Abstract
Medical systems allow patients to receive care at different hospitals. However, this entails considerable inconvenience through the need to transport patients and their medical records between hospitals. The development of Telecare Medicine Information Systems (TMIS) makes it easier for patients to seek medical treatment and to store and access medical records. However, medical data stored in TMIS is not encrypted, leaving patients’ private data vulnerable to external leaks. In 2014, scholars proposed a new cloud-based medical information model and authentication scheme which would not only allow patients to remotely access medical services but also protects patient privacy. However, this scheme still fails to provide patient anonymity and message authentication. Furthermore, this scheme only stores patient medical data, without allowing patients to directly access medical advice. Therefore, we propose a new authentication scheme, which provides anonymity, unlinkability, and message authentication, and allows patients to directly and remotely consult with doctors. In addition, our proposed scheme is more efficient in terms of computation cost. The proposed system was implemented in Android system to demonstrate its workability.
Similar content being viewed by others
References
He, C. H., Jin, X., Zhao, Z.X., and Xiang, T., A Cloud Computing Solution for Hospital Information System. Intelligent Computing and Intelligent Systems (ICIS), 2010 IEEE International Conference on. 2:517–520, 2010.
Toyoda, K., Standardization and security for the EMR. Int. J. Med. Inform. 48(1–3):57–60, 1998.
Yeo, K., Lee, K., Kim, J. M., Kim, T. H., Choi, Y. H., Jeong, W. J., Hwang, H., Baek, R. M. and Yoo, S., Pitfalls and Security Measures for the Mobile EMR System in Medical Facilities. Healthcare Inform. Res. 18(2):125–135, 2012. doi:10.4258/hir.2012.18.2.125.
Mishra, D., On the security flaws in ID-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1):154, 2015.
Mishra, D., Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. 39(3):1–8, 2015.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.
Jiang, Q., Ma, J., Ma, Z., and Li, G., A privacy enhanced authentication scheme for telecare medical information systems. J. Med. Syst. 37:9897, 2013.
Kumari, S., Khan, M. K., and Kumar, R., Cryptanalysis and improvement of ‘A privacy enhanced scheme for telecare medical information systems’. J. Med. Syst. 37(4):9952, 2013. doi:10.1007/s10916-013-9952-5.
Jiang, Q., Ma, J., Lu, X., et al., Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems. J. Med. Syst. 38(2):1–8, 2014.
Mishra, D., Srinivas, J., and Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):1–10, 2014.
Tan, Z., An efficient biometrics-based authentication scheme for telecare medicine information systems. Network 2(3):200–204, 2013.
Yan, P., Li, W., Li, P., et al., A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 37(5):537–550, 2013.
Mishra, D., Mukhopadhyay, S., Chaturvedi, A., et al., Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.
Padhy, R. P., Patra, M. R., and Satapathy, S. C., Design and Implementation of a Cloud based Rural Healthcare Information System Model. Univ. J. Appl. Comput. Sci. Technol. 2(1):149–157, 2012.
Banerjee, A., Agrawal, P., and Rajkumar, R., Design of a Cloud Based Emergency Healthcare Service Model. Int. J. Appl. Eng. Res. 8(19):2013, (2013).
Chen, C. L., Yang, T. T., Leu, F. Y., and Huang, Y. L., Designing a healthcare authorization model based on cloud authentication. Intell. Autom. Soft. Comput. 20(3):365–379, 2014.
Chen, C. L., and Yang, T. T., A secure medical data exchange protocol based on cloud environment. J. Med. Syst. 38:112, 2014. doi:10.1007/s10916-014-0112-3.
Chen, C. L., Yang, T. T., Chiang, M. L., and Shih, T. F., A Privacy Authentication Scheme Based on Cloud for Medical Environment. J. Med. Syst. 38:143, 2014. doi:10.1007/s10916-014-0143-9.
Amin, R., and Biswas, G. P., A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. J. Med. Syst. 39(3):1–17, 2015.
Mishra, D., Das, A. K., Chaturvedi, A., et al., A secure password-based authentication and key agreement scheme using smart cards. J. Inform. Secur. Appl. 23:28–43, 2015. doi:10.1016/j.jisa.2015.06.003.
Bellare, M., and Rogaway, P., Random oracles are practical: A paradigm for designing efficient protocols. Proceedings of the First ACM conference on Computer and communications security. 62–73, 1993.
Mishra D., Das A. K., and Mukhopadhyay S., A secure and efficient ECC-based user anonymitypreserving session initiation authentication protocol using smart card. Peer-to-peer networking and applications. 9(1):171–192, 2016.
SHA-256, website: http://www.cnblogs.com/elaron/archive/2013/04/09/3010375.html. (Chinese)
AES, website: http://blog.csdn.net/hbcui1984/article/details/5201247. (Chinese)
ECC, website: http://snowolf.iteye.com/blog/383412. (Chinese)
Acknowledgments
This work is partially supported by the Ministry of Science and Technology under Grant MOST 104-2221-E-182-012 and by the National Natural Science Foundation of China under Grant 61272306. The authors also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the presentation.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Patient Facing Systems
Rights and permissions
About this article
Cite this article
Chiou, SY., Ying, Z. & Liu, J. Improvement of a Privacy Authentication Scheme Based on Cloud for Medical Environment. J Med Syst 40, 101 (2016). https://doi.org/10.1007/s10916-016-0453-1
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-016-0453-1