CN101510875A

CN101510875A - Identification authentication method based on N-dimension sphere

Info

Publication number: CN101510875A
Application number: CNA2009100382490A
Authority: CN
Inventors: 唐韶华; 张华�; 卢伯荣
Original assignee: South China University of Technology SCUT
Current assignee: South China University of Technology SCUT
Priority date: 2009-03-27
Filing date: 2009-03-27
Publication date: 2009-08-19
Anticipated expiration: 2029-03-27
Also published as: WO2010108335A1; CN101510875B

Abstract

The invention discloses an identity authentication method based on an N-dimensional spherical surface, which comprises: an authentication server receives registration and identity authentication of users after being initialized; when a new user registers, the user calculates a vector by a safe one-way function according to passwords selected and submits the vector to the authentication server; the authentication server specifies an IDg for the user as the identification of the identity of the user; the authentication server combines a self secrete vector with the vector submitted by the user to determine the N-dimensional spherical surface; the authentication server randomly selects a plurality of different points on the N-dimensional spherical surface to form an encrypted file which is sent to the user through a safe channel; when the user requires identity authentication, the passwords and the encrypted file containing identity identification are utilized to calculate; the result of calculation is sent to the authentication server; and the authentication server checks and determines whether to accept the identity of the user after calculation. The method can effectively reduce the stored information and calculation load of the authentication server and prevent imitating the authentication server.

Description

A kind of identity identifying method based on the N n-dimensional sphere n

Technical field

The present invention relates to the identity identifying method in computer system security and the network security, specifically relate to a kind of identity identifying method based on the N n-dimensional sphere n.

Background technology

Along with the development of online transaction and ecommerce, E-Government, the network crime that emerges in an endless stream caused the trust crisis of people to network identity, so authentication becomes more and more important.Identity identifying technology can stop the unauthorized access to valuable source closely in conjunction with the operation flow of enterprise, government.We can say that also authentication is the basis of whole information security system.Identity identifying method relatively more commonly used at present has: password, dynamic password, smart card authentication, Public Key Infrastructure(PKI), biological identification etc.

The basic thought of password authentication is that each user has an identify label (ID) and password, and when the user wanted to enter system, he must provide its ID and password, the legitimacy that system just can inspection user.So password authentication has characteristics such as cheap, easy realization, user interface close friend.But the authentication that is based on password is easy to be stolen, and intensity often also is difficult to resist password conjecture, but also might be subjected to Replay Attack etc.

The dynamic password technology be a kind of allow user cipher according to time or access times constantly change, each password can only expendable technology.It adopts a kind of specialized hardware that is called dynamic token, and built-in power, password generate chip and display screen, and password generates the special cryptographic algorithm of chip operation, generates current password and is presented on the display screen according to current time or access times.Certificate server adopts the identical current valid password of algorithm computation.When using, the user only the current password input client computer that shows on the dynamic token can need be realized authentication.Because each password that uses must be produced by dynamic token, has only validated user just to hold this hardware, as long as just can think that by password authentification this user's identity is reliable.And the each password that uses of user is all inequality, even the hacker has intercepted and captured password one time, also can't utilize this password to come the identity of counterfeit validated user.Though yet dynamic password has solved the problem of fail safe, its cost is higher.

Smart card is a kind of chip of built-in integrated circuit, has the data relevant with user identity in the chip, and smart card by special device fabrication, is not reproducible hardware by special manufacturer.Smart card is carried by validated user, the special-purpose card reader of smart card insertion must be read information wherein during login, with checking user's identity.Smart card authentication can be by not counterfeit by the not reproducible user identity that guarantees of smart card hardware.Yet, still be easy to be truncated to user's authentication information by technology such as internal memory scanning or network monitorings, so still have potential safety hazard because the data that read from smart card are static at every turn.

Public Key Infrastructure(PKI) adopts the digital certificate management PKI, by third-party trust authority authentication authorization and accounting center (CA) user's PKI and user's identification information is bundled.As if as an infrastructure, PKI can solve most network security problems, and begin to take shape a cover total solution and a theory.Yet because PKI system complexity and problem such as cost in the use makes it run into a lot of problems in the application of reality.

Biological identification mainly is meant a kind of technology by biological character for identity authentication such as measurable health or behaviors.Biological characteristic is meant unique physiological characteristic or the behavior that can measure or can discern automatically and verify.Biological characteristic is divided into physical trait and behavioural characteristic two classes.Physical trait comprises: the blood vessel of fingerprint, palm type, retina, iris, human scent, shape of face, hand and DNA etc.; Behavioural characteristic comprises: handwritten signature, voice, walking step state etc.The biological identification technology has traditional incomparable advantage of authentication means.Adopt the biological identification technology, can remember and be provided with password again, use conveniently, but high cost, complicated technology have hindered its promotion and application.

Summary of the invention

The objective of the invention is to overcome the shortcoming and defect of prior art, utilize the mathematical principle of " point on known N+1 the N dimension space that satisfies certain condition; can uniquely determine a N n-dimensional sphere n (N-sphere/hyper sphere/N ties up and justifies) ", a kind of identity identifying method based on the N n-dimensional sphere n is provided, whether can have carried out authentication by the same N n-dimensional sphere n of reconstruct by certain secrets information comparison certificate server and user.The N n-dimensional sphere n be common sphere in the popularization of dimension arbitrarily, special, be called circle at 2 dimension spaces, 3 dimension spaces are called sphere, the above space of 4 dimensions is called hypersphere.This method can reduce server info memory space, server and user's amount of calculation effectively, and this method not to be difficult to resolve problem with certain mathematics be theoretical foundation, thereby effectively avoided the possibility that is broken owing to the proposition that solves mathematics difficult problem new method.

