隨著行動裝置日漸普及，讓使用者可以隨時隨地透過網路使用服務，加上物聯網技術逐漸落實到日常生活中，實現遍布式計算的概念。未來在公共空間中，可以整合環境中的裝置，建置一個公用資源服務平台，讓欲使用服務的使用者，可以使用公用資源服務，使環境中的閒置設備能夠被充分利用。我們提出一個適用於開放式環境中，提供公用資源服務平台的系統架構、功能結構和使用流程，並設計一個以辨識使用者角色為基礎的身分鑑別機制，讓持有行動裝置的使用者能夠安全地取用服務。
在本研究中，我們結合公開金鑰密碼系統、雜湊演算法和JSON Web Token，來設計一套身分鑑別機制，應用於開放式公用資源服務平台上，並以大學中的系所辦公室為環境下，實作本平台的雛型系統，提供身分鑑別與公用資源服務的功能。經由分析的結果表明，本機制可以達到安全性需求，並提供良好的系統通用性、易用性及服務擴展性，適用於開放式環境下的公用資源服務。

With the growing popularity of mobile devices, users can access services through the Internet from anywhere at any time. Besides, the Internet of Thing technologies are gradually implemented in our daily life. The concept of pervasive computing will be realized. In the public space, service provider can integrate the devices in the environment to build a public resource service platform. The user can use this platform to access the public resource services. Therefore, the idle resources can be fully utilized. We design the public resource service platform and authentication mechanism for open environment, so that people can use mobile devices to access services safely.
In our research, we combine public-key cryptography, hash algorithm and JSON Web Token to design an authentication protocol for open public resource service platform. We build the prototype system based on office of college to provide authentication and public resource services. The analysis shows that the proposed protocol can achieve security requirements and provide great system commonality, usability and service scalability for public resource service in public environment.

中文摘要 I
Abstract II
誌謝 III
目錄 IV
圖目錄 V
表目錄 VI
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機和目標 2
1.3 章節介紹 2
第二章 文獻探討 3
2.1 應用在遍布式計算的身分鑑別機制 3
2.2 應用於智慧型手機的身分鑑別機制 3
2.3 JSON Web Token 5
第三章 開放式公用資源服務平台之設計 7
3.1 系統架構、功能結構與流程設計 7
3.2 符號定義 12
3.3 身分鑑別協定 13
第四章 平台實作 19
4.1 實作系統架構 19
4.2 行動應用程式功能與公用資源服務 22
4.3 資料庫設計 24
4.4 效能評估 25
第五章 安全性分析 29
5.1 信賴邊界和假設 29
5.2 身分鑑別協定的安全性分析 30
第六章 結論 32
參考文獻 33

