A Novel Approach for Patient Anatomized Authentication scheme using Smart Card in Telecare Medical Information System

In the Telecare Medical Information System (TMIS), a patient (aka user) and the server mutually authenticate each other and draws the prevalent session key over an insecure channel. The smart card of the patient contains the parameters predicated on the biometric data of the patient itself. Recently, in J Med System, Xie et al. (2014) show that Wen et al.'s scheme is vulnerable to off-line password guessing attack, perfect forward secrecy, and fails to provide patient anonymity and then proposed the biometricbased scheme to overcome these weaknesses. However, we show that Xie et al.'s scheme is still failing to withstand against perfect forward secrecy, key compromise impersonation resilience attack, and known key attack. Afterward, we proposed the scheme that not only secures against existing attacks but also achieves the constant computation time in every phase. Also, we added the ID phase and Biometric Phase for compromised users to change their credentials including biometric and stop the illegal use of compromised user ID or Biometric ID. To the best of our knowledge, our scheme is the first construction that provides security against the use of illegal/compromised user ID and Biometric ID.