Typical Financial Solutions
Information security plays a vital role in the financial industry. The typical tech methods in this area are data encryption/decryption, key management, digital signatures, identity authentication, etc. All of them can timely alarm, respond and solve the issues occurring in the business course to assure the business safety.
In the financial business scenario, user's data should be 100% accurate and reliable during a series of processes such as data transmission, usage and storage.
The data exchanged between various systems in financial business must maintain confidentiality and should not be intercepted by unauthorized persons and entities or pried on public networks.
Any operation executed by anyone can not be denied in the financial business system, which is crucial for standardizing business process and avoiding legal disputes.
The authentication of traditional financial services is mainly realized through passwords or PINs, which is insufficiently secure. The financial business system has many interconnected interfaces to the outside world, which requires a higher level of authentication.
Due to the particularity of the financial industry that many business systems need to provide services to the public, it is necessary to manage and maintain many various types of keys, including asymmetric keys, symmetric keys and digital certificates.
So more stringent requirements are presented for management methods such as key confidentiality, distribution, synchronization and isolation.
IC Card Issuance System
In banking business applications, the card issuance system consists of multiple systems including data preparation systems, key management systems and personalization systems. The security of the card issuance system is related to the entire card system security, it is necessary to ensure the security of keys and key application data in all aspects.
Sansec financial HSM can be applied to card issuance system to:
- Support PBOC3.0 standard and compatible with PBOC1.0/2.0 standard
- Support financial IC card application, magnetic stripe card application
- Support Chinese algorithm and international algorithm
- Provide complete security solutions for banking applications
- Generate various keys of financial IC cards, the issuance of certificates, the encryption and decryption of sensitive data, the MAC calculation, encryption of keys and data in the card issuance system
- Guarantee the confidentiality and integrity of data in all links
IC Card Transaction System
The bank card transaction system is mainly divided into online and offline transactions, online transaction functions are mainly provided as online banking and offline transaction functions are mainly provided as bank card swiping. The bank card transaction system business involves banks, UnionPay, third-party payment, internet innovative payment and other institutions. Through the payment network, it provides member institutions, merchants, and cardholders with added value beyond payment. In the entire bank card transaction system, the roles of financial HSM:
- Mainly used in the head office front-end system, branch front-end system, and third-party payment front-end system
- Mainly complete transaction-related key encryption, ZPK/TPK encryption, ZAK/TAK encryption, PIN encryption, MAC calculation, etc.
- In each front-end system, complete IC card PIN authentication, data encryption/decryption, data integrity verification, etc.
Online Banking System
In terms of business types, the current online banking system mainly includes personal online banking and direct connection of bank-enterprise business. For the whole online banking system:
- All links need to be protected by HSM that supports Chinese/international cryptographic algorithms
- Deployed HSM will ensure the confidentiality, integrity and non-repudiation of sensitive information in the system.
- On the personal and the enterprise side, devices such as USB shields, dynamic tokens, internet terminals, and SSL security gateways need to be deployed
- On the bank server side, encryption devices such as SSL security gateways, signature and verification HSM, financial HSM and dynamic password servers need to be deployed
Second-generation Payment System
Chinese modern payment system（ CNAPS2）, hereinafter referred to as the second generation payment of the People's Bank of China, is the pivotal for capital liquidation in electronic remittance system.
Sansec signature & verification HSM and financial HSM, through the API to call the back-end device to perform cryptographic operations, achieve client digital signature verification, data encryption and decryption and data integrity verification functions.
Second-generation Credit System
Credit system refers to the basic database that collects personal credit information of enterprises and residents. It aims to provide more accurate and comprehensive information services for various economic activities, providing basic personal information, credit transaction information, non-bank credit letters, personal statements and objections, and query history. The cryptographic technologies of the PKI system are used to:
- Enhance the security during the data preparation phase
- Enable security functions of credit system query, such as agency authentication, agency digital signature and query message encryption and decryption
In order to be compatible with the security mechanism of the credit system, this solution needs to deploy a signature & verification HSM in the backstage of the credit inquiry system to implement functions such as encryption and decryption and digital signature of the reported data by calling the server device interface.
AGRICULTURAL BANK OF CHINA
AGRICULTURAL DEVELOPMENT BANK OF CHINA
SHANGDONG CITY COMMERCIAL BANKS ALLIANCE CO.,LTD
INDUSTRIAL AND COMMERCIAL BANK OF CHINA
CHINA MERCHANTS BANK
SHANGHAI CITY COMMERCIAL BANKS ALLIANCE
MOTOR CORPORATION FINANCIAL SERVICES
POSTAL SAVINGS BANK OF CHINA