電子商務(wù)中信息安全問(wèn)題的探討外文翻譯

1、<p>　　E-commerce Information Security Problems</p><p>　　Ⅰ. Introduction</p><p>　　E-commerce (E-Business) is in open networks, including between enterprises (B2B), business and consumers (B2

2、C) commercial transactions, compared with the traditional business model, e-commerce with efficient, convenient, covered wide range of characteristics and benefits. However, e-commerce open this Internet-based data excha

3、nge is great its security vulnerabilities, security is a core e-commerce development constraints and key issues.</p><p>　　In this paper, the basic ideas and principles of systems engineering, analyzes the cu

4、rrent security threats facing e-commerce, in this based on security technology from the perspective of development trend of e-commerce.</p><p>　?、? E-commerce model</p><p>　　Modern e-commerce te

5、chnology has focused on the establishment and operation of the network of stores. Network in the department stores and real stores no distinction between structure and function, differences in their function and structur

6、e to achieve these methods and the way business operate.</p><p>　　Web store from the front view is a special kind of WEB server. WEB site of modern multimedia support and a good interactive feature as the ba

7、sis for the establishment of this virtual store, so customers can, as in a real supermarket pushing a shopping cart to select goods, and finally in the checkout check out. These online stores also constitute the three pi

8、llars of software: catalog, shopping cart and customer checkout. Customers use an electronic currency and transaction must store customers </p><p>　　Behind the store in the network, enterprises must first ha

9、ve a product storage warehouse and administration; second network to sell products by mail or other delivery channels to customers hands; Third, enterprises should also be responsible for product after-sales service, Thi

10、s service may be through networks, may not. Internet transactions are usually a first Pay the bill and getting goods shopping. For customers, convenience is that the goods purchased will be directly delivered to their ho

11、me</p><p>　　Therefore, the credibility of the store network and service quality is actually the key to the success of e-commerce.</p><p>　?、?the key to development of electronic commerce</p&g

12、t;<p>　　E-commerce in the telecommunications network to develop. Therefore, the advanced computer network infrastructure and telecommunications policy easing the development of electronic commerce has become a pre

13、requisite. Currently, telecom services, high prices, limited bandwidth, the service is not timely or not reliable and so the development of e-commerce has become a constraint. Speed up the construction of telecommunicati

14、ons infrastructure, to break the telecommunications market monopoly, introd</p><p>　　E-commerce the most prominent problem is to solve the on-line shopping, trading and clearing of security issues, including

15、 the establishment of e-commerce trust between all the main issues, namely the establishment of safety certification system (CA) issues; choose safety standards (such as SET , SSL, PKI, etc.) problems; using encryption a

16、nd decryption method and encryption strength problems. Establishment of security authentication system which is the key.</p><p>　　Online trading and traditional face to face or written transactions in differ

17、ent ways, it is transmitted through the network business information and trade activities. The security of online transactions means:</p><p>　　Validity: the validity of the contract to ensure online transact

18、ions, to prevent system failure, computer viruses, hacker attacks.</p><p>　　Confidentiality: the content of the transaction, both transactions account, the password is not recognized by others and stealing.&

19、lt;/p><p>　　Integrity: to prevent the formation of unilateral transaction information and modify.</p><p>　　Therefore, the e-commerce security system should include: secure and reliable communicatio

20、ns network to ensure reliable data transmission integrity, prevent viruses, hackers; electronic signatures and other authentication systems; complete data encryption system and so on.</p><p>　?、?e-commerce s

21、ecurity issues facing</p><p>　　As e-commerce network is the computer-based, it inevitably faces a number of security issues.</p><p>　　(1) Information leak</p><p>　　Performance in e-

22、commerce for the leakage of business secrets, including two aspects: the parties are dealing transactions by third parties to steal the contents; transaction to the other party to provide documents used illegal use by th

23、ird parties.</p><p>　　(2) Altered</p><p>　　E-commerce information for business performance in the authenticity and integrity issues. Electronic transaction information in the network transmissio

24、n process may be others to illegally modify, delete or re-changed, so that information about its authenticity and integrity.</p><p>　　(3) Identification</p><p>　　Without identification, third-pa

25、rty transactions is likely to fake the identity of parties to a deal breaker, damage the reputation of being counterfeit or stolen by one party to the transaction fake results and so on, for identification, the transacti

