Provable secure and efficient digital rights management authentication scheme using smart card based on elliptic curve cryptography (Q1666610)

Summary: Since the concept of ubiquitous computing is firstly proposed by Mark Weiser, its connotation has been extending and expanding by many scholars. In pervasive computing application environment, many kinds of small devices containing smart cart are used to communicate with others. In [``Enhanced digital rights management authentication scheme based on smart card'', IET Inf. Secur. 7, No. 3, 189--194 (2013; \url{doi:10.1049/iet-ifs.2012.0191})], \textit{H.-W. Yang, C.-C. Yang} and \textit{W. Lin} proposed an enhanced authentication scheme using smart card for digital rights management. They demonstrated that their scheme is secure enough. However, \textit{D. Mishra} and \textit{S. Mukhopadhyay} [``Cryptanalysis of Yang et al.'s digital rights management authentication scheme based on smart card'', Commun. Comput. Inf. Sci. 420, 288--297 (2014; \url{doi:10.1007/978-3-642-54525-2_26})] pointed out that Yang, Yang and Lin's scheme [loc. cit.] suffers from the password guessing attack and the denial of service attack. Moreover, they also demonstrated that Yang, Yang and Lin's scheme [loc. cit.] is not efficient enough when the user inputs an incorrect password. In this paper, we analyze Yang, Yang and Lin's scheme [loc. cit.] again, and find that their scheme is vulnerable to the session key attack. And, there are some mistakes in their scheme. To surmount the weakness of Yang, Yang and Lin's scheme [loc. cit.], we propose a more efficient and provable secure digital rights management authentication scheme using smart card based on elliptic curve cryptography.