【作者】 李晓敦；

【导师】 戴宗坤； 陈铭新；

【作者基本信息】 四川大学 ， 电子与通信工程， 2003， 硕士

【摘要】 为配合新疆建行全集中项目的实施，提出了建立新疆建行计算机系统的应用安全控管系统项目。本论根据项目规划的要求，在系统分析了新疆建行信息网络系统的安全风险和安全需求的基础上，确定了该信息系统的安全建设目标，并具此给出了新疆建行计算机应用系统的安全解决方案，为银行计算机应用系统提供一个统一的应用安全平台。本设计方案以信息系统安全理论与系统工程学原理为基础，在网络环境下构建了应用安全平台，实现了一个跨硬件机型与操作系统台的、与具体应用部署方式无关的统一的安全策略配置，实现了包括身份认证、访问控制、数据机密性和完整性控制、应用密钥管理服务、抗抵赖、安全审计、数据安全等安全服务。为银行异构的计算机应用系统提供了应用级的、完整的和统一的安全服务，自身完整的安全机制。本系统在经过为期近一年的项目开发和几次优化后，应用安全控管系统工程全部完成，经过建设银行新疆区分行的在线运行，系统可稳定而高效的完成各种安全处理，起到了良好的效果。更多还原

【Abstract】 This thesis is based on the integrated security management system presently used by China Construction Bank Xinjiang Branch, one of whose main architecture designer and developer, the writer, summarizes the commonest core security problems, issues and experiences to the trans-platform, not only the hardware platform but operation system, encountered and concluded by the development organization. This system’s architecture is based on the advanced PKI techniques and encryptions techniques, configured with indispensable hardware for security technology to form a substantial application security platform. This integrated application security platform provides the muti-platform applications systematical uniform security services, mainly including user’s identification, confidentiality and integrity for data transmission, access control, user’s digital sign and verification, cryptographic key management etc, to fulfill the trans-computer-type and trans-operation system control & management system, which is independent of different business applications or business procedures. To sum up, under this security system, not only the security services for integrated business processing system can be ensured, the reciprocity of data interchange and security services between different business applications can also be ensured.更多还原