电子商务中信息安全问题的探讨外文翻译.doc

E-commerce Information Security Problems . IntroductionE-commerce (E-Business) is in open networks, including between enterprises (B2B), business and consumers (B2C) commercial transactions, compared with the traditional business model, e-commerce with efficient, convenient, covered wide range of characteristics and benefits. However, e-commerce open this Internet-based data exchange is great its security vulnerabilities, security is a core e-commerce development constraints and key issues.In this paper, the basic ideas and principles of systems engineering, analyzes the current security threats facing e-commerce, in this based on security technology from the perspective of development trend of e-commerce. E-commerce modelModern e-commerce technology has focused on the establishment and operation of the network of stores. Network in the department stores and real stores no distinction between structure and function, differences in their function and structure to achieve these methods and the way business operate.Web store from the front view is a special kind of WEB server. WEB site of modern multimedia support and a good interactive feature as the basis for the establishment of this virtual store, so customers can, as in a real supermarket pushing a shopping cart to select goods, and finally in the checkout check out. These online stores also constitute the three pillars of software: catalog, shopping cart and customer checkout. Customers use an electronic currency and transaction must store customers and stores are safe and reliable.Behind the store in the network, enterprises must first have a product storage warehouse and administration; second network to sell products by mail or other delivery channels to customers hands; Third, enterprises should also be responsible for product after-sales service, This service may be through networks, may not. Internet transactions are usually a first Pay the bill and getting goods shopping. For customers, convenience is that the goods purchased will be directly delivered to their home, but hard to feel assured that the goods can not be confirmed until the hands reach into their own hands, what it is.Therefore, the credibility of the store network and service quality is actually the key to the success of e-commerce.the key to development of electronic commerceE-commerce in the telecommunications network to develop. Therefore, the advanced computer network infrastructure and telecommunications policy easing the development of electronic commerce has become a prerequisite. Currently, telecom services, high prices, limited bandwidth, the service is not timely or not reliable and so the development of e-commerce has become a constraint. Speed up the construction of telecommunications infrastructure, to break the telecommunications market monopoly, introduce competition mechanism to ensure fair competition in the telecommunications business, to promote networking, ensure to provide users with low-cost, high-speed, reliable communications services is a good construction target network environment, but also all of the world common task.E-commerce the most prominent problem is to solve the on-line shopping, trading and clearing of security issues, including the establishment of e-commerce trust between all the main issues, namely the establishment of safety certification system (CA) issues; choose safety standards (such as SET , SSL, PKI, etc.) problems; using encryption and decryption method and encryption strength problems. Establishment of security authentication system which is the key.Online trading and traditional face to face or written transactions in different ways, it is transmitted through the network business information and trade activities. The security of online transactions means:Validity: the validity of the contract to ensure online transactions, to prevent system failure, computer viruses, hacker attacks.Confidentiality: the content of the transaction, both transactions account, the password is not recognized by others and stealing.Integrity: to prevent the formation of unilateral transaction information and modify.Therefore, the e-commerce security system should include: secure and reliable communications network to ensure reliable data transmission integrity, prevent viruses, hackers; electronic signatures and other authentication systems; complete data encryption system and so on.e-commerce security issues facingAs e-commerce network is the computer-based, it inevitably faces a number of security issues.