CN101510875B

CN101510875B - Identification authentication method based on N-dimension sphere

Info

Publication number: CN101510875B
Application number: CN2009100382490A
Authority: CN
Inventors: 唐韶华; 张华�; 卢伯荣
Original assignee: South China University of Technology SCUT
Current assignee: South China University of Technology SCUT
Priority date: 2009-03-27
Filing date: 2009-03-27
Publication date: 2012-02-22
Anticipated expiration: 2029-03-27
Also published as: CN101510875A; WO2010108335A1

Abstract

The invention discloses an identity authentication method based on an N-dimensional spherical surface, which comprises: an authentication server receives registration and identity authentication of users after being initialized; when a new user registers, the user calculates a vector by a safe one-way function according to passwords selected and submits the vector to the authentication server; the authentication server specifies an ID<g> for the user as the identification of the identity of the user; the authentication server combines a self secrete vector with the vector submitted by the user to determine the N-dimensional spherical surface; the authentication server randomly selects a plurality of different points on the N-dimensional spherical surface to form an encrypted file which is sent to the user through a safe channel; when the user requires identity authentication, the passwords and the encrypted file containing identity identification are utilized to calculate; the result of calculation is sent to the authentication server; and the authentication server checks and determines whether to accept the identity of the user after calculation. The method can effectively reduce the stored information and calculation load of the authentication server and prevent imitating the authentication server.

Description

A kind of identity identifying method based on the N n-dimensional sphere n

Technical field

The present invention relates to the identity identifying method in computer system security and the network security, specifically relate to a kind of identity identifying method based on the N n-dimensional sphere n.

Background technology

Along with the development of online transaction and ecommerce, E-Government, the network crime that emerges in an endless stream caused the trust crisis of people to network identity, so authentication becomes more and more important.Identity identifying technology can combine the operation flow of enterprise, government closely, stops the unauthorized access to valuable source.We can say that also authentication is the basis of whole information security system.Identity identifying method relatively more commonly used at present has: password, dynamic password, smart card authentication, Public Key Infrastructure(PKI), biological identification etc.

The basic thought of password authentication is that each user has an identify label (ID) and password, and when the user wanted to get into system, he must provide its ID and password, the legitimacy that system just can inspection user.So password authentication has characteristics such as cheap, easy realization, user interface close friend.But the authentication that is based on password is easy to be stolen, and intensity often also is difficult to resist password conjecture, but also might receive Replay Attack etc.

The dynamic password technology be a kind of let user cipher according to time or access times constantly change, each password can only expendable technology.It adopts a kind of specialized hardware that is called dynamic token, and built-in power, password generate chip and display screen, and password generates the special cryptographic algorithm of chip operation, generates current password and is presented on the display screen according to current time or access times.Certificate server adopts the identical current valid password of algorithm computation.When using, the user only need the current password input client computer that show on the dynamic token can be realized authentication.Because each password that uses must be produced by dynamic token, has only validated user just to hold this hardware, as long as just can think that through password authentification this user's identity is reliable.And the each password that uses of user is all inequality, even the hacker has intercepted and captured password one time, also can't utilize this password to come the identity of counterfeit validated user.Though yet dynamic password has solved the problem of fail safe, its cost is higher.

Smart card is a kind of chip of built-in integrated circuit, has the data relevant with user identity in the chip, and smart card through special device fabrication, is not reproducible hardware by special manufacturer.Smart card is carried by validated user, must smart card be inserted special-purpose card reader during login and read information wherein, with checking user's identity.Smart card authentication can be by not counterfeit through the not reproducible user identity that guarantees of smart card hardware.Yet, still be easy to be truncated to user's authentication information through technology such as internal memory scanning or network monitorings, so still have potential safety hazard because the data that from smart card, read are static at every turn.

Public Key Infrastructure(PKI) adopts the digital certificate management PKI, bundles user's PKI and user's identification information through third-party trust authority authentication authorization and accounting center (CA).As if as an infrastructure, PKI can solve most network security problems, and begin to take shape a cover total solution and a theory.Yet because problems such as PKI system complexity and cost in the use make it in the application of reality, run into a lot of problems.

Biological identification mainly is meant a kind of technology through biological character for identity authentication such as measurable health or behaviors.Biological characteristic is meant unique physiological characteristic or the behavior that can measure or can discern automatically and verify.Biological characteristic is divided into two types of physical trait and behavioural characteristics.Physical trait comprises: the blood vessel of fingerprint, palm type, retina, iris, human scent, shape of face, hand and DNA etc.; Behavioural characteristic comprises: handwritten signature, voice, walking step state etc.The biological identification technology has traditional incomparable advantage of authentication means.Password can remembered and be provided with to employing biological identification technology again, uses conveniently, but high cost, complicated technology have hindered its promotion and application.

