政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/99803
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113822/144841 (79%)
造访人次 : 51835457      在线人数 : 575
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻
    政大機構典藏 > 資訊學院 > 資訊科學系 > 學位論文 >  Item 140.119/99803


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/99803


    题名: 基植於NFC系統之匿名行動付款協定之研究與改良
    An Improvement on an NFC-based Anonymous Mobile Payment Protocol
    作者: 陳尚文
    Chen, Shang Wen
    贡献者: 左瑞麟
    Tso, Ray Lin
    陳尚文
    Chen, Shang Wen
    关键词: NFC
    EMV
    匿名付款
    行動支付
    NFC
    EMV-compatible
    Anonymous payment
    mobile payment
    日期: 2016
    上传时间: 2016-08-09 11:24:13 (UTC+8)
    摘要: 隨著無線上網和行動通訊的蓬勃發展,以及對應的智慧型手機及平板的普及化,使得行動商務越來越盛行,但是行動商務在線上交易中常忽略使用者的匿名性,使得使用者容易被追蹤,因此2014年羅等人提出了一個基於NFC系統的匿名行動付款系統,運用了有NFC技術的手機,以安全元件搭配可信賴執行環境架構出一個具有匿名性的行動付款服務,改良了以往在行動支付時,使用者身份有可能在傳輸過程中遭到竊聽洩漏的可能性。在其協定中,傳輸過程中全部以虛擬代號傳輸以達到匿名性。但其協定內容仍有著諸如將公開金鑰系統之密鑰對混用在加解密部份以及數位簽章部份,造成有可能偽造簽章之風險;傳輸過程冗餘部份過多造成傳輸效率不佳等數個問題存在。本論文透過將公開金鑰和對稱式金鑰用途區分開,公開金鑰對只用於數位簽章,而對稱式金鑰只用於加解密以防止偽造簽章;減少傳輸冗餘部份以提高傳輸效率;同時也提供使用者可以變更匿名交易帳號的選擇,藉此達到不可連結性;此外,交易中完全沒有傳輸使用者真實資訊,只使用虛擬帳號以達到匿名性;傳輸之加密訊息內附有數位簽章可達成不可否認性;且協定和EMV標準相容,因此無需攜帶傳統現金等即可交易以達成便利性。
    Following the developments in wireless online and mobile communications, M-commerce has become increasingly popular. However, it ignores users’ anonymity in online transactions such that users can easily to be traced. In 2014, Luo et al. proposed an NFC-based anonymous mobile payment protocol system. It used an NFC-enabled cellphone and combined a built-in secure element (SE) and trusted execution environment to build an anonymous mobile payment service. It prevented the disclosure of the user’s identity by using a virtual instead of the real identity during the transmission. But the protocol is problematic in several respects. For example, it mixes the use of the same key-pair of public-key cryptography for both encryption and digital signature. Moreover, it could cause the risk of signature forging; and it contains some redundant parts in the transmission that cause worse transmission efficiency. In this research, we redesign the protocol by separating the use of the key-pair to avoid signature forging. We use a key-pair of public-key cryptography for digital signature and a key of symmetric-key cryptography for encryption. We reduce the redundant parts to improve transmission efficiency, and alter the virtual transaction account to optionally achieve unlinkability. Besides, we only use virtual accounts in the process, thereby preventing attackers from obtaining users’ information even if the message is eavesdropped. In our message, we use a signature to achieve non-repudiation. Our protocol is compatible with the EMV standard, so the user only requires an NFC-enabled cellphone instead of cash for transactions.
    參考文獻: [1] Apple Inc. [Online] Available: https://www.apple.com/apple-pav/
    [2] C.I., Fan and V.M., Huang “Provably Secure Integrated On/Off-Line Electronic Cash for Flexible and Efficient Payment,” IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, (40), 2010: pp. 567-579
    [3] De, P., Dey, K., Mankar, V. and Mukherjea, S. “Towards an interoperable mobile wallet service,” 10th International Conference and Expo on Emerging Technologies for a Smarter World, 2013: pp. 1–6
    [4] Diffie-Hellman key exchange: https://en.wikipedia.org/wiki/Diffie-Hellman_key
