- 學位論文
基於NFC可離線轉移與分割之行動優惠券
An offline transferable and divisible mobile voucher based on NFC
摘要
近年來隨著行動電子商務興起,商家開始使用網路將優惠卷發送至使用者持有之行動裝置,以取代原先之紙本形式優惠券,使用者只須攜帶手機即可使用多種優惠券兌換商家優惠。隨著市場上搭載近場通訊(Near Field Communication,NFC)功能之手機的增加,有學者提出將行動優惠券與NFC手機做結合,使得使用者在取得與兌換行動優惠券可以使用NFC存取,利用NFC裝置互相碰觸即可傳輸資料之便利性,提高行動優惠券傳輸效率。然而個人隱私問題實為行動電子商務之重要課題,若是交易過程中有人在未獲得授權的情況下可讀取或分析使用者的交易記錄,則可能曝露過多使用者敏感資訊。重複兌換優惠券則可能造成他人財物上之損失。當使用者手上之擁有多張行動優惠券時,使用者可選但若無一安全及有效率之轉移與分割行動優惠券機制,則使用者或惡意的第三者可能偽造優惠券,或繼續使用已轉移他人之失效優惠卷,造成重大之金融風暴。。 本論文提出基於NFC可離線轉移與分割之行動優惠券機制,使用者可將部分未使用之行動優惠券轉移給其他使用者或進行兌換。本方法使用基於PayWord的雙重雜湊鏈達到行動優惠券之轉移與分割,並加入公正第三方(Trusted third party,TTP)發行之一次性憑證及NFC手機中之安全元件(Secure Element,SE)以達到行動優惠券之不可連結性、離線轉移與分割。 本機制具有以下特點:(1)不可連結性:行動優惠券使用一次性之憑證,攻擊者無法從優惠券之內容追查出使用者之身分。(2)離線轉移:透過預先向TTP註冊取得之一次性憑證,使用者可在不與行動優惠券發行商連線的情況下將行動優惠券轉移給其他使用者或向消費商家兌換行動優惠券。(3)分割:使用者擁有多張優惠券時,可選擇將部分優惠券轉移給其他使用者。(4)兌換:使用者可將自行購買或是從他人取得之優惠券向商家兌換優惠。 本機制並可達到可驗證性、防止偽造、防止重複消費、防止竄改、不可否認性。
並列摘要
With the fast growing of mobile e-commerce in recent years, instead of paper vouchers, the merchants begin to send digital vouchers to users’ mobile devices. The users can store various digital vouchers on their cellphone and take the phone to different shops enjoying the discount in sales promotion. Because more and more current smartphones have built-in near field communication (NFC) functions, researchers have proposed to use NFC-enabled phones to perform mobile transactions with digital vouchers. It is convenient and efficient for the users of NFC phones to obtain digital vouchers and use them to trade items. However, unauthorized access to, or analysis of, the users’ transaction records can compromise the users’ privacy. Also, double redemption of digital vouchers can cause financial loss. When the users have multiple mobile vouchers, they can choose to transfer some vouchers to their friends or to redeem them. But if there is not a secure and efficient security scheme to transfer and divide the mobile vouchers, malicious users may forge the vouchers or use an illegitimate voucher that has been transferred to others. Our proposed protocol is designed to divide the mobile vouchers and to transfer them in an online/offline environment. It uses PayWord’s dual hash chain and requires a trusted third party (TTP) to issue a one-time only certificate, which will be stored on the secure element (SE) in the users’ NFC phones. The main contributions of our protocol include: (1) Unlinkability. Because our mobile vouchers use the one-time only certificate, attackers are unable to find out the users’ real identity from the vouchers’ content. (2) Offline transfer. The users have register to a TTP and obtain the one-time only certificate. Then, without connecting to the voucher issuers, the users can transfer their mobile vouchers to other users, or redeem them in the shops. (3) Divisibility. If the users have multiple mobile vouchers, they can choose some of them and transfer them to other users. (4) Redeemability. The users can redeem their own mobile vouchers or the received ones in the shops. Our protocol can achieve verifiability and non-repudiation, and also prevents forgery, double spending, and unauthorized modification.
參考文獻
延伸閱讀
- 馮玄明、陳華慶、陳尚維(2022)。行動裝置NFC技術應用之使用意向模型。國立金門大學學報,10(1),101-115。https://www.airitilibrary.com/Article/Detail?DocID=2221142X-202203-202204270011-202204270011-101-115
- 廖憶君(2016)。NFC信用卡便利性與可行性之研究〔碩士論文,淡江大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0002-0107201610464500
- 吳柏宣(2016)。支援NFC技術之社群分享應用:以旅遊規劃設計為例。地理資訊系統季刊,10(4),20-22。https://doi.org/10.6628/GIS.2016.10(4).4
- 劉東相、孫漢傑、黃敦麟、劉秋宗、謝琬汝(2015)。利用NFC手機實作金融電子存摺的安全技術研究。電工通訊季刊,(),27-34。https://doi.org/10.6328/CIEE.2015.3.04
- 趙偉凱(2014)。One-Time Public Key Privacy Preserving Protocol for Security NFC Mobile Payment〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2014.01198