In recent years, Internet changes our life a lot. We use e-mail and Internet phone to talk with our friends, we get up-to-date information through web and we do shopping in the cyber-market. Internet has many advantages over traditional communication channels, e.g. it's cost effective, it delivers information fast and it is not restricted by time and place. The more people use Internet, the more concerns about Internet security.
近几年来，Internet使人们的生活改变了许多。人们使用e-mail，通过IP电话和朋友交谈，从网上获取最新信息，在网络市场购物。与传统通信渠道相比，Internet有许多优势：花费实在，信息传送速度快，并且不受时间和地点的限制。使用Internet的人越多，对Internet安全的关注就越多。
In person-to-person community, security is based on physical cues. To name but a few, we use our signature to authenticate ourselves; we seal letters to prevent others inspection and modification; we receive receipt with the shop's chop to make sure we paid; we get information from a reliable source. But in the Internet society, no such physical cue is available. There are two areas that we concern about in Internet communication. The first one is secrecy—how do we ensure no one reads the data during its transmission? The second one is authentication—how do we be sure that the identity of someone claiming "who it is". Imagine one day you receive an e-mail, which the e-mail sender is "Bill Gates". How do you confirm the e-mail is actually sent by Bill Gates?
在个人面对个人的社会，安全取决于物理的提示。简单说来，人们用签名来表明自己的身份；人们把信函密封起来，防止他人窥视和更改；人们接受商店里有公章的收条来证明已经付款：人们从可靠的地方获取信息。不过对Internet安全而言，就没有这样的物理提示。对Internet通信，人们关心两个方面，第一是保密——如何确信数据在传输过程中没有人阅读过？第二是鉴定——如何确信某个人（或计算机）所声称的身份。设想有一天用户收到了一份e-mail，寄件人是“比尔•盖茨”，用户如何确认这份e-mail真的是比尔•盖茨发送的？
Encryption is the way to solve the data security problem. In real life, if Tom wants to talk with Mary secretly, he can choose a room with nobody there and talk with Mary quietly, or he can talk with Mary using codes understandable by Tom and Mary only. We take the second approach. encryption.to transmit data through Internet. There are two kinds of encryption techniques. symmetric key encryption and asymmetric key encryption.
解决数据安全问题的途径是加密。在现实生活中，如果汤姆想和玛丽密谈，他可以找一间没人的房子和玛丽平静地交谈，或者他用只有他们两人明白的密码交谈。在互Internet, 人们用第二种方法——加密——来传输数据。加密技术有两种——对称密钥加密和非对称密钥加密。
For symmetric key encryption, both parties should have a consensus about a secret encryption key. When A wants to send a message to B, A uses the secret key to encrypt the message. After receiving the encrypted message ,B uses the same (or derived)secret key to encrypt the message. The advantage of using symmetric key encryption lies in its fast encryption and decryption processes(when compared with asymmetric key encryption at the same security level). The disadvantages are , first, the encryption key must be exchanged between two parties in a secure way before sending secret messages. Secondly, we must use different keys with different parties. For example, if A communicates with B, C, D and E, A should use 4 different keys. Otherwise, B will know what A and C as well as A and D has been talking about. The drawbacks of symmetric key encryption make it unsuitable to be used in the Internet, because it's difficult to find a secure way to exchange the encryption key.
对称密钥加密来说，当事人双方要有一致的密钥。当A给B要发送消息时，A用密钥将消息加密。B收到加密的消息后，用相同的（或最初的）密钥将消息解密。用对称密钥加密的优点在于它的加密和解密速度快（与相同安全标准下的非对称密钥加密术相比）。它的缺点是：第一，在发送秘密消息之前，当事双方必须安全地交换密钥：第二，对不同当事人，人们必须使用不同的密钥。例如，如果A和B、C、D及E通信，A必须用四种不同的密钥。否则，B将知道A和C以及A和D在谈论什么。要找到安全交换密钥的方式很困难，所以，对称密钥加密的缺点使它不适合用于Internet。
For asymmetric key encryption, there is a pair of keys for each party: a public key and a private key. The public key is freely available to the public, but only the key owner gets hold of the private key. Messages encrypted by a public key can only be decrypted by its corresponding private key, and vice versa. When A sends message to B, A first gets B's public key to encrypt the message and sends it to A. After receiving the message, B uses his private key to decrypt the message. The advantage comes in the public key freely available to the public, hence free from any key exchange problem. The disadvantage is the slow encryption and decryption process. Almost all encryption schemes used in the Internet uses asymmetric key encryption for exchanging the symmetric encryption key, and symmetric encryption for better performance. Asymmetric key cryptography seems to attain secrecy in data transmission, but the authentication problem still exists. Consider the following scenario: when A sends a message to B, A gets B's public key from the Internet—but how can A know the public key obtained actually belongs to B?
