本論文提出一個以NFC為基礎之匿名行動付款協定，以NFC手機中的安全元件及手機之可信賴之執行環境，發展出一個具備認證(Authentication)、授權(Authorization)及稽核(Audit)的匿名行動付款系統。使用者必須先向其往來銀行註冊並配發一虛擬帳戶存於NFC手機之安全元件中，再利用該虛擬帳戶向公信的第三者(TSM)申請具有特定信用額度之虛擬信用卡。當虛擬信用卡之有效期限將至，TSM會重新配發另一虛擬信用卡給使用者。而當帳戶之餘額低於銀行之授信額度時，TSM 將要求使用者重新進行授信。 本系統具有以下特點：(1)便利性︰本協定與EMV標準相容，使用者僅需擁有NFC手機即可取代信用卡、現金。(2)不可連結性︰使用者消費時，商家只會拿到一具短時效之虛擬信用卡資訊，無法從多次交易紀錄分析並連結至使用者身份。TSM雖擁有使用者之消費資訊，然而其僅擁有使用者提供之銀行匿名帳戶，無法得知真實使用者之銀行帳戶資訊。而銀行端亦僅能得知使用者利用 TSM 付款，並無法得知使用者之消費紀錄。(3)匿名性︰除銀行知曉使用者之真實身分外，使用者對TSM及商店皆匿名。(4)不可否認性：所有之帳戶註冊訊息、虛擬信用卡之製作及交易訊息皆須進行數位簽名，達成不可否認性。

We propose a new anonymous payment protocol for current NFC-based mobile payment services. Our scheme combines NFC phones’ built-in secure element (SE) with the trusted execution environment (TEE) and mobile trust module (MTM) to create a reliable execution environment. It is designed to achieve authentication, authorization and audition for anonymous mobile payment services. Firstly users have to apply for a virtual account from an issuing bank and to store it in the SE. Then they use the account to apply for a virtual credit card from a trust service manager (TSM). The card has only limited credits and has to comply with EMV standards. If the card is going to expire, TSM will issue a new one to the user. When the account balance is lower than the credits, TSM will require the user to re-apply for new authorization. The main contributions of our protocol include: (1) Convenience. Our protocol complies with EMV standards and it allows users to take their NFC-enabled cellphones as credit cards or e-cash for transactions. It is convenient and fast. (2) Unlinkability. During a transaction, merchants can only receive the information of a temporary virtual credit card. They cannot analyze transaction records to find any links between users’ identity and the records. Although the TSM keeps consumers’ transaction records, it can only find users’ anonymized bank accounts. It is unable to know users’ real accounts. And the banks can only know their users pay through a TSM, but they cannot access their transaction records. (3) Anonymity. Users’ real identity is only known to their banks. It is kept anonymous to merchants and the TSM. (4) Undeniability. Digital signatures are required for every account registration, virtual credit card application, and transaction, so as to achieve undeniability.