Skip to Main Content
Recently, a privacy enhanced authentication and key agreement protocol was proposed using elliptic curve cryptograph technology. The scheme is insecure, however, against replay attacks within valid period of certificate and loses users' privacy that should be protected. In this paper we propose an improved authentication and key agreement protocol by employing smart card and random number technology. Replay attacks are thus blocked without the need of time synchronization between computers. Moreover, we develop a secure mechanism to protect users' identity privacy and a convenient password change method without the participation of the server. Our protocol is more secure compared with others at similar computation cost in the authentication period.