月旦知識庫
 
  1. 熱門:
 
首頁 臺灣期刊   法律   公行政治   醫事相關   財經   社會學   教育   其他 大陸期刊   核心   重要期刊 DOI文章
理工研究國際期刊 本站僅提供期刊文獻檢索。
  【月旦知識庫】是否收錄該篇全文,敬請【登入】查詢為準。
最新【購點活動】


篇名
EMV-based Mobile Payment Protocol for Offline Transaction - With the Ability of Mutual Authentication
作者 Jia-Ning Lou (Jia-Ning Lou)Ming-Hour Yang (Ming-Hour Yang)Yu-Cheng Ho (Yu-Cheng Ho)
中文摘要
現行信用卡的標準EMV協定存在著下列的安全性問題:(1)僅由讀卡機單向認證卡片。(2)非接觸式的EMV感應卡在進行無線傳輸時的交易個人資料未經過加密,導致惡意使用者能夠利用這些訊息進行交易。(3)進行離線交易時,商店無法即時確認信用卡的有效性。惡意使用者可以利用上述問題進行詐騙。2013年楊等人提出了一個改進EMV的協定以解決上述問題;但是在其方法中,雖對離線交易進行驗證,但卻無法解決在多次離線交易後所造成的額度擴張問題,而導致所使用的金額超過風險控管的範圍。為改善楊等人的方法,本論文提出了一個相容於EMV之交易安全機制來改善離線交易之安全性。協定中,在進行離線交易之前使用者需先向銀行申請一有限額度且可分割之離線交易授權,再將此授權之重要資訊儲存在手機之安全晶片內。透過此授權使用者可以在往後的每次交易前製作依據交易之金額將所獲得之額度分割成該次交易所需額度的離線憑證。每次進行離線交易時除了會交予商家購買商品所需金額之外亦會附帶該次交易額度之授權憑證以保證有效性。最後,商家請款的時候可將多次使用者所消費之金額合併請款,增加了商家使用上的便利性。本論文所提出之方法適用於多間商家消費的環境,且可有效解決多次離線消費導致之額度擴張問題,使得EMV交易更加安全與可靠。
英文摘要
The standards for Europay, MasterCard and Visa (EMV) have been widely adopted by current major financial services corporations but there are certain security threats: (1) authentication is one-way only, i.e. from a reader to a card. (2) EMV-compatible contactless smartcards do not encrypt sensitive data in the mobile transactions, which allows attackers to steal the users' personal information. (3) During offline transactions, the merchants cannot verify whether a credit card has been revoked. In 2013, Yang proposed a protocol to enhance the security of EMV standards. Yang's method can perform mutual authentication between a point-of-sale (POS) and a credit card, but the users can exceed the credits after multiple offline transactions. To improve Yang's method, we propose a new offline transaction mechanism that is compatible with the EMV standards. In our scheme, a user is required to apply for a limited and divisible credits from a bank, and stores the credits into his NFC phone's security elements (SE). During an offline transaction, the user has to send his certificate and the specific amount of credits to the merchant. The merchant verifies user's certificate, collects the credits, and redeems the payments from the bank. Our protocol is suitable for the offline environment that accommodates multiple merchants; it prevents exceeding the limitation in multiple offline transactions; and it enhances the security of EMV standards.
起訖頁 61-66
關鍵詞 行動交易風險控管NFCEMVMobile PaymentRisk ManagementPayword
刊名 理工研究國際期刊  
期數 201503 (5:1期)
出版單位 國立臺南大學
該期刊-上一篇 空間探測系統設計與實作
該期刊-下一篇 Implement N-Distance-Greedy w/ M-Direction-Greedy Forwarding in Vehicular Ad Hoc Network
 

新書閱讀



最新影音


優惠活動




讀者服務專線:+886-2-23756688 傳真:+886-2-23318496
地址:臺北市館前路28 號 7 樓 客服信箱
Copyright © 元照出版 All rights reserved. 版權所有,禁止轉貼節錄