Abstract: Compared with single-server authentication scheme, the protocol for multi-server has a lot of advantages such as the user doesn’t need to remember various passwords and register for every application servers. In 2015, Qu Juan et al proposed a new scheme based on chaotic map for multi-server environment. From the analysis, this protocol still has a lot of disadvantages: it is vulnerable to suffer repeat registration attack; the method for processing biometrics is not right; the authentication scheme is not robust; there are some design flaws in this paper. In order to solve these problems, a new three factor authentication scheme based on secure sketch and Chebyshev chaotic map has been proposed. From the analysis, the proposed scheme not only has higher security but also deals with biometric more appropriately than Qu et al’s scheme. Furthermore, an access control method has been introduced in it for the purpose of making different users enjoy different access privileges. At the same time, the proposed scheme can achieve key agreement not only between the user and application servers but also between application servers and the Register Center（RC）.

Key words: multi-server, authentication, secure sketch, Chebyshev chaotic map, three-factor

摘要： 相比单服务，多服务器环境的认证方案具有不需要用户重复注册和记忆多个密码等优点，近年来受到学界关注。2015年，屈娟等人提出一个多服务器环境下基于切比雪夫多项式的三因素身份认证方案。相比目前其他多服务器环境的身份认证方案，该方案具有一定新意。但通过分析可以发现该方案仍然存在如下缺陷：容易受到重复注册攻击；生物特征处理不恰当；认证过程严重依赖注册中心，容易遭受拒绝服务器攻击以及系统整体健壮性不高；协议部分设计存在不合理之处。为了解决上述问题，提出基于安全概略和切比雪夫多项式的三因素身份认证方案。通过分析可知该方案虽然计算量有所提升但是能较好解决屈娟等人所提方案存在的安全威胁，同时该方案也能实现访问控制。

关键词: 多服务器, 身份认证, 安全概略, 切比雪夫多项式, 三因素