Abstract
More and more researchers combine biometrics with passwords and smart cards to design remote authentication schemes for the purpose of high-degree security. However, in most of these authentication schemes proposed in the literature so far, biometric characteristics are verified in the smart cards only, not in the remote servers, during the authentication processes. Although this kind of design can prevent the biometric data of the users from being known to the servers, it will result in that they are not real three-factor authentication schemes and therefore some security flaws may occur since the remote servers do not indeed verify the security factor of biometrics. In this paper we propose a truly three-factor remote authentication scheme where all of the three security factors, passwords, smart cards, and biometric data, are examined in the remote servers. Especially, the proposed scheme fully preserves the privacy of the biometric data of every user, that is, the scheme does not reveal the biometric data to anyone else, including the remote servers. Furthermore, we also demonstrate that the proposed scheme is immune to both the replay attacks and the offline-dictionary attacks and it satisfies the requirement of low-computation cost for smart-card users.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
