摘要
EMV為目前晶片信用卡所通用的付款的協定,但EMV存在一些安全性的隱憂。在2014年楊等人提出一結合NFC 手機及EMV之離線交易協定(EPMAR),加入雙向認證機制以解決 EMV安全性上的問題。然而EPMAR協定僅侷限於使用單一信用卡,並未考慮到使用者可能持有多張信用卡之情況。因此在使用者離線交易時,可能導致申請多張離線消費憑證時超出 EMV 所容許的交易時間限制,及可能造成信用額度擴張的問題。 本論文將EPMAR協定加以改良,提出一個可以有效率的同時申請多張離線憑證的協定(EOPMC)。在本協定中使用者必須得向安全服務管理(TSM)進行註冊,進而申請一張專門用來申請離線憑證的虛擬信用卡。此虛擬信用卡會跟其他在使用者手機內的信用卡進行綁定,透過TSM向各信用卡之發卡銀行取得離線消費授權。在之後的離線憑證申請過程中,使用者僅需利用虛擬信用卡向 TSM 提出申請,TSM即可簽發所有信用卡之離線憑證。使用者於商家消費時,僅需提供所欲消費之信用卡憑證即可,商家並不需要連線到TSM或發卡銀行進行授權申請。 本論文所提出之方法使得使用者在進入離線區域前,只需要連線到TSM就可以一次申請多張信用卡的離線消費憑證,增加申請離線憑證的效率。並且由TSM統一控管同一位使用者的離線消費額度,避免商家因為使用者額度擴張而無法跟信用卡發卡銀行請款的問題。
並列摘要
EMV is a most generic standard of current credit cards that contains several security crises. In 2014, Yang et al. proposed an EMV-base offline payment protocol on NFC-phone (EPMAR), which focus on solving the mutual authentication problem of EMV standards. However, EPMAR suppose the user only owns a single credit card; can be only used in a single-card environment, EPMAR didn't consider that user have multiple cards. If a user wants to do offline payments with multiple cards, the user needs to apply multiple offline certificates from different banks one-by-one, which may exceed the EMV transaction time limitation. In this paper we propose an EMV-based Offline Payment with Multiple cards (EOPMC) protocol, to improve the weakness of EPMAR. In EOPMC, the user must register himself to a trust service manager (TSM) to get a virtual token. The virtual token is stored in the secure element of a user’s NFC-phone. The user uses the virtual token to apply offline certificates of all credit cards from the TSM. In our proposed protocol, the user can get the offline certificates of all the credit cards from a TSM in a single transaction to fit the restriction of the EMV protocol. When the user performs transactions with a merchant, the user needs to send the offline certificates to the merchant. The merchant does not need to verify these certificates from the issuer banks of the specific credit card online.
參考文獻
延伸閱讀
- 洪聖翔(2013)。相容EMV具雙向認證且適合離線及線上交易之行動付款協定〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu201301074
- Shen, W. L. (2015). 上行多使用者多天線系統之存取協定設計 [doctoral dissertation, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2015.00468
- 曹偉駿、蔡欣潔(2010)。基於部分盲簽章之多銀行聯合發行的行動電子現金系統。載於中華民國資訊安全學會(主編),全國資訊安全會議(頁145-150)。中華民國資訊安全學會。https://doi.org/10.29615/CISC.201005.0145
- 李佩霜(2014)。結合無線智慧卡與NFC通訊的M-Coupon機制〔碩士論文,國立暨南國際大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0020-0108201420413200
- Chiu, J. Y. (2005). Design and Implementation of Convenient and Trusted Mobile Payment System [master's thesis, Tatung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0081-0607200917235009