Key binding biometrics‐based remote user authentication scheme using smart cards

Remote user authentication schemes using smart cards provide solutions for securing user authentication. The schemes rely on passwords or biometric or both, which fall apart if the password is not kept secret. Additionally, the passwords can be stolen, lost, or forgotten and the stored biometric template is highly susceptible to a number of security and privacy attacks. This study presents a new biometric‐based remote user authentication scheme using smart cards. In this study, the cryptographic key is concealed with a biometric template and discarded in the registration phase. During the login phase, the key is generated using a query biometric template in such a way that the key cannot be retrieved without a successful biometric verification. The strength of the proposed scheme is that it provides resistance to tampering and theft by way of a stored biometric template, privileged insider, and a smart card attacks and achieves some good properties such as it works without password (human memorised) and provides renewable property for the protected biometric template. Additionally, this scheme combines the good features of previous works to further capitalise on their sound security and design features. Security and performance analysis of the proposed scheme shows the advantage over other existing schemes.