In the current era of information technology, internet plays an important role. Lots of services are used through the internet. These services are needed to be accessed in a secure and authenticate manner. So, a session key must be established between two parties i.e., server those who provide services and user/client those who use services. In this paper, the authors present a novel approach to establish key between user and server so that they can exchange services between them. For this purpose, they present biometric password based authentication to authenticate user and do user verification at the user side. Also, in the proposed scheme, the server has no need to store verification table to verify user.