Summary of the invention

The objective of the invention is to overcome the shortcoming and defect of prior art; Utilize the mathematical principle of " point on known N+1 the N dimension space that satisfies certain condition; can uniquely confirm a N n-dimensional sphere n (N-sphere/hyper sphere/N ties up and justifies) "; A kind of identity identifying method based on the N n-dimensional sphere n is provided, whether can have carried out authentication by the same N n-dimensional sphere n of reconstruct through certain secrets information comparison certificate server and user.The N n-dimensional sphere n be common sphere in the popularization of dimension arbitrarily, special, be called circle at 2 dimension spaces, 3 dimension spaces are called sphere, the above space of 4 dimensions is called hypersphere.This method can reduce server info memory space, server and user's amount of calculation effectively, and this method not to be difficult to resolve problem with certain mathematics be theoretical foundation, thereby effectively avoided the possibility that is broken owing to the proposition that solves mathematics difficult problem new method.

The object of the invention is realized through following technical proposals: a kind of identity identifying method based on the N n-dimensional sphere n may further comprise the steps:

(1) certificate server initialization: certificate server is selected finite field gf (p) and safe one-way function f, selects some secret vectors simultaneously; Wherein GF (p) has confirmed the finite field at group computing place, and promptly all group's calculating processes all carry out in finite field gf (p), and p is a big prime number;

(2) user's registration: the user is according to self selected password PW _gCalculate a vector through safety one-way function f and submit to certificate server, certificate server inspection user identity is for the user specifies an ID _gAs the sign of user identity, the sign of each user identity has nothing in common with each other; Vectorial unique definite N n-dimensional sphere n that certificate server combines the secret vector sum user of self to submit to, if can not construct such N n-dimensional sphere n, then the certificate server sign of reselecting this user identity is calculated again; The point some inequality that certificate server will be selected at this N n-dimensional sphere n through safe lane at random, and and ID _g, big prime number p and safe one-way function f form encrypt file and pass to the user;

(3) user generates authentication information: the encrypt file that when the user needs its identity of certificate server identification, can utilize certificate server to pass back, and combine self selected password PW _g, construct a N n-dimensional sphere n again, select geometric properties on this N n-dimensional sphere n to pass to certificate server simultaneously and verify as authentication information;

(4) certificate server checking user authentication information: the authentication information that certificate server is accepted the user utilizes the secret vector of self to construct a N n-dimensional sphere n again simultaneously; And calculate the geometric properties of the N n-dimensional sphere n that the user arranges to use; Authentication information with result of calculation and user's submission compares at last; If identical then accept user identity, otherwise refusing user's identity.

For realizing the present invention better, said step (1) certificate server initialization specifically may further comprise the steps:

(1.1) certificate server is selected safe one-way function f, and certain big prime number p is open with it behind selected f of certificate server and the p;

(1.2) secret selected N the N dimensional vector (being linear independence between each vector) of certificate server: (S ₁₁, S ₁₂... S _1N) ..., (S _N1, S _N2... S _NN), S wherein _KlIn finite field gf (p), select at random, k=1 ..., N, l=1 ..., N; Certificate server can disclose the N value, but this N N dimensional vector can only preserve by certificate server is secret, and in case selectedly just no longer change.

Preferably: said big prime number satisfies p=8n+3, and n is a certain positive integer, step 2.3 is sought in finite field gf (p) removed A _G0And A _GiThe quadratic residue of any N point in addition is to easier, and computing is more convenient.

Said step (2) user registration specifically may further comprise the steps:

(2.1) user U _gSelected password PW _g, U wherein _gBe the user who is designated as g down, PW _gBe the user U that is designated as g down _gSelected password, this password can be made up of letter and number, because of character string can convert numeral into, the PW of the following stated _gBe meant the later integer of conversion, below all calculating of each step all in finite field gf (p), carry out;

User's compute vector A _G0=(f (PW _g), f (2 * PW _g) ..., f (N * PW _g)) and pass to certificate server;

(2.2) certificate server is specified a unique ID for this user _g, and calculate N n-dimensional sphere n equation:

(a) certificate server calculates N vector according to self secret N N dimensional vector of preserving:

\begin{matrix} A_{g 1} = (f ({ID}_{g} \times S_{11}), f ({ID}_{g} \times S_{12}), . . ., f ({ID}_{g} \times S_{1 N})) \\ \cdot \cdot \cdot \cdot \\ A_{gn} = (f ({ID}_{g} \times S_{N 1}), f ({ID}_{g} \times S_{N 2}), . . ., f ({ID}_{g} \times S_{NN})) \end{matrix}\}

(b) A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N; A _G0Coordinate is designated as (a ₀₁, a ₀₂..., a _0N).This N+1 vectorial A _G0, A _G1..., A _GNStructure N n-dimensional sphere n equation

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _N-c _N) ²＝R ₂ (1)

