becomes mature. Therefore, in recent years, due to the gradually changing of people's consumption patterns, people start to replace the physical money transaction with the mobile payment, and replace the physical credit cards with non-contact payment, which then speeds up the transaction process. They also turn NFC mobile phones into virtual credit cards through the card simulation functions in the NFC technology [1][2][3][4][5][6][7][8]. However, the transactions through integrating credit card into the phone also bring many security issues; many scholars propose a method to put credit into the mobile phone in a secured manner. In addition, the privacy of transaction behaviors are drawing more and more attention of the public because a great number of merchants would record the users’ consumption behaviors and then recommend advertising contents to advertisers on the basis of the analysis of user behaviors. For the merchants, precise advertising is critical. But in the view of users, it is much more like a pair of invisible eyes monitoring every movement of theirs’. As a consequence, the anonymity function of mobile payment becomes more and more underscored. The recently published Apple Pay [9] and Google Wallet [10] can replace the physical cards of users through the Token and thus allow the physical information of credit cards to be replaced by the Token. The Token transaction process can protect the user's information which is [11] proposed by two major international financial institutions, Master Card and VISA.
The virtual credit cards allow users with no need to carry physical credit cards with them anymore. Any smart phone configured with WiFi, Bluetooth or NFC can serve as containers for virtual credit cards. Compared with the payment method of
‧
traditional physical credit cards, virtual credit cards accelerate the settlement speed of users. As long as users get close to the Point of Sale (POS) machine, the action of consumption deductions will be implemented. Because of the Token, users don’t have to worry about the risks that merchants obtain their real card number.
However, in order to maintain the security between users and merchants, there must be a card issuer to help the merchants to identify the correctness of the virtual credit cards of users. In this way, the places of consumption of users will be severely limited.
Users can only perform payment action while the POS is connected to the network.
However, under the traditional payment circumstances, merchants don’t necessarily need the network to confirm the payment action by linking to card issuer. Because the physical credit card include the card number, card expiration date and last three digits , which can be utilized by the merchant to verify the correctness of the card. However, when a user adopts the physical card for consumption, the merchant can also obtain the information of the physical card. If some malicious merchants conduct consumption at other places by collecting users’ physical cards, it can lead to an unauthorized consumption.
As a result, in 2014, some cases came up that malicious attackers perform consumption by targeting small amount of off-line transactions. In these cases, malicious users use the expired credit card to consume. In these cases, malicious users can make consumption by using expired credit card.This could happen in real world since in Taiwan every transaction less than three thousands New Taiwan Dollars (NTDs) is regarded as an off-line transaction and it’s validity will not be verified by the card issuer during the transaction.Therefore, the merchants only can find out the unauthorized consumption by connecting the card issuer.
‧
MasterCard, Visa (EMVCo) have specified three on-line transaction conditions to enforce EMV transaction must be on-line transaction [34]: 1. Exceeding the limit of cumulative consumption amount. 2. Exceeding the limit of consecutive consumption times. 3. Random inspection. However, the EMV risk management does not effectively prevent off-line double spending of the malicious users. Therefore, Balze et al. [12] proposed a new scheme by adding the some conditions, such as the limit of consumption amount and the life span into the user’s certificate, so as to reduce the risks that malicious users cheat on off-line transactions. Rivest and Shamir et al. [13]proposed a new payment way to adopt transaction manner of one-way payword by using the hash chain to prevent cheating on off-line transactions. But the hash chain must be generated before the user make transactions, in which case, n is the length of user’s hash chain which represent the consumable amount of n dollars. The merchant can ensure the users’ consumption amount by verifying whether it’s in the same sequence of hash value. However, the merchant can also calculate user’s others hash values, which means the consumption information of the user is leaked to the merchant, so that the merchant can have a chance to use the users’ payword to pay.
Besides, it is a limitation that a payword can only be used with one merchant. Dai et al. [14] proposed a new protocol to improve the payword consumption mechanism, so as to allow payword to be available at more merchants. For example, in their scheme, user’s certificate is required to have the information of the credit limit and the expired date. In this way, the user can use different parts of the same payword to make payment in different merchants. However, the merchant can only know the correctness of the payword, a malicious user still can successfully consume with merchants by sending the unregistered payword to the merchant, and the merchant can only find out that the payword is illegal when the merchant request payout to
‧
payword issuer. Esmaeeli and Shajari [15] proposed the MVPayword method to allow payword to be available for consumption among multiple merchants, but under this protocol architecture, the transactions have been connecting with the payword issuer.
Even though, it guarantees the validity of the users’ consumption payword. Although it can verify the validity of paywords a user consumed, but it has the disadvantage that their protocol does not support off-line spending. Fan et al. [16] proposed a double payword to confirm the identities of the user and the merchant, so as to increase the security for the user. Later, Fan et al. [17] also proposed an anonymous mechanism to ensure that the user can be anonymous during the consumption. In order to ensure anonymity, it greatly increased the amount of calculation to guarantee the correctness of the user identity. Therefore, the way of adopting a huge amount of calculation in the transaction environment is not suitable for the application in the actual transactions.
However, Token technology is not unbreakable. For example, in 2016, the token of Samsung [18] was cracked by a hacker, which resulted in leaking of users' card information and forging credit card token for illegal consumption. Because the token value of Samsung pay is not completely random but organized in regular manner, malicious users can crack the rules of the Token card numbers through collecting card numbers. In the light of Samsung issue, our protocol allows users to choose random number as the token value when the users apply to token server provider (TSP). So, it can avoid token be predictable.
This thesis proposed a new off-line transaction protocol which not only can make sure keeping the user anonymous, but also prevent of the double spending attack. We use the SE to protect the classified information of the user and make sure no one can forge the signature in the transaction including the users.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
In addition, the mobile payment protocol specified in the EMV must comply with the principle that the transaction shall be completed in 0.5 seconds. In order to proof this study’s running time can be under 0.5 second, we follow this protocol and program code. The running time will be discussed in chapter 7.
This paper will introduce our new on-line and off-line transactions protocol, related architecture diagrams and transaction mechanism. The security that we can achieve will be covered at the end of the article.
‧
2.1 Near Field Communication (NFC)
NFC (Near Field Communication) [19] is short distance transmission technology, and the NFC effective distance is about 10 centimeters. Compared with the traditional network transmission protocol, there is no need for NFC to worry about the man-in-the-middle attack during the communication of the user by intercepting and tampering the packet. Given the advantage of short distance for NFC, there is a certain difficulty for a malicious user to denial-of-service or man-in-the-middle attack by tampering the data and intending to make the NFC device unavailable to unscramble the message sent by a NFC mobile phone.
The safety of NFC mobile phones is very important. The malicious program infecting the phone may allow malicious users to obtain sensitive information in the phone, so the NFC mobile phone must be configured with a security element to protect confidential information of the phone from being tempered by external or malicious programs if you want to use virtual credit card through the card simulation mode of NFC phone. function of SE, we can allow the SE to be responsible for the encryption, decryption and data signature of confidential data [20].