Skip to Main Content
Identity authentication of entities and session key establishment are key to ensure secure transactions in mobile commerce. This paper proposes an identity authentication and key establishment scheme for mobile commerce based on token derived from hash chains. The proposed scheme needs fewer messages to authenticate identities of mobile users called as important entities in the foremost time, as well as session keys used for transaction are negotiated efficiently. The scheme can not only against personating MU, SP and TTP and messages replay attacks, but also can resist DoS attacks effectively.