(c wherein ₁, c ₂..., c _N) be the center of N n-dimensional sphere n, R is the radius of this N n-dimensional sphere n, (x ₁, x ₂..., x _N) be arbitrfary point on the sphere;

(c) certificate server gets equation group (2) with the N+1 that tries to achieve a vectorial substitution equation (1)

\begin{matrix} {(a_{01} - c_{1})}^{2} + {(a_{02} - c_{2})}^{2} + . . . + {(a_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\} - - - (2)

Respectively the same form before them is subtracted the back same form, can obtain about c ₁, c ₂..., c _NSystem of linear equations (3):

\begin{matrix} 2 (a_{11} - a_{01}) c_{1} + . . . + 2 (a_{1 N} - a_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} a_{0 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\} - - - (3)

If in computational process, the coefficient matrix determinant of equation group (3) is zero, then reselects ID _gCalculate, guarantee the unique center C (c that confirms this sphere of equation like this ₁, c ₂..., c _N); Again any formula of this centre coordinate substitution equation group (2) is calculated, can be obtained R ²Then c ₁, c ₂..., c _NAnd R ²Substitution equation (1) is so the equation of this sphere just can confirm that this equation is exactly to be designated as the user of g and the secret sphere UC that certificate server is shared down _g, establish this equation and be:

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _N-c _N) ²≡R ²modp

(2.3) certificate server is selected secret sphere UC at random _gGo up and remove A _G0And A _GiN in addition some B _Gi, B _Gi=(b _I1, b _I2..., b _IN), wherein i=1 ..., N; B _GiEach coordinate components all in finite field gf (p), look for B _GiEach coordinate specifically find the solution as follows:

(A) find the N-2 number to being that quadratic residue is to (e _Iq, d _Iq), make e _Iq≡ d _Iq ²Modp, wherein q=1 ..., N-2, e _Iq, d _IqBe to satisfy e in the finite field gf (p) _Iq≡ d _Iq ²Any two integers of modp condition, and satisfy

b _i1≡(d _i1+c ₁)modp

b _i2≡(d _i2+c ₂)modp

……

b _i(N-2)≡(d _i(N-2)+c _N-2)modp

(B) select two pairs of quadratic residues to (e again _Iz, d _Iz), make e _Iz≡ d _Iz ²Modp, wherein z=N-1, N, e _Iz, d _IzBe to satisfy e in the finite field gf (p) _Iz≡ d _Iz ²Any two integers of modp condition, and satisfy

e_{i (N - 1)} + e_{iN} &equiv; (R^{2} - Σ_{y = 1}^{N - 2} e_{iy}) \mod p

Order

b _i(N-1)≡(d _i(N-1)+c _N-1)modp

b _iN≡(d _iN+c _N)modp

Above-mentioned steps (A) and (B) be the situation that N>=3 o'clock are suitable for is then directly used step (B) when N=2; Repeat N time and calculate, can obtain N B _GiPoint is verified after each the calculating, guarantees that N the point that obtains is mutually different;

(2.4) certificate server is p, f, ID _g, and B _G1, B _G2...,, B _GNThe user is preserved hereof and sent to form to encrypt; AES can use existing secure cryptographic algorithm, and like AES etc., the user preserves the file after the encryption; But the user imports the PIN code declassified document and obtains information needed, and below we claim that this encrypt file is for " userInfo ".

Said step (3) user generates authentication information, specifically may further comprise the steps:

(3.1) be designated as the user U of g under _gThe encrypt file that contains the information of succeeding in registration " userInfo " of input PIN code decrypted authentication server transmission obtains p, f, ID _g, and B _G1, B _G2..., B _GN

(3.2) user is at client input self password PW _g, can calculate B _G0=(f (PW _g), f (2 * PW _g) ..., f (N * PW _g));

(3.3) user is according to B _G0Add the N point B of storage in the file " userInfo " _G1, B _G2..., B _GN, N+1 point utilizes this N+1 vector structure N n-dimensional sphere n equation altogether, can reconstruct original secret sphere UC _gBe about to B _G0And B _G1, B _G2..., B _GNSubstitution N n-dimensional sphere n equation gets equation group:

\begin{matrix} {(b_{01} - c_{1})}^{2} + {(b_{02} - c_{2})}^{2} + . . . + {(b_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(b_{N 1} - c_{1})}^{2} + {(b_{N 2} - c_{2})}^{2} + . . . + {(b_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Respectively the same form before them is subtracted the back same form, can obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (b_{11} - b_{01}) c_{1} + . . . + 2 (b_{1 N} - b_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{1 j}^{2} - Σ_{j = 1}^{N} b_{0 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (b_{N 1} - b_{(N - 1) 1}) c_{1} + . . . + 2 (b_{NN} - b_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{Nj}^{2} - Σ_{j = 1}^{N} b_{(N - 1) j}^{2}) \mod p \end{matrix}\}