Purpose of the present invention is achieved through the following technical solutions: a kind of identity identifying method based on the N n-dimensional sphere n may further comprise the steps:

(1) certificate server initialization: certificate server is selected finite field gf (p) and safe one-way function f, selects some secret vectors simultaneously; Wherein GF (p) has determined the finite field at group computing place, and promptly all group's calculating processes all carry out in finite field gf (p), and p is a big prime number;

(2) user's registration: the user is according to self selected password PW _gCalculate a vector by safety one-way function f and submit to certificate server, certificate server is checked user identity, for the user specifies an ID _gAs the sign of user identity, the sign of each user identity has nothing in common with each other; Vectorial unique definite N n-dimensional sphere n that certificate server is submitted in conjunction with self secret vector sum user, if can not construct such N n-dimensional sphere n, then the certificate server sign of reselecting this user identity is calculated again; The point some inequality that certificate server will be selected at this N n-dimensional sphere n at random by safe lane, and and user ID _g, big prime number p and safe one-way function f form encrypt file and pass to the user;

(3) user generates authentication information: the encrypt file that when the user needs certificate server to discern its identity, can utilize certificate server to pass back, and in conjunction with self selected password PW _g, re-construct a N n-dimensional sphere n, select geometric properties on this N n-dimensional sphere n to pass to certificate server simultaneously and verify as authentication information;

(4) certificate server checking user authentication information: the authentication information that certificate server is accepted the user utilizes the secret vector of self to re-construct a N n-dimensional sphere n simultaneously, and calculate the geometric properties of the N n-dimensional sphere n that the user arranges to use, authentication information with result of calculation and user's submission compares at last, if identical then accept user identity, otherwise refusing user's identity.

For realizing the present invention better, described step (1) certificate server initialization specifically may further comprise the steps:

(1.1) certificate server is selected safe one-way function f, and certain big prime number p is open with it behind selected f of certificate server and the p;

(1.2) secret selected N the N dimensional vector (being linear independence between each vector) of certificate server: (S ₁₁, S ₁₂... S _1N) ..., (S _N1, S _N2... S _NN), S wherein _KlIn finite field gf (p), select at random, k=1 ..., N, l=1 ..., N; Certificate server can disclose the N value, but this N N dimensional vector can only preserve by certificate server is secret, and in case selectedly just no longer change.

Preferably: described big prime number satisfies p=8n+3, and n is a certain positive integer, step 2.3 is sought in finite field gf (p) removed A _G0And A _GiThe quadratic residue of any N point in addition is to easier, and computing is more convenient.

Described step (2) user registration specifically may further comprise the steps:

(2.1) user U _gSelected password PW _g, U wherein _gBe the user who is designated as g down, PW _gBe the user U that is designated as g down _gSelected password, this password can be made up of letter and number, because of character string can be converted to numeral, the PW of the following stated _gBe meant the later integer of conversion, below all calculating of each step all in finite field gf (p), carry out;

User's compute vector A _G0=(f (PW _g), f (2 * PW _g) ..., f (N * PW _g)) and pass to certificate server;

(2.2) certificate server is specified a unique ID for this user _g, and calculate N n-dimensional sphere n equation:

(a) certificate server calculates N vector according to self secret N N dimensional vector of preserving:

\begin{matrix} A_{g 1} = (f ({ID}_{g} \times S_{11}), f ({ID}_{g} \times S_{12}), . . ., f ({ID}_{g} \times S_{1 N})) \\ \cdot \cdot \cdot \cdot \\ A_{gn} = (f ({ID}_{g} \times S_{N 1}), f ({ID}_{g} \times S_{N 2}), . . ., f ({ID}_{g} \times S_{NN})) \end{matrix}\}

(b) A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N; A _G0Coordinate is designated as (a ₀₁, a ₀₂..., a _0N).This N+1 vectorial A _G0, A _G1...,, A _GNStructure N n-dimensional sphere n equation

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _N-c _N) ²＝R ² (1)

(c wherein ₁, c ₂..., c _N) be the center of N n-dimensional sphere n, R is the radius of this N n-dimensional sphere n, (x ₁, x ₂..., x _N) be arbitrfary point on the sphere;

(c) certificate server gets equation group (2) with N+1 the vectorial substitution equation (1) of trying to achieve

\begin{matrix} {(a_{01} - c_{1})}^{2} + {(a_{02} - c_{2})}^{2} + . . . + {(a_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\} - - - (2)

Respectively the same form before them is subtracted the back same form, can obtain about c ₁, c ₂..., c _NSystem of linear equations (3):

\begin{matrix} 2 (a_{11} - a_{01}) c_{1} + . . . + 2 (a_{1 N} - a_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} a_{0 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\} - - - (3)

If in computational process, the coefficient matrix determinant of equation group (3) is zero, then reselects ID _gCalculate, guarantee the unique center C (c that determines this sphere of equation like this ₁, c ₂..., c _N); Again any one formula of this centre coordinate substitution equation group (2) is calculated, can be obtained R ²Then c ₁, c ₂..., c _NAnd R ²Substitution equation (1) is so the equation of this sphere just can determine that this equation is exactly to be designated as the user of g and the secret sphere UC that certificate server is shared down _g, establish this equation and be:

