Abstract: The interactive authentication among the member enterprises is the basis and premise of all security problems in Virtual Enterprise（VE）. None of the existing authentication schemes for VE can regularly update or multi-policy authenticate, and some can’t resist conspiracy attacks, some can’t trace the members’ identities, some put alliance master in the leading position, so their safety is low. A multi-policy regularly updatable interactive authentication scheme for VE is proposed, and its security analysis and efficiency comparison has been done. In the new scheme, certificates can be regularly updated, members are allowed to join or leave without changing the group’s private key which reduces the implementation cost, and certificates are generated by using different thresholds which adapt to the requirement of different members using different policy. The scheme also has conspiracy attack immune property, the identities traceability, partial signatures verifiable and other security advantages. Simulation results show that the proposed scheme is more efficient than other schemes.

Key words: virtual enterprise, interactive authentication, multi-policy, regularly updatable, conspiracy attack

摘要： 成员企业间的信任交互是虚拟企业所有安全问题的基础和前提。现有的虚拟企业交互认证方案都没有定期更新和多策略认证功能，且有些不能抵抗合谋攻击，有些不具备身份可追查性，有些将盟主放在主导地位，安全性较差。为此，提出了一个多策略、可定期更新的高效强安全虚拟企业动态认证方案，进行了安全性分析和效率对比。方案可实现证书的定期更新；成员加入或退出时无需改变群私钥、其他成员的密钥和证书，减小了方案实施的代价；实现了多策略证书颁发，更能适应不同成员区别认证的需求；方案还具有抗合谋攻击性、签名成员身份可追查性、部分签名可验证性等多种安全优势。仿真实验表明，相对于其他方案，该方案计算效率更高。

关键词: 虚拟企业, 交互认证, 多策略, 可定期更新, 合谋攻击