An Improved Biometric-Based User Authentication Scheme for C/S System

The authors first review the recently proposed Das’s biometric-based remote user authentication scheme, and then show that Das’s scheme is still insecure against some attacks and has some problems in password change phase. In order to overcome the design flaws in Das’s scheme, an improvement of the scheme is further proposed. Cryptanalysis shows that our scheme is more efficient and secure against most of attacks; moreover, our scheme can provide strong mutual authentication by using verifying biometric, password as well as random nonces generated by the user and server.