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _N-c _N) ²≡R ²?mod?p

(2.3) certificate server is selected secret sphere UC at random _gGo up and remove A _G0And A _GiN in addition some B _Gi, B _Gi=(b _I1, b _I2..., b _IN), wherein i=1 ..., N; B _GiEach coordinate components all in finite field gf (p), look for B _GiEach coordinate specifically find the solution as follows:

(A) find the N-2 number to being that quadratic residue is to (e _Iq, d _Iq), make e _Iq≡ d _Iq ²Mod p, wherein q=1 ..., N-2, e _Iq, d _IqBe to satisfy e in the finite field gf (p) _Iq≡ d _Iq ²Any two integers of mod p condition, and satisfy

b _i1≡(d _i1+c ₁)mod?p

b _i2≡(d _i2+c ₂)mod?p

......

b _i(N-2)≡(d _i(N-2)+c _N-2)mod?p

(B) select two pairs of quadratic residues to (e again _Iz, d _Iz), make e _Iz≡ d _Iz ²Mod p, wherein z=N-1, N, e _Iz, d _IzBe to satisfy e in the finite field gf (p) _Iz≡ d _Iz ²Any two integers of mod p condition, and satisfy

e_{i (N - 1)} + e_{iN} &equiv; (R^{2} - Σ_{y = 1}^{N - 2} e_{iy}) \mod p

Order

b _i(N-1)≡(d _i(N-1)+c _N-1)mod?p

b _iN≡(d _iN+c _N)mod?p

Above-mentioned steps (A) and (B) be the situations that N 〉=3 o'clock are suitable for is then directly used step (B) when N=2; Repeat N time and calculate, can obtain N B _GiPoint is verified after each the calculating, guarantees that N the point that obtains is mutually different;

(2.4) certificate server is p, f, ID _g, and B _G1, B _G2...,, B _GNPreserve hereof and send to the user with the form of encrypting, cryptographic algorithm can be used existing secure cryptographic algorithm, and as AES etc., the user preserves the file after the encryption, but the user imports the PIN code declassified document and obtains information needed, and below we claim this encrypt file for " userInfo ".

Described step (3) user generates authentication information, specifically may further comprise the steps:

(3.1) be designated as the user U of g under _gThe encrypt file that contains the information of succeeding in registration " userInfo " of input PIN code decrypted authentication server transmission obtains p, f, ID _g, and B _G1, B _G2...,, B _GN

(3.2) user is at client input self password PW _g, can calculate B _G0=(f (PW _g), f (2 * PW _g) ..., f (N * PW _g));

(3.3) user is according to B _G0Add the N point B of storage in the file " userInfo " _G1, B _G2..., B _GN, N+1 point utilizes this N+1 vector structure N n-dimensional sphere n equation altogether, can reconstruct original secret sphere UC _gBe about to B _G0And B _G1, B _G2...,, B _GNSubstitution N n-dimensional sphere n equation gets equation group:

\begin{matrix} {(b_{01} - c_{1})}^{2} + {(b_{02} - c_{2})}^{2} + . . . + {(b_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(b_{N 1} - c_{1})}^{2} + {(b_{N 2} - c_{2})}^{2} + . . . + {(b_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Respectively the same form before them is subtracted the back same form, can obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (b_{11} - b_{01}) c_{1} + . . . + 2 (b_{1 N} - b_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{1 j}^{2} - Σ_{j = 1}^{N} b_{0 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (b_{N 1} - b_{(N - 1) 1}) c_{1} + . . . + 2 (b_{NN} - b_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{Nj}^{2} - Σ_{j = 1}^{N} b_{(N - 1) j}^{2}) \mod p \end{matrix}\}

So can find the solution system of linear equations, can get centre coordinate C (c ₁, c ₂..., c _N);

(3.4) user calculates w ₁=f (c ₁* t), w2=f (c ₂* t) ..., w _N=f (c _N* t), wherein t is a timestamp, makes W _g=(w ₁, w ₂..., w _N);

(3.5) cross W _gBe straight line L with C, under the situation of seldom seeing, if W _gIdentical with C, reselect timestamp t, calculate W again _g(after recomputating, because timestamp is different, one guarantees that surely these two vectors are inequality); The parametric equation of straight line L is as follows

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y \\ _{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix}

Wherein k is the independent variable parameter, y ₁..., y _NBe dependent variable;

Getting L goes up except that W _gWith any 1 M outside the C _g(m ₁..., m _N), (y of correspondence when promptly k gets any several in the finite field gf (p) except that 0 and 1 ₁..., y _N) value;

(3.6) user is with authentication message Meg={t, ID _g, B _G1, M _gSend to certificate server, wherein, t is a timestamp, ID _gBe the sign that representative is designated as the user identity of g down, B _G1Be be stored in the file " userInfo " at sphere UC _gOn a point, M _gBe on the straight line L that generates more arbitrarily, in the each authentication message that generates of same user, t and M _gBe different, ID _gAnd B _G1Always identical.

