With the rapid development of the Internet and electronic commerce, a user wants to access different servers and obtain numerous different network services. However, when the user runs the single-server authentication protocol to login and access different remote service, the user has to remember numerous different identities and passwords. In order to resolve this problem, various multi-server authentication protocols have been proposed. Recently, Lee et al. proposed a dynamic identity based remote user authentication scheme for multi-server environment. They claimed that their protocol provides user's anonymity and mutual authentication and can resist a masquerade attack and a server spoofing attack. However, we find that Lee et al.'s scheme suffers from tractability of the user, impersonation attack, server spoofing attack, stolen smart card attack, lack of mutual authentication and counterfeit smart card attack. This paper proposes a secure privacy-preserving remote user authentication protocol for multi-server architecture that removes the aforementioned weaknesses.

• 出版日期2012-4
• 单位江西财经大学