Journal of Medical Systems

, Volume 36, Issue 2, pp 631–638 | Cite as

A Password-Based User Authentication Scheme for the Integrated EPR Information System

  • Zhen-Yu Wu
  • Yufang Chung
  • Feipei Lai
  • Tzer-Shyong Chen
Original Paper


With the rapid development of the Internet, digitization and electronic orientation are required in various applications of our daily life. For e-medicine, establishing Electronic patient records (EPRs) for all the patients has become the top issue during the last decade. Simultaneously, constructing an integrated EPR information system of all the patients is beneficial because it can provide medical institutions and the academia with most of the patients’ information in details for them to make correct decisions and clinical decisions, to maintain and analyze patients’ health. Also beneficial to doctors and scholars, the EPR system can give them record linkage for researches, payment audits, or other services bound to be developed and integrated into medicine. To tackle the illegal access and to prevent the information from theft during transmission over the insecure Internet, we propose a password-based user authentication scheme suitable for information integration.


E-medicine Electronic patient records Integrated EPR information system Password Authentication 



This work was supported partially by National Science Council, Taiwan under Grants NSC 98-2221-E-029-025.


  1. 1.
    Takeda, H., Matsumura, Y., and Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.CrossRefGoogle Scholar
  2. 2.
    Chan, A. T. S., Cao, J., Chan, H., and Young, G., A web-enabled framework for smart card application in health services. Commun. ACM 44(9):77–82, 2001.CrossRefGoogle Scholar
  3. 3.
    Wang, D. W., Liu, D. R., and Chen, Y. C., A mechanism to verify the integrity of computer-based patient records. J. China Assoc. Med. Inform. 10:71–84, 1999.Google Scholar
  4. 4.
    Gritzalis, S., Lambrinoudakis, C., Lekkas, D., and Deftereos, S., Technicl guidelines for enhancing privacy and data protection in modern electronic medical environments. IEEE Trans. Inf. Technol. Biomed. 9(3):413–423, 2005.CrossRefGoogle Scholar
  5. 5.
    Dolin, R. H., Alschuler, L., Beebe, C., Biron, P. V., Boyer, S. L., Essin, D., Kimber, E., Lincoln, T., and Mattison, J. E., The HL7 clinical document architecture. J. Am. Med. Inform. Assoc. 8(6), 2001.Google Scholar
  6. 6.
    Huston, T., Security issues for implementation of E-Medical records. Commun ACM 44(9), 2001.Google Scholar
  7. 7.
    Ball, E., Chadwick, D. W., and Mundy, D., Patient privacy in electronic prescription transfer. IEEE Secur. & Privacy Mag. 1(2):77–80, 2003.CrossRefGoogle Scholar
  8. 8.
    Yang, Y., Han, X., Bao, F., and Deng, R. H., A smart-card-enabled privacy preserving E-Prescription system. IEEE Trans. Inf. Technol. Biomed. 8(1):47–58, 2004.CrossRefGoogle Scholar
  9. 9.
    Um, K. S., Kwak, Y. S., Cho, H., and Kim, I. K., Development of an HL7 interface engine, based on tree structure and streaming algorithm, for large-size messages which include image data. Comput. Meth. Programs Biomed. 80:126–140, 2005.CrossRefGoogle Scholar
  10. 10.
    Ping, X.-O., Ko, L.-F., Shang, R.-J., and Lai, F., Dynamic Messages Creation Method for HL7 Based Healthcare Information System. HEALTHCOM 2007, 2007.Google Scholar
  11. 11.
    Hsieh, J.-C., A novel DICOM-based 12-lead electrocardiogram documentary system. J. Electrocardiol. 40:S81–S87, 2007.Google Scholar
  12. 12.
    Dolin, R. H., Rishel, W., Biron, P. V., Spinosa, J., and Mattison, J. E., SGML and XML as Interchange Formats for HL7 Messages. J. Am. Med. Inform. Assoc. 1998.Google Scholar
  13. 13.
