Advertisement

Journal of Medical Systems

, Volume 36, Issue 6, pp 3597–3604 | Cite as

An Improved Authentication Scheme for Telecare Medicine Information Systems

  • Jianghong WeiEmail author
  • Xuexian Hu
  • Wenfen Liu
Original Paper

Abstract

The telecare medicine information system enables or supports health-care delivery services. In order to safeguard patients’ privacy, such as telephone number, medical record number, health information, etc., a secure authentication scheme will thus be in demand. Recently, Wu et al. proposed a smart card based password authentication scheme for the telecare medicine information system. Later, He et al. pointed out that Wu et al.’s scheme could not resist impersonation attacks and insider attacks, and then presented a new scheme. In this paper, we show that both of them fail to achieve two-factor authentication as smart card based password authentication schemes should achieve. We also propose an improved authentication scheme for the telecare medicine information system, and demonstrate that the improved one satisfies the security requirements of two-factor authentication and is also efficient.

Keywords

Telecare medicine information system Authentication scheme Mobile device Password 

Notes

Acknowledgements

The authors thank the anonymous reviewers and Prof. Ralph Grams for their valuable comments. This research was supported by the National Basic Research Program of China under Grants 2012CB315905.

References

  1. 1.
    Lambrinoudakis, C., and Gritzalis, S., Managing medical and insura nce information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.CrossRefGoogle Scholar
  2. 2.
    Wu, Z. Y., Lee, Y. C., Lai, F., Lee H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi: 10.1007/s10916-010-9614-9.Google Scholar
  3. 3.
    Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.MathSciNetCrossRefGoogle Scholar
  4. 4.
    Liao, E., Lee, C. C., and Hwang, M. S., A password authentication scheme over insecure networks. J. Comput. Syst. Sci. 72(4):727–740, 2006.MathSciNetzbMATHCrossRefGoogle Scholar
  5. 5.
    Awasthi, A. K., and Lal, S., An enhanced remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(2):583–586, 2004.CrossRefGoogle Scholar
  6. 6.
    Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.CrossRefGoogle Scholar
  7. 7.
    Song, R., Korba, L., and Yee, G., Analysis of smart card-based remote user authentication schemes. In: Proceedings of the 2007 International Conference on Security and Management, pp. 323–329, 2007.Google Scholar
  8. 8.
    Xu, J., Zhu, W. T., and Feng D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.CrossRefGoogle Scholar
  9. 9.
    Wang, R. C., Juang, W. S., and Lei, C. L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 2010. doi: 10.1016/j.jcss.2010.07.004.Google Scholar
  10. 10.
    Pu, Q., Wang, J., and Zhao, R. Y., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. 2011. doi: 10.1007/s10916-011-9735-9.Google Scholar
  11. 11.
    Kocher, P., Jaffe, J., and Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology 1999, pp. 388–397, 1999.Google Scholar
  12. 12.
    Messerges, T. S., Dabbish, E. A., and Sloan R. H., Examining smart-card secur ity under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.MathSciNetCrossRefGoogle Scholar
  13. 13.
    He, D. B., Chen, J. H., and Zhang R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi: 10.1007/s10916-011-9658-5.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.Zheng zhou Information Science and Technology InstituteZhengzhouChina

Personalised recommendations