电子商务英语之电子商务安全要求.doc

电子商务英语之电子商务安全要求In the E-commerce world, security refers primarily to the techniques used to store and transmit data securely, and to protect networks and equipment from potential harm or failure. Data transmitted from computer to computer may be intercepted, read, and even altered. And the security breaches can occur when the E-mail and files are transmitted in their original forms. Consequently, Internet security has been a major concern for E-commerce ，and has been cited as a major barrier to E-commerce. Conducting the E-commerce in a secure circumstance basically depends on the following four essential requirements ：在电子商务中，安全主要指用于安全存储和传输数据以及保护网络和设备免遭 潜在危害破坏的相关技术。从一台计算机传输到另一台计算机的数据有可能被截获、阅读，甚至被修改。当电子邮件和文件以原始格式而不是被加密传输的时候，安全威胁就可能发生。因此，互联网安全问题已经成为电子商务的主要困扰。安全的电子商务环境依赖于如下四个基本要求：.Identification/Authentication. Being able to tell who users are is the first step of any security and privacy process. When a user or a system receives an electronic message, the identity of the sender needs to be verified in order to determine if the sender is who he claims to be. Generally speaking, to identify a user, at least one of the following types of information is required ： something you have ( e. g. a token) ； something you know ( e. g. personal identification number) ； or something you are ( e. g. fingerprint or signature).身份的确定性。能够确定使用者的身份是安全程序的第一步。当用户或系统收到一条电子信息时，需要验证信息发送者的身份，以确定信息发送人的身份是否与他声称的相符。一般而言，要验证一个用户，以下信息至少需要一种：你所拥有的东西（如一种记号）、你所知道的东西（如个人身份证号）、或者你本身的一 些东西（如指纹或签名）。三因素鉴别法会涉及以上三种类型信息所使用的技术，而两因素鉴别法只涉及这三种信息中的两种。一因素鉴别法使用一种信息来识别身份，因此也是最容易攻破的。电子鉴别法的设计发明主要是用来探测是否有人想冒充其他人。在有些情况下，受信任的第三方提供的服务是担保或鉴别用户。普通的鉴别方法包括数字签名、一次性密码、智能卡、记号以及生物识别法。Three-factor identification refers to techniques that use all three types of information, while two-factor identification techniques use two of the three types of information. One- factor identification techniques use only one of the three types of information, which are easiest to be defeated. The design and invention of electronic identification methods are to detect if an individual is attempting to impersonate someone else. In some cases, trusted third-party services are engaged to vouch for, or identify the user. Common identification methods include the use of digital signature, OTP, smart card, tokens, and biometric devices.三因素鉴别法会涉及以上三种类型信息所使用的技术，而两因素鉴别法只涉及这三种信息中的两种。一因素鉴别法使用一种信息来识别身份，因此也是最容易攻破的。电子鉴别法的设计发明主要是用来探测是否有人想冒充其他人。在有些情况下，受信任的第三方提供的服务是担保或鉴别用户。普通的鉴别方法包括数字签名、一次性密码、智能卡、记号以及生物识别法。.Privacy/Confidentiality. Are the contents of a message secret and only known to the sender and receiver? Breaches to privacy may occur both during and after transmission. Users surfing the Web dont expect that the strangers can leam personal information about them，that the thieves can steal their credit card numbers, and that the viruses will attack the data on their computers. Once a message is sent electronically, the sender and receiver must be assured that the contents remain private; the message will not be interpreted by anyone except the designated receiver. The system must keep information confidential and private. As for electronic commerce，keeping order details and credit card information private during the transmission is a major security concern. The most effective technique for keeping information confidential is the encryption of data.信息保密性。信息内容是否保密，是否只有发送者和接受者知晓？保密性的破坏可能发生在传输过程中和传输之后。在网上冲浪的用户不希望陌生人了解到其个人信息、信用卡卡号被盗、计算机上的数据被病毒攻击。当通过电子手段传送信息时，发送者和接受者都必须确保信息内容的保密性，也就是信息没有被除了指定接受者之外的任何人解读。系统必须保证信息的私密性。对电子商务而言，在传输过程中保持订单详细内容和信用卡信息的私密性是主要的安全问题。保持信息私密性最有效的技术就是加密。.Integrity. Have the contents of the message been altered during transmission, either intentionally or unintentionally? Verifying that the data elements sent have not been altered is a major security concern. The system must maintain the integrity of the message by protecting it from any unauthorized modification. When a message is sent electronically， how can the receiver ensure that the message received is exactly the same as the message transmitted by the sender? An effective means called “hashing” can be adopted to ensure the integrity of message. A hash of the message is computed using an algorithm and the message contents.完整性。信息内容在传输的过程中是否被有意或无意地修改？鉴别发送的 数据没有被修改是一个主要的安全问题。系统必须确保信息的完整性，确保信息未受非法修改。当信息以电子方式发送后，接受者如何确信收到的信息确实为发送者 所发出的那条呢？ 一种有效的确保信息完整性的方法是使用“散列法”。对信息进行散列计算就是通过计算机对信息内容执行散列算法的一种运算。.Non-repudiation. Can the sender of a message deny that they actually sent the message? If you order an item through a mail-order catalogue and pay by check，then it is difficult to dispute the veracity of the order. Well-designed security assurance system can ensure that the sender cant falsely deny sending and the receiver cant falsely deny receiving that message, which is the provision for irrefutable proof of the origin, receipt, and contents of an electronic message. Companies engaged in E-commerce are often vulnerable to non-repudiation risks.不可抵赖性。信息发送人可以否认他已发的信息吗？如果通过邮购商品目录订购某商品并用支票支付，你很难辨清订单的真实与否。设计优良的安全保证系统能确保发送者不能否认已发的信息，而接收者不能否认已经接收了那条信息，也就是提供不可反驳的原始证据、收据和电子信息的内容。从事电子商务的公司经常受到不可抵赖性风险的攻击。Vocabulary1. authenticateV.证实；鉴定2. authenticationn.证明；鉴定3. barrier n.障碍4. breach n.违反（法纪）；毁约5. confidentialityn.机密性6. designateV.指定；指派7. dispute v.争论；辩论；争执8. enforcementn.执行；强制9. fingerprintn.指纹；手印10. identificationn.辨认；鉴定11. impersonatev.模仿；假冒12. interceptV.拦截；截取；截获13. irrefutableadj.不可反驳14. modificationn.修改；更改；改进15. non-repudiation n.不可抵赖性16. potentialadj.可能的；潜在的17. primarilyadv.主要的；首要的18. provisionn.预备；防备；准备19. token n.记号20. transmitV.传送；播送21. veracityn.真实性22. verify v.核实；鉴定23. third-party services 第三方服务24. three-factor identification 三因素鉴别法25. vouch for 担保；证明26. biometric devices 生物识别法27. irrefutable proof 不可反驳的证据NotesPIN (personal identification number)个人身份号码。OTP ( one-time password ) 一次性密码。Hashing散列，进行信息摘要所使用的算法。Three-factor identification refers to techniques that use all three types of information, while two-factor identification techniques use two of the three types of information.本句中refer to.?意为：指，that是关系代词，先行词是tec