Privacy and authentication are very important concepts and service levels to anonymous communications and data confidentiality. Recently, Ren et al. proposed an authentication and access control scheme for preserving privacy in pervasive computing environments (PCEs). However, in this paper, it is demonstrated that the so-called secure, privacy preserving authentication and access control scheme proposed by Ren et al. is vulnerable to service abuse attacks and, as a result, illegitimate users can freely access the service through the service provider without any worries and this flaw would lead to a serious accounting problem with their scheme. Therefore, we proposed a security improvement to their scheme to neutralize this weakness and an efficiency improvement to enhance the performance of their scheme in the user operational phase. More importantly, a new improved proposal for a scheme can still allow the mobile user to anonymously interact with the service provider in a PCE is demonstrated.
