In medical domain, different medical environments would be generated with various contexts and regions. In these environments, the protected medical information is likely to be transmitted among systems or users for patient treatments, clinical research, or doctor enquiry. The safe transmission on the network and the guarantee of information privacy and integrity are the critical issues. An authorization mechanism would be used for ensuring the private information not being obtained fraudulently by illegal persons. The password-based authentication scheme is the most widely employed method because of its efficiency. Under such mechanism, each user is allowed to select his password and keep it in mind without any additional assistant devices for further authentication process. Therefore, an ameliorative password-based authentication scheme is proposed in this paper, achieving to resist off-line password guessing attacks, replay attacks, on-line password guessing attacks, ID-theft attacks, stolen-verifier attacks, server spoofing attacks, impersonation attacks, and denial of service attacks. In light of security, the proposed scheme is provided with good practicability for medical environments, even over insecure network.

• 出版日期2017