Journal
JOURNAL OF MEDICAL SYSTEMS
Volume 38, Issue 9, Pages -Publisher
SPRINGER
DOI: 10.1007/s10916-014-0091-4
Keywords
Connected health care; Authentication; Anonymity; Biometrics; Smart card
Funding
- Major State Basic Research Development (973) Program of China [2013CB834205]
- National Natural Science Foundation of China [61070153, 61103209]
- Natural Science Foundation of Zhejiang Province [LZ12F02005, LY12F02006]
Ask authors/readers for more resources
Patient's privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.'s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen's scheme is still vulnerable to off-line password guessing attacks, does not provide user's anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available