Described step (4) certificate server checking user authentication information specifically may further comprise the steps:

(4.1) certificate server is received user U _gAuthentication message Meg, whether elder generation's review time stabs effective, invalid then authentification failure effectively then enters next step;

(4.2) certificate server is according to ID _gReach self secret vector set compute vector

A _gi＝(f(ID _g×S _i1)，f(ID _g×S _i2)，...，f(ID _g×S _iN))，(i＝1，...，N)

A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N, N vector added the some B in the authentication message like this _G1, altogether N+1 vectorial, so certificate server can reconstruct and the sphere UC that shares of user _g, utilize this N+1 vector structure N n-dimensional sphere n equation, be about to B _G1, and A _G1, A _G2..., A _GNSubstitution N n-dimensional sphere n equation:

\begin{matrix} {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

The preceding same form with them subtracts the back same form respectively, can obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (a_{11} - b_{11}) c_{1} + . . . + 2 (a_{1 N} - b_{1 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} b_{1 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\}

So can find the solution the centre coordinate C (c of system of linear equations ₁, c ₂..., c _N);

(4.3) authentication server computes W _g=(f (c ₁* t), f (c ₂* t) ..., f (c _N* t), a W is crossed in reconstruct _gAnd the straight line L of center C:

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y \\ _{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix};

(4.4) certificate server check post M _g(m ₁..., m _N) whether on straight line L, if then by authentication, otherwise authentification failure, the process of checking is as follows:

M ₁..., m _NEach minor of substitution linear equation is calculated respectively, obtains:

\{\begin{matrix} m_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k_{1}) \mod p \\ m \\ _{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k_{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ m_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k_{N}) \mod p \end{matrix}

Then have:

\{\begin{matrix} k_{1} &equiv; (m_{1} - w_{1}) \times {(c_{1} - w_{1})}^{- 1} \mod p \\ k \\ _{2} &equiv; (m_{2} - w_{2}) \times {(c_{2} - w_{2})}^{- 1} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ k_{N} &equiv; (m_{N} - w_{N}) \times {(c_{N} - w_{N})}^{- 1} \mod p \end{matrix}

If k ₁=k ₂=...=k _N, some M then is described _gOn straight line L, certificate server is accepted user identity; Otherwise some M _gNot on straight line L, the subscriber authentication failure.

Action principle of the present invention is: the mathematical principle that utilizes " point on known N+1 the N dimension space that satisfies certain condition; can uniquely determine a N n-dimensional sphere n (N-sphere/hyper sphere/N ties up and justifies) ", designed a kind of identity identifying method, the respective identity authentication method that whether can the same N n-dimensional sphere n of reconstruct designs by certain secrets information comparison certificate server and user based on the N n-dimensional sphere n.

The present invention compared with prior art has following advantage and beneficial effect:

The first, the main computing that authentication method is used is to On Solving System of Linear Equations, so the step required time that three need of authentication method calculate is all very short, can apply to practical application well.

The second, certificate server does not need for each user preserves user data, the required preservation of certificate server only be N to all general secret vector of N dimension of all users: (S ₁₁, S ₁₂... S _1N) ..., (S _N1, S _N2... S _NN).The certificate server end only needs to preserve seldom data and just can realize checking to a large number of users identity like this, has saved memory space greatly.

The 3rd, can effectively resist Replay Attack, because certificate server can stab the review time, thereby authentication message Meg can not reuse.

The 4th, can effectively resist and forge the authentication message attack, if the disabled user intercepts and captures authentication message Meg, also can only know point on the sphere, can't reconstruct sphere UC _g, also can't know centre coordinate.If disabled user's modification time stabs, but can't construct legal some M _g, also just can't forge authentication message, even intercepted and captured many authentication messages, also can't therefrom recover enough effective information reconstruct spheres, so the disabled user can't forge legal authentication message.

The 5th, can effectively resist off-line password conjecture (dictionary attack), the secret information f (PW of user self password in this authentication method _g) do not expose to the open air in network, thereby it is difficult to do dictionary attack.The assailant has intercepted and captured authentication message Me simultaneously _g, also can only know M _gAnd B _G1, can't the reconstruct sphere.Even by dictionary attack conjecture user password PW _g, and then conjecture B _G0, also can only know two some B on the sphere _G0And B _G1, still can't the reconstruct sphere.The possible value space of other point is just very big on the N n-dimensional sphere n, thus dictionary attack to the attack dynamics of the inventive method very a little less than.In each authentication message that generates, B _G1Point all is identical, so even the assailant has intercepted and captured many authentication messages, can not obtain more information about sphere.

The 6th, can effectively resist the personation certificate server and attack, the process that certificate server is constructed secret sphere will be used the N dimensional vector of the linear independence of N own secret.Validated user can only be known N+1 point on the secret sphere of own institute reconstruct, and this secret sphere of authentication server computes is to utilize other N point on the sphere, adds the B that is generated by user password _G0Point, the user does not know N some A of certificate server _Gi(wherein i=1 ..., N), do not know that more certificate server generates N of these points secret vector, so validated user is difficult to palm off certificate server.

The 7th, can effectively resist fake user and attack, if validated user wants to pretend to be other user, can revise the user ID in the authentication message _g, but can't know that the secret that other user and certificate server are shared (is other ID _gThereby can't generate legal some M the center of corresponding secret sphere), _g, also just can't forge authentication message, so can't pretend to be other validated user.

Description of drawings

Fig. 1 is the identity authorization system configuration diagram of the preferred embodiment of the present invention;

Fig. 2 is a view after the authentication server initialization of the preferred embodiment of the present invention;

Fig. 3 is user's 1 registration process schematic diagram of the preferred embodiment of the present invention;

Fig. 4 is user's 1 registration process authentication server calculating process schematic diagram of the preferred embodiment of the present invention;

Fig. 5 is user's 2 registration process schematic diagrames of the preferred embodiment of the present invention;

Fig. 6 is user's 2 registration process authentication server calculating process schematic diagrames of the preferred embodiment of the present invention;

Fig. 7 is the registration process authentication server operation result two-dimensional representation of the preferred embodiment of the present invention;

Fig. 8 is the user authentication process schematic diagram of the preferred embodiment of the present invention;

Fig. 9 is user authentication process user's computing schematic diagram of the preferred embodiment of the present invention;

Figure 10 is the user authentication process authentication server computing schematic diagram of the preferred embodiment of the present invention;

Figure 11 is the verification process operation result two-dimensional representation of the preferred embodiment of the present invention.