26、on between the two sides can prevent suspicion situation.</p><p>　　(4) Computer viruses</p><p>　　Computer virus appeared 10 years, a variety of new virus and its variants rapidly increasing, the

27、 emergence of the Internet for the spread of the virus has provided the best medium. Many new viruses directly using the network as its transmission, as well as many viruses spread faster through dried networks, frequent

28、ly causing billions of dollars in economic losses.</p><p>　　(5) Hacker</p><p>　　With the spread of a variety of application tools, hackers have been popular, and are not in the past; non-compute

29、r expert can not be a hacker. Have kicked Yahoo's mafia boy did not receive any special training, only a few attacks to the users to download software and learn how to use the Internet on a big dry.</p><p&

30、gt;　　Ⅴ.e-commerce security and safety factors</p><p>　　Enterprise application security is the most worried about e-commerce, and how to protect the security of e-commerce activities, will remain the core of

31、e-commerce research. As a secure e-commerce system, we must first have a safe, reliable communication network, to ensure that transaction information secure and rapid transmission; second database server to ensure absolu

32、te security against hackers break into networks to steal information. E-commerce security technologies include encryption, authe</p><p>　　(A), encryption technology</p><p>　　To ensure the securi

33、ty of data and transactions to prevent fraud, to confirm the true identity of transaction parties, e-commerce to adopt encryption technology, encryption technology is through the use of code or password to protect data s

34、ecurity. For encrypted data is called plaintext, specifically through the role of a encryption algorithm, the conversion into cipher text, we will express this change as the cipher text is called encryption, the cipher t

35、ext by the decryption algorithm to form </p><p>　　Encryption technology can be divided into two categories: symmetric encryption and asymmetric encryption. Symmetric encryption to the data encryption standar

36、d DES (Data Encryption Standard) algorithm is represented. Asymmetric encryption is usually RSA (Rivets Shamir Aleman) algorithm is represented.</p><p>　　(B), authentication</p><p>　　Commonly us

37、ed security authentication technologies: digital signatures, digital certificates, digital time stamp, CA security authentication technology.</p><p>　　(C), hacker protection technology</p><p>　　

38、Currently, hackers have become the biggest e-commerce security threats, thus preventing hacking network security technology has become the main content, by governments and industry are highly valued. Hacking techniques i

39、nclude buffer overflow attacks, Trojans, port scans, IP fraud, network monitoring, password attacks, and denial of service Dos attacks. At present, people have made many effective anti-hacker technologies, including fire

40、walls, intrusion detection, and network security evaluation </p><p>　?、?the future security of e-commerce</p><p>　　Increasingly severe security problems, are growing threat to national and globa

41、l economic security, governments have been based on efforts in the following areas:</p><p>　　(1) Strengthen the legislation, refer to the advanced countries have effective legislation, innovative, e-commerce

42、 and improve the protection of the laws against cyber-crime security system.</p><p>　　(2) Establishment of relevant institutions, to take practical measures to combat cyber crime. Development of the law, the

43、 implementing agencies should also be used for its relevant laws, which must establish an independent oversight body, such as the executing agency to implement the law.</p><p>　　(3) Increase investment in ne

44、twork security technology; improve the level of network security technology. E-commerce security law is the prerequisite and basis for development and secure e-commerce security technology is a means of protection. There

45、 are many security issues are technical reasons, it should increase the technology resources, and continuously push forward the development of old technologies and developing new security technology.</p><p>

46、　　(4) To encourage enterprises to protect themselves against Internet crime against. To avoid attack, companies can not hold things to chance, must attach great importance to system vulnerabilities, in time to find secur

47、ity holes to install the operating system and server patches, and network security detection equipment should be used regularly scan the network monitoring, develop a set of complete security protection system to enable

48、enterprises to form a system and combined with the comprehensi</p><p>　　(5) To strengthen international cooperation to strengthen global efforts to combat cyber crime. As e-commerce knows no borders, no geog

49、raphical, it is a completely open area, so the action against cyber crime e-commerce will also be global. This will require Governments to strengthen cooperation, can not have "the saying which goes, regardless of o

50、thers, cream tile" misconception.</p><p>　　(6) To strengthen the network of national safety education, pay attention to the cultivation of outstanding computer.</p><p>　?、? Conclusion</p

