在無線射頻識別(Radio Frequency Identification, RFID)技術的持續進步下，透過結合RFID技術與行動通訊技術產生出的行動讀取器(Mobile Reader)造就了Mobile RFID環境，並且使得RFID的服務範圍可不再受到讀取器地點的限制。然而，多數的RFID方法都需要讀取器將資訊藉由與後端資料庫連線，傳回至後端資料庫進行識別與認證，其應用依然會受限於無線網路存取的問題而有所侷限。
對於行動讀取器無法與後端資料庫連線的環境，相關學者提出了委任方法，讓行動讀取器透過事先經後端資料庫委任授權的方式，便讓行動讀取器可於離線的狀態下識別標籤。但是，行動讀取器被委任的權限一旦失效後，其仍然必須要存取無線網路與後端資料庫連線取得新的委任方可再次讀取標籤，因此為了解決在無法與後端資料庫連線的環境下，行動讀取器仍然必須取得讀取標籤委任權限的問題，我們提出適用於Mobile RFID環境下之離線委任轉移協定，讓無法連線到後端資料庫而委任權限用盡的行動讀取器可向另一同樣擁有該讀取標籤權限的行動讀取器要求委任的轉移，以解決無法獲得委任授權的問題。除此之外，我們所提出的協定還可防止惡意攻擊者進行重送攻擊、中間人攻擊、資料不同步阻斷服務攻擊、偽造標籤和猜測攻擊等攻擊的種種威脅，並且滿足向前安全性、向後安全性、資料隱私和位置隱私的安全性。

With the rapid development of Radio Frequency Identification (RFID), the combination of mobile devices and readers has seen wide application of mobile RFID. It is no longer confined by its locations. However, most RFID protocols still need to perform authentication and identification on back-end servers, which means all the date required is sent through the reader-server communications. Such methods inevitably cause some inconvenience to users because of the limitations of wireless communications.
Some studies have proposed new delegation approaches to deal with the wireless communications between mobile readers and back-end servers. The servers can delegate mobile readers in advance, so that the readers can identify tags in an off-line mode. The problem is once the delegation expires mobile readers still need to establish connection with back-end servers for new delegation. For this reason, we propose a new delegation protocol for mobile readers to perform delegation transfer. In our protocol, if a mobile reader’s delegation expires, it can ask for delegation transfer from another reader that has been authorized to access the same tag. Besides, our delegation protocol can also guarantee forward/backward secrecy and secure data privacy and location privacy. It can stand most RFID threats, such as replay attacks, Man-in-the-Middle attacks (MITM), pseudo tags, and denial of service (DoS) attacks.

目錄
中文摘要 I
Abstract II
誌謝 III
目錄 IV
圖目錄 V
表目錄 VI
1 前言 1
2 離線委任轉移之環境假設與委任授權 3
2.1 環境假設 3
2.2 控管委任授權 4
2.3 初始狀態 6
2.3.1 初始化設定 7
2.3.2 初始階段 8
3 離線委任轉移協定 9
3.1 離線標籤認證協定 9
3.2 離線讀取標籤協定 11
3.3 離線委任轉移協定 13
4 安全性分析 18
5 複雜度分析 20
6 證明 23
7 結論 32
8 參考文獻 33

圖目錄
圖 1離線委任轉移協定 3
圖 2離線委任轉移方法環境架構 4
圖 3委任權限的控管 6
圖 4委任授權協定 8
圖 5離線認證協定 10
圖 6離線讀取標籤協定 12
圖 7離線委任轉移 14
圖 8離線委任轉移協定(一) 15
圖 9離線委任轉移協定(二) 16
圖 10離線委任轉移協定(三) 17

表目錄
表 1讀取控制表 5
表 2委任授權表 7
表 3離線委任轉移協定符號定義表 7
表 4離線委任相關論文之比較 20
表 5離線委任轉移方法之計算量評估表 21
表 6離線委任的相關研究平均計算量比較 21
表 7邏輯證明的符號定義 23

