隨著無線上網和行動通訊的蓬勃發展，以及對應的智慧型手機及平板的普及化，使得行動商務越來越盛行，但是行動商務在線上交易中常忽略使用者的匿名性，使得使用者容易被追蹤，因此2014年羅等人提出了一個基於NFC系統的匿名行動付款系統，運用了有NFC技術的手機，以安全元件搭配可信賴執行環境架構出一個具有匿名性的行動付款服務，改良了以往在行動支付時，使用者身份有可能在傳輸過程中遭到竊聽洩漏的可能性。在其協定中，傳輸過程中全部以虛擬代號傳輸以達到匿名性。但其協定內容仍有著諸如將公開金鑰系統之密鑰對混用在加解密部份以及數位簽章部份，造成有可能偽造簽章之風險；傳輸過程冗餘部份過多造成傳輸效率不佳等數個問題存在。本論文透過將公開金鑰和對稱式金鑰用途區分開，公開金鑰對只用於數位簽章，而對稱式金鑰只用於加解密以防止偽造簽章；減少傳輸冗餘部份以提高傳輸效率；同時也提供使用者可以變更匿名交易帳號的選擇，藉此達到不可連結性；此外，交易中完全沒有傳輸使用者真實資訊，只使用虛擬帳號以達到匿名性；傳輸之加密訊息內附有數位簽章可達成不可否認性；且協定和EMV標準相容，因此無需攜帶傳統現金等即可交易以達成便利性。

Following the developments in wireless online and mobile communications, M-commerce has become increasingly popular. However, it ignores users’ anonymity in online transactions such that users can easily to be traced. In 2014, Luo et al. proposed an NFC-based anonymous mobile payment protocol system. It used an NFC-enabled cellphone and combined a built-in secure element (SE) and trusted execution environment to build an anonymous mobile payment service. It prevented the disclosure of the user’s identity by using a virtual instead of the real identity during the transmission. But the protocol is problematic in several respects. For example, it mixes the use of the same key-pair of public-key cryptography for both encryption and digital signature. Moreover, it could cause the risk of signature forging; and it contains some redundant parts in the transmission that cause worse transmission efficiency. In this research, we redesign the protocol by separating the use of the key-pair to avoid signature forging. We use a key-pair of public-key cryptography for digital signature and a key of symmetric-key cryptography for encryption. We reduce the redundant parts to improve transmission efficiency, and alter the virtual transaction account to optionally achieve unlinkability. Besides, we only use virtual accounts in the process, thereby preventing attackers from obtaining users’ information even if the message is eavesdropped. In our message, we use a signature to achieve non-repudiation. Our protocol is compatible with the EMV standard, so the user only requires an NFC-enabled cellphone instead of cash for transactions.

[1] Apple Inc. [Online] Available: https://www.apple.com/apple-pav/
[2] C.I., Fan and V.M., Huang “Provably Secure Integrated On/Off-Line Electronic Cash for Flexible and Efficient Payment,” IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, (40), 2010: pp. 567-579
[3] De, P., Dey, K., Mankar, V. and Mukherjea, S. “Towards an interoperable mobile wallet service,” 10th International Conference and Expo on Emerging Technologies for a Smarter World, 2013: pp. 1–6
[4] Diffie-Hellman key exchange: https://en.wikipedia.org/wiki/Diffie-Hellman_key
_exchange
[5] E. Haselsteiner and K. Breitfuß, “Security in Near Field Communication (NFC)," in Proceedings of the RFIDSec’06 on RFID security, 2006
[6] E.-J. Steffens, A. Nennker, Z. Ren, M. Yin, and L. Schneider, “The SIM-Based Mobile Wallet,” in Proceedings of The 13th International Conference on Intelligence in Next Generation Networks (ICIN),2009: pp.1-6
[7] EMV: https://zh.wikipedia.org/wiki/EMV
[8] EMVCo: https://www.emvco.com/
[9] EMVCo Tokenization: https://www.emvco.com/specifications.aspx?id=263
[10] Google Corp., Wallet [Online] Available: http://www.google.com/wallet/
[11] G., Van Damme, K. M., Wouters, H., Karahan and B., Preneel “Offline NFC payments with electronic vouchers,” Proceedings of the 1st ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds, 2009: pp. 25–30
[12] Hassinen, M., Hyppönen, K. and Trichina, E. “Utilizing National Public-Key Infrastructure in Mobile Payment Systems,” Electronic Commerce Research and Applications, (7), 2008: pp. 214-231
[13] H. C. Cheng, J. W. Chen, T. Y. Chi, and P. H. Chen, “A Generic Model for NFC-based Mobile Commerce,” in Proceedings of The 11 International Conference on Advanced Communication Technology, 2009: pp.2009-2014
[14] HCE: https://en.wikipedia.org/wiki/Host_card_emulation
[15] H., Eun, H., Lee and H., Oh “Conditional privacy preserving security protocol for NFC applications,” IEEE Transactions on Consumer Electronics, vol.59, no.1, 2013: pp.153–160
[16] I., Molloy, J., Li and N., Li “Dynamic Virtual Credit Card Numbers,” Financial Cryptography and Data Security, ed: Springer, 2007: pp. 208-223
[17] J. C. Paillès, C. Gaber, V. Alimi, and M. Pasquet, “Payment and Privacy: A Key for the Development of NFC Mobile, in proceedings of 2010 International Symposium on Collaborative Technologies and Systems (CTS), 2010: pp.378 –385
