Skip to main content
SpringerLink
Log in

A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The telecare medical information system (TMIS) aims to establish telecare services and enable the public to access medical services or medical information at remote sites. Authentication and key agreement is essential to ensure data integrity, confidentiality, and availability for TMIS. Most recently, Chen et al. proposed an efficient and secure dynamic ID-based authentication scheme for TMIS, and claimed that their scheme achieves user anonymity. However, we observe that Chen et al.’s scheme achieves neither anonymity nor untraceability, and is subject to the identity guessing attack and tracking attack. In order to protect user privacy, we propose an enhanced authentication scheme which achieves user anonymity and untraceablity. It is a secure and efficient authentication scheme with user privacy preservation which is practical for TMIS.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Li, S. H., Wang, C. Y., Lu W. H., Lin, Y. Y., and Yen, D. C., Design and implementation of a telecare information platform. J. Med. Syst. doi:10.1007/s10916-010-9625-6.

  2. Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.

    Article  Google Scholar 

  3. Gritzalis, S., Lambrinoudakis, C., Lekkas, D., and Deftereos, S., Technical guidelines for enhancing privacy and data protection in modern electronic medical environments. IEEE Trans. Inf. Technol. Biomed. 9(3):413–423, 2005.

    Article  Google Scholar 

  4. Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.

    Article  Google Scholar 

  5. He, D., Chen, J., and Chen, Y., A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw, 2012. doi:10.1002/sec.506.

  6. Wu, Z. Y., Chung, Y., Lai, F., and Chen, T. S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.

    Article  Google Scholar 

  7. Wu, Z. Y., Tseng, Y. J., Chung, Y., Chen, Y. C., and Lai, F., A reliable user authentication and key agreement scheme for web-based hospital-acquired infection surveillance information system. J. Med. Syst., 2010. doi:10.1007/s10916-011-9727-9.

  8. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.

  9. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9658-5.

  10. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. doi:10.1007/s10916-012-9835-1.

  11. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. doi:10.1007/s10916-012-9856-9.

  12. Pu, Q., Wang, J., and Zhao, R. Y., Strong authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9735-9.

  13. Chen, H. M., Lo, J. W., Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. doi:10.1007/s10916-012-9862-y.

  14. Khan, M. K., et al., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.

    Article  Google Scholar 

  15. Li, X., Qiu, W., Zheng, D., Chen, K., and Li, J., Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2):793–800, 2010.

    Article  Google Scholar 

  16. Youn, T., Park, Y., and Lim, J., Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Commun. Lett. 13(7):471–473, 2009.

    Article  Google Scholar 

  17. Wu, S., Zhu, Y., and Pu, Q., Robust smart-cards-based user authentication scheme with user anonymity. Secur Commun Netw 5(2):236–248, 2012.

    Article  Google Scholar 

  18. Jiang, Q., Ma, J., Li, G., and Yang, L., An enhanced authentication scheme with anonymity for roaming service in global mobility networks. Wirel. Pers. Commun., 2012. doi:10.1007/s11277-012-0535-4.

  19. Mao, W., Modern cryptography: theory and practice. Prentice Hall Professional Technical Reference, 2003.

  20. Dworkin, M., Recommendation for block cipher modes of operation: methods and techniques. NIST Special Publication 800-38A, 2001.

  21. Hsieh, W.-B., Leu, J.-S., Anonymous authentication protocol based on elliptic curve Diffie–Hellman for wireless access networks. Wirel. Commun. Mob. Comput. doi:10.1002/wcm.2252.

Download references

Acknowledgments

This work is supported by Supported by Program for Changjiang Scholars and Innovative Research Team in University (Program No. IRT1078), Major national S&T program (2011ZX03005-002), National Natural Science Foundation of China (Program No. U1135002, 61072066, 61173135, 61100230, 61100233, 61202389, 61202390), Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2012JQ8043, 2011JQ8003, 2012JM8030, 2012JM8025), Fundamental Research Funds for the Central Universities (Program No. JY10000903001, K50511030004). The authors would like to thank the anonymous reviewers and the editor for their constructive comments that have helped us to improve this paper.

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Xidian University, Xi’an, China

    Qi Jiang, Jianfeng Ma & Zhuo Ma

  2. Department of Information Research, Information Engineering University, Zhengzhou, China

    Guangsong Li

Authors
  1. Qi Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhuo Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guangsong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Jiang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Jiang, Q., Ma, J., Ma, Z. et al. A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37, 9897 (2013). https://doi.org/10.1007/s10916-012-9897-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-012-9897-0

Keywords

Search

Navigation