User authentication is the key to ensuring that only authorized users can deal with specific affairs and access services. Applications or systems possessing different properties or requirements need different authentication schemes. For example, some institutions or companies need executives to manage or inspect their corresponding departments while the inspected department should not know who the executives are but only can verify their legitimacy. This paper designs a non-repudiation and anonymity-ensured user authentication system to meet the mentioned special requirements. We also propose a user authentication scheme to ensure that the designed system can work as claimed. In the system, a department is equipped with an authentication device, namely the department authentication device, to authenticate an executive while the executive's identity is not revealed to the department and only the department's authentication device can identify the executive for non-repudiation. An executive is equipped with an authentication device to have himself/herself authenticated by the department's authentication device. Moreover, authentication data stored in an executive's authentication device does not need to be updated even when management personnel changes are made.
Keywords: anonymity; authentication; non-repudiation; offline; security.