Nowadays people can get many services including health-care services from distributed information systems remotely via public network. By considering that these systems are built on public network, they are vulnerable to many malicious attacks. Hence it is necessary to introduce an effective mechanism to protect both users and severs. Recently many two-factor authentication schemes have been proposed to achieve this goal. In 2016, Li et al. demonstrated that Lee et al.'s scheme was not satisfactory to be deployed in practice because of its security weaknesses and then proposed a security enhanced scheme to overcome these drawbacks. In this paper, we analyze Li et al.'s scheme is still not satisfactory to be applied in telecare medicine information systems (TMIS) because it fails to withstand off-line dictionary attack and known session-specific temporary information attack. Moreover, their scheme cannot provide card revocation services for lost smart card. In order to solve these security problems, we propose an improved scheme. Then we analyze our scheme by using BAN-logic model and compare the improved scheme with related schemes to prove that our scheme is advantageous to be applied in practice.

• 出版日期2016-11
• 单位北京交通大学; 电子科技大学