Journal of Medical Systems

, Volume 36, Issue 6, pp 3907–3915 | Cite as

An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems

  • Hung-Ming Chen
  • Jung-Wen Lo
  • Chang-Kuo Yeh
Original Paper


The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient’s home. Hence, the control of access to remote medical servers’ resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.’s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.’s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.


Telecare medical information system Authentication scheme Smart card Password-based remote authentication 


Conflict of interest

The authors declare that they have no conflict of interest.


  1. 1.
    Istepanian, R. S. H., Jovanov, E., and Zhang, Y. T., Guest editorial introduction to the special section on M-health: Beyond seamless mobility and global wireless health-care connectivity. IEEE Trans. Inf. Technol. Biomed. 8(4):405–414, 2004.CrossRefGoogle Scholar
  2. 2.
    Latré, B., Braem, B., Moerman, I., Blondia, C., and Demeester, P., A survey on wireless body area networks. J. Wireless Netw. 17(1). January 2011.Google Scholar
  3. 3.
    Stachura, M., and Khasanshina, E., Telehomecare and remote monitoring: An outcomes overview. Adv. Med. Technol. Assoc., October 31, 2007, Available at: (last access March 2012).
  4. 4.
    Otto, C., Milenkovic, A., Sanders, C., and Jovanov, E., System architecture of a wireless body area sensor network for ubiquitous health monitoring. J. Mobile Multimed. 1(4):307–326, 2006.Google Scholar
  5. 5.
    Mana, M., Feham, M., and Bensaber, B. A., Trust key management scheme for wireless body area networks. Int. J. Netw. Secur. 12(2):71–79, 2011.Google Scholar
  6. 6.
    Electronic health record Wiki Site., (last accessed March 2012).
  7. 7.
    Dunlop, L., Electronic health records: Interoperability challenges and patient’s right for privacy. Shidler J. Comput. Technol. 3:16, 2007.Google Scholar
  8. 8.
    Tim Wafa (J.D.)., How the lack of prescriptive technical granularity in HIPAA has compromised patient privacy. N. Illinois Univ. Law Rev., 30(3), Summer 2010.Google Scholar
  9. 9.
    Lamport, L., Password authentication with insecure communication. Commun. ACM 24(11):770–772, 1981.MathSciNetCrossRefGoogle Scholar
  10. 10.
    Haller, N., The S/KEY one-time password system. Proceedings of the Internet Society Symposium on Network and Distributed Systems, pp. 151–157, 1994.Google Scholar
  11. 11.
    Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1):28–30, 2000.CrossRefGoogle Scholar
  12. 12.
    Xu, J., Zhu, W. T., and Feng, D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfac. 31(4):723–728, 2009.CrossRefGoogle Scholar
  13. 13.
    Lee, N. Y., and Chiu, Y. C., Improved remote authentication scheme with smart card. Comput. Stand. Interfac. 27(2):177–180, 2005.CrossRefGoogle Scholar
  14. 14.
    Lee, S. W., Kim, H. S., and Yoo, K. Y., Improvement of Chien et al’.s remote user authentication scheme using smart cards. Comput. Stand. Interfac. 27(2):181–183, 2005.CrossRefGoogle Scholar
  15. 15.
    Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y., A secure authentication scheme for Telecare medicine information systems. J. Med. Syst., 2010. doi: 10.1007/s10916-010-9614-9.
  16. 16.
    Debiao, H., Jianhua, C., and Rui, Z., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2011. doi: 10.1007/s10916-011-9658-5.
  17. 17.
    Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. 508.CrossRefGoogle Scholar
  18. 18.
    Awashti, A. K., Comment on ‘A dynamic ID-based remote user authentication scheme’. Trans. Cryptol. 1(2):15–16, 2004.Google Scholar
  19. 19.
    Chien, H. Y., and Chen, C. H., A remote authentication scheme preserving user anonymity. In: International conference on AINA’05, 2, 2005.Google Scholar
  20. 20.
    Ku, W. C., Chang, S. T., Impersonation attack on a dynamic ID-based remote user authentication sheme using smart cards. IEICE Transactions on Communication E88-B (5):2165–2167, 2005.Google Scholar
  21. 21.
    Liao, I., Lee, C. C., Hwang, M. S., Security enhancement for a dynamic ID-based remote user authentication scheme. Proceedings of the National Conference on Next Generation Web Services Practices, pp. 4, 22–26 Aug. 2005.Google Scholar
  22. 22.
    Wang, Y. Y., Kiu, J. Y., Xiao, F. X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32:583–585, 2009.CrossRefGoogle Scholar
  23. 23.
    Khan, M. K., et al., Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3):305–309, 2010.CrossRefGoogle Scholar
  24. 24.
    He, D., Chen, J., and Hu, J, Weaknesses of a dynamic ID-based remote user authentication scheme. IACR Eprint archive, 2010, Available at (last accessed March 2012).

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.Department of Computer Science and Information EngineeringNational Taichung University of Science and TechnologyTaichungTaiwan
  2. 2.Department of Information ManagementNational Taichung University of Science and TechnologyTaichungTaiwan

Personalised recommendations