Abstract: In order to satisfy the session authentication requirement?of Web services, and to enhance the authentication efficiency in multi-service transaction environment, an algorithm of identity-based aggregate signature is proposed based on the idea of signature scheme without trusted PKG in IBC system. Meantime, a new service session authentication protocol ABSAP（Aggregate signature-Based Session Authentication Protocol）is designed using the algorithm. The protocol can not only assure instances in multi-service transaction environment of secure session share, but also resolve the problems of key escrow and signature anti-forging by PKG. Authenticators can assure all signatures properly processed by verifying the aggregate signature ciphered from authentication information of all session instances. In this way, messages sending for session authentication are reduced. Compared to similar schema, the protocol has higher calculation efficiency.

Key words: Web service, session authentication, Public Key Generator（PKG）, aggregate signature

摘要： 为满足Web服务的会话认证需求，提高多方服务交互环境下的认证效率，基于IBC体制中无可信PKG签名思想提出一种基于身份的聚合签名算法，并使用该算法设计一种新的服务会话认证协议。该协议在保证多方服务实例安全共享会话的同时，能够解决密钥托管和防PKG伪造用户签名等问题，认证方只需对多个会话实例认证信息的聚合签名进行一次验证就能确信各签名是否来自指定的会话参与方，从而减少会话认证量。相比类似方案，该协议具有更高的计算效率。

关键词: Web服务, 会话认证, 公钥生成器（PKG）, 聚合签名