| Summary: | 碩士 === 中原大學 === 資訊工程研究所 === 101 === EMV is the most popular payment standard for current smart cards. People have been trying to integrate NFC technology into mobile payment services. But more and more security issues have been discovered in EMV-based services. For example, communications between a card terminal and a credit card may be vulnerable to Man-in-the-Middle (MITM) attacks. Unencrypted messages in NFC communication can lead to privacy breaches in the transactions. Or, if a shop is unable to connect its back-end server, it cannot recognize the validity of a credit card. For this reason, we propose a new method for current mobile payment services. It is EMV-based and uses EMV commands’ optional fields to perform mutual authentication between a card holder and a merchant. This helps lower the risk in offline transactions. Our scheme requires that a user obtain a temporary offline certificate from the issuer prior to offline transactions. It allows user to enjoy the same credits as online transactions. Besides, our method prevents most current credit card fraud in mobile payment services, such as MITM attacks, privacy breaches, and double spending.
|
|---|