[1] M. Weiser, “The Computer for the 21st century,” Scientific American, 1991
[2] D. Booth, H. Haas, F. McCabe, E. Newcomer, M. Champion, C. Ferris and D. Orchard, “Web Services Architecture,” W3C Working Group Note 11, 2004, [Online]. Available: https://www.w3.org/TR/ws-arch/
[3] R. T. Fielding, “Architectural Styles and the Design of Network-based Software Architectures,” Ph.D. dissertation, Univ. California, Irvine, 2000, [Online]. Available: https://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
[4] T. Dierks, E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.2,” RFC 5246, 2008, [Online]. Available: https://www.rfc-editor.org/info/rfc5246
[5] J. Han, “Chaining the Secret: Lightweight Authentication for Security in Pervasive Computing,” in IEEE International Conference on Pervasive Computing and Communication Workshops, Sydney, NSW, Australia, 2016, pp. 1-3
[6] B. Alomair and R. Poovendran, “Efficient Authentication for Mobile and Pervasive Computing,” IEEE Transactions on Mobile Computing, vol. 13, no. 3, pp. 469-481, 2014
[7] K. Ren, W. Lou, K. Kim and R. Deng, “A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments,” IEEE Transactions Vehicular Technology, vol. 5, no. 4, pp. 1373-1384, 2006
[8] J. C. D. Lima, C. C. Rocha, I. Augustin and M. A. R. Dantas, “A Context-Aware Recommendation System to Behavioral Based Authentication in Mobile and Pervasive Environments,” in IFIP 9th International Conference on Embedded and Ubiquitous Computing (EUC), Melbourne, VIC, Australia, 2011, pp. 312-319 
[9] W. Meng, D. S. Wong, S. Furnell and J. Zhou, “Surveying the Development of Biometric User Authentication on Mobile Phones,” IEEE Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1268-1293, 2015
[10] M. O. Derawi, B. Yang, and C. Busch, “Fingerprint Recognition with Embedded Cameras on Mobile Phones,” in 3rd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, Aalborg, Denmark, 2012, pp. 136-147
[11] S. Sin, R. Zhou, D. Li, T. Isshiki and H. Kunieda, “Narrow Fingerprint Sensor Verification with Template Updating Technique,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 95, no. 1, pp. 346-353, 2012
[12] S. Chen, A. Pande and P. Mohapatra, “Sensor-assisted Facial Recognition: An Enhanced Biometric Authentication System for Smartphones,” in Proceedings of the 12th Annual International Conference on Mobile systems, applications, and services, Bretton Woods, NH, USA, 2014, pp. 109-122
[13] K. Xi, J. Hu, and F. Han, “Mobile Device Access Control: An Improved Correlation Based Face Authentication Scheme and Its Java ME Application,” Concurrency and Computation: Practice & Experience, vol. 24, no. 10, pp. 1066-1085, 2012
[14] K. R. Park, H.-A. Park, B. J. Kang, E. C. Lee, and D. S. Jeong, “A Study on Iris Localization and Recognition on Mobile Phones,” EURASIP Journal on Advances in Signal Process., vol. 2008, no. 1, pp. 281-943, 2008
[15] M. Kunz, K. Kasper, H. Reininger, M. Mobius and J. Ohms, “Continuous speaker verification in realtime,” in Proceedings of the International Conference of the Biometrics Special Interest Group, Darmstadt, HE, Germany, 2011, pp. 79-87 
[16] M. Baloul, E. Cherrier and C. Rosenberger, “Challenge-based Speaker Recognition for Mobile Authentication,” in Proceedings of the International Conference of the Biometrics Special Interest Group, Darmstadt, 2012, pp. 1-7
[17] R. Blanco-Gonzalo, O. Miguel-Hurtado, A. Mendaza-Ormaza and R. Sanchez-Reillo, “Handwritten Signature Recognition in Mobile Scenarios: Performance Evaluation,” in IEEE International Carnahan Conference on Security Technology, Boston, MA, United States, 2012, pp. 174-179
[18] M. O. Derawi, C. Nickely, P. Bours and C. Busch, “Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition,” in 6th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Darmstadt, Darmstadt, HE, Germany, 2010, pp. 306-311
[19] F. Li, N. Clarke,M. Papadaki, and P. Dowland, “Active Authentication for Mobile Devices Utilising Behaviour Profiling,” International Journal of Information Security, vol. 13, no. 3 , pp. 229-244, 2014
[20] C. Giuffrida, K. Majdanik, M. Conti and H. Bos, “I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics,” in 11th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Egham, United Kingdom, 2014, pp. 92-111
[21] L. Li, X. Zhao and G. Xue, “Unobservable Re-authentication for Smartphones,” in Proceedings of the 20th Network and Distributed System Security Symposium, San Diego, CA, United States, 2013, pp. 1-16
[22] Y. Meng, D. S.Wong and L. F. Kwok, “Design of Touch Dynamics Based User Authentication with an Adaptive Mechanism on Mobile Phones,” in Proceedings of the 29th Annual ACM Symposium Applied Computing, Gyeongju, South Korea, 2014, pp. 1680-1687 
[23] S. Indu, T. N. Sathya, V. Saravana Kumar, “A Stand-alone and Sms-based Approach for Authentication Using Mobile Phone,” in International Conference on Information Communication and Embedded Systems (ICICES), Chennai, TN, India, 2013, pp. 140-145
[24] P. Tanvi, G. Sonal and S. M. Kumar, “Token Based Authentication Using Mobile Phone,” in International Conference on Communication Systems and Network Technologies (CSNT), Katra, JK, India, 2011, pp. 85-88
[25] M. Shu, C. Tan and H. Wang, “Mobile Authentication Scheme Using SMS,” in SSME '09. IITA International Conference on Services Science, Management and Engineering, Zhangjiajie, China, 2009, pp. 161-164
[26] M. Jones, J. Bradley and N. Sakimura, “JSON Web Token (JWT)”, RFC 7519, 2015, [Online]. Available: http://www.rfc-editor.org/info/rfc7519
[27] D. Giry. (2015, September 17). BlueKrypt Cryptographic Key Length Recommendation [Online]. Available: https://www.keylength.com/en/4/