Abstract

A remote password authentication scheme based on the Chinese remainder theorem is proposed. The scheme can verify the remote password without verification tables. In the initial phase, the password generation centre generates and assigns a password corresponding to each user. The ideas of smart cards and the identity-based signature scheme introduced by Shamir are employed in this phase. Each user possesses a smart card for later login and authentication. In the login phase, the user submits the identity and password associated with the smart card. In the authentication phase, the system verifies the remotely submitted password to check if the login request is accepted or rejected. A signature scheme and communication timestamps are provided in the authentication phase against the potential attacks of replaying a previously intercepted login request.