• multi-server;
  • password authentication protocol;
  • smart card;
  • password change;
  • key agreement


With the popularity of Internet and wireless networks, more and more network architectures are used in multi-server environment, in which users remotely access servers through open networks. For the reliability of accessing these remote services, user must pass a verification procedure to obtain the authorization for legal resource acquisition and data exchange. Recently, several dynamic identity-based authentication protocols for multi-server environment have been proposed, but all of these protocols have been cryptanalyzed by other scholars. In this paper, we propose a new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography. The analysis shows that our protocol could overcome security weaknesses in the previously published protocols. Hence, our protocol is more suitable for practical applications. Copyright © 2012 John Wiley & Sons, Ltd.