    McAuliffe, M. J., Lalonde, F. M., McGarry, D., Gandler, W., Csaky, K., and Trus, B. L., Medical image processing, Analysis and visualization in clinical research. CBMS 2001. Proceedings. 14th IEEE Symposium.:381–386, 2001.Google Scholar
  14. 14.
    Pereira, J., Lamelo, A., and Vazquez-Naya, I. M., Design and implementation of a DICOM PACS with secure access via Internet. Proceedings of the 23 rd Annual EMBS International Conference.:3724–3727, 2001.Google Scholar
  15. 15.
    Lu, R., Cao, Z., Chai, Z., and Liang, X., A simple user authentication scheme for grid computing. Int. J. Netw. Secur. 7(2):202–206, 2008.Google Scholar
  16. 16.
    Chen, C.-L., Chen, Y.-Y., and Chen, Y.-H., Group-based authentication to protect digital content for business applications. Int. J. Innovative Comput. Inf. Control 5(5):1243–1251, 2009.Google Scholar
  17. 17.
    Zhang, L.-J., and Zhou, Q., CCOA: Cloud computing open architecture. ICWS 2009:607–616, 2009.Google Scholar
  18. 18.
    Lamport, L., Password authentication with insecure communication. Commun. ACM. 24, 1981.Google Scholar
  19. 19.
    Ateniese, G., Cutmola, R., de Meideiros, B., and Davis, D., Medical information privacy assurance: Cryptographic and system aspects. Third Conference on Security in Communication Networks, 2002.Google Scholar
  20. 20.
    Rash, M. C., Privacy concerns hinder electronic medical records. The Business Journal of the Greater Triad Area, April 4, 2005.Google Scholar
  21. 21.
    Yee, G., Korba, L., and Song, R., Ensuring privacy for E-health services, In Proceedings of the First International Conference on Availability, Reliability and Security, 2006.Google Scholar
  22. 22.
    Lin, C. H., and Lai, Y. Y., A flexible biometrics remote user authentication scheme. Comput. Stand. Interfaces 27(1):19–23, 2004.CrossRefGoogle Scholar
  23. 23.
    Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfaces 27(2):177–180, 2005.CrossRefGoogle Scholar
  24. 24.
    Wang, Y. Y., Liu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32:583–585, 2009.CrossRefGoogle Scholar
  25. 25.
    Yoon, E., and Yoo, K., An efficient password authentication schemes without using the server public key for grid computing. GCC 2005, LNCS 3795, 149–154, 2005.Google Scholar
  26. 26.
    Foster, I., and Kesselman, C., The grid: Blueprint for a new computing infrastructure. 2nd revised edition, Morgan Kaufmann Publishers In, 2003.Google Scholar
  27. 27.
    Schneier, B., and Shostack, A., Breaking up is hard to do: Modeling security threats for smart cards. Proceedings of USENIX Workshop on Smart Card Technology. 175–185, 1999.Google Scholar
  28. 28.
    Stallings, W., Cryptography and network security, principles and practice. 3 rd Edition. Prentice Hall, 2003.Google Scholar
  29. 29.
    Snyder, A. M., and Weaver, A. C., The e-logistics of securing distributed medical data. INDIN 2003. 207–216, 2003.Google Scholar
  30. 30.
    Rankl, W., and Effing, W., Smart card handbook. John Wiley & Sons, ISBN 0-471-96720-3, 1997.Google Scholar
  31. 31.
    Guthery, S. B., and Jurgensen, T. M., SmartCard Developer’s Kit, Macmillan Technical Publishing. ISBN 1-57870-027-2,, 1998.

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Zhen-Yu Wu
    • 1
    • 6
  • Yufang Chung
    • 2
  • Feipei Lai
    • 1
    • 3
    • 5
  • Tzer-Shyong Chen
    • 4
  1. 1.Department of Computer Science and Information EngineeringNational Taiwan UniversityTaipeiTaiwan
  2. 2.Department of Electrical EngineeringTunghai UniversityTaichungTaiwan
  3. 3.Department of Electrical EngineeringNational Taiwan UniversityTaipeiTaiwan
  4. 4.Department of Information ManagementTunghai UniversityTaichungTaiwan
  5. 5.Graduate Institute of Biomedical Electronics and BioinformaticsNational Taiwan UniversityTaipeiTaiwan
  6. 6.TaipeiRepublic of China

Personalised recommendations