簡易檢索 / 詳目顯示

研究生: 王思文
Wang, Szu-Wen
論文名稱: 具有身分認證及數位影像保護加解密機制的NFC防偽框架設計
An NFC Anti-counterfeit Framework with Authentication and Image Encryption
指導教授: 李威勳
Lee, Wei-Hsun
學位類別: 碩士
Master
系所名稱: 管理學院 - 電信管理研究所
Institute of Telecommunications Management
論文出版年: 2011
畢業學年度: 99
語文別: 英文
論文頁數: 58
中文關鍵詞: 近場通訊防偽機制
外文關鍵詞: NFC, Anti-counterfiet mechanism
相關次數: 點閱:86下載:5
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 智慧卡整合已經融合在我們的生活之中,整合式的多用途智慧卡可以取代多張卡片以提升便利性,像是日本的Felica®或是台灣的悠遊聯名卡,皆說明智慧卡的整合是未來的新趨勢。近來NFC技術的興起,將智慧卡整合到NFC手機變得容易許多,未來將智慧卡進一步整合到NFC手機中將會成為新趨勢,2011年Google提出Google Wallet 即是將錢包的應用整合到NFC手機的實例。
    然而在智慧卡的多卡合一與智慧卡整合到NFC手機的兩階段過程中,產生一些議題仍待克服,像是卡號衝突、相片與簽名數位化問題與實體卡片防偽機制等皆很難實施在NFC裝置上,可能造成行動商務應用的疑慮並阻礙NFC與智慧卡應用服務整合進一步發展。在各種卡片的應用中,個人身分驗證為一個重要的課題,傳統以相片、簽名驗證使用者身分,在NFC手機中僅能以數位化的影像檔案顯示,但這種方式雖可做身分驗證但容易被攻擊和偽造;在本論文中提出以憑證隱藏在數位影像浮水印,並以卡片金鑰保護的的階層式加密保護機制,並將影像連結存放在NFC安全記憶體中,以多道手續保護身分相片及簽名影像,以確保在NFC手機上顯式的相片與簽名數位影像不會受到偽造與竄改。
    因此,在本研究中提出一個具有身分認證及數位影像保護加解密機制的NFC防偽框架,可以在多卡合一與整合到NFC手機兩階段中,對上述討論的議題提出解決方案,本研究並以共用會員卡系統為例,利用此框架來實作系統提出解決方案,系統包含了一個解決卡片屬性衝突的共用屬性的卡片單元(Applet)、一個認證與數位影像浮水印加解密的卡片單元與一個手機端程式與一組電腦端的程式來模擬後端系統。藉由本研究所提出來的通用型NFC防偽框架,可以解決多卡合一以及卡片移植到NFC手機上所面臨的安全性議題,未來可以應用到諸多以卡片應用服務為主的NFC應用服務系統。

    Smart card integration has penetrated our lives. An integrated multi-purpose smart card can replace several single-purpose cards, enhancing convenience. For example, two such integrated multi-purpose smart cards are Japan’s Felica® and Taiwan’s Co-brand EasyCard credit card. Recently, with the rise of NFC technology, a smart card deployment into the NFC-compatible device has become easier and is expected to be the new trend. One example is the launch of the Google Wallet service in the NFC-compatible device in 2011.
    However, some issues are raised during the two-stage process of smart card integration and smart card deployment into the NFC-compatible device, such as card attributes conflict, digital photo and signature issues, and anti-counterfeit mechanisms on physical cards. Widespread doubts about the NFC and smart card applications will impede mobile commerce application and further development of smart card integration. Personal identification plays an important role in smart card applications. Traditionally, photo and signature are used to verify one’s identify; however, a digital image shown by the NFC mobile phone is easy to attack and forge. In the present study, a two-layered hierarchical encryption for digital image protection mechanism is designed; a certificate signed by a master key is hidden in digital image watermarking, and the image link is stored in a secure element in the NFC device. Multiple procedures are also designed to ensure that photo and signature images are protected in the NFC-compatible device; thus, digital image authentication is secure and practicable as printed images on a plastic card.
    In this study, an NFC anti-counterfeit framework with watermarking encryption and a decryption mechanism for digital images protection and authentication mechanism for ID-based applications is proposed, which provides a solution for the above-mentioned issues. A shared loyalty system is designed and implemented based on the proposed framework, which includes one java card applet for card attributes management, one java card applet for digital image encryption and ID authentication, one mobile application, and one backend system to simulate the shared loyalty system.
    Issues in the smart card integration phase and in the NFC deployment phase can be solved using the NFC anti-counterfeit framework. Moreover, this framework could be applied to other NFC mobile applications.

