International Journal of Research

Recently, in 2014, He and Wang proposed a robust and green multi-server authentication scheme using biometrics-based clever card and elliptic curve cryptography (ECC). In this paper, we first analyze He-Wang's scheme and display that their scheme is at risk of a recognized consultation unique transient facts attack and impersonation attack. In addition, we display that their scheme does now not provide sturdy consumer's anonymity. Furthermore, He-Wang's scheme can't provide the consumer revocation facility while the clever card is lost/stolen or person's authentication parameter is found out. Apart from those, He-Wang's scheme has some design flaws, which include incorrect password login and its outcomes, and incorrect password update at some stage in password exchange phase. We then suggest a new secure multi- server authentication protocol the usage of biometric-primarily based clever card and ECC with more security functionalities. Using the Burrows-Abadi-Needham common sense, we display that our scheme presents relaxed authentication. In addition, we simulate our scheme for the formal safety verification using the broadly prevalent and used automatic validation of Internet safety protocols and programs tool, and show that our scheme is cozy against passive and active attacks. Our scheme gives high protection at the side of low communication price, computational fee, and form of safety capabilities. As a result, our scheme may be very suitable for battery-constrained cell gadgets in comparison with He-Wang's scheme.