51、><p>　　E-commerce in China has developed rapidly in recent years, but the security has not yet established. This has an impact on the development of electronic commerce as a barrier.</p><p>　　To th

52、is end, we must accelerate the construction of the e-commerce security systems. This will be a comprehensive, systematic project involving the whole society. Specifically, we want legal recognition of electronic communic

53、ations records of the effectiveness of legal protection for electronic commerce; we should strengthen the research on electronic signatures, to protect e-commerce technology; we need to build e-commerce authentication sy

54、stem as soon as possible, to organize protection for el</p><p>　　Promoting China's economic development; also the only way we can in the economic globalization today, to participate in international comp

55、etition, and thus gain a competitive advantage.</p><p>　　Source: Michael Hecker, Tharam S. Dillon, and Elizabeth Chang IEEE Internet Computing prentice hall publishing, 2002</p><p>　　電子商務(wù)中的信息安全問(wèn)

56、題</p><p><b>　　一 、引言</b></p><p>　　電子商務(wù)（E-Business）是發(fā)生在開(kāi)放網(wǎng)絡(luò)上的包括企業(yè)之間（B2B）、企業(yè)和消費(fèi)者之間（B2C）的商業(yè)交易，與傳統(tǒng)商務(wù)模式相比，電子商務(wù)具有高效、便捷、覆蓋范圍廣等特點(diǎn)和優(yōu)點(diǎn)。然而，電子商務(wù)這種基于Internet的開(kāi)放式的數(shù)據(jù)交換是的其安全具有很大的脆弱性，安全問(wèn)題是制約電子商務(wù)發(fā)展的一個(gè)

57、核心和關(guān)鍵問(wèn)題。</p><p>　　本文從系統(tǒng)工程的基本觀(guān)點(diǎn)和原理出發(fā)，分析了目前電子商務(wù)面臨的各種安全威脅，在此基礎(chǔ)上，從安全技術(shù)角度，探討電子商務(wù)的發(fā)展趨勢(shì)和方向</p><p><b>　　二 、電子商務(wù)模式</b></p><p>　　現(xiàn)代電子商務(wù)技術(shù)已經(jīng)集中于網(wǎng)絡(luò)商店的建立和運(yùn)作。網(wǎng)絡(luò)商店和真實(shí)商店在部門(mén)結(jié)構(gòu)和功能上沒(méi)有區(qū)別，不同點(diǎn)

58、在于其實(shí)現(xiàn)這些功能和結(jié)構(gòu)的方法以及商務(wù)運(yùn)作的方式。 </p><p>　　網(wǎng)絡(luò)商店從前臺(tái)看是一種特殊的WEB服務(wù)器?，F(xiàn)代WEB網(wǎng)站的多媒體支持和良好的交互性功能成為建立這種虛擬商店的基礎(chǔ)，使得顧客可以像在真實(shí)的超級(jí)市場(chǎng)一樣推著購(gòu)物車(chē)挑選商品，并最后在付款臺(tái)結(jié)賬。這也就構(gòu)成網(wǎng)上商店軟件的三大支柱：商品目錄、顧客購(gòu)物車(chē)和付款臺(tái)。顧客運(yùn)用某種電子貨幣和商店進(jìn)行交易必須對(duì)顧客和商店都是安全可靠的。</p>

59、<p>　　而在網(wǎng)絡(luò)商店的背后，企業(yè)首先要具備商品的存儲(chǔ)倉(cāng)庫(kù)和管理機(jī)構(gòu)；其次要將網(wǎng)絡(luò)上銷(xiāo)售的產(chǎn)品通過(guò)郵政或其他渠道投遞到顧客手里；第三，企業(yè)同樣要負(fù)責(zé)產(chǎn)品的售后服務(wù)，這種服務(wù)可能是通過(guò)網(wǎng)絡(luò)的，也可能不是。網(wǎng)絡(luò)交易通常是一種先交錢(qián)后拿貨的購(gòu)物方式。對(duì)客戶(hù)而言，其方便處在于購(gòu)得的商品會(huì)直接投遞到自己家里，而難以放心的是在商品到達(dá)手中之前并不能確認(rèn)到自己手中的究竟是什么。因此網(wǎng)絡(luò)商店的信譽(yù)和服務(wù)質(zhì)量實(shí)際上是電子商務(wù)成功與否的關(guān)鍵。&

