Abstract: Biometric authentication eliminates the need for passwords, PIN numbers, and other ID’s that are readily compromised. Meanwhile, the network environment provides biometric authentication with more application scenarios. However, too many confines exist in the traditional remote biometric authentication in which the secure channel or localization of biometric authentication process is applied. Fuzzy extractors allow one to extract some uniformly distributed random key in an error-tolerant way from biometric input w and then successfully reproduce the key from any other biometric input w’ that is very close to w. Based on the important secure primitive, a zero-storage mutual biometric authentication scheme on non-secure channel is presented in this paper. A two-party key distribution protocol based on sharing secret is used. Biometric samples are utilized to reproduce the sharing key. With no need of storing and transferring user biometrics, user privacy can be well protected. Additionally, it is pointed out that the proposed scheme is invulnerable to masquerade attacks from both users and servers. Conspiracy attacks from multi-server can also be resisted. Furthermore, the proposed scheme is very scalable. Multi-factor authentication schemes can be generated by integrating password with smartcard. User registration update can also be easily achieved. And the scheme is suitable for applications with high security requirement.