Using smart cards to authenticate passwords

Abstract

A password authentication scheme which can verify remote passwords without the use of a verification table is presented. Each user possesses a smart card which is used for login and authentication, as introduced by A. Shamir (1985). During the login, the user types in his identity and the password associated with his smart card, along with the identity of the other user with whom he wishes to communicate. The smartcard uses a signature scheme to check whether or not the login can be accepted. As well as modifying Shamir's algorithm for the signature scheme checking by using a theorem about relatively prime numbers, one also adds communication timestamps to prevent replaying of a previously intercepted login request.<>