As the internet technology's evolution, identity authentication in the network is becoming more and more significant. In 2014, Qu et al. proposed a two-factor remote mutual authentication and key agreement scheme. They pointed out that their scheme could withstand smart card loss attack, offline password guessing attack, impersonation attack and so on. However, based on our analysis, it shows that the scheme suffers from offline password guessing attack and impersonation attack. Moreover, their scheme could not achieve perfect user anonymity. In this paper, we propose a scheme, which can withstand those attacks mentioned above. After the function and efficiency comparison with other schemes, our scheme is much more secure and practical as the secure universal access control mechanism.

• 出版日期2015-11
• 单位武汉大学