Embodiment

Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited thereto.

Embodiment

Typical identity authorization system framework as shown in Figure 1, this system comprises certificate server (CA), and user 1, user 2.Certificate server (CA), each user connect by world-wide web.

As shown in Figure 2, certificate server (CA) is set relevant parameter after initialization, wherein is the secret parameter of preserving in the solid box, and frame of broken lines is open parameter.The situation that present embodiment is chosen N=2 specifies, because in 2 dimension spaces, " 2 n-dimensional sphere n " is actual to be " circle ", so in the following description, adopts " 2 dimension circle " this term to substitute " N n-dimensional sphere n ".As 2 dimensional vector S among the figure ₁And S ₂Be that the secret secret vector of preserving is (so only select 2 dimensional vectors for simple declaration here, can select higher dimension vector in actual applications as secret vector), safe one-way function f and big prime number p are disclosed, and the whole process of embodiment is all carried out under finite field gf (p).

As shown in Figure 3, user U ₁(CA) registers to certificate server.

PW wherein ₁Be user U ₁The password of self is preserved by user self is secret, and this password can be made up of letter and number, and character string can be converted to numeral.The user sends register requirement to certificate server (CA), and self password is carried out safe one-way function f computing obtains A as a result ₁₀=(f (PW ₁), f (2*PW ₁)) send to certificate server (CA) as identity information.Certificate server (CA) utilizes self secret vectorial S ₁, S ₂And be encrypted to the encrypt file of " userInfo " by name behind the corresponding User Identity of information calculations submitted to of user, again it is sent to user U ₁:

Fig. 4 shows the calculating relative users identify label calculating process that certificate server (CA) is carried out when user 1 registers:

Certificate server (CA) is user U ₁Specify a unique ID ₁, the representative of consumer identity.Certificate server (CA) calculates 2 vectors according to 2 that preserve secret vectors:

A ₁₁＝(f(ID ₁×S ₁₁)，f(ID ₁×S ₁₂))

A ₁₂＝(f(ID ₁×S ₂₁)，f(ID ₁×S ₂₂))

A ₁₁Coordinate be designated as (a ₁₁, a ₁₂), A ₁₂Coordinate be designated as (a ₂₁, a ₂₂), add the A that the user sends ₁₀(be designated as (a ₀₁, a ₀₂)), these three vectors are formed the equation group of one 2 dimension circle, and the substitution relevant parameter gets:

\begin{matrix} {(a_{01} - c_{1})}^{2} + {(a_{02} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(a_{21} - c_{1})}^{2} + {(a_{22} - c_{2})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Subtract preceding Shi Kede by the back formula:

2 (a_{11} - a_{01}) c_{1} + 2 (a_{12} - a_{02}) c_{2} &equiv; (Σ_{v = 1}^{2} a_{1 v}^{2} - Σ_{v = 1}^{2} a_{0 v}^{2}) \mod p

2 (a_{21} - a_{11}) c_{1} + 2 (a_{22} - a_{12}) c_{2} &equiv; (Σ_{v = 1}^{2} a_{2 v}^{2} - Σ_{v = 1}^{2} a_{1 v}^{2}) \mod p

By finding the solution this linear equation in two unknowns group, can obtain center C (c ₁, c ₂), and then radius squared R ²If, can't find the solution this equation group in the computational process, then reselect user U ₁ID ₁, recomputate again up to can solving equation.Choose two other different some B from this 2 dimension circle at last ₁₁, B ₁₂(these two points are different from A ₁₀, A ₁₁, A ₁₂), detailed process is as follows:

Select two pairs of quadratic residues to (e ₁₁, d ₁₁), (e ₁₂, d ₁₂) make e ₁₁≡ d ₁₁ ²Mod p and e ₁₂≡ d ₁₂ ²Mod p, and satisfy

e ₁₁+e ₁₂≡R ²?mod?p

Order

b ₁₁≡(d ₁₁+c ₁)mod?p

b ₁₂≡(d ₁₂+c ₂)mod?p

B ₁₁＝(b ₁₁，b ₁₂)；

Select two pairs of quadratic residues to (e equally again ₂₁, d ₂₁), (e ₂₂, d ₂₂) make e ₂₁≡ d ₂₁ ²Mod p and e ₂₂≡ d ₂₂ ²Mod p, and satisfy

e ₂₁+e ₂₂≡R ²?mod?p

Order

b ₂₁≡(d ₂₁+c ₁)mod?p

b ₂₂≡(d ₂₂+c ₂)mod?p

B ₁₂＝(b ₂₁，b ₂₂)；

At last with B ₁₁, B ₁₂And big prime number p, safe one-way function f all encrypt in the file, is called " userInfo ", and " userInfo " is returned to user U ₁

As shown in Figure 5, user U ₂(CA) registers to certificate server.This process and user U ₁Registration process is the same.Be that present certificate server (CA) has used ID ₁This ID must reselect other ID and compose the U to the user ₂

As shown in Figure 6, certificate server (CA) is at user U ₂The calculating process that is carried out when registering.This process is consistent with Fig. 4 calculating process, is user U this moment ₂The ID that uses is ID ₂

