Skip to main content
SpringerLink
Log in

A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients’ electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users’ secrets, but also solves the security problems in previous schemes and withstands possible attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Chen, T. L., Chung, Y. F., and Lin, F. Y. S., A study on agent-based secure scheme for electronic medical record system. J. Med. Syst. 2012. doi:10.1007/s10916-010-9595-8.

    Google Scholar 

  2. Wu, Z. P., Chung, Y., Lai, F., and Chen, T. S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.

    Article  Google Scholar 

  3. Takeda, H., Matsumura, Y., and Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.

    Article  Google Scholar 

  4. Lee, J. K., Ryu, S. R., and Yoo, K. Y., Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12):554–555, 2002.

    Article  Google Scholar 

  5. Lin, C. H., and Lai, Y. Y., A flexible biometrics remote user authentication scheme. Comput. Stand. Interfaces 27(1):19–23, 2004.

    Article  Google Scholar 

  6. Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.

    Article  Google Scholar 

  7. Wu, S. T., and Chieu, B. C., A user friendly remote authentication scheme with smart cards. Comput. Secur. 22(6):547–550, 2003.

    Article  Google Scholar 

  8. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2010. doi:10.1007/s10916-010-9614-9.

    Google Scholar 

  9. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 2011. doi:10.1007/s10916-011-9658-5.

    Google Scholar 

  10. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9835-1.

    Google Scholar 

  11. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 2012. doi:10.1007/s10916-012-9856-9.

    Google Scholar 

  12. Wu, Z. Y., Tseng, Y. J., Chung, Y., Chen, Y. C., and Lai, F., A reliable user authentication and key agreement scheme for Web-based Hospital-acquired Infection Surveillance Information System. J. Med. Syst. 36:2547–2555, 2012.

    Article  Google Scholar 

  13. Song, R., Advanced smart card based password authentication protocol. Comput. Stand. Interfaces 32(5–6):321–325, 2010.

    Article  Google Scholar 

  14. Stallings, W., Cryptography and network security: principles and practice, 2nd edition. Prentice Hall, Upper Saddle River, 1999.

    Google Scholar 

  15. Kumar, M., Gupta, M. K., and Kumari, S., An improved efficient remote password authentication scheme with smart card over insecure network. Int. J. Netw. Secur. 13(3):167–177, 2011.

    Google Scholar 

  16. Yoon, E. J., and Yoo, K. Y., Drawbacks of Liao et al.’s password authentication scheme. International Conference on Next Generation Web Services Prac-tices (NWeSP 2006), Seoul, Korea, 2006.

  17. Xiang, T., Wong, K. W., and Liao, X., Cryptanalysis of a password authentication scheme over insecure networks. J. Comput. Syst. Sci. 74(5):657–661, 2008.

    Article  MathSciNet  MATH  Google Scholar 

  18. Ramasamy, R., and Muniyandi, A. P., An efficient password authentication scheme for smart card. Int. J. Netw. Secur. 14(3):180–186, 2012.

    Google Scholar 

  19. Rivest, R. L., Shamir, A., and Adleman, L., A method for obtaining digital signature and public key cryptosystems. Commun. ACM 21(2):120–126, 1978.

    Article  MathSciNet  MATH  Google Scholar 

  20. Lu, R., Cao, Z., Chai, Z., and Liang, X., A simple user authentication scheme for grid computing. Int. J. Netw. Secur. 7(2):202–206, 2008.

    Google Scholar 

  21. Wang, Y. Y., Liu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32:583–585, 2009.

    Article  Google Scholar 

Download references

Acknowledgment

The authors would like to thank the editor and the anonymous referees for their valuable comments. This work was supported in part by the National Science Council of the Republic of China under the Grant NSC 100-2221-E-320-004.

Author information

Authors and Affiliations

  1. Department of Medical Informatics, Tzu Chi University, No. 701, Zhongyang Road, Sec. 3, Hualien, 97004, Taiwan, Republic of China

    Tian-Fu Lee

  2. Institute of Manufacturing Information and Systems, National Cheng Kung University, No. 1, Ta-Hsueh Road, Tainan, 70101, Taiwan, Republic of China

    I-Pin Chang & Ching-Cheng Wang

  3. Department of Digital Applications, Kang Ning University, No. 188, Sec. 5, Anzhong Road, Tainan, 70970, Taiwan, Republic of China

    I-Pin Chang

  4. Department of Computer Science and Information Engineering, National Chin-Yi University of Technology, Taichung County, 411, Taiwan, Republic of China

    Tsung-Hung Lin

Authors
  1. Tian-Fu Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. I-Pin Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tsung-Hung Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ching-Cheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tian-Fu Lee.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lee, TF., Chang, IP., Lin, TH. et al. A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System. J Med Syst 37, 9941 (2013). https://doi.org/10.1007/s10916-013-9941-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-013-9941-8

Keywords

Search

Navigation