A Novel Multifactor Two-Server Authentication Scheme under the Mobile Cloud Computing

Because the authentication method based username-password has the disadvantage of easy disclosure and low reliability, and also the excess password management degrades the user experience tremendously, the user is eager to get rid of the bond of the password in order to seek a new way of authentication. Therefore, the multifactor biometrics-based user authentication wins the favor of people with advantages of simplicity, convenience and high reliability, especially in the mobile payment environment. Unfortunately, in the existing scheme, biometric information is stored on the server side. As thus, once the server is hacked by attackers to cause the leakage of the fingerprint information, it will take a deadly threat to the user privacy. Aim at the security problem due to the fingerprint information in the mobile payment environment, we propose a novel multifactor two-server authentication scheme under mobile computing (MTSAS). In the MTSAS, it divides the authentication method and authentication means, in the meanwhile, the user's biometric characteristics cannot leave the user device. And also, MTSAS chooses the different authentication factors depending on the privacy level of the authentication, and then provides the authentication based on the different security levels. BAN logic's result proves that MTSAS has achieved the purpose of authentication, and meets the security requirements. In comparison with other schemes, the analysis shows that the proposed scheme MTSAS not only has the reasonable computational efficiency, but also keeps the superior communication cost.