A1: known session-specific temporary information attacks; A2: user impersonation attacks; A3: sensor impersonation attacks; A4: man-in-the-middle attacks; A5: stolen smart card attacks; A6: off-line password guessing attacks; A7: privileged-insider attacks; A8: perfect forward secrecy; A9: user anonymity. The “√” denotes that this protocol can resist the attack. The “×” denotes that the protocol cannot resist the attack.