Biometric-based remote user authentication (BRUA) is a useful primitive that allows an authorized user to remotely authenticate to a cloud server using biometrics. However, the existing BRUA solutions in the client-server setting lack certain privacy considerations. For example, authorized user’s multiple sessions should not be linked while her identity remains anonymous to cloud server. In this work, we introduce a new framework for biometric-based remote user authentication, such that authorized users authenticate to an honest-but-curious server in an anonymous and unlinkable manner. In particular, we employ two non-colluding cloud servers to perform the complex biometrics matching. We formalize two new security models, including biometrics privacy and user privacy, for the proposed framework, and prove the security of the proposed framework in the standard model.