to send false information, financial personnel within the enterprise can also deny the bills and approved statements, and so on. All these will have a great impact on the security and management of the enterprise's financial fund information. To sum up, the security requirements of the financial fund system are as follows:

1) authenticity of user identity

2) confidentiality of data transmission

3) data anti-tamper modification

4) legal compliance requirements for electronic data

5) strengthen the certificate management within the enterprise.

two。 Overview of the solution

According to the security requirements of the system, the overall framework of the solution includes the following basic ideas:

(1) issue USBkey (digital certificate) to the financial staff of the group headquarters and sub-company, and users use USBkey to log in to the financial funds system, so as to improve the login security and prevent the risk caused by the theft of "user name + password".

(2) in the key operations of financial personnel, USBkey is used for electronic signature and secondary identity authentication to ensure the authenticity of business operations.

(3) to conduct electronic signatures on key data and documents, prevent operational non-repudiation, and provide effective electronic evidence, which can be used for later electronic forensics.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.