A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems
- PDF / 305,745 Bytes
- 8 Pages / 595.276 x 790.866 pts Page_size
- 100 Downloads / 297 Views
ORIGINAL PAPER
A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems Qi Jiang & Jianfeng Ma & Zhuo Ma & Guangsong Li
Received: 29 June 2012 / Accepted: 28 August 2012 # Springer Science+Business Media New York 2013
Abstract The telecare medical information system (TMIS) aims to establish telecare services and enable the public to access medical services or medical information at remote sites. Authentication and key agreement is essential to ensure data integrity, confidentiality, and availability for TMIS. Most recently, Chen et al. proposed an efficient and secure dynamic ID-based authentication scheme for TMIS, and claimed that their scheme achieves user anonymity. However, we observe that Chen et al.’s scheme achieves neither anonymity nor untraceability, and is subject to the identity guessing attack and tracking attack. In order to protect user privacy, we propose an enhanced authentication scheme which achieves user anonymity and untraceablity. It is a secure and efficient authentication scheme with user privacy preservation which is practical for TMIS. Keywords Telecare medical information system . Authentication . Key agreement . Smart card . Privacy . Anonymity
Introduction Telecare, which employs information and communication technologies to provide remote services that assist with certain healthcare activities, is becoming a viable solution to the continuously rising demand in medical and healthcare services. Telecare has the potential to lower social and Q. Jiang (*) : J. Ma : Z. Ma School of Computer Science and Technology, Xidian University, Xi’an, China e-mail: [email protected] G. Li Department of Information Research, Information Engineering University, Zhengzhou, China
medical expenses and improve the medical quality and efficiency. It is considered as an economical, time saving, and effective alternative compared with traditional clinical service. A number of telecare services have been proposed in recent years, such as electronic healthcare, remote nursing, and home monitoring [1–4]. The telecare medical information system (TMIS) aims to establish telecare services and enable the public to access medical services or medical information at remote sites. The medical server maintains various private data and information of registered users, such as name, address, telephone number, the electronic medical records (EMRs), which are directly interrelated with the user’s privacy. However, since TMIS has to provide remote access services over the insecure Internet, it is subject to the same security risks as the Internet. Security and privacy is the main obstacle to be addressed when deploying TMIS. Authentication and key agreement is essential to ensure data integrity, confidentiality, and availability for TMIS. Authentication is needed to control the access to the medical server’s resources and ensure that the server’s resources are not available to illegal users. Session keys are needed to establish a secure channel between the user and the medical server and ensure
Data Loading...
