An efficient generic framework for three-factor authentication with provably secure instantiation

Jiangshan Yu, Guilin Wang, Yi Mu, Wei Gao

Research output: Contribution to journalArticleResearchpeer-review

51 Citations (Scopus)


Remote authentication has been widely studied and adapted in distributed systems. The security of remote authentication mechanisms mostly relies on one of or the combination of three factors: 1) something users know - password; 2) something users have - smart card; and 3) something users are - biometric characteristics. This paper introduces an efficient generic framework for three-factor authentication. The proposed generic framework enhances the security of existing two-factor authentication schemes by upgrading them to three-factor authentication schemes, without exposing user privacy. In addition, we present a case study by upgrading a secure two-factor authentication scheme to a secure three-factor authentication scheme. Furthermore, implementation analysis, formal proof, and privacy discussion are provided to show that the derived scheme is practical, secure, and privacy preserving.

Original languageEnglish
Article number6923423
Pages (from-to)2302-2313
Number of pages12
JournalIEEE Transactions on Information Forensics and Security
Issue number12
Publication statusPublished - Dec 2014
Externally publishedYes


  • Authentication
  • biometrics
  • password
  • privacy
  • security
  • smart card

Cite this