在近場通訊(Near Field Communication, NFC)的行動支付上,一直存在著安全與隱私的議題,例如假冒身份、重送攻擊,以及客戶個資隱私被揭露等。多數的研究成果都以解決上述問題而提出各種交易協議,為了能提高身份驗證與交易安全性,採用了多次加解密運算以及數位簽章,卻也因繁重的計算負擔導致協議整體運作效率較不理想,並且較無考慮到保護隱私的問題。本研究將先探討過去文獻所提出的交易協定,從中了解其優點與缺點,並尋找可用的安全技術,來設計安全的行動支付交易協定。除了考慮的交易的資訊安全性外,也將分別對行動支付的協議效率問題,以及行動支付的資料隱私問題進行探討與改善。在完成協議設計後,針對所提出的協議進行分析與討論,試著說明協議能抵禦常見的惡意攻擊,以及身分仿冒,確保交易協議的安全性足夠。除了交易的安全性外,也試著證實協議的整體效率充足,以及透過匿名的方法解決交易的資料隱私問題。
Although NFC mobile payment is fruitful and useful, security and customer privacy are of great concern to users. For example, attacks like identity impersonation, eavesdropping, and replaying might occur, also personal information and finance conditions could be exposed during payment transactions. Many protocols have been presented to solve these problems by using multiple times of encryptions and digital signatures times for higher security. However, the complicated computations introduce overheads and generate inefficient operations for these protocols. And then, those protocols have not concern consumer privacy problem clearly. We discuss those proposed protocols from literature and find out the advantage and weak point. And looking for the useful security technology to design the secure mobile payment protocol. Not only concern information security of the payment but also concern efficiency and consumer privacy problem. After design the protocols, we will analyze the protocol. And try to explain the protocol is secure and efficient that can defense common attack and cost a low computations. We also try to use the anonymous methods to solve the consumer privacy problem.