With near field communication (NFC), smart card applications, including mobile payments and ID-based applications, can be integrated and deployed to smartphones. However, some of the physical anti-counterfeiting mechanisms are unavailable when the attributes of physical cards are digitalized. For example, photos and signatures can be used to verify personal identity when carrying out credit card payments or using ID-based applications, but the digital images shown by smartphones are easy to attack and forge. Such risks mean that mobile payments are often limited to relatively small transactions. Personal identification thus plays an important role in such smartphone applications, particularly when several smart cards are integrated into the devices. In this paper, an NFC anti-counterfeiting framework with a two-layered digital image protection mechanism is proposed; in this system, an application certificate signed by the service provider and image metadata are hidden in the personal digital image using digital watermarking, and the image metadata is protected by the secure element in the NFC device. Several procedures are designed to ensure the originality of the photo and signature images, so that the process of digital image authentication is as secure and practical as using printed images on a plastic card. Personal authentication and transactions can then be performed securely with the personal authentication applet (PAA) in an offline authentication process, which is fast and convenient compared to online authentication processes. Using the proposed NFC anti-counterfeiting framework, the authentication process in mobile payments will be more secure and thus can be applied with high value transactions.

• 出版日期2016-8