Security enhancement of an IC-card-based remote login mechanism

Wang et al. presented a remote password authentication scheme using IC (Integrated Circuit) cards in 2004. Unfortunately, we discovered that their scheme is unable to withstand the forgery attack. We consequently propose in this paper a novel version to resist this kind of attacks. Furthermore, our scheme can also provide mutual authentication between a remote server and login users. The security of our scheme is based on the public one-way hash function. What is more, the timestamp mechanism is applied in our scheme to protect such potential attacks in the case that an intruder may replay a previously intercepted login request to access the remote server.