Cryptanalysis on “a secure three-factor user authentication and key agreement protocol for TMIS with user anonymity ”

The health-care delivery services were made possible by telecare medicine information systems (TMIS). These systems are paving the way for a world where computerised telecare facilities and automated patient medical records are the norm. Authentication schemes are common mechanisms for preventing unauthorised access to medical records via insecure networks. Amin and Biswas recently proposed an authentication scheme for TMIS, asserting that their scheme can withstand various attacks. Despite this, their scheme still has significant security weaknesses. In this paper, we present a cryptanalysis of Amin and Biswas’ scheme and show that it is subject to a variety of attacks.