As shown in Figure 7, certificate server (CA) is at user U ₁, user U ₂Registration back operation result 2 dimension schematic diagrames.Wherein 2 tie up circle UC ₁Be user U ₁Utilizing self provides password information A ₁₀And the secret vectorial S of certificate server (CA) ₁, S ₂(utilize ID ₁Carry out computing and obtain A ₁₁, A ₁₂) structure, B ₁₁, B ₁₂Be two other different point that certificate server (CA) is selected, deposit in the encrypt file " userInfo ", self take care of by user 1; 2 dimension circle UC ₂Be user U ₂Utilizing self provides password information A ₂₀And the secret vectorial S of certificate server (CA) ₁, S ₂(utilize ID ₂Carry out computing and obtain A ₂₁, A ₂₂) structure, B ₂₁, B ₂₂Two other the different point that is certificate server (CA) selection is as user U ₂The identity sign.Because user U ₁, user U ₂The ID difference, certificate server (CA) construct 2 the dimension fenestras be not the same, can increase the fail safe of whole identity authorization system thus.

Fig. 8 is user U ₁Process schematic diagram to certificate server (CA) request authentication.User U wherein ₁Calculate earlier, utilize the identify label that self password and encrypt file " userInfo " contain to re-construct 2 dimension circles, again with information B ₁₁, M ₁, timestamp t and self ID ₁Send to certificate server (CA).Certificate server (CA) at first the review time stab t whether in tolerance interval, if exceed the time qualified authentication failure of just thinking, as t effectively then certificate server (CA) utilize B ₁₁Also re-construct sphere with self secret vector, and check M ₁Whether correct, whether the checking that determines one's identity thus is successful.

As shown in Figure 9, user U ₁Process schematic diagram to certificate server (CA) request authentication user self computing.User U ₁Utilize self password PW ₁Calculate A ₁₀, note A ₁₀=(f (PW ₁), f (2*PW ₁))=(a ₀₁, a ₀₂) and " userInfo " in B ₁(b ₁₁, b ₁₂), B ₁₂(b ₂₁, b ₂₂) three points are formed the equation group of 2 dimension circles, and the substitution relevant parameter gets:

\begin{matrix} {(a_{01} - c_{1})}^{2} + {(a_{02} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(b_{21} - c_{1})}^{2} + {(b_{22} - c_{2})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Subtract preceding Shi Kede by the back formula:

2 (b_{11} - a_{01}) c_{1} + 2 (b_{12} - a_{02}) c_{2} &equiv; (Σ_{v = 1}^{2} b_{1 v}^{2} - Σ_{v = 1}^{2} a_{0 v}^{2}) \mod p

2 (b_{21} - b_{11}) c_{1} + 2 (b_{22} - b_{12}) c_{2} &equiv; (Σ_{v = 1}^{2} b_{2 v}^{2} - Σ_{v = 1}^{2} b_{1 v}^{2}) \mod p

By finding the solution this linear equation in two unknowns group, can obtain center C (c ₁, c ₂), and then obtain radius squared R ²User U ₁Select a timestamp t again, and calculate W ₁, W wherein ₁(w ₁, w ₂)=(f (c ₁* f (c t), ₂* t)).The user crosses W then ₁, C makes straight line L, detailed process is as follows:

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y \\ _{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \end{matrix}

Wherein k is an independent variable, y ₁, y ₂Be dependent variable, and on straight line L, select wherein to be different from C, W ₁A bit be designated as M ₁(m ₁, m ₂).End user is Meg={t, ID ₁, B ₁₁, M ₁Send to certificate server (CA) as authentication information, accept the checking of certificate server (CA), and etc. result to be verified.

As shown in figure 10, the process schematic diagram of user 1 certificate server (CA) self computing when certificate server request authentication.Certificate server (CA) checks that at first the user sends the timestamp t of authentication information, if overtime then authentication failed, otherwise would continue down checking.Certificate server (CA) utilizes self secret vectorial S ₁, S ₂And ID ₁Computing obtains A ₁₁, A ₁₂:

A ₁₁(a ₁₁，a ₁₂)＝(f(S ₁₁*ID ₁)，f(S ₁₂*ID ₁))

A ₁₂(a ₂₁，a ₂₂)＝(f(S ₂₁*ID ₁)，f(S ₂₂*ID ₁))

Add the B that the user sends ₁₁, these three points can be formed one 2 dimension equation of a circle group again, and with the parameter substitution wherein

\begin{matrix} {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(a_{21} - c_{1})}^{2} + {(a_{22} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Subtract preceding formula by the back formula and can obtain a linear equation in two unknowns group

2 (a_{21} - a_{11}) c_{1} + 2 (a_{22} - a_{12}) c_{2} &equiv; (Σ_{v = 1}^{2} a_{2 v}^{2} - Σ_{v = 1}^{2} a_{1 v}^{2}) \mod p

2 (b_{11} - a_{21}) c_{1} + 2 (b_{12} - a_{22}) c_{2} &equiv; (Σ_{v = 1}^{2} b_{1 v}^{2} - Σ_{v = 1}^{2} a_{2 v}^{2}) \mod p

Can obtain center C (c by finding the solution this linear equation in two unknowns group ₁, c ₂), and then obtain radius squared R ²Certificate server (CA) is obtained W again ₁, W ₁(w ₁, w ₂)=(f (c ₁* f (c t), ₂* t)), wherein t is the timestamp in the user authentication information, crosses C, W then ₁Make straight line L, and checking user U ₁The M that sends ₁On straight line, verification method is as follows for point:

\{\begin{matrix} k_{1} &equiv; ((m_{1} - w_{1}) \times {(c_{1} - w_{1})}^{- 1}) \mod p \\ k \\ _{2} &equiv; ((m_{2} - w_{2}) \times {(c_{2} - w_{2})}^{- 1}) \mod p \end{matrix}

If K ₁Equal K ₂, M then ₁On straight line L, thus the authentication success; If K ₁Be not equal to K ₂, M then ₁Not on straight line L, thus the authentication failure.

