Secure User Authentication and User Anonymity Scheme based on Quadratic Residues for the Integrated EPRIS

Remote user authentication has been widely used in the integrated electronic patient record information system (EPRIS) to protect the security and integrity of communication sessions between the login user and the medical server. Recently, Wen 17 presented the user authentication and user anonymity scheme based on the quadratic residues and claimed that his scheme is secure. However, we analyzed Wen's scheme and identified that Wen's scheme is vulnerable to password disclosure attack and does not provide efficiency in password change phase. As a result, in this paper, we propose an enhanced scheme for the integrated EPRIS with the aim to eliminate the weaknesses of Wen's scheme. By comparing the performance with other related schemes, our scheme not only resists several hard security attacks but also retains lower computational and communication costs.