Skip to Main Content
Recently, Peyravian and Jeffries proposed an efficient password authentication scheme with key agreement, which utilizes no extra tokens and freely updates account numbers and passwords for users. Unfortunately, due to the fact that the integrity is not well protected, it is still vulnerable to the fatal weaknesses. To overcome these security flaws, we propose an enhanced version with novel architecture. Our proposed scheme not only processes the merits that such token-free based schemes have, but also establishes multiple session keys in each session. Moreover, our proposed scheme does not lead heavy burden for users and is easier to implement than the previously similar ones.