Hakimeh Ameri - MSC in E-Commerce, Department of Industrial Engineering, KN Toosi University Of Technology, Tehran, Iran corresponding author
Shahriar Mohammadi - Assistant Professor of Industrial Engineering Department, KN Toosi University Of Technology, Tehran, Iran;

The strong and reliable user authentication is one of the important issues that still is remained as a goal for researchers in the field. Li, Lee and Wang proposed a two-factor user authentication scheme in 0212. Their scheme was an improvement on Yoon et al. algorithm which was unable to resist denial of service attack and performs only user authentication. The algorithm provided by Li, Lee and Wang has three phases including registration phase, login phase and authentication phase and provided mutual authentication and they claim it can resist potential attacks. Unfortunately, this research showed that Li, Lee and Wang’s scheme is failed in insider attack and cannot assure user’s anonymity. In this paper, a novel mechanism based on Li, Lee and Wang’s scheme which can eliminate the vulnerability with the use of nonce and salted hash, is proposed. Our scheme also has a freely change password phase and does not need to involve registration center

insider attack, key agreement, mutual authentication, mobile devices