An efficient identity authentication protocol with revocation, tracking and fine-grained access control for electronic medical system

Abstract

In recent years, due to the spread of infectious diseases such as COVID-19, people begin to use the electronic medical system to obtain remote diagnosis and treatment services, which improves the convenience of people’s lives. However, people are worried that their private information will be compromised when they use the electronic medical system. To solve the above problems, a large number of identity authentication protocols have been designed to protect user privacy. To further provide fine-grained access control, attribute-based cryptography is employed to design identity authentication protocol, however, most existing protocols do not consider the user revocation problem. In this paper, to meet the actual requirements of user revocation in an electronic medical system, an efficient and novel identity authentication protocol with revocation and tracking is designed based on a linear secret sharing scheme. The unforgeability and anonymity of our proposal are formally proved based on the corresponding complexity assumption. Also, both security analysis and performance analysis show that our protocol has many security properties, such as data integrity, confidentiality, non-repudiation, forward and backward secrecy, data freshness, etc. That is, our protocol is secure, efficient, and highly practical.