A Remote User Authentication Scheme with Anonymity for Mobile Devices

With the rapid growth of information technologies, mobile devices have been utilized in a variety of services such as e‐commerce. When a remote server provides such e‐commerce services to a user, it must verify the legitimacy of the user over an insecure communication channel. Therefore, remote user authentication has been widely deployed to verify the legitimacy of remote user login requests using mobile devices like smart cards. In this paper we propose a smart card‐based authentication scheme that provides both user anonymity and mutual authentication between a remote server and a user. The proposed authentication scheme is a simple and efficient system applicable to the limited resource and low computing performance of the smart card. The proposed scheme provides not only resilience to potential attacks in the smart card‐based authentication scheme, but also secure authentication functions. A smart card performs a simple one‐way hash function, the operations of exclusive‐or and concatenation in the authentication phase of the proposed scheme. The proposed scheme also provides user anonymity using a dynamic identity and key agreement, and secure password change.