Abstract

Recently, Ku-Chen proposed an improvement to Chien et al.'s scheme to prevent from some weaknesses. However, the improved scheme is not only still susceptible to parallel session attack, but also insecure for changing the user's password in password change phase. Accordingly, the current paper presents an enhancement to resolve such problems. As a result, the proposed scheme enables users to change their passwords freely and securely without the help of a remote server, while also providing secure mutual authentication.