Department of Computer Science and Information Engineering, National Taichung University of Science and Technology, Taiwan.
J Med Syst. 2012 Dec;36(6):3907-15. doi: 10.1007/s10916-012-9862-y. Epub 2012 Jun 7.
The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient's home. Hence, the control of access to remote medical servers' resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.'s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.'s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.
不断增加的、始终在线的宽带电信环境和成本更低的生命体征监测设备的可用性将远程医疗的优势直接带到了患者的家中。因此,对远程医疗服务器资源的访问控制成为了一个至关重要的挑战。因此,需要在医疗服务器和远程用户之间建立一个安全的身份验证方案,以确保数据的完整性、保密性和可用性。最近,已经提出了许多使用低成本移动设备的身份验证方案来满足这些要求。与以前的方案不同,Khan 等人提出了一种基于动态 ID 的远程用户身份验证方案,该方案降低了计算复杂度,并具有一些功能,例如为丢失或被盗的智能卡提供吊销功能,以及为身份验证过程提供时间过期检查。然而,Khan 等人的方案存在一些安全缺陷。为了解决这些问题,本研究提出了一种增强的身份验证方案,克服了 Khan 等人方案中的固有弱点,并证明该方案在远程医疗信息系统中更安全、更健壮。
