Wearable health monitoring systems (WHMSs) have become the most effective and practical solutions to provide users with low-cost, noninvasive, long-term continuous health monitoring. Authentication is one of the key means to ensure physiological information security and privacy. Although numerous authentication protocols have been proposed, few of them cater to crossdomain WHMSs. In this paper, we present an efficient and provably secure crossdomain multifactor authentication protocol for WHMSs. First, we propose a ticket-based authentication model for multidomain WHMSs. Specifically, a mobile device of one domain can request a ticket from the cloud server of another domain with which wearable devices are registered and remotely access the wearable devices with the ticket. Secondly, we propose a crossdomain three-factor authentication scheme based on the above model. Only a doctor who can present all three factors can request a legitimate ticket and use it to access the wearable devices. Finally, a comprehensive security analysis of the proposed scheme is carried out. In particular, we give a provable security analysis in the random oracle model. The comparisons of security and efficiency with the related schemes demonstrate that the proposed scheme is secure and practical.

中文翻译：

---

可穿戴式健康监控系统的安全跨域多因素身份验证协议

穿戴式健康监测系统（WHMS）已成为为用户提供低成本，无创，长期连续健康监测的最有效和实用的解决方案。认证是保证生理信息安全和隐私的关键手段之一。尽管已提出了许多身份验证协议，但很少有协议可满足跨域WHMS的要求。在本文中，我们提出了一种针对WHMS的有效且可证明安全的跨域多因素身份验证协议。首先，我们为多域WHMS提出了基于票证的身份验证模型。具体地，一个域的移动设备可以向另一域的云服务器请求票据，向其注册了可穿戴设备，并利用该票据远程访问可穿戴设备。其次，基于上述模型，我们提出了一种跨域三因素认证方案。只有能够同时提出这三个因素的医生才能索取合法票证，并使用它来访问可穿戴设备。最后，对提出的方案进行了全面的安全性分析。特别是，我们在随机预言模型中给出了可证明的安全性分析。安全性和效率与相关方案的比较表明，该方案是安全实用的。