(1) Information leakPerformance in e-commerce for the leakage of business secrets, including two aspects: the parties are dealing transactions by third parties to steal the contents; transaction to the other party to provide documents used illegal use by third parties.(2) AlteredE-commerce information for business performance in the authenticity and integrity issues. Electronic transaction information in the network transmission process may be others to illegally modify, delete or re-changed, so that information about its authenticity and integrity.(3) IdentificationWithout identification, third-party transactions is likely to fake the identity of parties to a deal breaker, damage the reputation of being counterfeit or stolen by one party to the transaction fake results and so on, for identification, the transaction between the two sides can prevent suspicion situation.(4) Computer virusesComputer virus appeared 10 years, a variety of new virus and its variants rapidly increasing, the emergence of the Internet for the spread of the virus has provided the best medium. Many new viruses directly using the network as its transmission, as well as many viruses spread faster through dried networks, frequently causing billions of dollars in economic losses.(5) HackerWith the spread of a variety of application tools, hackers have been popular, and are not in the past; non-computer expert can not be a hacker. Have kicked Yahoos mafia boy did not receive any special training, only a few attacks to the users to download software and learn how to use the Internet on a big dry.e-commerce security and safety factorsEnterprise application security is the most worried about e-commerce, and how to protect the security of e-commerce activities, will remain the core of e-commerce research. As a secure e-commerce system, we must first have a safe, reliable communication network, to ensure that transaction information secure and rapid transmission; second database server to ensure absolute security against hackers break into networks to steal information. E-commerce security technologies include encryption, authentication technology and e-commerce security protocols, firewall technology.(A), encryption technologyTo ensure the security of data and transactions to prevent fraud, to confirm the true identity of transaction parties, e-commerce to adopt encryption technology, encryption technology is through the use of code or password to protect data security. For encrypted data is called plaintext, specifically through the role of a encryption algorithm, the conversion into cipher text, we will express this change as the cipher text is called encryption, the cipher text by the decryption algorithm to form a clear role in the output of this a process known as decryption. Encryption algorithm known as the key parameters used. The longer the key, the key space is large, traverse the key space the more time spent, the less likely cracked.Encryption technology can be divided into two categories: symmetric encryption and asymmetric encryption. Symmetric encryption to the data encryption standard DES (Data Encryption Standard) algorithm is represented. Asymmetric encryption is usually RSA (Rivets Shamir Aleman) algorithm is represented.(B), authenticationCommonly used security authentication technologies: digital signatures, digital certificates, digital time stamp, CA security authentication technology.(C), hacker protection technologyCurrently, hackers have become the biggest e-commerce security threats, thus preventing hacking network security technology has become the main content, by governments and industry are highly valued. Hacking techniques include buffer overflow attacks, Trojans, port scans, IP fraud, network monitoring, password attacks, and denial of service Dos attacks. At present, people have made many effective anti-hacker technologies, including firewalls, intrusion detection, and network security evaluation techniques.the future security of e-commerceIncreasingly severe security problems, are growing threat to national and global economic security, governments have been based on efforts in the following areas:(1) Strengthen the legislation, refer to the advanced countries have effective legislation, innovative, e-commerce and improve the protection of the laws against cyber-crime security system.(2) Establishment of relevant institutions, to take practical measures to combat cyber crime. Development of the law, the implementing agencies should also be used for its relevant laws, which must establish an independent oversight body, such as the executing agency to implement the law.