    _exchange
    [5] E. Haselsteiner and K. Breitfuß, “Security in Near Field Communication (NFC)," in Proceedings of the RFIDSec’06 on RFID security, 2006
    [6] E.-J. Steffens, A. Nennker, Z. Ren, M. Yin, and L. Schneider, “The SIM-Based Mobile Wallet,” in Proceedings of The 13th International Conference on Intelligence in Next Generation Networks (ICIN),2009: pp.1-6
    [7] EMV: https://zh.wikipedia.org/wiki/EMV
    [8] EMVCo: https://www.emvco.com/
    [9] EMVCo Tokenization: https://www.emvco.com/specifications.aspx?id=263
    [10] Google Corp., Wallet [Online] Available: http://www.google.com/wallet/
    [11] G., Van Damme, K. M., Wouters, H., Karahan and B., Preneel “Offline NFC payments with electronic vouchers,” Proceedings of the 1st ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds, 2009: pp. 25–30
    [12] Hassinen, M., Hyppönen, K. and Trichina, E. “Utilizing National Public-Key Infrastructure in Mobile Payment Systems,” Electronic Commerce Research and Applications, (7), 2008: pp. 214-231
    [13] H. C. Cheng, J. W. Chen, T. Y. Chi, and P. H. Chen, “A Generic Model for NFC-based Mobile Commerce,” in Proceedings of The 11 International Conference on Advanced Communication Technology, 2009: pp.2009-2014
    [14] HCE: https://en.wikipedia.org/wiki/Host_card_emulation
    [15] H., Eun, H., Lee and H., Oh “Conditional privacy preserving security protocol for NFC applications,” IEEE Transactions on Consumer Electronics, vol.59, no.1, 2013: pp.153–160
    [16] I., Molloy, J., Li and N., Li “Dynamic Virtual Credit Card Numbers,” Financial Cryptography and Data Security, ed: Springer, 2007: pp. 208-223
    [17] J. C. Paillès, C. Gaber, V. Alimi, and M. Pasquet, “Payment and Privacy: A Key for the Development of NFC Mobile, in proceedings of 2010 International Symposium on Collaborative Technologies and Systems (CTS), 2010: pp.378 –385
    [18] J. d. Ruiter, and E. Poll, “Formal Analysis of the EMV Protocol Suite,” In Theory of Security and Applications (TOSCA 2011), pp. 113-129, Mar. 2011
    [19] J. Y., Hu, C. C., Sueng, W. H., Liao and C. C., Ho “Android-based mobile payment service protected by 3-factor authentication and virtual private ad hoc networking,” IEEE Computing, Communications and Applications Conference (ComComAp), 2012: pp. 111–116
    [20] Kabir, Z. User Centric Design of an NFC Mobile Wallet Framework, Master Thesis, The Royal Institute of Technology (KTH), Stockholm, Sweden, 2011
    [21] Kerry, Cameron F. and Patrick D. Gallagher. Digital Signature Standard (DSS). National Institute of Standards and Technology, 2013
    [22] Kerschbaum, F., Lim, H. W. and Gudymenko, I. “Privacy-preserving billing for e-ticketing systems in public transportation,” Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society, 2013
    [23] Kungpisdan, S., Srinivasan, B. and Le, P.D. “A Secure Account-Based Mobile Payment Protocol,” Int. Conf. on Information Technology: Coding and Computing, 2004: pp. 35-39
    [24] L. Mainetti, L. Patrono, and R. Vergallo, “IDA-Pay: an Innovative Micro-Payment System Based on NFC Technology for Android Mobile Devices,” in Proceedings of the 20th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), 2012: pp.1–6
    [25] M., Carr "Mobile Payment Systems and Services: An Introduction," Mobile Payment Forum, 2007: pp. 1-12
