An offline transferable and divisible mobile voucher based on NFC

• Main Authors: Shao-Peng Liang, 梁少鵬
• Other Authors: Ming-Hour Yang
• Format: Others
• Language: zh-TW
• Published: 2014
• Online Access: http://ndltd.ncl.edu.tw/handle/30566658133118426943

碩士 === 中原大學 === 資訊工程研究所 === 102 === With the fast growing of mobile e-commerce in recent years, instead of paper vouchers, the merchants begin to send digital vouchers to users’ mobile devices. The users can store various digital vouchers on their cellphone and take the phone to different shops enjoying the discount in sales promotion. Because more and more current smartphones have built-in near field communication (NFC) functions, researchers have proposed to use NFC-enabled phones to perform mobile transactions with digital vouchers. It is convenient and efficient for the users of NFC phones to obtain digital vouchers and use them to trade items. However, unauthorized access to, or analysis of, the users’ transaction records can compromise the users’ privacy. Also, double redemption of digital vouchers can cause financial loss. When the users have multiple mobile vouchers, they can choose to transfer some vouchers to their friends or to redeem them. But if there is not a secure and efficient security scheme to transfer and divide the mobile vouchers, malicious users may forge the vouchers or use an illegitimate voucher that has been transferred to others. Our proposed protocol is designed to divide the mobile vouchers and to transfer them in an online/offline environment. It uses PayWord’s dual hash chain and requires a trusted third party (TTP) to issue a one-time only certificate, which will be stored on the secure element (SE) in the users’ NFC phones. The main contributions of our protocol include: (1) Unlinkability. Because our mobile vouchers use the one-time only certificate, attackers are unable to find out the users’ real identity from the vouchers’ content. (2) Offline transfer. The users have register to a TTP and obtain the one-time only certificate. Then, without connecting to the voucher issuers, the users can transfer their mobile vouchers to other users, or redeem them in the shops. (3) Divisibility. If the users have multiple mobile vouchers, they can choose some of them and transfer them to other users. (4) Redeemability. The users can redeem their own mobile vouchers or the received ones in the shops. Our protocol can achieve verifiability and non-repudiation, and also prevents forgery, double spending, and unauthorized modification.