Abstract
The telecare medical information system (TMIS) aims to establish telecare services and enable the public to access medical services or medical information at remote sites. Authentication and key agreement is essential to ensure data integrity, confidentiality, and availability for TMIS. Most recently, Chen et al. proposed an efficient and secure dynamic ID-based authentication scheme for TMIS, and claimed that their scheme achieves user anonymity. However, we observe that Chen et al.’s scheme achieves neither anonymity nor untraceability, and is subject to the identity guessing attack and tracking attack. In order to protect user privacy, we propose an enhanced authentication scheme which achieves user anonymity and untraceablity. It is a secure and efficient authentication scheme with user privacy preservation which is practical for TMIS.
This is a preview of subscription content, log in via an institution to check access.
Access this article
We’re sorry, something doesn't seem to be working properly.
Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.
Similar content being viewed by others
References
Li, S. H., Wang, C. Y., Lu W. H., Lin, Y. Y., and Yen, D. C., Design and implementation of a telecare information platform. J. Med. Syst. doi:10.1007/s10916-010-9625-6.
Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.
Gritzalis, S., Lambrinoudakis, C., Lekkas, D., and Deftereos, S., Technical guidelines for enhancing privacy and data protection in modern electronic medical environments. IEEE Trans. Inf. Technol. Biomed. 9(3):413–423, 2005.
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.
He, D., Chen, J., and Chen, Y., A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw, 2012. doi:10.1002/sec.506.
Wu, Z. Y., Chung, Y., Lai, F., and Chen, T. S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.
Wu, Z. Y., Tseng, Y. J., Chung, Y., Chen, Y. C., and Lai, F., A reliable user authentication and key agreement scheme for web-based hospital-acquired infection surveillance information system. J. Med. Syst., 2010. doi:10.1007/s10916-011-9727-9.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9658-5.
Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. doi:10.1007/s10916-012-9835-1.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. doi:10.1007/s10916-012-9856-9.
Pu, Q., Wang, J., and Zhao, R. Y., Strong authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9735-9.
Chen, H. M., Lo, J. W., Yeh, C. K., An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. J. Med. Syst. doi:10.1007/s10916-012-9862-y.
Khan, M. K., et al., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.
Li, X., Qiu, W., Zheng, D., Chen, K., and Li, J., Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2):793–800, 2010.
Youn, T., Park, Y., and Lim, J., Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Commun. Lett. 13(7):471–473, 2009.
Wu, S., Zhu, Y., and Pu, Q., Robust smart-cards-based user authentication scheme with user anonymity. Secur Commun Netw 5(2):236–248, 2012.
Jiang, Q., Ma, J., Li, G., and Yang, L., An enhanced authentication scheme with anonymity for roaming service in global mobility networks. Wirel. Pers. Commun., 2012. doi:10.1007/s11277-012-0535-4.
Mao, W., Modern cryptography: theory and practice. Prentice Hall Professional Technical Reference, 2003.
Dworkin, M., Recommendation for block cipher modes of operation: methods and techniques. NIST Special Publication 800-38A, 2001.
Hsieh, W.-B., Leu, J.-S., Anonymous authentication protocol based on elliptic curve Diffie–Hellman for wireless access networks. Wirel. Commun. Mob. Comput. doi:10.1002/wcm.2252.
Acknowledgments
This work is supported by Supported by Program for Changjiang Scholars and Innovative Research Team in University (Program No. IRT1078), Major national S&T program (2011ZX03005-002), National Natural Science Foundation of China (Program No. U1135002, 61072066, 61173135, 61100230, 61100233, 61202389, 61202390), Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2012JQ8043, 2011JQ8003, 2012JM8030, 2012JM8025), Fundamental Research Funds for the Central Universities (Program No. JY10000903001, K50511030004). The authors would like to thank the anonymous reviewers and the editor for their constructive comments that have helped us to improve this paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jiang, Q., Ma, J., Ma, Z. et al. A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37, 9897 (2013). https://doi.org/10.1007/s10916-012-9897-0
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-012-9897-0