Enhancement of a timestamp-based password authentication scheme

Yang and Shieh have proposed a timestamp-based password authentication scheme using smart card. The weakness of Yang and Shieh's scheme is submitting password in plaintext and not authenticating key information center(KIC) by user. The new scheme improved the process of registration, login, authentication and update password. The user submitted the password's hash value instead of the password's plaintext, and shared the secret information with the KIC. Submitting the password's hash value is the same as password in authentication, and avoiding the password's exposure. With the secret information, the user can authenticate the KIC. The new scheme can overcome all of the above vulnerabilities, can resist the forged login attack and never revel the privacy of user even if the server is attacked.