Abstract
The telecare medicine information system enables or supports health-care delivery services. In order to safeguard patients’ privacy, such as telephone number, medical record number, health information, etc., a secure authentication scheme will thus be in demand. Recently, Wu et al. proposed a smart card based password authentication scheme for the telecare medicine information system. Later, He et al. pointed out that Wu et al.’s scheme could not resist impersonation attacks and insider attacks, and then presented a new scheme. In this paper, we show that both of them fail to achieve two-factor authentication as smart card based password authentication schemes should achieve. We also propose an improved authentication scheme for the telecare medicine information system, and demonstrate that the improved one satisfies the security requirements of two-factor authentication and is also efficient.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insura nce information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-010-9614-9.
Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.
Liao, E., Lee, C. C., and Hwang, M. S., A password authentication scheme over insecure networks. J. Comput. Syst. Sci. 72(4):727–740, 2006.
Awasthi, A. K., and Lal, S., An enhanced remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(2):583–586, 2004.
Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.
Song, R., Korba, L., and Yee, G., Analysis of smart card-based remote user authentication schemes. In: Proceedings of the 2007 International Conference on Security and Management, pp. 323–329, 2007.
Xu, J., Zhu, W. T., and Feng D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.
Wang, R. C., Juang, W. S., and Lei, C. L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 2010. doi:10.1016/j.jcss.2010.07.004.
Pu, Q., Wang, J., and Zhao, R. Y., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 2011. doi:10.1007/s10916-011-9735-9.
Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology 1999, pp. 388–397, 1999.
Messerges, T. S., Dabbish, E. A., and Sloan R. H., Examining smart-card secur ity under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
He, D. B., Chen, J. H., and Zhang R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9658-5.
Acknowledgements
The authors thank the anonymous reviewers and Prof. Ralph Grams for their valuable comments. This research was supported by the National Basic Research Program of China under Grants 2012CB315905.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wei, J., Hu, X. & Liu, W. An Improved Authentication Scheme for Telecare Medicine Information Systems. J Med Syst 36, 3597–3604 (2012). https://doi.org/10.1007/s10916-012-9835-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-012-9835-1