Abstract
A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users’ anonymity and authenticated key agreements for secure data communications.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst., 24(4):213–234, 2000.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst., 36(6):3833–3838, 2012.
Liao, E., Lee, C.C., and Hwang, M.S., A password authentication scheme over insecure networks. J. Comput. Syst. Sci., 72(4):727–740, 2006.
Yeh, H.T., Improvement of an efficient and practical solution to remote authentication: Smart card. IEICE Trans. Commun., E89B(1):210–211, 2006.
Liu, J.Y., Zhou, A.M., and Gao, M.X., A new mutual authentication scheme based on nonce and smart cards. Comput. Commun., 31(10):2205–2209, 2008.
Xu, J., Zhu, W.T., and Feng, D.G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces, 31(4):723–728, 2009.
Lee, T.-F., Chang, J.-B., Chan, C.-W., and Liu, H.-C., Password-based mutual authentication scheme using smart cards. The E-learning and Information Technology Symposium 2010 (EITS2010), Tainan, Taiwan, 2010.
Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 36(3):1529–1535, 2012.
He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 36(3):1989–1995, 2012.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst., 36(6):3597–3604, 2012.
Sun, D.-Z., Huai, J.-P., Sun, J.-Z., and Li, J.-X., Cryptanalysis of a mutual authentication scheme based on nonce and smart cards. Comput. Commun., 32:1015–1017, 2009.
Acknowledgment
This work is supported by National Science Council under the grants NSC100-2221-E-320-004.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, TF., Liu, CM. A Secure Smart-Card Based Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. J Med Syst 37, 9933 (2013). https://doi.org/10.1007/s10916-013-9933-8
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-013-9933-8