    Contents 摘要 I Abstract II 致謝 IV List of Figures VII List of Tables IX Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 3 1.3 Related Work 5 1.4 Research Framework 5 1.5 Abbreviations and Notations 8 Chapter 2 Basics of Smart Card, NFC, and Anti-counterfeit Mechanisms 9 2.1 Smart Card 9 2.1.1 Smart Card Infrastructure 11 2.2 Near Field Communication (NFC) 13 2.3 Anti-counterfeit Mechanisms 14 Chapter 3 Smart Card Integration and NFC Deployment Issues 18 3.1 Smart Card Integration Phase 18 3.2 NFC Deployment Phase 20 Chapter 4 NFC Anti-counterfeit Framework 22 4.1 Attributes Conflict Issue (ACI) 24 4.1.1 Attributes Shared Applet (ASA) 24 4.2 Authentication and Digital Image Issue (ADII) 25 4.2.1 Personal Authentication Applet (PAA) 26 4.2.2 Digital Image Watermarking Encryption 29 4.2.3 Authentication 31 Chapter 5 Shared Loyalty System 33 5.1 Loyalty Application Process 33 5.2 Shared Loyalty System 34 5.2.1 Card Issuing Phase 36 5.2.2 Registration Phase 36 5.2.3 Personalization Phase 37 5.2.4 Loyalty Application Phase 38 5.2.5 Authentication Phase 39 5.2.6 Transaction Phase 39 Chapter 6 Conclusion 41 References 43 Appendix A: Character in the Proposed Shared Loyalty System 45 Appendix B: APDU Command Sets in ASA and PAA 48 B.1 Attributes Shared Applet 49 B.2 Personal Authentication Applet 58

    [1] Smart Cards http://ewh.ieee.org/r10/bombay/news5/SmartCards.htm
    [2] Rankl, W., & Effing, W. Smart card handbook, John Wiley & Sons, Ltd., England ,pp. 32-35,2004.
    [3] Sony Felica® http://www.sony.net/Products/felica/csy/index.html
    [4] Sony Felica® “Just tap for easier life.” Felica, 2011.
    [5] EasyCard http://www.easycard.com.tw
    [6] International Organization for Standardization “Near Filed Communication- Interface and Protocol (NFCIP-1),” ISO/IEC 18092, 2004.
    [7] Akram, R. N., Markantonakis, K. & Mayes, K., “Application management framework in user centric smart card ownership model.” Lecture Notes in Computer Science, pp.20-35,2009.
    [8] Ortiz-Yepes, D.A., “Enhancing authentication in eBanking with NFC enabled mobile phones.” Eindhoven University of Technology, Department of Mathematics and Computer Science, August 2008.
    [9] Jurgensen, T. M., & Guthery, S. B. Smart cards: The developer's toolkit, Pearson Education Inc., New Jersey, pp. 2, 2002.
    [10] Husemann, D. “The smart card: don't leave home without it.” IEEE Concurrency, Vol. 7, pp. 24-27, 1999.
    [11] Shelfer, K., Srikantaiah, T. K., & Koenig, M., “The intersection of knowledge management and competitive intelligence: smartcards and electronic commerce,” Knowledge Management for the Information Professional, pp.419-442, 2000
    [12] Flohr, U., “The smart card invasion.” Byte 23, 1, 1998
    [13] Charles A. Walton, Portable radio frequency emitting identifier, U.S. Patent 4,384,288, Issued day 17 May , 1983
    [14] Felica® Wiki http://ja.wikipedia.org/wiki/FeliCa#.E6.AD.B4.E5.8F.B2
    [15] Smart Card Wiki http://en.wikipedia.org/wiki/Smart_card#History
    [16] Mifare Wiki http://en.wikipedia.org/wiki/MIFARE

    [17] Nokia, Philips And Sony Establish The Near Field Communication (NFC) Forum, NFC Forum, 18 Mar 2004
    [18] Nokia 6131 NFC, 7 Jan 2007, retrieved 14 June 2011.
    [19] Video: Google CEO talks Android, Gingerbread, and Chrome OS, Computerworld, 16 November 2010, Retrieved 14 June 2011
    [20] Gingerbread feature: Near Field Communication, Android Central, 21 Dec 2010, Retrieved 15 June 2011.
    [21] Shelfer, K. M., & Procaccino, J. D. “Smart Card Evolution.” Communications of the Acm, Vol.45,No.7, 2002
    [22] Gemalto http://www.gemalto.com/nfc/mobile_payment_ecosystem.
    [23] Global Platform Card Specification, Version2.2, March 2006
    [24] NFC Forum http://www.nfc-forum.org/aboutnfc/
    [25] Frequently Asked Questions, NFC Forum Website, 2011
    [26] Google Wallet http://www.google.com/wallet
    [27] Lemonnier et al., Method for Installing and Managing NFC Applications with Pictures. U.S. Patent Pub. No. 20110072425 A1,Published 24 Mar. 2011
    [28] S. Manuel. “Classification and Generation of Disturbance Vectors for Collision Attacks against SHA-1.” Designs, Codes and Cryptography, Springer Science+Business Media, LLC. Vol. 59, pp.247-263, 2008.
    [29] EMV Integrated Circuit Card Specifications for Payment Systems, Book 2 Security and Key Management, Version 4.1 ,May 2004
    [30] Mayes K. E. & Markantonakis K., Smart Cards, Tokens, Security and Applications, Springer Science+Business Media, LLC., New York, pp. 118-128, 2008
    [31] N. Ahmed, T. Natarajan, and K. R. Rao, "Discrete Cosine Transform", IEEE Trans. Computers, 90-93, 1974.
    [32] The DCT/IDCT Solution Customer Tutorial, XILINX. February 2000
    [33] Tallgren M., Pihlajamaa O. & Törönen J., Ubiquitous Customer Loyalty Service, VTT Research notes 2378, 2007
    [34] Java Card Applet Developer’s Guide, Sun, Version1.0, July 1998.

    下載圖示 校內:2012-08-31公開
    校外:2012-08-31公開
    QR CODE