An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

Jung, Jaewook; Kang, Dong-Woo; Lee, Dong‐Hoon; Won, Dongho

doi:10.1371/journal.pone.0169414

Cited by 29 publications

(15 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section, we compare recent electronic medical solutions by their computational and communication costs. Comparisons of Wen et al [7], Li et al [12], Jung et al [13], Wu et al [17], Lin et al [28], Lee et al [29], and our method are illustrated in Table 2, a performance comparison table, where T H denotes the execution time of the biometric-hash function operation, T h denotes the execution time of the one-way hash function operation, T xor denotes the execution time of the Exclusive-OR (short for XOR) operation, T M denotes the execution time of multiplication operations, and T qr denotes the execution time of computing a square root modulo n. T xor , T h , and T H belong to lightweight operations. According to the description of [15,23], the calculation of the XOR operation is negligible, and the T h ≈ T H time cost is similar.…”

Section: Performance Comparisonsmentioning

confidence: 96%

“…Alternatively, in the case of offline processing, a zero-knowledge information exchange key agreement was performed through the public network [11]. In the case of the key agreement mechanism, many scholars had proposed related agreements [8,[11][12][13][14][15]. In 2002, using fingerprints as passwords and using a remote login authentication through smart cards and biometrics were common [9].…”

Section: Related Workmentioning

confidence: 99%

“…According to the description of [15,23], the calculation of the XOR operation is negligible, and the T h ≈ T H time cost is similar. [13] 3T Appl. Sci.…”

Section: Performance Comparisonsmentioning

confidence: 99%

See 2 more Smart Citations

iPatient Privacy Copyright Cloud Management

Kuo

Shieh

2020

Applied Sciences

View full text Add to dashboard Cite

The advent and rapid rise of network technology and cloud computing have led to new opportunities for ushering in a new era in telehealth. Thanks to the Internet of Things (IoT) and advances in 5G communication, telehealth is expanding and shows no signs of slowing down. It provides patients including elderly and disabled patients with convenient and easy access to healthcare services across space and time. However, the continuous real-time transmission of health information over networks also exposes private data to the risk of being intercepted by third parties. The privacy of the primary individual patient must be managed under the protection of the patient's anonymous key while storing, transferring, sharing, and adding privacy rights. A question arises: How can we design a secure communication environment for remote access control to personal privacy matters? The patient's electronic medical record is protected by the patient's private key, and our scheme provides a real anonymous design for the patient with absolute autonomy over their privacy. Each update of the cloud medical records is patient-led and performed in a secure tunnel. As a result, this study reveals that the cloud-based iPatient privacy copyright management fully controlled by an individual patient is indeed safe and effective.records is mainly through a secure tunnel to encrypt and decrypt data. The tunnel is constructed by a cryptographic asymmetric public key system or symmetric key agreement. Asymmetric public-key encryption and decryption methods need to maintain huge public and private key pairing creation and storage costs. Accordingly, in recent years, symmetric encryption and decryption by a session key agreement mechanism has managed privacy issues. The main point of the key agreement mechanism is to design a set of zero-knowledge-based communications. The two communication parties cannot transmit information that is derived or reversibly decrypted to obtain the private key, and also cannot reveal personal identities during the medical communication process. This paper proposes, under the above premises, an application to provide medical personal privacy and a copyright access mechanism that is managed in the cloud, where the entire process is conducted in a patient-controlled authorization environment, which can be seen in Figure 1. The paper is laid out as follows. Section 2 introduces the related work. Our protocols are found in Section 3. Security analysis is shown in Section 4. Section 5 shows performance comparisons. Section 6 illustrates the conclusions.Appl. Sci. 2020, 10, x FOR PEER REVIEW 2 of 13 environment, how to securely transfer data and securely process data, and how to ensure that all actions related to patient privacy are performed with the patient's full authorization. The management of general medical records is mainly through a secure tunnel to encrypt and decrypt data. The tunnel is constructed by a cryptographic asymmetric public key system or symmetric key agreement. Asymmetric public-key encryption and decry...

show abstract

Section: Performance Comparisonsmentioning

confidence: 96%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

iPatient Privacy Copyright Cloud Management

Kuo

Shieh

2020

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…They used an ID‐based signature and encryption to contract an anonymously key agreement scheme. Jung et al first mentioned the security flaws of Li et al's scheme and showed that this is not resisted against password guessing and spoofing attack also does not achieve password verification. Doshi et al proposed a crucial password‐based agreement protocol for Internet of Things (IoT) environment.…”

Section: Introductionmentioning

confidence: 99%

“…They mentioned that the presented protocol accomplishes smart meter security and SK‐security under the CK‐adversary model. Lee et al mentioned some low flows in Jung et al and showed that it fails to ensure user anonymity. Moreover, they proposed a biometric‐based key agreement scheme for a DRM system.…”

Section: Introductionmentioning

confidence: 99%

Authenticated content distribution framework for digital rights management systems with smart card revocation

Mishra

Rana

2020

Int J Communication

View full text Add to dashboard Cite

The growing features of multimedia distribution across multiple smart devices have attained significant attention of many industries and users. In this context, digital rights management (DRM) is the system, which tries to ensure authorized content distribution. For much diverse and productive research in content distribution, DRM is paying attention to provide a better DRM protocol according to current requirements. But the violation of copyright protection of digital content (video, audio, and secret documents) still has a significant issue of concern. Not only solely copyright protection but also stolen smart cards which keep the license and more specific information of a user is also an attentive concern of DRM users. In this paper, we introduced an authenticated key agreement protocol which maintains secure and authorized content distribution with successful smart card revocation. Moreover, the proposed scheme has simulated under AVISPA tool, which informally confirms the security of the protocol. The formal proof security is given in the random oracle model and then done the performance evaluation. The comparison with the relevant existing schemes shows the advantage of the proposed scheme. It identified that the proposed protocol achieves all the desirable security and performance attributes with valid smart card revocation. KEYWORDSanonymity, digital rights management systems, multimedia security, mutual authentication INTRODUCTIONIn very few amounts of time, e-commerce industries have acquired a massive market of digital content distribution. The digital content distribution plays a crucial role in the e-commerce industry. In particular, live video streaming and e-books are also becoming more and more popular, and they also have immense importance in terms of revenue while digital content distribution authorities face many challenges such as secure content distribution, copyright issue, fixing the user right etc. Thus, the DRM system tries to facilitate multimedia users against any suspicious activity. It is developed to prevent illegal content consumption. Initially, DRM protocols either extend over public key infrastructure (PKI) or identity-based public key infrastructure (ID-PKI). PKI occurred certificate management problem which needs revocation, storage, distribution, and validation of the certificate, as an authentic outcome. The trusted authority becomes the choke point for this extensive area network. The ID-PKI has the drawback of key escrow. However, for secure and authorized content distribution, it is necessary to eliminate these flaws from the existing DRM system.DRM system stores the security parameters and digital license in a smart card (SC). These security parameters are protected with a password, biometric, and server secret key. Otherwise, it may lead to the misuse of the lost smart card Int J Commun Syst. 2020;33:e4388.wileyonlinelibrary.com/journal/dac

show abstract