Skip to main content
SpringerLink
Log in

An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient’s home. Hence, the control of access to remote medical servers’ resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.’s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.’s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Istepanian, R. S. H., Jovanov, E., and Zhang, Y. T., Guest editorial introduction to the special section on M-health: Beyond seamless mobility and global wireless health-care connectivity. IEEE Trans. Inf. Technol. Biomed. 8(4):405–414, 2004.

    Article  Google Scholar 

  2. Latré, B., Braem, B., Moerman, I., Blondia, C., and Demeester, P., A survey on wireless body area networks. J. Wireless Netw. 17(1). January 2011.

  3. Stachura, M., and Khasanshina, E., Telehomecare and remote monitoring: An outcomes overview. Adv. Med. Technol. Assoc., October 31, 2007, Available at: http://www.advamed.org/NR/rdonlyres/2250724C-5005-45CD-A3C9-0EC0CD3132A1/0/TelehomecarereportFNL103107.pdf (last access March 2012).

  4. Otto, C., Milenkovic, A., Sanders, C., and Jovanov, E., System architecture of a wireless body area sensor network for ubiquitous health monitoring. J. Mobile Multimed. 1(4):307–326, 2006.

    Google Scholar 

  5. Mana, M., Feham, M., and Bensaber, B. A., Trust key management scheme for wireless body area networks. Int. J. Netw. Secur. 12(2):71–79, 2011.

    Google Scholar 

  6. Electronic health record Wiki Site. http://en.wikipedia.org/wiki/Electronic_health_record#cite_note-23, (last accessed March 2012).

  7. Dunlop, L., Electronic health records: Interoperability challenges and patient’s right for privacy. Shidler J. Comput. Technol. 3:16, 2007.

    Google Scholar 

  8. Tim Wafa (J.D.)., How the lack of prescriptive technical granularity in HIPAA has compromised patient privacy. N. Illinois Univ. Law Rev., 30(3), Summer 2010.

  9. Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.

    Article  MathSciNet  Google Scholar 

  10. Haller, N., The S/KEY one-time password system. Proceedings of the Internet Society Symposium on Network and Distributed Systems, pp. 151–157, 1994.

  11. Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.

    Article  Google Scholar 

  12. Xu, J., Zhu, W. T., and Feng, D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfac. 31(4):723–728, 2009.

    Article  Google Scholar 

  13. Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfac. 27(2):177–180, 2005.

    Article  Google Scholar 

  14. Lee, S. W., Kim, H. S., and Yoo, K. Y., Improvement of Chien et al’.s remote user authentication scheme using smart cards. Comput. Stand. Interfac. 27(2):181–183, 2005.

    Article  Google Scholar 

  15. Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for Telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.

  16. Debiao, H., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9658-5.

  17. Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. 508.

    Article  Google Scholar 

  18. Awashti, A. K., Comment on ‘A dynamic ID-based remote user authentication scheme’. Trans. Cryptol. 1(2):15–16, 2004.

    Google Scholar 

  19. Chien, H. Y., and Chen, C. H., A remote authentication scheme preserving user anonymity. In: International conference on AINA’05, 2, 2005.

  20. Ku, W. C., Chang, S. T., Impersonation attack on a dynamic ID-based remote user authentication sheme using smart cards. IEICE Transactions on Communication E88-B (5):2165–2167, 2005.

  21. Liao, I., Lee, C. C., Hwang, M. S., Security enhancement for a dynamic ID-based remote user authentication scheme. Proceedings of the National Conference on Next Generation Web Services Practices, pp. 4, 22–26 Aug. 2005.

  22. Wang, Y. Y., Kiu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32:583–585, 2009.

    Article  Google Scholar 

  23. Khan, M. K., et al., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.

    Article  Google Scholar 

  24. He, D., Chen, J., and Hu, J, Weaknesses of a dynamic ID-based remote user authentication scheme. IACR Eprint archive, 2010, Available at http://eprint.iacr.org/2010/240 (last accessed March 2012).

Download references

Conflict of interest

The authors declare that they have no conflict of interest.

Author information

Authors and Affiliations

  1. Department of Computer Science and Information Engineering, National Taichung University of Science and Technology, Taichung, Taiwan

    Hung-Ming Chen

  2. Department of Information Management, National Taichung University of Science and Technology, Taichung, Taiwan

    Jung-Wen Lo & Chang-Kuo Yeh

Authors
  1. Hung-Ming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jung-Wen Lo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chang-Kuo Yeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jung-Wen Lo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chen, HM., Lo, JW. & Yeh, CK. An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems. J Med Syst 36, 3907–3915 (2012). https://doi.org/10.1007/s10916-012-9862-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-012-9862-y

Keywords

Search

Navigation