Using the great one-time password concept, the widely utilized one-way authentication scheme S/Key provides well protection against replay attacks. In this paper, S/key is enhanced to secure transactions in a critical environment. The proposed scheme is free from any of server spoofing attacks, preplay attacks, and off-line dictionary attacks. A session key here is also established to provide confidentiality. Moreover, simplicity and efficiency are taken into consideration from the user's point of view. A smart card is applied to simplify the user login process and only the hash function is used to keep its efficiency. Therefore, the scheme proposed hereinafter is able to build a safer shield for sensitive transactions like on-line banking or on-line trading in bonds and securities.

Peyravian and Zunic (2000) presented two schemes for protecting password transmission and password change respectively. Like the traditional authentication scheme using passwords, the two new schemes are also vulnerable to attacks like guessing attacks, server spoofing, and server data eavesdropping. This paper will give demonstrations on what have caused to these drawbacks, and more of that, two improved schemes are also proposed which are free from worries of those possible attacks.

Lam, Chung, Gu and Sun (2003) proposed a lightweight security mechanism for mobile commerce transactions to meet the security needs in the face of the resource constraints of mobile devices. End-to-end security between the mobile device and the mobile commerce provider is established. However, its security builds on the assumption that customers can confirm every mobile commerce provider's public key by themselves before each transaction. Moreover, the mechanism still produces high overhead on the mobile device. This paper elucidates the causes of these drawbacks, and an enhanced mechanism is also proposed to protect mobile commerce transactions more effectively and efficiently.