A password authentication scheme with secure password updating
The rapid development of information and network technologies motivates the emergence of various new computing paradigms, such as distributed computing, cloud computing, and edge computing.
This also enables more and more network enterprises to provide multiple different services simultaneously.
In addition, it also increases the damage of password disclosure.
To improve the usability of password and smart card based authentication scheme, researchers propose to design this kind of authentication scheme for multiserver architecture.
However, for a system user, this will bring tremendous workload of managing passwords and smart cards issued by different service providers.Informally, in the improved scheme, each user just needs to register with a registration center and then can access any service provided by those servers managed by the registration center.Specifically, Yeh  recently proposed such authentication scheme based on RSA cryptosystem and proved its security in the random oracle model.  found that Yeh’s scheme fails to provide mutual authentication and key agreement, which are basic security requirements of an authentication scheme.Performance discussion demonstrates that our scheme has advantages in terms of both security property and computation efficiency and thus is more desirable for practical applications in multiserver environment.The authentication and key agreement protocol is one of fundamental building blocks for securing communications over the Internet.