Science & Engineering Research Support soCiety (SERSC)
Recently, user authentication scheme in e-commerce and m-commerce has been becoming one of important security issues. In 2008, the researcher proposed an improved remote user authentication scheme preserving user anonymity. In this paper, the authors analyze the security of Bindu et al.'s authentication scheme, and they demonstrate that their scheme is still insecure against the man-in-the-middle attack, the password guessing attack, and does not provide the user anonymity. Also, they propose an enhanced scheme to withstand the security weaknesses of Bindu et al.'s scheme, even if the secret information stored in the smart card is revealed.