As shown in figure 11, user 1 is to certificate server request authentication operation result two-dimensional representation.User U ₁Utilize self information structure 2 dimension circles, obtained center C and W ₁Straight line, and on this straight line, select arbitrarily a some M ₁If certificate server (CA) utilizes corresponding information also can construct same 2 dimension circles, and utilizes user U ₁The correct information that provides just can be verified M ₁With sphere centre C and W ₁Cross same straight line L, can judge user U thus ₁Identity.Simultaneously because W ₁Be to change in time, so in the t ' time, the user will construct other straight line L ', promptly the straight line of constructing in the each authentication process itself of user all can be inequality, so just more can improve security of system.

The foregoing description is a preferred implementation of the present invention; but embodiments of the present invention are not limited by the examples; other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; all should be the substitute mode of equivalence, be included within protection scope of the present invention.

Claims

1, a kind of identity identifying method based on the N n-dimensional sphere n may further comprise the steps:

(2) user's registration: the user is according to self selected password PW _gCalculate a vector by safety one-way function f and submit to certificate server, certificate server is checked user identity, for the user specifies an ID _gAs the sign of user identity, the sign of each user identity has nothing in common with each other; Vectorial unique definite N n-dimensional sphere n that certificate server is submitted in conjunction with self secret vector sum user, if can not construct such N n-dimensional sphere n, then the certificate server sign of reselecting this user identity is calculated again; The point some inequality that last certificate server will be selected at this N n-dimensional sphere n at random by safe lane, and with the sign ID of user identity _g, big prime number p and safe one-way function f form encrypt file and pass to the user;

(3) user generates authentication information: the encrypt file that when the user needs certificate server to discern its identity, utilizes certificate server to pass back, and in conjunction with self selected password PW _g, re-construct a N n-dimensional sphere n, select geometric properties on this N n-dimensional sphere n to pass to certificate server simultaneously and verify as authentication information;

(4) certificate server checking user authentication information: the authentication information that certificate server is accepted the user utilizes the secret vector of self to re-construct a N n-dimensional sphere n simultaneously, and calculate geometric properties on the N n-dimensional sphere n that the user arranges to use, authentication information with result of calculation and user's submission compares at last, if identical then accept user identity, otherwise refusing user's identity.

2, a kind of identity identifying method based on the N n-dimensional sphere n according to claim 1 is characterized in that: described step (1) certificate server initialization specifically may further comprise the steps:

(1.2) the N dimensional vector of secret selected N the linear independence of certificate server: (S ₁₁, S ₁₂... S _1N) ..., (S _N1, S _N2... S _NN), S wherein _KlIn finite field gf (p), select at random, k=1 ..., N, l=1 ..., N; The open N value of certificate server, but this N N dimensional vector can only preserve by certificate server is secret, and in case selected with regard to no longer change.

3, a kind of identity identifying method according to claim 2 based on the N n-dimensional sphere n, it is characterized in that: described big prime number satisfies p=8n+3, and n is a certain positive integer.

4, a kind of identity identifying method based on the N n-dimensional sphere n according to claim 1 is characterized in that: described step (2) user registration specifically may further comprise the steps:

(2.1) user U _gSelected password PW _g, U wherein _gBe the user who is designated as g down, PW _gBe the user U that is designated as g down _gSelected password, this password is made up of letter and number, because of character string can be converted to numeral, the PW of the following stated _gBe meant the later integer of conversion, below all calculating of each step all in finite field gf (p), carry out;

(2.2) certificate server is specified a unique IDg for this user, and calculates N n-dimensional sphere n equation:

\begin{matrix} A_{g 1} = (f ({ID}_{g} \times S_{11}), f ({ID}_{g} \times S_{12}), . . ., f ({ID}_{g} \times S_{1 N})) \\ \cdot \cdot \cdot \cdot \\ A_{gN} = (f ({ID}_{g} \times S_{N 1}), f ({ID}_{g} \times S_{N 2}), . . ., f ({ID}_{g} \times S_{NN})) \end{matrix}\}

(b) A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N, add the A that the user transmits _G0, A _G0Coordinate is designated as (a ₀₁, a ₀₂..., a _0N), utilize N+1 vectorial A _G0, A _G1..., A _GNStructure N n-dimensional sphere n equation, the substitution spherical equation:

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _N-c _N) ²＝R ²

:

\begin{matrix} {(a_{01} - c_{1})}^{2} + {(a_{02} - c_{2})}^{2} + . . . + {(a_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Respectively the same form before them is subtracted the back same form then, obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (a_{11} - a_{01}) c_{1} + . . . + 2 (a_{1 N} - a_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} a_{0 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\}

If in computational process, the coefficient matrix determinant of equation group is zero, then reselects ID _gCalculate, guarantee the unique center C (c that determines this sphere of equation group like this ₁, c ₂..., c _N); Then obtain R ²Then just according to c ₁, c ₂..., c _NAnd R ²Determine spherical equation, definite spherical equation is exactly to be designated as the user of g and the secret sphere UC that certificate server is shared down _g, establish this equation and be:

