In recent years, m-commerce technology has been maturing. Various mobile devices are now designed to help users reach the servers of service providers and to process tasks such as stock trading, product purchasing, product information collecting, and so on. Once the services are only available to the members, authentication is applied to verify the identities of users. However, most current authentication methods used in m-commerce are designed for wired networks and require high computation costs, making them unsuitable for wireless environments.A one-time password authentication scheme that uses lighter computation and considers the limitations of mobile devices is proposed in this paper. Meanwhile, the proposed scheme is free from replay attacks, server spoofing attacks, off-line dictionary attacks, active attacks, and revelation of message contents.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Chris J. Mitchell , Liqun Chen, Comments on the S/KEY user authentication scheme, ACM SIGOPS Operating Systems Review, v.30 n.4, p.12-16, Oct. 1996  [doi>10.1145/240799.240801]
	2	N. M. Haller, "On Internet Authentication," RFC 1704, October 1994.
	3	N. M. Haller, "The S/KEY One-Time Password System," RFC 1760, February 1995.
	4	N. M. Haller, "A One-Time Password System," RFC 1938, May 1996.
	5	P. Mackenzie and R. Swaminthan, "Secure Network Authentication with Password Identification," presented to the IEEE P1363 working group, 1999.
	6	Sung-Ming Yen , Kuo-Hong Liao, Shared authentication token secure against replay and weak key attacks, Information Processing Letters, v.62 n.2, p.77-80, April 28, 1997  [doi>10.1016/S0020-0190(97)00046-X]
	7	Ronald L. Rivest and Adi Shamir, "PayWord and MicroMint: Two Simple Micropayment Schemes," CryptoBytes, Vol. 2, No. 1, Spring 1996, pp. 7--11.
	8	T. Wu, "The Secure Remote Password Protocol," in Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, CA, March 1998, pp. 97--111.
	9	T. C. Yeh, H. Y. Shen, J. J. Hwang, "A Secure One-Time Password Authentication Scheme Using Smart Cards," IEICE Transactions on Communications, Vol. E85, No. 11, 2002, pp. 2515--2518.