a novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks：一种新型的和可证明安全的生物识别技术为基础的三因素的远程身份认证方案的移动客户端–服务器网络.pdf

Computers and Electrical Engineering 45 (2015) 274–285 Contents lists available at ScienceDirect Computers and Electrical Engineering journal homepage: /locate/compeleceng A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks q Fan Wu a,⇑, Lili Xu b, Saru Kumari c, Xiong Li d a Department of Computer Science and Engineering, Xiamen Institute of Technology, Xiamen 361021, China b School of Information Science and Technology, Xiamen University, Xiamen 361005, China c Department of Mathematics, Agra College, Agra, Dr. B.R.A. University, Agra 282002, Uttar Pradesh, India d School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan 411201, China a r t i c l e i n f o a b s t r a c t Article history: The biometrics, the password and the storage device are the elements of the three-factor Received 8 July 2014 authentication. In 2013, Yeh et al. proposed a three-factor user authentication scheme based Received in revised form 23 February 2015 on elliptic curve cryptography. However, we find that it has weaknesses including useless Accepted 23 February 2015 user identity, ambiguous process, no session key and no mutual authentication. Also, it Available online 12 March 2015 cannot resist the user forgery attack and the server spoofing attack. Moreover, Khan et al. pro- pose a fingerprint-based remote authentication scheme with mobile devices. Unfortunately Keywords: