Recently doing a domestic bank cash management project, the project encountered some of the feelings that simple summary:
1: Bank project safety requirements of the software is relatively high, sending and receiving of information needs to have security, and other projects of this difference is relatively large, but also can pass safety certification, safety inspections required by the authorities, and could get to prove that we can really be implemented in the bank.
We are now using the WCF communication technology, the use of digital certificates for secure authentication manner similar to SSL information and communication to ensure data security.
2: the need for multiple passwords to ensure the security of the system, for example, logon password to logon, digitally sign confirmed the signature password, with bank interaction occurs require secure transactions, secure communication password, for example, someone cracked it in a password, and then continue for another two passwords more difficult to crack, so at least had three safety precautions.
3: All data needs to be digitally signed, by way of a public key, private key signature verification asymmetrical, has ensure they are not tampered with others, sent to ensure that the final bank transfer information is absolutely safe, and Bank twice to verify all data transmissions over.
4: All the transfer operations, we need to take the workflow, there are at least two signatures, or at least 3 individual signature requirements, meaning that not only is a personal digital signature confirmation on it, it just takes a personal digital signature confirmation before they can a final posting operations.
5: digital signatures if necessary, need to integrate digital signature Ukey way banks approach, rather than their own digital signatures generated by the program, the need to support a variety of digital signature scheme.
6: all forms, data, buttons, and so the need for strict access control, not the open system, each function requires strict bank before they can reach the required by functional acceptance.
===============================
This time-depth study to learn the knowledge of WCF communications security, digital certificates, digital signatures, asymmetric encryption and decryption, feeling these days had a very full friends who are interested can also see more of this talent, not all day Research this framework, the framework, the customer's actual needs is the most real.
Reproduced in: https: //my.oschina.net/iwenr/blog/227757