    [26] Martínez-Peláez, R., Rico-Novella, F. and Satizábal, C. “Mobile Payment Protocol for Micropayments: Withdrawal and Payment Anonymous,” New Technologies, Mobility and Security, NTMS`08, 2008: pp.1-5
    [27] Microsoft Corp, “Trusted Platform Module (TPM) Virtual Smart Card Management Protocol Specification”, http://msdn.microsoft.com/en-us/library/hh880895 (prot.20).aspx
    [28] M. Pasquet, J. Reynaud, C. Rosenberger, “Secure Payment with NFC Mobile Phone in the SmartTouch Project“ in Proceedings of International Symposium on Collaborative Technologies and Systems (CTS),2008: pp.121 –126
    [29] NFC: https://zh.wikipedia.org/wiki/%E8%BF%91%E5%A0%B4%E9%80%9A%E8%
    A8%8A
    [30] NFC comparison table: http://blog.mtkfan.com/?p=86
    [31] O., Choi, S., Han, S., Moon, K., Kim, H., Yeh and T., Shon “Secure mobile payment service using vibration cues on near field communication smartphone,” Sensor Letters, 11(9), 2013: pp.1750–1754
    [32] P. Urien “EMV-TLS, a secure payment protocol for NFC enabled mobiles,” 2014 International Conference on Collaboration Technologies and Systems (CTS), 2014: pp. 203–210
    [33] P. Urien and S. Piramuthu, “Securing NFC Mobile Services with Cloud of Secure Elements (CoSE), in Proceedings of The 5th International Conference on Mobile Computing, Applications and Services (MobiCASE), 2013: pp.322–331
    [34] S. K. Noh, D. Y. Choi, H. G. Kim, D. K. Kim J. H. Seo, J. W. Kim and B. R. Cha, “Proposed of Micropayment and Credit Card Model using NFC Technology in Mobile Environment, “International Journal of Multimedia and Ubiquitous Engineering, Vol.8, No.3, 2013: pp.295 –305
    [35] S. K., Noh, S. R., Lee and D., Choi “Proposed m-payment system using near-field communication and based on WSN-enabled location-based services for m-commerce,” International Journal of Distributed Sensor Networks, vol. 2014, no. 3, 2014: pp. 1–8
    [36] S. U., Rehman and J., Coughlan “An efficient mobile payment system based on NFC technology,” Word Academy of Science, Engineering and Technology, vol.7, no.6, 2013: pp.1701– 1705
    [37] T. K., Chang “A secure mobile payment model,” International Workshop on Cloud Computing and Information Security, Shanghai, 2013
    [38] Toorani, M. and Beheshti, A. “SSMS-A Secure SMS Messaging Protocol for the m-Payment Systems,” Computers and Communications, 2008
    [39] W., Chen, G., Hancke, K., Mayes, Y., Lien and J.H., Chiu "NFC Mobile Transactions and Authentication Based on GSM Network," Second International Workshop on Near Field Communication (NFC), 2010: pp. 83-89
    [40] W.D., Chen, G., Hancke, K., Mayes, Y., Lien and J.H., Chiu “Using 3G Network Components to Enable NFC Mobile Transactions and Authentication,” IEEE International Conference on Progress in Informatics and Computing (PIC), 2010: pp. 441-448
    [41] Y., Chen, J.S., Chou, H.M., Sun and M.H., Cho “A Novel Electronic Cash System with Trustee-Based Anonymity Revocation from Pairing, “Electronic Commerce Research and Applications, (10), 2011: pp. 673-682
    [42] 廖鴻圖,“跨網域之匿名行動付款機制”,電子商務學報,第九期,2007:頁779-799
    [43] 羅嘉寧、楊明豪,“基植於NFC系統之匿名行動付款協定”資訊、科技與社會學報22 2014.12 頁17-31
    [44] 李維哲、羅嘉寧、楊明豪,“相容EMV之多卡片的離線行動付款協定”中原大學 資訊工程研究所 碩士論文, 2015
    描述: 碩士
    國立政治大學
    資訊科學學系
    102753021
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0102753021
    数据类型: thesis
    显示于类别:[資訊科學系] 學位論文

    文件中的档案:

    档案 大小格式浏览次数
    302101.pdf996KbAdobe PDF2269检视/开启


    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