Skip to Main Content
A new remote password authentication scheme based on IC cards is proposed in this paper. By using the scheme, a remote password can be authenticated without either a password file or a verification table. A user first applies for an account in the financial organization and then uses the given IC card to login. In the login phase, a user inputs the identity and password, transmits the generated values to the center. In the authentication phase, the system uses the secret key and remotely submitted message to verify whether the request is legal or not. A one-time-used random number and a timestamp are supplied to protect the potential attacks, which may replay a previously intercepted login request. Further, by using the characteristics of IC cards, the proposed scheme is very suitable for authenticating passwords remotely.