60、lt;/p><p>　　三 、電子商務(wù)發(fā)展的關(guān)鍵環(huán)節(jié)</p><p>　　電子商務(wù)是在電信網(wǎng)絡(luò)上發(fā)展起來(lái)的。因此，先進(jìn)的計(jì)算機(jī)網(wǎng)絡(luò)基礎(chǔ)設(shè)施和寬松的電信政策就成為發(fā)展電子商務(wù)的前提。目前，電信服務(wù)價(jià)格過(guò)高，帶寬有限，服務(wù)不及時(shí)或不可靠等因素已經(jīng)成為發(fā)展電子商務(wù)的制約因素。加快電信基礎(chǔ)設(shè)施建設(shè)，打破電信市場(chǎng)的壟斷，引進(jìn)競(jìng)爭(zhēng)機(jī)制，保證電信業(yè)務(wù)公平競(jìng)爭(zhēng)，促進(jìn)網(wǎng)絡(luò)互聯(lián)，確保為用戶(hù)提供廉價(jià)，高速，可靠的通

61、信服務(wù)是良好網(wǎng)絡(luò)環(huán)境的建設(shè)目標(biāo)，也是世界各國(guó)面臨的共同課題。</p><p>　　開(kāi)展電子商務(wù)最突出的問(wèn)題是要解決網(wǎng)上購(gòu)物、交易和結(jié)算中的安全問(wèn)題，其中包括建立電子商務(wù)各主體之間的信任問(wèn)題，即建立安全認(rèn)證體系（CA）問(wèn)題；選擇安全標(biāo)準(zhǔn)（如SET、SSL、PKI等）問(wèn)題；采用加、解密方法和加密強(qiáng)度問(wèn)題。其中建立安全認(rèn)證體系是關(guān)鍵。</p><p>　　網(wǎng)上交易與傳統(tǒng)的面對(duì)面或書(shū)面的交易方式不

62、同，它是通過(guò)網(wǎng)絡(luò)傳輸商務(wù)信息和進(jìn)行貿(mào)易活動(dòng)的。網(wǎng)上交易的安全問(wèn)題意味著：</p><p>　　有效性:保證網(wǎng)上交易合同的有效性，防止系統(tǒng)故障、計(jì)算機(jī)病毒、黑客攻擊。</p><p>　　保密性:對(duì)交易的內(nèi)容、交易雙方賬號(hào)、密碼不被他人識(shí)別和盜取。</p><p>　　完整性:防止單方面對(duì)交易信息的生成和修改。 </p><p>　　所以，電子

63、商務(wù)的安全體系應(yīng)包括：安全可靠的通信網(wǎng)絡(luò)，保證數(shù)據(jù)傳輸?shù)目煽客暾乐共《?、黑客入侵；電子簽名和其他身份認(rèn)證系統(tǒng)；完備的數(shù)據(jù)加密系統(tǒng)等等。</p><p>　　四 、電子商務(wù)面臨的安全問(wèn)題</p><p>　　由于電子商務(wù)是以計(jì)算機(jī)網(wǎng)絡(luò)為基礎(chǔ)的，因此它不可避免面臨著一系列的安全問(wèn)題。</p><p><b>　　(1)信息泄漏</b></

64、p><p>　　在電子商務(wù)中表現(xiàn)為商業(yè)機(jī)密的泄漏，主要包括兩個(gè)方面：交易雙方進(jìn)行交易的內(nèi)容被第三方竊??；交易一方提供給另一方使用的文件被第三方非法使用。</p><p><b>　　(2)竄改</b></p><p>　　電子商務(wù)中表現(xiàn)為商業(yè)信息的真實(shí)性和完整性的問(wèn)題。電子的交易信息在網(wǎng)絡(luò)上傳輸?shù)倪^(guò)程中，可能被他人非法修改、刪除或重改，這樣就使信息

65、失去了真實(shí)性和完整性。</p><p><b>　　(3)身份識(shí)別</b></p><p>　　如果不進(jìn)行身份識(shí)別，第三方就有可能假冒交易一方的身份，以破壞交易、破壞被假冒一方的信譽(yù)或盜取被假冒一方的交易成果等，進(jìn)行身份識(shí)別后，交易雙方就可防止相互猜疑的情況。</p><p><b>　　(4)電腦病毒問(wèn)題</b><