(3) Increase investment in network security technology; improve the level of network security technology. E-commerce security law is the prerequisite and basis for development and secure e-commerce security technology is a means of protection. There are many security issues are technical reasons, it should increase the technology resources, and continuously push forward the development of old technologies and developing new security technology.(4) To encourage enterprises to protect themselves against Internet crime against. To avoid attack, companies can not hold things to chance, must attach great importance to system vulnerabilities, in time to find security holes to install the operating system and server patches, and network security detection equipment should be used regularly scan the network monitoring, develop a set of complete security protection system to enable enterprises to form a system and combined with the comprehensive protection system.(5) To strengthen international cooperation to strengthen global efforts to combat cyber crime. As e-commerce knows no borders, no geographical, it is a completely open area, so the action against cyber crime e-commerce will also be global. This will require Governments to strengthen cooperation, can not have the saying which goes, regardless of others, cream tile misconception.(6) To strengthen the network of national safety education, pay attention to the cultivation of outstanding computer. ConclusionE-commerce in China has developed rapidly in recent years, but the security has not yet established. This has an impact on the development of electronic commerce as a barrier.To this end, we must accelerate the construction of the e-commerce security systems. This will be a comprehensive, systematic project involving the whole society. Specifically, we want legal recognition of electronic communications records of the effectiveness of legal protection for electronic commerce; we should strengthen the research on electronic signatures, to protect e-commerce technology; we need to build e-commerce authentication system as soon as possible, to organize protection for electronic commerce. Moreover, for e-commerce features without borders, we should also strengthen international cooperation, so that e-commerce truly plays its role. Only in this way, we can adapt to the timesPromoting Chinas economic development; also the only way we can in the economic globalization today, to participate in international competition, and thus gain a competitive advantage. Source: Michael Hecker, Tharam S. Dillon, and Elizabeth Chang IEEE Internet Computing prentice hall publishing, 2002 电子商务中的信息安全问题 一 、引言电子商务（E-Business）是发生在开放网络上的包括企业之间（B2B）、企业和消费者之间（B2C）的商业交易，与传统商务模式相比，电子商务具有高效、便捷、覆盖范围广等特点和优点。然而，电子商务这种基于Internet的开放式的数据交换是的其安全具有很大的脆弱性，安全问题是制约电子商务发展的一个核心和关键问题。本文从系统工程的基本观点和原理出发，分析了目前电子商务面临的各种安全威胁，在此基础上，从安全技术角度，探讨电子商务的发展趋势和方向二 、电子商务模式现代电子商务技术已经集中于网络商店的建立和运作。网络商店和真实商店在部门结构和功能上没有区别，不同点在于其实现这些功能和结构的方法以及商务运作的方式。 网络商店从前台看是一种特殊的WEB服务器。现代WEB网站的多媒体支持和良好的交互性功能成为建立这种虚拟商店的基础，使得顾客可以像在真实的超级市场一样推着购物车挑选商品，并最后在付款台结账。这也就构成网上商店软件的三大支柱：商品目录、顾客购物车和付款台。顾客运用某种电子货币和商店进行交易必须对顾客和商店都是安全可靠的。而在网络商店的背后，企业首先要具备商品的存储仓库和管理机构；其次要将网络上销售的产品通过邮政或其他渠道投递到顾客手里；第三，企业同样要负责产品的售后服务，这种服务可能是通过网络的，也可能不是。网络交易通常是一种先交钱后拿货的购物方式。对客户而言，其方便处在于购得的商品会直接投递到自己家里，而难以放心的是在商品到达手中之前并不能确认到自己手中的究竟是什么。因此网络商店的信誉和服务质量实际上是电子商务成功与否的关键。三 、电子商务发展的关键环节电子商务是在电信网络上发展起来的。因此，先进的计算机网络基础设施和宽松的电信政策就成为发展电子商务的前提。目前，电信服务价格过高，带宽有限，服务不及时或不可靠等因素已经成为发展电子商务的制约因素。加快电信基础设施建设，打破电信市场的垄断，引进竞争机制，保证电信业务公平竞争，促进网络互联，确保为用户提供廉价，高速，可靠的通信服务是良好网络环境的建设目标，也是世界各国面临的共同课题。开展电子商务最突出的问题是要解决网上购物、交易和结算中的安全问题，其中包括建立电子商务各主体之间的信任问题，即建立安全认证体系（CA）问题；选择安全标准（如SET、SSL、PKI等）问题；采用加、解密方法和加密强度问题。其中建立安全认证体系是关键。网上交易与传统的面对面或书面的交易方式不同，它是通过网络传输商务信息和进行贸易活动的。网上交易的安全问题意味着：有效性:保证网上交易合同的有效性，防止系统故障、计算机病毒、黑客攻击。保密性:对交易的内容、交易双方账号、密码不被他人识别和盗取。完整性:防止单方面对交易信息的生成和修改。 所以，电子商务的安全体系应包括：安全可靠的通信网络，保证数据传输的可靠完整，防止病毒、黑客入侵；电子签名和其他身份认证系统；完备的数据加密系统等等。四 、电子商务面临的安全问题由于电子商务是以计算机网络为基础的，因此它不可避免面临着一系列的安全问题。(1)信息泄漏在电子商务中表现为商业机密的泄漏，主要包括两个方面：交易双方进行交易的内容被第三方窃取；交易一方提供给另一方使用的文件被第三方非法使用。(2)窜改电子商务中表现为商业信息的真实性和完整性的问题。电子的交易信息在网络上传输的过程中，可能被他人非法修改、删除或重改，这样就使信息失去了真实性和完整性。(3)身份识别如果不进行身份识别，第三方就有可能假冒交易一方的身份，以破坏交易、破坏被假冒一方的信誉或盗取被假冒一方的交易成果等，进行身份识别后，交易双方就可防止相互猜疑的情况。(4)电脑病毒问题电脑病毒问世十几年来，各种新型病毒及其变种迅速增加，互联网的出现又为病毒的传播提供了最好的媒介。不少新病毒直接利用网络作为自己的传播途径，还有众多病毒借助干网络传播得更快，动辄造成数百亿美元的经济损失。(5) 黑客问题随着各种应用工具的传播，黑客己经大众化了,不像过去那样非电脑高手不能成为黑客。曾经大闹雅虎网站的黑手党男孩就没有受过什么专门训练，只是向网友下载了几个攻击软件并学会了如何使用，就在互联网上大干了一场。五 、电子商务安全因素与安全技术安全问题是企业应用电子商务最担心的问题，而如何保障电子商务活动的安全，将一直是电子商务的核心研究领域。作为一个安全的电子商务系统，首先必须具有