Recently, many remote authentication schemes attempt to preserve user anonymity from the eavesdropper. However, authentication schemes in many e-commerce transactions require not only anonymous to the eavesdropper but also to the authentication server. In this paper, we propose a remote authentication scheme using smart card to fulfill both of the requirements. The proposed scheme achieves mutual authentication and allows users to choose and change their own passwords freely and securely. We only use one-way hash function and bitwise XOR operation in the proposed scheme and so the scheme has a low computational complexity. By using timestamp and random numbers, the proposed scheme can resist the denial of service attack and the replay attack. Also, the scheme is secure against guessing attack, insider attack, stolen-verifier attack, reflection attack, and impersonation attack.