Integrating access control with user authentication using smart cards

摘要

Jan and Tseng (see IEE Proc. Comput. Digit. Tech., vol.145, no.6, p.419-24, 1998) proposed two integrated schemes of user authentication and access control which can be used to implement a protection system in distributed computer systems. However, Lee (2000) showed that both schemes were insecure. Although Lee modified Jan-Tseng's second scheme to withstand the proposed attacks, how to repair Jan-Tseng's first scheme to prevent Lee's attacks is still unknown. Thus, this paper proposes an improvement of Jan-Tseng's first scheme using smart cards to withstand Lee's attacks and the replay attack. The security of the proposed scheme is based on the difficulty of solving discrete logarithms. The proposed scheme holds the following advantages (1) servers do not need to keep any secret information about the system or the users; and (2) the updating processes for the modification of access rights are very efficient.