Security Enhancement of Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce

Telecare medicine information systems (TMIS) present the platform to deliver clinical service door to door. The technological advances in mobile computing are enhancing the quality of healthcare and a user can access these services using its mobile device. However, user and Telecare system communicate via public channels in these online services. This increases the security risk. Therefore, it is required to ensure that only authorized user is accessing the system and user is interesting with the correct system. The mutual authentication provides the way to achieve this. Although existing schemes are either vulnerable to attacks or they have higher computational cost while an scalable authentication scheme for mobile devices should be secure and efficient. Recently, Awasthi and Srivastava presented a biometric based efficient authentication scheme for TMIS with nonce. Their scheme only requires the computation of the hash and XOR functions. Thus, this scheme fits for TMIS. However, we observe that Awasthi and Srivastava's scheme does not achieve efficient password change phase. Moreover, their scheme is vulnerable to off-line password guessing attack. Further, we propose an improvement of Awasthi and Srivastava's scheme with the aim to remove all the drawbacks of their scheme.