The Internet of Medical Things (IoMT) has become a core component of modern healthcare infrastructures, enabling continuous patient monitoring, remote diagnostics, and data-driven clinical decision-making. Despite these advances, authentication in IoMT environments remains a critical security challenge, intensified by strict resource constraints of medical devices and the emerging threat posed by quantum computing to classical cryptographic techniques. This systematic review investigates authentication mechanisms in IoMT from both post-quantum and system-level perspectives. A structured literature review was conducted using a PRISMA-informed methodology across major scientific databases, including IEEE Xplore, ACM Digital Library, SpringerLink, ScienceDirect, and MDPI. From an initial set of 95 records, 63 studies were selected for qualitative synthesis following screening and eligibility assessment. To organise existing research, this study introduces a multi-dimensional classification framework that categorises authentication solutions according to cryptographic paradigm (classical, hybrid, and post-quantum), deployment architecture, system objectives, and clinical operational constraints. The comparative synthesis demonstrates important trade-offs between security strength, latency, computational overhead, and energy consumption that are frequently underexplored in the existing literature. Furthermore, the analysis identifies key research gaps related to scalability in heterogeneous medical environments, trust establishment across administrative and clinical domains, usability under strict timing constraints, and resilience against quantum-capable adversaries. Based on these findings, future research directions are outlined toward adaptive, lightweight, and context-aware post-quantum authentication frameworks designed for real-world IoMT deployments. Limitations of this review include restriction to English-language publications and selected databases. This study received no external funding, and the review protocol was not formally registered.
Abdullah et al. (Sun,) studied this question.