International Journal of Network Security
A multi factor authentication scheme called '3C-Auth' is proposed in this paper. The scheme carries out a comprehensive authentication process using the smart card, secret-pin, registered fingerprint and registered mobile number of the user. The user's password is neither trans-mitted in plaintext form nor revealed to the authentication server. The scheme is shone to be proof against phishing, password guessing, replay, or stolen-verifier at-tacks. Resistance to parallel session and denial of service attacks and the use of QR-code in preference to SMS for OTP transfer together, make the scheme attractive for operation under peak loads.