A Highly Robust Approach to NFC Authentication for Privacy-Sensitive Mobile Payment Services

The rapid growth of mobile payment systems has positioned Near Field Communication (NFC) as a core enabling technology. However, conventional NFC protocols primarily emphasize transmission efficiency rather than robust authentication and privacy protection, which exposes users to threats such as eavesdropping, replay, and tracking attacks. In this study, a lightweight and privacy-preserving authentication protocol is proposed for NFC-based mobile payment services. The protocol integrates anonymous authentication, replay resistance, and tracking protection while maintaining low computational overhead suitable for resource-constrained devices. A secure offline session key generation mechanism is incorporated to enhance transaction reliability without increasing system complexity. Formal security verification using the Scyther tool (version 1.1.3) confirms resistance against major attack vectors, including impersonation, man-in-the-middle, and replay attacks. Comparative performance analysis further demonstrates that the proposed scheme achieves superior efficiency and stronger security guarantees compared with existing approaches. These results indicate that the protocol provides a practical and scalable solution for secure and privacy-aware NFC mobile payment environments.