Abstract: Recently Yu Jiang et al. proposed a USB-Key based strong-password authentication scheme (USPA)，and claimed that their scheme was resistant to DoS attack, replay attack, stolen-verifier attack and server impersonation attack. However,we found USPA can't achive these purposes. An improved scheme was advanced and analyzed. The analysis shows that our new scheme precludes the defects of USPA, keeps the merit of high performance, and is suitable for mobile application scenarios where resource is constrained and security is concerned.

Key words: Strong-password, Authentication, Attack, USB-Key