一個成功的企業組織,為了公司的永續經營,除了要講求獲利能力外,對於客戶的個人資料更負有保密的責任,特別是銀行組織,因銀行留存的資料(交易資料及客戶資料)絕大部份皆屬機密性質,尤其是新版個人資料保護法已於99年5月立法院三讀通過,依其修正過後法條第二十八條及第二十九條有關損害賠償部份之解釋,損害賠償金額動輒上億,由此可見資料安全的重要性。
本研究主要是針對銀行資訊系統內資料安全交換問題等進行探討,發現包括通行碼管理機制不夠周延、人員權限及代理資訊不夠透明、資料傳輸不夠安全等,為解決以上問題,本研究係以公鑰及私鑰運作與雜湊函數運算為基礎,研究一適合銀行的資料安全交換模型,並實作雛型系統,其具有通行碼保全、權限及代理警訊及資料安全傳輸等功能,此模型可用於銀行交易系統以改善資料交換之安全性。
For sustainable development, a successful enterprise, especially a commercial bank, needs to increase profitability but also to protect customer data, because most customer data including transactions and personal information are confidential. According to the articles 28 and 29 of Personal Information Protection Act promulgated on May 26th 2010, the total amount of compensation for the damages caused by illegal processing of personal information could be up to NT$200 million. This shows the importance of personal information protection.
This study discusses the security problems of data exchange in a commercial bank. These problems include that password management system is unsound, the information about authority and responsibility of officer and agent is unclear, and the data transmis-sion is insecure. To solve these problems, this study builds a model of secure data ex-change based on the operations of public key, private key, and hash function. In addition, based on the model, a prototype system with functions of password protection, alert of authority, and secure data transmission is implemented. This model can be used by commercial banks to improve the security of their data exchange systems.
