||It is necessary to authenticate users when they want to access services in WLANs. Extensible|
Authentication Protocol (EAP) is an authentication framework widely used in WLANs. Authentication
mechanisms built on EAP are called EAP methods. The requirements for EAP
methods in WLAN authentication have been defined in RFC 4017. Besides, low computation
cost and forward secrecy, excluded in RFC 4017, are noticeable requirements in WLAN authentication.
However, all EAP methods and authentication schemes designed for WLANs so
far do not satisfy all of the above requirements. Therefore, we will propose an EAP method
which utilizes three factors, stored secrets, passwords, and biometrics, to verify users. Our
proposed method fully satisfies 1) the requirements of RFC 4017, 2) forward secrecy, and
3) lightweight computation. Moreover, the privacy of biometrics is protected against the authentication
server, and the server can flexibly decide whether passwords and biometrics are
verified in each round or not.