对非对称密钥加密，气当事各方都有一对密钥：公钥和私人密钥。公钥可自由使用，但只有密钥持有者拥有私人密钥。用公钥加密的消息只能用相成的私人密钥解密，反之亦然。当A给B发送消息时，A首先得到B的公钥将消息加密，然后发送给B。B收到消息后，用他的私人密钥将消息解密。这种加密术的优点是人们可以A由获得公钥，因此从交换密钥问题中解脱出来。它的缺点是加密和解密速度慢。在因特网中几乎所有的加密方案都使用非对称密钥加密来替换对称密钥加密和对称加密，以得到更好的加密控制。非对称密钥加密在数据传输上似乎是安全的，但鉴定的问题依然存在。请考虑如下情节：当A给B发送消息时，A从互联网上得到B的公钥——A怎样才能知道他获得的公钥确实属于B？这个问题由数字证书来解决。
Digital certificate emerges to solve this problem. Digital certificate is an identity card counterpart in the computer society. When a person wants to get a digital certificate, he generates his own key pair, gives the public key as well as some proof of his identification to the Certificate Authority (CA). CA will check the person's identification to assure the identity of the applicant. If the applicant is really the one "who claims to be", CA will issue a digital certificate, with the applicant's name, e-mail address and the applicant's public key, which is also signed digitally with the CA's private key. When A wants to send B a message, instead of getting B's public key, A now has to get B's digital certificate. A first checks the certificate authority's signature with the CA's public key to make sure it's a trustworthy certificate. Then A obtain B's public key from the certificate, and uses it to encrypt message and sends to B.
数字证书相当于电脑世界的身份证。当一个人想获得数字证书时，他生成自己的一对密钥，把公钥和其他的鉴定证据送达证书授权机构，证书授权机构将核实这个人的证明，来确定申请人的身份。如果中请人确如自己所声称的，证书授权机构将授予带有申请人姓名、电子邮件地址和申请人公钥的数字证书，并且该数字证书由证书授权机构用其私有密钥做了数字签名。当A要给B发送消息时，A必须得到B的数字证书，而非B的公钥。A 首先核实带有证书授权机构公钥的签名，以确定是否为可信赖的证书。然后，A从证书上获得B的公钥，并利用公钥将消息加密后送给B。
Authentication is an important part everyday life. The lack of strong authentication has inhibited the development of electronic commerce. It is still necessary for contracts, legal documents and official letters to be produced on paper. Strong authentication is then, a key requirement if the Internet is to be used for electronic commerce. Strong authentication is generally based on modern equivalents of the one time pad. For example tokens are used in place of one-time pads and are stored on smart cards or disks.
认证是日常生活中的重要部分。缺少强有力的认证制约了电子商务的发展。写在纸上的合同、法律文件和官方信函仍是必要的。如果互联网用于电子商务，强有力的认证是一个关键要求。强有力的认证通常是建立在现代版的一次性密码本技术上的。例如，令牌用来代替昔日的一次性密码本，而且储存在小巧的卡片或磁盘上。
Many people pay great amounts of lip service to security, but do not want to be bothered with it when it gets in their way. It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. Security is everybody's business, and only with everyone's cooperation, an intelligent policy, and consistent practices, will it be achievable.
许多人大肆空谈安全，不过当安全问题走近他们时，他们却不愿意为之打扰。建立一个用户无需时时想到他们周围的安全保障系统的系统和网络是重要的。安全是每个人的事情，只有通过每个人的协作、采用明智的对策，进行坚持不懈的实践网络安全才能实现。