Lin Han-Yu
Department of Computer Science and Engineering, National Taiwan Ocean University, 2, Beining Road, Keelung, 202 Taiwan Republic of China,
J Med Syst. 2013 Apr;37(2):9929. doi: 10.1007/s10916-013-9929-4. Epub 2013 Jan 24.
Telecare medical information systems (TMISs) are increasingly popular technologies for healthcare applications. Using TMISs, physicians and caregivers can monitor the vital signs of patients remotely. Since the database of TMISs stores patients' electronic medical records (EMRs), only authorized users should be granted the access to this information for the privacy concern. To keep the user anonymity, recently, Chen et al. proposed a dynamic ID-based authentication scheme for telecare medical information system. They claimed that their scheme is more secure and robust for use in a TMIS. However, we will demonstrate that their scheme fails to satisfy the user anonymity due to the dictionary attacks. It is also possible to derive a user password in case of smart card loss attacks. Additionally, an improved scheme eliminating these weaknesses is also presented.
远程医疗信息系统(TMISs)在医疗保健应用中是越来越受欢迎的技术。通过使用TMISs,医生和护理人员可以远程监测患者的生命体征。由于TMISs的数据库存储了患者的电子病历(EMR),出于隐私考虑,只有授权用户才能访问此信息。为了保持用户匿名性,最近,Chen等人提出了一种用于远程医疗信息系统的基于动态身份的认证方案。他们声称他们的方案在TMIS中使用时更安全、更健壮。然而,我们将证明他们的方案由于字典攻击而无法满足用户匿名性。在智能卡丢失攻击的情况下,也有可能导出用户密码。此外,还提出了一种消除这些弱点的改进方案。
