The telecare medicine information system enables or supports health-care delivery services. In order to safeguard patients’ privacy, such as telephone number, medical record number, health information, etc., a secure authentication scheme will thus be in demand. Recently, Wu et al. proposed a smart card based password authentication scheme for the telecare medicine information system. Later, He et al. pointed out that Wu et al.’s scheme could not resist impersonation attacks and insider attacks, and then presented a new scheme. In this paper, we show that both of them fail to achieve two-factor authentication as smart card based password authentication schemes should achieve. We also propose an improved authentication scheme for the telecare medicine information system, and demonstrate that the improved one satisfies the security requirements of two-factor authentication and is also efficient.
Telecare medicine information system Authentication scheme Mobile device Password
This is a preview of subscription content, log in to check access.
The authors thank the anonymous reviewers and Prof. Ralph Grams for their valuable comments. This research was supported by the National Basic Research Program of China under Grants 2012CB315905.
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insura nce information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.CrossRefGoogle Scholar
Wu, Z. Y., Lee, Y. C., Lai, F., Lee H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-010-9614-9.Google Scholar
Awasthi, A. K., and Lal, S., An enhanced remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(2):583–586, 2004.CrossRefGoogle Scholar
Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.CrossRefGoogle Scholar
Song, R., Korba, L., and Yee, G., Analysis of smart card-based remote user authentication schemes. In: Proceedings of the 2007 International Conference on Security and Management, pp. 323–329, 2007.Google Scholar
Xu, J., Zhu, W. T., and Feng D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.CrossRefGoogle Scholar
Wang, R. C., Juang, W. S., and Lei, C. L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 2010. doi:10.1016/j.jcss.2010.07.004.Google Scholar