隨著智慧型手機普及率的提升，越來越多的智慧型手機應用產生，而NFC技術的出現，更促成了使用者手持智慧型裝置，透過NFC存取周邊商家所提供的像是自動櫃員機等資訊服務。然而，NFC行動裝置在使用商家提供的資訊服務時，有時會需要存取遠端資源。在使用者的 NFC 裝置是透過商家的資訊設備去連接到遠端伺服器而去取得遠端資源時，因為遠端伺服器會需要取得使用者的帳號密碼等認證資訊去認證使用者，此時商家的資訊設備就有可能擷取到這些認證資訊，而使得使用者認證資訊遭遇到資料機密性與完整性受到侵害的威脅。雖然現行已經有技術在探討安全地分享遠端資源的議題，例如OAuth，但OAuth技術假設參與者可以直接對於資源提供者進行連線，OAuth協定是針對使用者的裝置直接取得遠端資源的情境，並未考慮到可能是經過不可信賴的第三方存取資源的情況。因此，本研究提出NFC行動裝置授權遠端資源安全存取控制機制，透過NFC行動裝置與遠端資源中心建立安全通道，資料交換皆透過安全通道作傳輸。透過本研究機制，NFC行動裝置可以授權資源中心將使用者同意給予的資源提供給服務提供者，以便使用者在不洩漏機密資訊的情況下，使用服務提供者的服務。換句話說，在商家的資訊服務可能需要遠端資源的情況下，可以在不知道使用者與遠端資源提供者溝通內容的情況下，取得使用者的遠端資源而提供服務。
關鍵字：近場通訊、近場通訊安全通道、安全存取控制

As the development of NFC technologies, several NFC applications emerge recently. NFC technologies enable mobile devices to use NFC services quickly and user-friendly. NFC services may need user resources stored in remote servers. In this case, remote servers may need user credential information to authenticate the user. Although user credential information may be transmitted between NFC-enabled devices and remote servers through NFC service providers, service providers should not obtain the credential data.
To address this issue, our approach establishes a secure tunnel between users’ NFC-enabled devices and remote servers. With our approach, sensitive information, such as personal identification information, is encrypted and transferred to remote servers through the secure tunnel. Therefore, NFC-enabled devices can exchange sensitive data with remote servers securely while using NFC services.
Keywords：Near Field Communication, Secure Tunnel, Security Access Control

[1] C. Albanesius, "Apple Awarded iWallet Patent", 2012.
[2] C. Mulliner. "Vulnerability Analysis and Attacks on NFC-enabled Mobile Phones", In Proceedings of the 1st International Workshop on Sensor Security at ARES, Fukuoka, Japan, 2009.
[3] E. Haselsteiner and K. Breitfuß, "Security in Near Field Communication(NFC)", in workshop on RFID Security, 2006.
[4] Forum.Nokia, "Introduction to NFC", 2011.
[5] F. Resatsch, S. Karpischek, S. Hamacher, U. Sandner, "Mobile sales assistant: NFC for retailers", MobileHCI 2007, Singapore, September 2007.
[6] Google Wallet, http://www.google.com/wallet/.
[7] G. Van Damme, K. Wouters, H. Karahan, B. Preneel, "Offline NFC Payments with Electronic Vouchers. In", Proceedings of the 1st ACM Workshop on Net-working, Systems, and Applications for Mobile Handhelds (MobiHeld 2009), 6 pages, ACM, New York (2009).
[8] ISO/IEC 18092, "Information Technology – Telecommunications and information exchange between systems – Near Field Communication – Interface and Protocol (NFCIP-1)", 2004.
[9] J. Sidén, V. Skerved, J. Gao, S. Forsström, H. Nilsson, T. Kanter, M. Gulliksson, "Home Care with NFC Sensors and a Smart Phone", Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies, ACM New York, NY, USA(2011), ISBN: 978-1-4503-0913-4.
[10] K. S. Kadambi, J. Li, A. H. Karp, "Near-Field Communication-Based Secure Mobile Payment Service", Proceedings of the 11th International Conference on Ecommerce, ISBN: 978-1-60558-586-4, 12-15 August 2009, Taipei, Taiwan,142-151.
[11] K. Seewoonauth, E. Rukzio, R. Hardy, and P. Holleis, "Two NFC interaction techniques for quickly exchanging pictures between a mobile phone and a computer", in Proceedings of the 11th International Conference on Human Computer Interaction with Mobile Devices and Services, ser.MobileHCI’09. New York, NY, USA: ACM, 2009, pp. 39:1–39:4.
[12] M. Sallinen , E. Strömmer , A. Ylisaukkooja, "Application Scenario for NFC: Mobile Tool for Industrial Worker", Proceedings of the 2008 Second International Conference on Sensor Technologies and Applications, p.586-591, August 25-31, 2008.
[13] NFC Forum, http://www.nfc-forum.org/home.
[14] NFC Forum, "NFC Data Exchange Format (NDEF) Technical Specification", 2006.
[15] NFC World, http://www.nfcworld.com.
[16] nfctools, https://www.github.com/grundid/nfctools.
[17] OAuth, http://oauth.net/.
[18] RFC2401, "Security Architecture for the Internet Protocol", 1998.
[19] RFC2637, "Point-to-Point Tunneling Protocol (PPTP)", 1999.
[20] RFC3193, "Layer Two Tunneling Protocol (L2TP)", 1999.
[21] R. L. Rivest , A. Shamir , L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems", Communications of the ACM, v.26 n.1, p.96-99, Jan. 1983.
[22] S. Tamrakar, Jan-Erik Ekberg and N. Asokan, "Identity Verification Schemes for Public Transport Ticketing with NFC Phones", in proceedings of the sixth ACM workshop on Scalable trusted computing(STC'11), 2011, pp. 37-48.
[23] W. Diffie, M. Hellman, "New directions in cryptography". IEEE Trans. Inform. Theory IT-22, 6 (Nov. 1976), 644-654.