Tan Zuowen
High Level Engineering Research Center of Electronic-Commerce, Jiangxi Provincial Colleges and Universities, School of Information Technology, Jiangxi University of Finance & Economics, Nanchang, 330032, China,
J Med Syst. 2014 Mar;38(3):16. doi: 10.1007/s10916-014-0016-2. Epub 2014 Mar 19.
The telecare medicine information system enables the patients gain health monitoring at home and access medical services over internet or mobile networks. In recent years, the schemes based on cryptography have been proposed to address the security and privacy issues in the telecare medicine information systems. However, many schemes are insecure or they have low efficiency. Recently, Awasthi and Srivastava proposed a three-factor authentication scheme for telecare medicine information systems. In this paper, we show that their scheme is vulnerable to the reflection attacks. Furthermore, it fails to provide three-factor security and the user anonymity. We propose a new three-factor authentication scheme for the telecare medicine information systems. Detailed analysis demonstrates that the proposed scheme provides mutual authentication, server not knowing password and freedom of password, biometric update and three-factor security. Moreover, the new scheme provides the user anonymity. As compared with the previous three-factor authentication schemes, the proposed scheme is more secure and practical.
远程医疗信息系统使患者能够在家中进行健康监测,并通过互联网或移动网络获取医疗服务。近年来,已提出基于密码学的方案来解决远程医疗信息系统中的安全和隐私问题。然而,许多方案并不安全或效率低下。最近,阿瓦斯蒂和斯里瓦斯塔瓦提出了一种用于远程医疗信息系统的三因素认证方案。在本文中,我们表明他们的方案容易受到反射攻击。此外,它未能提供三因素安全性和用户匿名性。我们提出了一种用于远程医疗信息系统的新的三因素认证方案。详细分析表明,所提出的方案提供了相互认证、服务器不知密码和密码自由、生物特征更新以及三因素安全性。此外,新方案提供了用户匿名性。与以前的三因素认证方案相比,所提出的方案更安全、更实用。
