Abstract
The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients’ electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users’ secrets, but also solves the security problems in previous schemes and withstands possible attacks.
Similar content being viewed by others
References
Chen, T. L., Chung, Y. F., and Lin, F. Y. S., A study on agent-based secure scheme for electronic medical record system. J. Med. Syst. 2012. doi:10.1007/s10916-010-9595-8.
Wu, Z. P., Chung, Y., Lai, F., and Chen, T. S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.
Takeda, H., Matsumura, Y., and Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.
Lee, J. K., Ryu, S. R., and Yoo, K. Y., Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12):554–555, 2002.
Lin, C. H., and Lai, Y. Y., A flexible biometrics remote user authentication scheme. Comput. Stand. Interfaces 27(1):19–23, 2004.
Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.
Wu, S. T., and Chieu, B. C., A user friendly remote authentication scheme with smart cards. Comput. Secur. 22(6):547–550, 2003.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-010-9614-9.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2011. doi:10.1007/s10916-011-9658-5.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9835-1.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9856-9.
Wu, Z. Y., Tseng, Y. J., Chung, Y., Chen, Y. C., and Lai, F., A reliable user authentication and key agreement scheme for Web-based Hospital-acquired Infection Surveillance Information System. J. Med. Syst. 36:2547–2555, 2012.
Song, R., Advanced smart card based password authentication protocol. Comput. Stand. Interfaces 32(5–6):321–325, 2010.
Stallings, W., Cryptography and network security: principles and practice, 2nd edition. Prentice Hall, Upper Saddle River, 1999.
Kumar, M., Gupta, M. K., and Kumari, S., An improved efficient remote password authentication scheme with smart card over insecure network. Int. J. Netw. Secur. 13(3):167–177, 2011.
Yoon, E. J., and Yoo, K. Y., Drawbacks of Liao et al.’s password authentication scheme. International Conference on Next Generation Web Services Prac-tices (NWeSP 2006), Seoul, Korea, 2006.
Xiang, T., Wong, K. W., and Liao, X., Cryptanalysis of a password authentication scheme over insecure networks. J. Comput. Syst. Sci. 74(5):657–661, 2008.
Ramasamy, R., and Muniyandi, A. P., An efficient password authentication scheme for smart card. Int. J. Netw. Secur. 14(3):180–186, 2012.
Rivest, R. L., Shamir, A., and Adleman, L., A method for obtaining digital signature and public key cryptosystems. Commun. ACM 21(2):120–126, 1978.
Lu, R., Cao, Z., Chai, Z., and Liang, X., A simple user authentication scheme for grid computing. Int. J. Netw. Secur. 7(2):202–206, 2008.
Wang, Y. Y., Liu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32:583–585, 2009.
Acknowledgment
The authors would like to thank the editor and the anonymous referees for their valuable comments. This work was supported in part by the National Science Council of the Republic of China under the Grant NSC 100-2221-E-320-004.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, TF., Chang, IP., Lin, TH. et al. A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System. J Med Syst 37, 9941 (2013). https://doi.org/10.1007/s10916-013-9941-8
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-013-9941-8