When customers enjoy the benefits from pervasive electronic applications such as mobile payment and online transaction, what we cannot ignore is that the adversaries may infringe privacy by cracking the authentication information. As an effective countermeasure, considerable smart-card-based ID authentication schemes have been proposed. However, these methods are found actually more or less vulnerable to certain attacks. Therefore, we propose a scheme based on smart card's mutual authentication mechanism, which can completely hide all the information concerned with the user's ID and defeat most known attacks launched by the adversaries. When the user uses the same identity and password to register different accounts, the attacker cannot obtain the user's password even if he or she knows the user's corresponding identity and cannot achieve a password-guessing attack. Compared with several prevalent schemes, without sacrificing the computational efficiency, our solution can achieve higher security.