Authentication is the first line of defense against compromising confidentiality and integrity . Though traditional login/password based schemes are easy to implement, they have been subjected to several attacks. As alternative, token and biometric based authentication systems were introduced. However, they have not improved substantially to justify the investment.
Most of the existing authentication schemes require processing both at the client and the server end. Thus, the acceptability of any authentication scheme greatly depends on its robustness against attacks as well as its resource requirement both at the client and at the server end. The resource requirement has become a major factor due to the proliferation of mobile and hand-held devices.