中文摘要：

论文通过对各种用户名、密码身份认证方式的安全实质、弱点及可行的攻击方法进行了理论分析．指出它不仅是弱安全性的，而且是由服务器所操控的身份认证方式，同时对认证函数的选取提出几条建议。论文在指出基于公钥密码算法的身份认证才是真正用户可操控的、高安全性的身份认证方式的同时，重点将它与数字签名进行对比。另外针对存储有用户的公、私钥的智能卡丢失所带来的安全隐患。提出了一种完备的解决方案。最后提出了根据不同的安全需求和应用场合，合理地运用各种身份识别方案的观点。

英文摘要：

This paper analyzes security of various user authentication schemes based on password and gives an analysis of potential attack in theory.h not only points out that these kind of authentication schemes is weakly security,but also concludes that the security of users＇ account is totally controlled by server side no matter how the schemes change. Then it brings forward several advices about authentication function.It points out that the user authentication scheme based on public key algorithm is the only one controlled by users and secure,and compares it with digital signature. Then brings forward a better solution to the potential problem that smart cards are lost.At last,it presents a fundamental principle of selecting of user authentication scheme.