現行信用卡的標準EMV協定存在著下列 的安全性問題：（1)僅由讀卡機單向認證卡片。 (2)非接觸式的EMV感應卡在進行無線傳輸時 的交易個人資料未經過加密，導致惡意使用者 能夠利用這些訊息進行交易。(3)進行離線交易 時，商店無法即時確認信用卡的有效性。惡意 使用者可以利用上述問題進行詐騙。2013年 楊等人提出了一個改進EMV的協定以解決上 述問題；但是在其方法中，雖對離線交易進行 驗證，但卻無法解決在多次離線交易後所造成 的額度擴張問題，而導致所使用的金額超過風 險控管的範圍。為改善楊等人的方法，本論文 提出了一個相容於EMV之交易安全機制來 改善離線交易之安全性。協定中，在進行離線 交易之前使用者需先向銀行申請一有限額度 且可分割之離線交易授權，再將此授權之重要 資訊儲存在手機之安全晶片内。透過此授權使 用者可以在往後的每次交易前製作依據交易 之金額將所獲得之額度分割成該次交易所需 額度的離線憑證。每次進行離線交易時除了會 交予商家購買商品所需金額之外亦會附帶該 次交易額度之授權憑證以保證有效性。最後， 商家請款的時候可將多次使用者所消費之金 額合併請款，增加了商家使用上的便利性。本 論文所提出之方法適用於多間商家消費的環 境，且可有效解決多次離線消費導致之額度擴 張問題，使得EMV交易更加安全與可靠。

The standards for Europay, MasterCard and Visa (EMV) have been widely adopted by current major financial services corporations but there are certain security threats: (1) authentication is one-way only, i.e. from a reader to a card.(2) EMV-compatible contactless smartcards do not encrypt sensitive data in the mobile transactions, which allows attackers to steal the users’ personal information. (3) During offline transactions, the merchants cannot verify whether a credit card has been revoked. In 2013, Yang proposed a protocol to enhance the security of EMV standards. Yang’s method can perform mutual authentication between a point-of-sale (POS) and a credit card, but the users can exceed the credits after multiple offline transactions. To improve Yang’s method, we propose a new offline transaction mechanism that is compatible with the EMV standards. In our scheme, a user is required to apply for a limited and divisible credits from a bank, and stores the credits into his NFC phone’s security elements (SE). During an offline transaction, the user has to send his certificate and the specific amount of credits to the merchant. The merchant verifies user’s certificate, collects the credits, and redeems the payments from the bank. Our protocol is suitable for the offline environment that accommodates multiple merchants; it prevents exceeding the limitation in multiple offline transactions; and it enhances the security of EMV standards.