1. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.
—————————— ——————————
J. Xu is with School of Computing, University of Leeds, Leeds, West
Yorkshire, LS2 9JT, UK. E-mail: j.xu@leeds.ac.uk
D. Zhang is with Beijing Research Centre of Huawei Technology, Shang-
di, Beijing, 100085, China. E-mail: zhang_dacheng@hotmail.com
L. Liu is with School of Engineering and Information Sciencesm, Middle-
sex University, London, NW4 4BT, UK. E-mail: l.liu@mdx.ac.uk
X. Li is with Faculty of Computer Science, Beihang University, Haidian,
Beijing, China. E-mail:lixx@buaa.edu.cn
Manuscript received Oct 20, 2009. This work was supported in part by
the UK EPSRC/BAE Systems NECTISE project (EP/D505461/1), the ESRC
MoSeS project (RES-149-25-0034), the EPSRC WRG project (EP/F057644/1),
the EPSRC CoLaB project (EP/D077249/1) and Major Program of the Na-
tional Natural Science Foundation of China (No.90818028).
Digital Object Indentifier 10.1109/TSC.2010.33 1939-1374/10/$26.00 © 2010 IEEE

2. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.

3. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.

4. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.

5. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.
p large prime number
a exponentiation base
A, B, C session partners
SA session authority

6. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.
IDA identifier of A
S multi-party session with identifier IDS
Pri(A) private key of principal A
Pri(A)
Pub(A) public key of principal A, i.e. (a mod p) =
IDA
X, Y range over statements
(M, N) composite message composed of messages
M and N
K(A, B) secret key generated with Pri(A) and
Pri(A) Pri(A) Pri(B)
Pub(B); K(A, B) = (Pub(B)) =a mod p;
K(A, B) =K(B, A)
MAC(M)K message authentication code of M gener-
ated with secret key K
Secure(M) message M is transmitted by a secure chan-
nel
(1) A F: Secure(Request, IDS, IDA)
Valid(M)K composite message (M, MAC(M)K) (2) F A: Secure(IDB, IDS)
Pub(A) Pub(A) is good [6]. That is its corresponding (3) A SA: Valid(SP(B,S), IDB, IDA, IDSA, IDS, N)K(A, SA)
Pri(A) will never be discovered by any other (4) SA A: Valid(Confirm, N+1) K(SA, A)
principals and Pub(A) is not weak (e.g., (5) A B: Valid(Invoke, IDA, IDB, IDS, N1)K(A, B)
Pub(A)=1) (6) B A: Valid(Reply, IDB, IDA, IDS, N1+1)K(B, A)
#M M is fresh, i.e. M has not been sent in a mes-
sage at any time before the current run of
the protocol
SP(A, S) statement that A is a session partner of S.
Particularly, SP(SA, S) is always true
A B K(A,B) is A’s secret key to be shared with B.
No third principal aside from A and B can
deduce K(A, B). But A have not yet get confir-
mation from B that B knows K(A, B).
A B K(A,B) is a key held by A. No third principal
aside from A and B can deduce K(A, B). and A
has received key confirmation from B which
indicates that B actually knows K(A, B).
A| X A believes that statement X is true
A X A is an authority on X, i.e. A has jurisdiction
over X
A M A receives message M from somebody.

7. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.
Lemma 1 A Valid(M)K(A,B), , and
A| #M, then A| B | M.
Proof: This lemma can be deduced directly from Rule 6.

8. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.

9. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.

10. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.

11. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.

12. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.

13. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.