On the Security Enhancement of Integrated Electronic Patient Records Information Systems

Muhammad Khurram Khan1, Ankita Chaturvedi2, Dheerendra Mishra3 and Saru Kumari4

  1. Center of Excellence in Information Assurance, King Saud University
    Riyadh, Kingdom of Saudi Arabia
  2. Department of Mathematics, Indian Institute of Technology
    Kharagpur, India
  3. Department of Mathematics, LNM Institute of Information Technology.
    Jaipur, India
  4. Department of Mathematics, Ch. Charan Singh University
    Meerut, India


Electronic patient records (EPR) information systems maintain the patients’ medical information on the web servers, and remain available to the medical institutions, practitioners, and the academia. The transmission of data is being done over the public network, which increases the privacy and security risk. However, authentication mechanism tries to ensure secure and authorized communication over insecure public network. In recent years, several authentication protocols have been proposed, but most of them fail to satisfy desirable security attributes. In this paper, we discuss the failure of two authentication protocols for EPR information systems. To overcome the flows, we present improved scheme for the integrated EPR information systems. The correctness of proposed protocol is proved using BAN logic. Moreover, the protocol performs is comparable and security is efficient than the existing schemes.

Key words

remote user authentication, smart card, password, electronic patient records information systems

Digital Object Identifier (DOI)


Publication information

Volume 12, Issue 2 (June 2015)
Year of Publication: 2015
ISSN: 1820-0214 (Print) 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

DownloadAvailable in PDF
Portable Document Format

How to cite

Khan, M. K., Chaturvedi, A., Mishra, D., Kumari, S.: On the Security Enhancement of Integrated Electronic Patient Records Information Systems. Computer Science and Information Systems, Vol. 12, No. 2, 857–872. (2015)