參考文獻
[1]H. B. Chen, W. B. Lee, Y. H. Zhao and Y. L. Chen, “Enhancement of the RFID Security Method with Ownership Transfer,” In Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication, Suwon, Korea, pp. 251–254, 2009.
[2]EPCglobal Inc, Retrieved Jan. 11, 2011, from the World Wide Web: http://www.epcglobalinc.org/home
[3]S. Fouladgar and H. Afifi, “A simple delegation scheme for RFID systems (SiDeS),” In Proceedings of the IEEE International Conference on RFID, Grapevine, TX, USA, pp. 1–6, 2007.
[4]S. Fouladgar and H. Afifi, “An efficient delegation and transfer of ownership protocol for RFID tags,” In Proceedings of the First International EURASIP Workshop on RFID Technology, Vienna, Austria, pp. 59–62, 2007.
[5]S. Fouladgar and H. Afifi, “A simple privacy protecting scheme enabling delegation and ownership transfer for RFID tags,” Published in Journal of Communications, Vol. 2, pp. 6–13, 2007.
[6]Li Gong, Roger Needham and Raphael Yahalom, “Reasoning about Belief in Cryptographic Protocols,” In Proceedings of 1990 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 234–248, 1990.
[7]M. Hell, T. Johansson and WilliMeier, “Grain - a stream cipher for constrained environments,” Published in International Journal of Wireless and Mobile Computing, Vol. 2, No. 1, pp. 86–93, 2007.
[8]A. Juels, “RFID security and privacy: a research survey,” Published in IEEE Journal on Selected Areas in Communications, Vol. 24, No. 2, pp. 381–394, 2006.
[9]G. Kapoor and S. Piramuthu, “Vulnerabilities in Some Recently Proposed RFID Ownership Transfer Protocols,” Published in IEEE Journal of Communications Letters, Vol. 14, No. 3, pp. 260–262, 2010.
[10]K. H. S. S. Koralalage, M. R. Selim, J. Miura, Y. Goto and J. Cheng, “POP Method: An Approach to Enhance the Security and Privacy of RFID Systems Used in Product Lifecycle with an Anonymous Ownership Transferring Mechanism,” In Proceedings of the 2007 ACM Symposium on Applied Computing, Seoul, Korea, pp. 270–275, 2007.
[11]N.Y. Lee and 李育賢, “Off-line authentication protocol for RFID tags,” In Proceedings of 2008第三屆數位教學暨資訊實務研討會EITS2008, 2008, pp. 34.
[12]D. Molnar, A. Soppera and D. Wagner, “A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags,” In Proceedings of Selected Areas in Cryptography, Vol. 3897, pp. 276–290, 2005.
[13]K. Osaka, T. Takagi, K. Yamazaki and O. Takahashi, “An Efficient and Secure RFID Security Method with Ownership Transfer,” In Proceedings of 2006 International Conference on Computational Intelligence and Security, Vol. 2, pp. 1090–1095, 2006.
[14]A. Poschmann, G. Leander, K. Schramm and C. Paar, “New Light-Weight Crypto Algorithms for RFID,” In Proceedings of 2007. IEEE International Symposium on Circuits and Systems (2007. ISCAS) , pp. 1843-–1846, 2007.
[15]M. H. Yang and J.-N. Luo, “Authentication Protocol in Mobile RFID Network,” In Proceedings of the 2009 Fourth International Conference on Systems (ICONS’09) , pp.108–113, 2009.
[16]M. H. Yang, “Controlled Delegation Protocol in Mobile RFID Networks,” Published in Eurasip Journal on Wireless Communications and Networking, Vol. 2010, Article ID 170150, 2010.
[17]M. H. Yang and H. Y. Hu, “Protocol for ownership transfer across authorities: with the ability to assign transfer target,” Published online in Wiley Online Library (wileyonlinelibrary.com). doi: 10.1002/sec.300, Security and Communication Networks, 2011,
[18]Ming Hour Yang, “Across-authority lightweight ownership transfer protocol,” Published in Electronic Commerce Research and Applications, Vol. 10, No. 4, pp. 375–383, 2011.
[19]Eun-Jun Yoon, Kee-Young Yoo, “Two Security Problems of RFID Security Method with Ownership Transfer,” In Proceedings of the 2008 IFIP International Conference on Network and Parallel Computing, pp. 68-73, 2008.
[20]羅嘉寧、楊明豪、許博宇， “行動式無線射頻技術委任授權協定之分析及改良,” In Proceedings of Cryptology and Information Security Conference 2011, Yunlin, Taiwan, 2011.