Original Paper

Journal of Medical Systems

, 37:9952

First online:

Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’

  • Saru KumariAffiliated withDepartment of Mathematics, Agra College Email author 
  • , Muhammad Khurram KhanAffiliated withCenter of Excellence in Information Assurance, King Saud University
  • , Rahul KumarAffiliated withDepartment of Mathematics, D. B. S. College

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


To ensure reliable telecare services some user authentication schemes for telecare medical information system (TMIS) have been presented in literature. These schemes are proposed with intent to regulate only authorized access to medical services so that medical information can be protected from misuse. Very recently Jiang et al. proposed a user authentication scheme for TMIS which they claimed to provide enhanced privacy. They made use of symmetric encryption/decryption with cipher block chaining mode (CBC) to achieve the claimed user privacy. Their scheme provides features like user anonymity and user un-traceability unlike its preceding schemes on which it is built. Unluckily, authors overlook some important aspects in designing their scheme due to which it falls short to resist user impersonation attack, guessing attacks and denial of service attack. Besides, its password change phase is not secure; air message confidentiality is at risk and also has some other drawbacks. Therefore, we propose an improved scheme free from problems observed in Jiang et al.’s scheme and more suitable for TMIS.


Telecare medical information system User authentication Temporary identity Medical services Impersonation attack Security