Date Added: Oct 2011
In 2007, Khan-Zhang made an enhancement based on Lin-Lai's flexible biometrics remote user authentication scheme. The scheme has the merits of providing mutual authentication, no verification table, freely changing password and preventing the server spooling attack. However, this authentication scheme has been found to be vulnerable to the insider attack, the Denial-of-Service (DoS) attack and the clock synchronization problem. To overcome these weaknesses, a novel authentication scheme is proposed in this paper, which is based on nonce instead of time-stamp and fresh tag to overcome the existing DoS attack and clock synchronization problem.