66、/p><p>　　電腦病毒問(wèn)世十幾年來(lái)，各種新型病毒及其變種迅速增加，互聯(lián)網(wǎng)的出現(xiàn)又為病毒的傳播提供了最好的媒介。不少新病毒直接利用網(wǎng)絡(luò)作為自己的傳播途徑，還有眾多病毒借助干網(wǎng)絡(luò)傳播得更快，動(dòng)輒造成數(shù)百億美元的經(jīng)濟(jì)損失。</p><p><b>　　(5) 黑客問(wèn)題</b></p><p>　　隨著各種應(yīng)用工具的傳播，黑客己經(jīng)大眾化了,不像過(guò)去那樣

67、非電腦高手不能成為黑客。曾經(jīng)大鬧雅虎網(wǎng)站的黑手黨男孩就沒(méi)有受過(guò)什么專(zhuān)門(mén)訓(xùn)練，只是向網(wǎng)友下載了幾個(gè)攻擊軟件并學(xué)會(huì)了如何使用，就在互聯(lián)網(wǎng)上大干了一場(chǎng)。</p><p>　　五 、電子商務(wù)安全因素與安全技術(shù)</p><p>　　安全問(wèn)題是企業(yè)應(yīng)用電子商務(wù)最擔(dān)心的問(wèn)題，而如何保障電子商務(wù)活動(dòng)的安全，將一直是電子商務(wù)的核心研究領(lǐng)域。作為一個(gè)安全的電子商務(wù)系統(tǒng)，首先必須具有一個(gè)安全、可靠的通信網(wǎng)絡(luò)，以

68、保證交易信息安全、迅速地傳遞；其次必須保證數(shù)據(jù)庫(kù)服務(wù)器絕對(duì)安全，防止黑客闖入網(wǎng)絡(luò)盜取信息。電子商務(wù)安全的技術(shù)主要包括加密技術(shù)、認(rèn)證技術(shù)和電子商務(wù)安全協(xié)議，防火墻技術(shù)等。</p><p><b>　　(一)、加密技術(shù)</b></p><p>　　為保證數(shù)據(jù)和交易的安全、防止欺騙，確認(rèn)交易雙方的真實(shí)身份，電子商務(wù)須采用加密技術(shù)，加密技術(shù)是指通過(guò)使用代碼或密碼來(lái)保障數(shù)據(jù)的安

69、全性。欲加密的數(shù)據(jù)稱(chēng)為明文，明文經(jīng)過(guò)某種加密算法作用后，轉(zhuǎn)換成密文，我們將明文換為密文的這一過(guò)程稱(chēng)為加密，將密文經(jīng)解密算法作用后形成明文輸出的這一程稱(chēng)為解密。加密算法中使用的參數(shù)稱(chēng)為密鑰。密鑰長(zhǎng)度越長(zhǎng)，密鑰的空間就大，遍歷密鑰空間所花的時(shí)間就越多，破譯的可能性就越小。加密技術(shù)可以分為兩類(lèi):對(duì)稱(chēng)加密技術(shù)和非對(duì)稱(chēng)加密技術(shù)。對(duì)稱(chēng)加密技術(shù)以數(shù)據(jù)加密標(biāo)準(zhǔn)DES (Data Encryption Standard)算法為典型代表。非對(duì)稱(chēng)加密技術(shù)通常

70、以RSA算法為代表。</p><p><b>　　（二）、認(rèn)證技術(shù)</b></p><p>　　常用的安全認(rèn)證技術(shù)有：數(shù)字簽名、數(shù)字證書(shū)、數(shù)字時(shí)間戳、CA安全認(rèn)證技術(shù)。</p><p>　?。ㄈ?、黑客防范技術(shù)</p><p>　　目前，黑客攻擊已成為電子商務(wù)安全所面臨的最大威脅，于是黑客防范技術(shù)也成為了網(wǎng)絡(luò)安全的主要內(nèi)

