One of the main security issues in telecare medecine information systems is the remote user authentication and key agreement between healthcare professionals and patient’s medical sensors. Many of the proposed approaches are based on multiple factors (password, token, and possibly biometrics). Two-factor authentication protocols do not resist to many possible attacks, three-factor authentication schemes usually come with high resource consumption. Since medical sensors have limited storage and computational capabilities, ensuring a minimal resources consumption becomes a major concern in this context. In this paper, we propose a secure and lightweight three-factor authentication and key generation scheme for securing communications between healtcare professional and patient’s medical sensors. Thanks to formal verification, we prove that this proposal is robust enough against known possible attacks. A comparison with the most relevant related work’s schemes shows that our protocol ensures an optimised resource consumption level.