【作者】 叶振军；

【导师】 王春峰；

【作者基本信息】 天津大学 ， 管理科学与工程， 2008， 博士

【摘要】 金融信息安全不仅关系到金融机构的经济利益、关系到金融机构的竞争力和国家经济命脉安全;同时,又是一项复杂的系统工程,包括技术、管理、政策、法规等多个方面的建设。这些方面相辅相成,任何一方面的漏洞都可能对各环节产生破坏性影响;同时它们相互促进,任何一方面的进展也会有利于其他方面的建设,或暴露出相关的问题,从而得以针对性地解决。仅就技术层面而言,它不仅包括信息系统的实体安全,而且包括电子金融产品、电子金融协议的安全。本文就金融关键数据管理、电子金融协议、电子现金系统等方面进行研究,并讨论了金融信息安全系统风险评估与管理问题。其中,关于金融关键数据管理的重要方法——秘密共享,本文给出了有限秘密下的指派秘密共享方案、权重随机性门限指派秘密共享方案、树状结构秘密共享方案、具有继承特性的秘密共享方案和异步公开可验证秘密共享方案等多个可用于不同情况下文件、数据管理的协同控制方案。这些方案与现有的方案相比,一方面更具体地考虑了方案实施的实际情况,另一方面又在实施效率(如有限秘密下的指派秘密共享方案、权重随机性门限指派秘密共享方案以及树状结构秘密共享方案)和适用性方面(如权重随机性门限指派秘密共享方案、具有继承特性的秘密共享方案以及异步公开可验证秘密共享方案)进行了必要的拓展。关于电子金融协议,在以往提出的网上合同签署方案的基础上,通过引入“公证第三方”,进一步给出了基于公钥基础设施PKI的电子协议签署方案的优化算法,使得电子金融协议或电子金融合同的实施步骤大大简化;并在此基础上给出了具有授权功能的电子协议签署模型,从而进一步提高协议签署模型实施上的灵活性。针对电子现金系统安全,在讨论其研究现状及安全性要求的基础上,利用盲签名技术给出了一个具有委托代理功能的电子现金系统设计方案。该方案不仅具有可分电子现金系统支付上的便利性,同时又因其委托代理功能的实现,使得在实际应用中具有更强的灵活性。最后,针对我国金融信息系统安全现状,分析了信息安全风险评估中存在的问题,同时对国外信息安全风险评估方法进行归纳,指出了存在的差距,并给出相应的政策建议。更多还原

【Abstract】 Financial information security is not only related to the economic benefit and competition of financial organizations, but also related to the security of native economy. At the same time, it is a complex system engineering, including technology, management, policy, law and so on, which supplements each other, for the leak of any aspect is harmful to other aspects, and the advance of any aspect is benefit to the advances of other aspects, or contributes to the exposure of corresponding problems so as to solve them. Only for the technical aspect, it not only includes the entity security, but also the security of electronic financial products, electronic financial agreements. In this paper, the management of financial key data, electronic financial agreements and electronic cash systems were researched; and at last, the problems for security risk assessment and management of the financial information systems were discussed.For the method of the financial key data management——secret sharing, the secret sharing scheme with finite secrets, secret sharing scheme with random weights, secret sharing scheme with tree structure, secret sharing scheme with inherited characteristic, asynchronous and publicly verifiable secret sharing scheme were put forward. Compared with the existing secret sharing schemes, the more special cases were considered, and the implement efficiency (such as that of secret sharing scheme with finite secrets, secret sharing scheme with random weights, secret sharing scheme with tree structure) and applicability (such as that of secret sharing scheme with random weights, secret sharing scheme with inherited characteristic, asynchronous and publicly verifiable secret sharing scheme) were necessarily extended in these schemes.For electronic financial agreement, the optimized method was proposed for the electronic agreement subscription model based on PKI by introducing“fair third party”, which makes the implement steps of electronic financial agreements or contracts be simplified greatly. And based on this, a model for electronic agreement with the function of authorization was put forward, which improved the flexibility of implementing these agreement-subscribed models further. For the security of electronic cash system, the current degree of research and security requirement for it was discussed first, and then a divisible electronic cash system with the function of entrusting and proxy was put forward based on the blind signature technology. Not only the payment convenience of divisible electronic cash system, but also the flexibility of application is held in this scheme by realizing the function of entrusting and proxy.At last, considering the security actuality of native financial information systems, the problems of risk assessment of information security were analyzed; and then the foreign methods of risk assessment of information security were summed up. At the same time, the differences between domestic and foreign cases were pointed and the corresponding suggestion was put forward.更多还原