Public–key digital certificates are being used in public key infrastructure to provide authentication of the user’s public key. Public key digital certificates like X.509 are used to bind a public key to its user. This kind of certificates cannot be used for user authentication. Such use may lead to forgery of user’s identity. Lein et al proposed a authentication scheme based on Generalized Digital Certificates (GDC). A GDC consists of user’s public information like digital birth certificate, digital identity, etc. and the digital signature of trusted third party generated from that public information. The GDC based scheme provides user authentication and allows for session key establishment. The scheme is secure against forgery of user’s identity but it does not provide mutual authentication. The scheme proposed in this paper not only provides mutual authentication and session key but also it preserves the security strength of Lein et al’s GDC based scheme.