SP1: user anonymity; SP2: user untraceability; SP3: resistance to stolen-device attack; SP4: mutual authentication and session key agreement; SP5: verification of session key; SP6: resistance to user impersonation attack; SP7: resistance to replay attack; SP8: local user verification; SP9: resistance to privileged-insider attack; SP10: forward secrecy; SP11: resistance to stolen-verifier attack; SP12: user-friendly password change; SP13: providing identity update phase; SP14: providing three-factor user authentication.