NFC手機主要應用於電子商務與電子企業，因此如何提供安全可信賴之應用環境，實為推動NFC手機運用於電子商務與電子企業之關鍵議題。有鑑於此，為改善使用者向服務提供者註冊服務與使用者向服務提供者存取服務時，缺乏匿名與其他安全威脅問題，本論文以自我驗證公開金鑰系統與橢圓曲線密碼系統的方法，提出適用於NFC手機的匿名與鑑別金鑰協議機制。本論文所提出方法達到以下安全目標與需求：提供通訊雙方相互鑑別、使用者匿名、通訊過程中抵抗中間人攻擊、抵抗重送攻擊，並提供通訊實體雙方建立之交談金鑰達到前推安全與已知金鑰安全。另外，在我們的方法中，服務提供者不需要使用通行碼驗證表即可鑑別使用者身分，能降低儲存成本。

NFC mobiles have many applications in E-commerce and e-business, and providing a secure and reliable application environment is crucial in promoting NFC mobiles in these sectors. This thesis has found that the needs of anonymity and authentication requirements have not yet been met in the NFC mobiles; for example, there are security issues and anonymity needs during the process of user registering at service provider site as well as accessing services. This thesis proposes a self-certified public key system and ECC scheme to add mechanisms to address these needs and issues and to make the process efficiency. Through mechanisms we reach the goal of mutual authentication and session key agreement, anonymity; during the communication process, our schemes can resist man-in-the-middle attack, resist replay attack, and achieve forward secrecy and know-key secrecy. The schemes can reduce message transmission cost and storage cost; since service providers no longer will need to use a password table to authenticate users when users accessing the service.

[AP09] V. Alimi, M. Pasquet, “Post-distribution provisioning and personalization of a payment application on a UICC-based Secure Element,” International Conference on Availability, Reliability and Security, 2009, pp. 701–705.
[CR05] B. Choudhary and J. Risikko, “Mobile device security element,” Key Findings form Technical Analysis v. 1.0, Mobey Forum. 2005.
[FHMM10] L. Francis, G. Hancke, K. Mayes and K. Markantonakis, “A security framework model with communication protocol Translator Interface for Enhancing NFC Transations,” Advanced International Conference on Telecommunications, pp. 452–461, 2010
[Glo06] GlobalPlatform, “ Confidential Card Content Management – GlobalPlatform Card Specification v2.2 – Amendment A,” http://www.globalplatform.org/, 2003
[Glo09] Global Platform, “ Secure Channel Protocol 03 – Global Platform Card Specification v2.2 - Amendment D ,” http://www.globalplatform.org/, 2009
[Gir91] M. Girault, “Self-certified public keys,” Proc. Advances in Cryptology-EUROCRYPT’91, Lecture Notes in Computer Science, Vol. 547, 1991, pp. 490-497.
[HB06] Ernst Haselsteiner and Klemens Breitfus: Security in near field communication (NFC), In Workshop on RFID Security, 2006.
[Kob87] N.Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, 1987, pp. 203-209.
[LW10] Y. P Liao and S. S Wang, “A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves,” Computer Communications 33, pp. 372–380, 2010
[Mil86] V. Miller, “Use of elliptic curves in cryptography,” Proc. Advances in Cryptology- CRYPTO’85, 1986, pp. 417-426.
[MLKS08] G. Madlmayr, J. Langer, C. Kantner, J. Scharinger. “NFC devices: security and privacy,” In Third International Conference on Availability, Reliability and Security, 2008, pp. 642–647.
[ML08] G. Madlmayr, J. Langer, “Managing an nfc ecosystem,” 7th International Conference on Mobile Business, 2008, pp. 95-101
[MM04] Konstantinos Markantonakis and Keith Mayes, “A secure channel protocol for multi-application smart cards based on public key cryptography,” Proceedings of 8th IFIP TC-6-11 Conference on Communications and Multimedia Security, 2004, pp.79-96.
[Mob08] Mobey Forum, Best practices for mobile financial services – enrolment business model analysis [online, White Paper], 2008, available from : http://www.mobeyforum.org/?page=bestpractice
[Mul09] C. Mulliner, “Vulnerability analysis and attacks on NFC-enabled mobile phones,” 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan: 2009, pp. 695-700.
[PH97] H. Petersen and P. Hoster, “Self-sertified keys concepts and applications,” Proceeding of Communications and Multimedia Security’ 97, 1997, pp.102-116.
[RP09] Marie Reveilhac, Marc Pasquet, “Promising secure element alternatives for NFC technology,” 2009 First International Workshop on Near Field Communication, 2009, pp. 75-80
[SCA09] Smart Card Alliance, “Security of Proximity Mobile Payments,” A smart Card Contactless and Mobile Payments Council White Paper,
http://www.sma rtcardalliance.org, 2009.