[18] J. d. Ruiter, and E. Poll, “Formal Analysis of the EMV Protocol Suite,” In Theory of Security and Applications (TOSCA 2011), pp. 113-129, Mar. 2011
[19] J. Y., Hu, C. C., Sueng, W. H., Liao and C. C., Ho “Android-based mobile payment service protected by 3-factor authentication and virtual private ad hoc networking,” IEEE Computing, Communications and Applications Conference (ComComAp), 2012: pp. 111–116
[20] Kabir, Z. User Centric Design of an NFC Mobile Wallet Framework, Master Thesis, The Royal Institute of Technology (KTH), Stockholm, Sweden, 2011
[21] Kerry, Cameron F. and Patrick D. Gallagher. Digital Signature Standard (DSS). National Institute of Standards and Technology, 2013
[22] Kerschbaum, F., Lim, H. W. and Gudymenko, I. “Privacy-preserving billing for e-ticketing systems in public transportation,” Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society, 2013
[23] Kungpisdan, S., Srinivasan, B. and Le, P.D. “A Secure Account-Based Mobile Payment Protocol,” Int. Conf. on Information Technology: Coding and Computing, 2004: pp. 35-39
[24] L. Mainetti, L. Patrono, and R. Vergallo, “IDA-Pay: an Innovative Micro-Payment System Based on NFC Technology for Android Mobile Devices,” in Proceedings of the 20th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), 2012: pp.1–6
[25] M., Carr "Mobile Payment Systems and Services: An Introduction," Mobile Payment Forum, 2007: pp. 1-12
[26] Martínez-Peláez, R., Rico-Novella, F. and Satizábal, C. “Mobile Payment Protocol for Micropayments: Withdrawal and Payment Anonymous,” New Technologies, Mobility and Security, NTMS'08, 2008: pp.1-5
[27] Microsoft Corp, “Trusted Platform Module (TPM) Virtual Smart Card Management Protocol Specification”, http://msdn.microsoft.com/en-us/library/hh880895 (prot.20).aspx
[28] M. Pasquet, J. Reynaud, C. Rosenberger, “Secure Payment with NFC Mobile Phone in the SmartTouch Project“ in Proceedings of International Symposium on Collaborative Technologies and Systems (CTS),2008: pp.121 –126
[29] NFC: https://zh.wikipedia.org/wiki/%E8%BF%91%E5%A0%B4%E9%80%9A%E8%
A8%8A
[30] NFC comparison table: http://blog.mtkfan.com/?p=86
[31] O., Choi, S., Han, S., Moon, K., Kim, H., Yeh and T., Shon “Secure mobile payment service using vibration cues on near field communication smartphone,” Sensor Letters, 11(9), 2013: pp.1750–1754
[32] P. Urien “EMV-TLS, a secure payment protocol for NFC enabled mobiles,” 2014 International Conference on Collaboration Technologies and Systems (CTS), 2014: pp. 203–210
[33] P. Urien and S. Piramuthu, “Securing NFC Mobile Services with Cloud of Secure Elements (CoSE), in Proceedings of The 5th International Conference on Mobile Computing, Applications and Services (MobiCASE), 2013: pp.322–331
[34] S. K. Noh, D. Y. Choi, H. G. Kim, D. K. Kim J. H. Seo, J. W. Kim and B. R. Cha, “Proposed of Micropayment and Credit Card Model using NFC Technology in Mobile Environment, “International Journal of Multimedia and Ubiquitous Engineering, Vol.8, No.3, 2013: pp.295 –305
[35] S. K., Noh, S. R., Lee and D., Choi “Proposed m-payment system using near-field communication and based on WSN-enabled location-based services for m-commerce,” International Journal of Distributed Sensor Networks, vol. 2014, no. 3, 2014: pp. 1–8
[36] S. U., Rehman and J., Coughlan “An efficient mobile payment system based on NFC technology,” Word Academy of Science, Engineering and Technology, vol.7, no.6, 2013: pp.1701– 1705
[37] T. K., Chang “A secure mobile payment model,” International Workshop on Cloud Computing and Information Security, Shanghai, 2013
[38] Toorani, M. and Beheshti, A. “SSMS-A Secure SMS Messaging Protocol for the m-Payment Systems,” Computers and Communications, 2008
[39] W., Chen, G., Hancke, K., Mayes, Y., Lien and J.H., Chiu "NFC Mobile Transactions and Authentication Based on GSM Network," Second International Workshop on Near Field Communication (NFC), 2010: pp. 83-89
[40] W.D., Chen, G., Hancke, K., Mayes, Y., Lien and J.H., Chiu “Using 3G Network Components to Enable NFC Mobile Transactions and Authentication,” IEEE International Conference on Progress in Informatics and Computing (PIC), 2010: pp. 441-448
[41] Y., Chen, J.S., Chou, H.M., Sun and M.H., Cho “A Novel Electronic Cash System with Trustee-Based Anonymity Revocation from Pairing, “Electronic Commerce Research and Applications, (10), 2011: pp. 673-682
[42] 廖鴻圖，“跨網域之匿名行動付款機制”，電子商務學報，第九期，2007：頁779-799
[43] 羅嘉寧、楊明豪，“基植於NFC系統之匿名行動付款協定”資訊、科技與社會學報22 2014.12 頁17-31
[44] 李維哲、羅嘉寧、楊明豪，“相容EMV之多卡片的離線行動付款協定”中原大學 資訊工程研究所 碩士論文, 2015