基于智能卡和可撤除2DPalmPhasor码的远程用户身份认证方案

Palmprint-based authentication systems is widely accepted as a reliable form of authentication compared to other traditional schenmes. However, the open nature of remote authentication makes palmprint systems vulnerable to replay attack and other remote fraudulent attacks. Therefore, the usage of palmprint systems for remote authentication is still very limited. This paper proposes a new remote mutual authentication scheme based on cancelable palmprint using smart cards over an open network. In the proposed scheme, the cancelable 2DPalmPhasor codes are stored in the smart cards and users are allowed to modify their passwords freely, so the scheme has excellent cancelability. Moreover, dual-key-binding framework is adopted to solve the sensitive fundamental property of the one-way hash function and random number mechanism is used to resist replay attack and man-in-man attack. The analysis shows that the scheme provides secure, efficient, reliable and practical remote mutual authentication.