online payment security - 副本.ppt

1、English for E-Commerce,Unit 4 Online Payment,Word study,Saturday, October 10, 2020,Word study,Saturday, October 10, 2020,Word study,Saturday, October 10, 2020,Word study,Saturday, October 10, 2020,Word study,Saturday, October 10, 2020,Word study,Saturday, October 10, 2020,Word study,Saturday, Octobe

2、r 10, 2020,Word study,Saturday, October 10, 2020,Text,Requirements for Electronic Commerce Security In general, the basic requirements for electronic commerce security include privacy, integrity, authenticity （真实性）and non-repudiation.（不可否认性）.,Saturday, October 10, 2020,Text,Privacy When a message is

3、 sent electronically, the sender and the receiver may desire that the message is not revealed to others. The most effective technique for privacy is encryption（加密）. For much of history, encryption algorithms （算法）were symmetrical （对称的）, which means that the same key was used to both encrypt（加密） and d

4、ecrypt （解密） a message. The difficulty is how to have the sender and the receiver who will probably never meet agree on a key that cannot be known by anyone else.,Saturday, October 10, 2020,Text,For this reason, a new type of algorithm, called public key encryption, was invented. Public key encryptio

5、n, also known as asymmetrical （不对称的） encryption, utilizes a pair of keyspublic key and private key. The public key （公钥）is available to anyone who wants to send an encrypted message to the holder of the private key. The only way to decrypt the message is with the private key. In this way messages can

6、 be sent without agreeing on the keys in advance.,Saturday, October 10, 2020,Text,Integrity A message that has not been altered in any way, either intentionally or unintentionally, is said to have maintained its integrity. An effective way called “Hashing” （散列法，哈希算法） can be used to ensure message in

7、tegrity. The Hash value of a message is computed using Hashing algorithm and content of the message.,Saturday, October 10, 2020,Text,The Hash value （Hash值）is sent along with the message,when message is received, another Hash value is calculated by the receiver using the same Hashing algorithm (算法).

8、The two Hash values(received and calculated） are compared and a match will indicate that the message received is the same as the sent one.,Saturday, October 10, 2020,Text,Authenticity When an electronic message is received, the identity of the sender needs to be verified in order to determine whethe

9、r the sender is who he claims to be. One of the most effective authentication （鉴定）measures is digital certificate. A digital certificate is a data file and is issued by a trusted third party called CA . There are a number of types of digital certificates, each with its own level of trustworthiness（可

10、信任） and area of application.,Saturday, October 10, 2020,Text,Non-repudiation For business transactions, unilateral （单方的）repudiation（否认） of a transaction by either party is unacceptable and may result in legal action. Companies engaged in electronic commerce are often vulnerable （易受攻击的）to non-repudia

11、tion risks. An effective way to enable non-repudiation is digital signature. A digital signature is actually a digest of message that is encrypted and then sent along with the message.,Saturday, October 10, 2020,Text,When you use a private key to encrypt a digest of message, you create a digital sig

12、nature. Then you have no way to deny you ever sent a particular message. The Internet brings people incredible convenience and opportunities, but at the same time it brings risks as well. The heavy lessons of Internet crime draw peoples great attention to improve the situation of electronic commerce

13、 security.,Saturday, October 10, 2020,Exercises,Saturday, October 10, 2020,Exercises,Saturday, October 10, 2020,Exercises,Saturday, October 10, 2020,Exercises,Saturday, October 10, 2020,Exercises,Saturday, October 10, 2020,Exercises,Saturday, October 10, 2020,Exercises,Vocabulary: Match each of the

14、following words to the phrase or definition that is most closely related.,Saturday, October 10, 2020,Exercises,Translate the following phrases into English. (1) a pair of keyspublic key and private key 一对密钥，即公钥和私钥 (2) 发送加密信息 send an encrypted message (3) agree on the keys in advance 事先约定密钥 (4)ensure

15、 message integrity 保证信息完整性,Saturday, October 10, 2020,Exercises,(5) 与发出的信息一致 the same as the sent message (6) 颁发数字证书的CA机构的名称 the name of the CA that issued the digital certificate (7)数字证书的有效期 the validity period of the digital certificate,Saturday, October 10, 2020,Exercises,(8) 用私钥对信息摘要进行加密 use a p

16、rivate key to encrypt a digest of message (9)互联网犯罪的沉痛教训 heavy lessons of Internet crime (10) 提升电子商务安全状况 improve the situation of electronic commerce security,Saturday, October 10, 2020,Exercises,2. Translate the following sentences into Chinese. (1) The difficulty is how to have the sender and the r

17、eceiver who will probably never meet agree on a key that cannot be known by anyone else. 信息的发送者和接受者很可能一直不会见面, 这样他们约定密钥而不让第三方知道就有困难。,Saturday, October 10, 2020,Exercises,(2)A message that has not been altered in any way, either intentionally or unintentionally, is said to have maintained its integrit

18、y. 如果信息没有被有意或无意地以任何方式篡改，我们就说信息保持了完整性。,Saturday, October 10, 2020,Exercises,(3)When an electronic message is received, the identity of the sender needs to be verified in order to determine whether the sender is who he claims to be. 当收到电子信息时，需要对发送者的身份进行核实以保证发送者就是他所声称的人。,Saturday, October 10, 2020,Exer

19、cises,(4)For business transactions, unilateral repudiation of a transaction by either party is unacceptable and may result in legal action. 在商务活动中，任何一方否认交易都是不可接受的，可能会导致法律纠纷。,Saturday, October 10, 2020,Read and practice the following dialog in pairs.,A: Hi, Jerry, I just read an article about electronic commerce security. May I ask you some questions? B: Sure, go ahead. A: What are the basic requirements for electronic co