随着现代通信和计算机技术的不断发展，金融业在基于各类电子渠道的创新银行业务也应运而生，网上银行在人们生活中起到越来越重要的作用，因此人们对网上银行提出了更高的要求。就银行和用户而言，其最关心的问题就是如何保证网上银行交易的可靠性和安全性。本文针对如何加强网上银行交易的安全性展开研究。 首先，结合当前成熟的两种网上银行信道加密和用户登录模式，提出一种基于PKI技术利用单向和双向SSL相结合的网上银行系统的设计模型；根据网上银行业务对安全性能的要求等级建立不同的安全机制，使不同的业务对应适合的安全机制，具体分为查询类和转账类，这两类业务分别由两台服务器运行，并分别采用单向SSL和双向SSL建立通讯信道；同时，核心数据库系统根据两台服务器不同的权限对服务器进行监控，以提高网上银行的内部安全性。 其次，提出了一种防截屏虚拟键盘的设计方案，用于解决在使用传统虚拟键盘时木马截屏而导致网上银行帐号和密码丢失的问题。主要特点：鼠标移动和点击时对屏幕显示的数据进行保护；在鼠标点击后重新排列虚拟键盘按键的顺序，并在整个过程中兼顾用户使用虚拟键盘的效率。 最后，对系统进行测试，测试结果达到设计要求。通过测试证明，基于PKI技术利用单向和双向SSL相结合的网上银行系统的设计模型是可行的，并且在数据库设计、ActiveX插件设计、系统之间切换和防截屏虚拟键盘上完成了设计要求，其成果为将来网上银行的发展提供了一种新的参考。

With the development of communication and computer technology, new financial businesses based on various types of electronic channels have emerged. Internet Banking plays a more and more importsnt role in people’s live, so that people have higher requirement for Internet Banking. For the banks and users, the current greatest concern is how to ensure the security of Internet Banking. The paper researches how to ensure the security of Internet Banking. First of all, the paper integrates the current two different kinds of modes including channel encryption and user login that used in Internet Banking System, advances the Internet Banking System designing model that make use of integration one-way and two-way SSL based on PKI technology. The paper creates different levels of security mechanisms according to the risk level of Internet banking business, so that different business corresponds with the appropriate security mechanism. The business is classified into two kinds of risk levels, one only can deal with searching business, and the other can modify the database. These two types of business run by two servers, establishing communications channels with one-way SSL and two-way SSL respectively. At the same time, the core system monitors the actions of the two servers according to servers’different permissions, which will improve the internal security of Internet Banking System. Secondly, the paper advances a design of anti-screenshot virtual keyboard, solving the problem that Trojan horse takes use of screenshot to steal the Internet Banking user’s account and password while using traditional virtual keyboard. The main points are: protecting the data showed on the screen when mouse is moving and clicking; realigning virtual keyboard order and keeping inputting efficiency of users after mouse is clicking. By system testing, the Internet Banking System designing model that make use of integration one-way and two-way SSL based on PKI technology advanced by the article is feasible. The designing have completed database designing, ActiveX and switching between two systems, and making a new reference for the Internet Banking System in the future.