Zheng zhou Information Science and Technology Institute, Henan 450002, China.
J Med Syst. 2012 Dec;36(6):3597-604. doi: 10.1007/s10916-012-9835-1. Epub 2012 Feb 29.
The telecare medicine information system enables or supports health-care delivery services. In order to safeguard patients' privacy, such as telephone number, medical record number, health information, etc., a secure authentication scheme will thus be in demand. Recently, Wu et al. proposed a smart card based password authentication scheme for the telecare medicine information system. Later, He et al. pointed out that Wu et al.'s scheme could not resist impersonation attacks and insider attacks, and then presented a new scheme. In this paper, we show that both of them fail to achieve two-factor authentication as smart card based password authentication schemes should achieve. We also propose an improved authentication scheme for the telecare medicine information system, and demonstrate that the improved one satisfies the security requirements of two-factor authentication and is also efficient.
远程医疗信息系统支持或提供医疗服务。为了保护患者的隐私,如电话号码、病历号、健康信息等,因此需要一个安全的认证方案。最近,Wu 等人提出了一种用于远程医疗信息系统的基于智能卡的密码身份验证方案。后来,He 等人指出 Wu 等人的方案不能抵抗冒充攻击和内部人员攻击,然后提出了一个新的方案。在本文中,我们表明这两个方案都不能实现基于智能卡的密码身份验证方案应实现的双因素认证。我们还提出了一种改进的远程医疗信息系统认证方案,并证明改进后的方案满足双因素认证的安全要求,并且高效。