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _n-c _n) ²≡R ²mod?p

(2.3) certificate server is selected secret sphere UC at random _gGo up and remove A _G0And A _GiN in addition some B _Gi, B _Gi=(b _I1, b _I2..., b _IN); B _GiEach coordinate components all in finite field gf (p), look for B _GiEach coordinate specifically find the solution as follows:

b _i1≡(d _i1+c ₁)mod?p

b _i2≡(d _i2+c ₂)mod?p

b _i(N-2)≡(d _i(N-2)+c _N-2)mod?p

e_{i (N - 1)} + e_{iN} &equiv; (R^{2} - Σ_{y = 1}^{N - 2} e_{iy}) \mod p

Order

b _i(N-1)≡(d _i(N-1)+c _N-1)mod?p

b _iN≡(d _iN+c _N)mod?p

Above-mentioned steps (A) and step (B) are N 〉=3 o'clock suitable situations, then directly use step (B) when N=2;

Repeat N time and calculate, obtain N B _GiPoint is verified after each the calculating, guarantees that N the point that obtains is mutually different;

(2.4) certificate server is p, f, ID _g, and B _G1, B _G2..., B _GNPreserve hereof and send to the user with the form of encrypting, cryptographic algorithm is to use existing secure cryptographic algorithm, and the user preserves the file after the encryption, and the user imports the PIN code declassified document and obtains information needed, and we claim this encrypt file to be " userInfo ".

5, a kind of identity identifying method according to claim 1 based on the N n-dimensional sphere n, it is characterized in that: described step (3) user generates authentication information, specifically may further comprise the steps:

(3.1) be designated as the encrypt file that contains the information of succeeding in registration " userInfo " of the user Ug input PIN code decrypted authentication server transmission of g under, obtain p, f, ID _g, and B _G1, B _G2..., B _GN

(3.2) user is at client input self password PW _g, calculate B _G0=(f (PW _g), f (2 * PW _g) ..., f (N * PW _g));

(3.3) user is according to B _G0Add the N point B of storage in the file " userInfo " _G1, B _G2..., B _GN, N+1 point utilizes this N+1 vector structure N n-dimensional sphere n equation altogether, reconstructs original secret sphere UC _gBe about to B _G0And B _G1, B _G2..., B _GNSubstitution N n-dimensional sphere n equation gets equation group:

\begin{matrix} {(b_{01} - c_{1})}^{2} + {(b_{02} - c_{2})}^{2} + . . . + {(b_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(b_{N 1} - c_{1})}^{2} + {(b_{N 2} - c_{2})}^{2} + . . . + {(b_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Respectively the same form before them is subtracted the back same form, obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (b_{11} - b_{01}) c_{1} + . . . + 2 (b_{1 N} - b_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{1 j}^{2} - Σ_{j = 1}^{N} b_{0 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (b_{N 1} - b_{(N - 1) 1}) c_{1} + . . . + 2 (b_{NN} - b_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{Nj}^{2} - Σ_{j = 1}^{N} b_{(N - 1) j}^{2}) \mod p \end{matrix}\}

Promptly get centre coordinate C (c so find the solution system of linear equations ₁, c ₂..., c _N);

(3.5) cross W _gBe straight line L with C, under the situation of seldom seeing, if W _gIdentical with C, reselect timestamp t, calculate W again _gThe parametric equation of straight line L is as follows:

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y_{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix}

Get upward any 1 M except that Wg and C of L _g(m ₁..., m _N), (y of correspondence when promptly k gets any several in the finite field gf (p) except that 0 and 1 ₁..., y _N) value;

(3.6) user is with authentication message Meg={t, ID _g, B _G1, M _gSend to certificate server, wherein, t is a timestamp, ID _gBe the sign that representative is designated as the user identity of g down, B _G1Be be stored in the file " userInfo " at N n-dimensional sphere n UC _gOn a point, M _gBe on the straight line L that generates more arbitrarily, in the each authentication message that generates of same user, t and M _gBe different, ID _gAnd B _G1Always identical.

6, a kind of identity identifying method based on the N n-dimensional sphere n according to claim 1 is characterized in that: described step (4) certificate server checking user authentication information specifically may further comprise the steps:

A _gi＝(f(ID _g×S _i1)，f(ID _g×S _i2)，...，f(ID _g×S _in))

A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N, N vector added the some B in the authentication message like this _G1, altogether N+1 vectorial, so certificate server can reconstruct and the sphere UC that shares of user _g, utilize this N+1 vector structure N n-dimensional sphere n equation, be about to B _G1, A _G1, A _G2..., A _GNSubstitution N n-dimensional sphere n equation:

\begin{matrix} {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

The preceding same form with them subtracts the back same form respectively, obtains about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (a_{11} - b_{11}) c_{1} + . . . + 2 (a_{1 N} - b_{1 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} b_{1 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\}

So find the solution the centre coordinate C (c of system of linear equations ₁, c ₂..., c _N);

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y_{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix};

\{\begin{matrix} m_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k_{1}) \mod p \\ m_{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k_{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ m_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k_{N}) \mod p \end{matrix}

Then have:

\{\begin{matrix} k_{1} &equiv; (m_{1} - w_{1}) \times {(c_{1} - w_{1})}^{- 1} \mod p \\ k_{2} &equiv; (m_{2} - w_{2}) \times {(c_{2} - w_{2})}^{- 1} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ k_{N} &equiv; (m_{N} - w_{N}) \times {(c_{N} - w_{N})}^{- 1} \mod p \end{matrix}