A flexible user authentication scheme for multi-server internet services

Abstract

Due to the rapid progress of information technology, computer systems with the client/server architecture have been becoming a new way in multi-user computing environments. For the environment of single server, the issue of remote login authentication has already been solved by a variety of schemes, but it has not been efficiently solved for multi-server Internet environments yet. In this paper, we will present an efficient smart card based remote login authentication scheme for multi-server Internet environments, which can verify a single password for logining multiple authorized servers without using any password verification table. The objective of the new scheme emphasizes that any client can get service grant from multiple servers without repetitive registration to each server. The proposed scheme's advantages include that not only repetitive registration for various servers is avoided, but also the network users can freely choose their preferred passwords and be deleted easily by the system. Moreover, security analyses about the impersonation and replay attacks on the proposed scheme validate the feasibility of the scheme.