An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics

Password-based remote user authentication schemes are widely investigated, with recent research increasingly combining a user's biometrics with a password to design a remote user authentication scheme that enhances the level of the security. However, these authentication schemes are designed for a single server environment and result in users needing to register many times when they want to access different application servers. To solve this problem, in this paper we propose an anonymous multi-server authenticating key agreement scheme based on trust computing using smart cards, password, and biometrics. Our scheme not only supports multi-server environments but also achieves many security requirements. In addition, our scheme is a lightweight authentication scheme which only uses the nonce and a hash function. From the subsequent analysis, the proposed scheme can be seen to resist several kinds of attacks, and to have more security properties than other comparable schemes. (C) 2013 Elsevier Ltd. All rights reserved.