過去幾年來的數據顯示查扣到的偽冒商品數量不斷地攀升，其中又以侵犯智
慧財產權的形式居多，而且此種案件越來越氾濫。除了偽冒商品之外，另一個影
響著全球市場經濟的一大威脅則是贓品的非法販售。上述提到的偽冒商品以及贓
品多半被惡意商人透過非法黑市或線上買賣平台來營利，不僅難以追蹤也難以辨
別商品的合法性。
有許多研究結果與解決方法被提出以杜絕這種威脅，而其中也不乏利用有效
率又安全的密碼學理論輔助的方案以確保商品中資訊的完整性與合法性，然而這
些方案使購買商品的消費者難以參與防止偽冒與贓品的驗證環節。目前解決方案
中的驗證流程或設計多半要求最終使用者具備高成本的特殊設備，又或者需要理
解太複雜的流程。我們提出一個解決偽冒與贓品販售的架構，主要藉由消費者多
半皆擁有且容易使用的科技產品和技術來輔助，以提高使用者協助打擊犯罪的參
與率和成功率。
此論文選擇藉由智慧型手機中的NFC 技術(近場通訊或近距離無線通訊) 再
加上數位簽章中的Keyed PV (Pintsov-Vanstone) 簽章架構來實現防止偽冒與贓品
的解決方法。透過NFC 晶片的驗證與我們的機制，可偵測辨識出商品的合法性。
由於內建NFC 技術的手機是當前智慧型手機的製造趨勢，而且NFC 手機所佔的
比例逐年升高，是個使用者皆方便取得並採用的一項技術。另外我們也在現有可
保證資料完整性以及可驗證性的基礎下，採用進階的簽章架構來達到晶片中資料
的保密性，藉以達到防止商品偽冒以及證實合法商家的功能。

Statistics show a great increase in the seizure amount of counterfeit goods over
the past few years, and they are mostly infringements that violate Intellectual Property
Rights (IPR). Besides counterfeiting problems, fencing is another major threat
to the global economic market. Counterfeit goods and stolen goods are largely being
sold through illegal or on-line markets, and many solutions have been brought up
to combat counterfeiting and fencing problems.
Within these solutions, many rely on efficient and secure cryptography techniques
to ensure the legality of products or the integrity of information embedded
in products. However, consumers have great difficulty participating in the combat
of counterfeiting goods if the countermeasures require special equipment or inconvenient
processes. In order to include consumers in the fight against counterfeit or
stolen goods, we should make use of the technical equipments and techniques that
are easily used and owned by consumers.
In this thesis, we propose a solution framework using Near Field Communication
(NFC) on smartphones applied with keyed PV (Pintsov-Vanstone) signature
to give consumers the ability to detect counterfeit or fenced products. NFC-based
smartphones are becoming the trend and taking up higher and higher percentage
among all phones, and with the NFC phone owner population growing, NFC is
a promising technique to use in this scenario of combating counterfeit and fenced
goods. We also suggest using keyed PV signature which not only ensures integrity
and authenticity, but also the confidentiality to prove both the genuineness of the
products and legality of the sellers.

Table of Contents i
List of Figures iii
List of Tables v
1 Introduction 1
2 Background 3
2.1 Economic Crimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1.1 Counterfeiting . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1.2 Fencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1.3 E-counterfeiting and E-fencing . . . . . . . . . . . . . . . . . 8
2.2 NFC Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.1 NFC Specification . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2.2 NFC Signature Record Type Definition . . . . . . . . . . . . . 11
3 Related Works 12
3.1 The Saeed et al Framework . . . . . . . . . . . . . . . . . . . . . . . 12
3.2 Keyed PV Signature Scheme . . . . . . . . . . . . . . . . . . . . . . . 13
4 Design Framework 14
4.1 Design Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2 Design Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2.1 The use of Keyed PV Signature . . . . . . . . . . . . . . . . . 16
4.2.2 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.3 Tag Issue Stage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3.1 Stage Description . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.4 Process Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
i
4.5 Tag Verification Stage . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.5.1 Stage Description . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.5.2 Process Details . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.5.3 Achieved Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.6 Primary Sale Stage . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.6.1 Stage Description . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.6.2 Process Details . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.6.3 Achieved Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.7 Buyer Verification Stage . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.7.1 Stage Description . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.7.2 Process Details . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.7.3 Achieved Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.8 Secondary Sale Stage . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.8.1 Stage Description . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.8.2 Process Details . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.8.3 Achieved Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.9 Passing On Verification Code . . . . . . . . . . . . . . . . . . . . . . 34
5 Proof of Concept 36
5.1 Simplified Message Structure . . . . . . . . . . . . . . . . . . . . . . 36
5.2 Brief Structure of Application . . . . . . . . . . . . . . . . . . . . . . 37
5.3 Implementation Result . . . . . . . . . . . . . . . . . . . . . . . . . . 38
5.3.1 Tag Issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
5.3.2 Tag Verification . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.3.3 Seller Activation (Primary) . . . . . . . . . . . . . . . . . . . 41
5.3.4 Buyer Verification . . . . . . . . . . . . . . . . . . . . . . . . 42
5.3.5 Seller Activation (Secondary) . . . . . . . . . . . . . . . . . . 43
6 Analysis 44
6.1 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6.1.1 NFC Communication Security . . . . . . . . . . . . . . . . . . 45
6.1.2 NFC Tag Security . . . . . . . . . . . . . . . . . . . . . . . . 46
6.1.3 Server Communication Security . . . . . . . . . . . . . . . . . 48
6.2 Economic Value Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 50
7 Conclusion 52

[1] Counterfeiting Intelligence Bureau. http://www.iccwbo.
org/products-and-services/fighting-commercial-crime/
counterfeiting-intelligence-bureau/. 2013.
[2] Homeland Security. Intellectual property rights seizures statistics fiscal year
2013.
[3] Barry Berman. Strategies to detect and reduce counterfeiting activity. Business
Horizons, vol.51(no.3):pp.191–199, 2008.
[4] The Federal Bureau of Investigation. Property crime http://www.fbi.gov/
about-us/cjis/ucr/crime-in-the-u.s/2013/crime-in-the-u.s.-2013.
2013.
[5] Michael Sutton. Operations of fencing http://www.popcenter.org/
problems/stolen_goods/.
[6] Wikipedia. Taobao fake goods http://zh.wikipedia.org/wiki/%E6%B7%98%
E5%AF%B6%E5%94%AE%E8%B3%A3%E5%81%87%E8%B2%A8%E4%BA%8B%E4%BB%B6.
[7] TechNews. http://technews.tw/2014/11/21/taobao/.
[8] howstuffworks. How efencing works http://computer.howstuffworks.com/
efencing.htm.
[9] NearFieldCommunication.org. http://www.nearfieldcommunication.org/
technology.html.
53
[10] NFC Forum. Nfc forum specification architecture http://nfc-forum.
org/our-work/specifications-and-application-documents/
specifications/.
[11] Wikipedia. Signature record type definition http://en.wikipedia.org/wiki/
Signature_Record_Type_Definition.
[12] Colin D.Walter Muhammad Qasim Saeed, Zeeshan Bilal. An nfc based
consumer-level counterfeit detection framework. In 2013 Eleventh Annual Conference
on Privacy, Security and Trust (PST), 2013.
[13] Greg Zaverucha Tony Rosati. Elliptic curve certificates and signatures for nfc
signature records. 2011.
[14] Klemens Breitfuß Ernst Haselsteiner. Security in near field communication (nfc)
strengths and weaknesses. 2006.
[15] Wikipedia. Replay attack http://en.wikipedia.org/wiki/Replay_attack.