摘要:Multi-server authentication schemes are very practical from a user point of view, since they allow a user to get access to different services on different servers with one single registration. Smart card based approaches lead to more secure systems because they offer two-factor authentication, based on the strict combination of user's password and the possession of the smart card. In this paper, we first show that a previously proposed scheme does not satisfy perfect forward secrecy and is not resistant against insider attacks. Next, we propose a very efficient smart card based authentication scheme, solely using xor and hash operations, which is resistant against dishonest users and servers. Also anonymity and untraceability of user's behaviour is avoided.