71、容，受到了各國(guó)政府和業(yè)界人士的高度重視。黑客入侵技術(shù)主要包括緩沖區(qū)溢出攻擊、特洛伊木馬、端口掃描、IP欺騙、網(wǎng)絡(luò)監(jiān)聽(tīng)、口令攻擊、拒絕服務(wù)Dos攻擊等。目前，人們已提出了許多有效的反黑客技術(shù)，主要包括防火墻技術(shù)、入侵檢測(cè)技術(shù)、網(wǎng)絡(luò)安全評(píng)估技術(shù)等。</p><p>　　六 、未來(lái)電子商務(wù)的安全工作</p><p>　　日益嚴(yán)峻的安全問(wèn)題，正越來(lái)越嚴(yán)重的威脅著各國(guó)及全球的經(jīng)濟(jì)安全，各國(guó)政府在已有

72、的基礎(chǔ)上，已在以下幾個(gè)方面努力：</p><p>　　（1）加強(qiáng)立法，參照先進(jìn)國(guó)家已有的有效法律，不斷創(chuàng)新，完善保護(hù)電子商務(wù)和打擊網(wǎng)絡(luò)犯罪的法律保障體系。</p><p>　　（2）建立相關(guān)機(jī)構(gòu)，采取實(shí)際措施打擊網(wǎng)絡(luò)犯罪。制定了法律，還應(yīng)該有執(zhí)行機(jī)構(gòu)將相關(guān)的法律用到實(shí)處，這就必須建立獨(dú)立的監(jiān)督機(jī)構(gòu)、執(zhí)行機(jī)構(gòu)等來(lái)落實(shí)法律。</p><p>　?。?）加大對(duì)網(wǎng)絡(luò)安全技術(shù)

73、的投入，提高網(wǎng)絡(luò)安全技術(shù)的水平。法律是電子商務(wù)安全問(wèn)題發(fā)展的前提和基礎(chǔ)，而安全技術(shù)則是電子商務(wù)安全的保障手段。很多安全問(wèn)題都存在技術(shù)的原因，所以更應(yīng)該加大技術(shù)研究的資金，不斷推進(jìn)舊技術(shù)的發(fā)展，并研究新的安全技術(shù)。</p><p>　　（4）鼓勵(lì)企業(yè)加強(qiáng)自我保護(hù)，防范網(wǎng)絡(luò)犯罪侵害。為避免遭受攻擊，企業(yè)不能抱著僥幸心理，必須高度重視系統(tǒng)漏洞問(wèn)題，及時(shí)給發(fā)現(xiàn)安全漏洞的操作系統(tǒng)和服務(wù)器等安裝補(bǔ)丁程序，并應(yīng)使用網(wǎng)絡(luò)安全檢測(cè)

74、設(shè)備經(jīng)常對(duì)網(wǎng)絡(luò)進(jìn)行掃描監(jiān)控，制定一套完整的安全保護(hù)制度，使企業(yè)形成一個(gè)制度與技術(shù)結(jié)合的綜合性保護(hù)體系。</p><p>　?。?）加強(qiáng)國(guó)際合作，增強(qiáng)全球范圍內(nèi)打擊網(wǎng)絡(luò)犯罪的力度。由于電子商務(wù)是沒(méi)有國(guó)界，沒(méi)有地域的，它是一個(gè)完全開(kāi)放的領(lǐng)域，所以打擊電子商務(wù)網(wǎng)絡(luò)犯罪的行動(dòng)也將是全球性的。這就要求各國(guó)政府加強(qiáng)合作，不能有“各掃門(mén)前雪，不管他人瓦上霜”的錯(cuò)誤想法。</p><p>　　（6）加強(qiáng)對(duì)

75、國(guó)民的網(wǎng)絡(luò)安全教育，注意對(duì)優(yōu)秀計(jì)算機(jī)人才的培養(yǎng)。</p><p><b>　　七、 結(jié)束語(yǔ)</b></p><p>　　我國(guó)的電子商務(wù)近年來(lái)發(fā)展很快，但是有關(guān)的安全保障還未建立起來(lái)。這已經(jīng)成為影響我國(guó)電子商務(wù)發(fā)展的一個(gè)障礙。</p><p>　　為此，我們必須加快建設(shè)有關(guān)的電子商務(wù)安全系統(tǒng)。這將是一個(gè)綜合性的、涉及全社會(huì)的系統(tǒng)工程。具體而言，我