So can find the solution system of linear equations, can get centre coordinate C (c ₁, c ₂..., c _N);

(3.4) user calculates w ₁=f (c ₁* t), w2=f (c ₂* t) ..., w _N=f (c _N* t), wherein t is a timestamp, makes W _g=(w ₁, w ₂..., w _N);

(3.5) cross W _gBe straight line L with C, under the situation of seldom seeing, if W _gIdentical with C, reselect timestamp t, calculate W again _g(after recomputating, because timestamp is different, one guarantees that surely these two vectors are inequality); The parametric equation of straight line L is following

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y \\ _{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix}

Wherein k is the independent variable parameter, y ₁..., y _NBe dependent variable;

Getting L goes up except that W _gWith any 1 M outside the C _g(m ₁..., m _N), (y of correspondence when promptly k gets the arbitrary number in the finite field gf (p) except that 0 and 1 ₁..., y _N) value;

(3.6) user is with authentication message Meg={t, ID _g, B _G1, M _gSend to certificate server, wherein, t is a timestamp, ID _gBe the sign that representative is designated as the user identity of g down, B _G1Be be stored in the file " userInfo " at sphere UC _gOn a point, M _gBe on the straight line L that generates more arbitrarily, in the each authentication message that generates of same user, t and M _gBe different, ID _gAnd B _G1Always identical.

Said step (4) certificate server checking user authentication information specifically may further comprise the steps:

(4.1) certificate server is received user U _gAuthentication message Meg, whether elder generation's review time stabs effective, invalid then authentification failure effectively then gets into next step;

(4.2) certificate server is according to ID _gReach self secret vector set compute vector

A _gi＝(f(ID _g×S _i1)，f(ID _g×S _i2)，...，f(ID _g×S _iN))，(i＝1，...，N)

A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N, N vector added the some B in the authentication message like this _G1, altogether N+1 vectorial, so certificate server can reconstruct and the sphere UC that shares of user _g, utilize this N+1 vector structure N n-dimensional sphere n equation, be about to B _G1, and A _G1, A _G2..., A _GNSubstitution N n-dimensional sphere n equation:

\begin{matrix} {(b_{11} c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

The preceding same form with them subtracts the back same form respectively, can obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (b_{11} - b_{11}) c_{1} + . . . + 2 (2_{1 N} - b_{1 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} b_{1 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\}

So can find the solution the centre coordinate C (c of system of linear equations ₁, c ₂..., c _N);

(4.3) authentication server computes W _g=(f (c ₁* t), f (c ₂* t) ..., f (c _N* t), a W is crossed in reconstruct _gAnd the straight line L of center C:

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y \\ _{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix};

(4.4) certificate server check post M _g(m ₁..., m _N) whether on straight line L, if then through authentication, otherwise authentification failure, the process of checking is following:

M ₁..., m _NEach minor of substitution linear equation is calculated respectively, obtains:

\{\begin{matrix} m_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k_{1}) \mod p \\ m \\ _{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k_{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ m_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k_{N}) \mod p \end{matrix}

Then have:

\{\begin{matrix} k_{1} &equiv; (m_{1} - w_{1}) \times {(c_{1} - w_{1})}^{- 1} \mod p \\ k \\ _{2} &equiv; (m_{2} - w_{2}) \times {(c_{2} - w_{2})}^{- 1} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ k_{N} &equiv; (m_{N} - w_{N}) \times {(c_{N} - w_{N})}^{- 1} \mod p \end{matrix}

If k ₁=k ₂=...=k _N, some M then is described _gOn straight line L, certificate server is accepted user identity; Otherwise some M _gNot on straight line L, the subscriber authentication failure.

Action principle of the present invention is: the mathematical principle that utilizes " point on known N+1 the N dimension space that satisfies certain condition; can uniquely confirm a N n-dimensional sphere n (N-sphere/hyper sphere/N ties up and justifies) "; Designed a kind of identity identifying method, the respective identity authentication method that whether can the same N n-dimensional sphere n of reconstruct designs through certain secrets information comparison certificate server and user based on the N n-dimensional sphere n.

The present invention compared with prior art has following advantage and beneficial effect:

The first, the main computing that authentication method is used is to On Solving System of Linear Equations, so the step required time that three need of authentication method calculate is all very short, can apply to practical application well.

The second, certificate server need be for each user preserve user data, the required preservation of certificate server only be N to all general secret vector of N dimension of all users: (S ₁₁, S ₁₂... S _1N) ..., (S _N1, S _N2... S _NN).The data that only need preserve seldom of certificate server end just can realize the checking to a large number of users identity like this, have saved memory space greatly.

The 3rd, can effectively resist Replay Attack, because certificate server can stab the review time, thereby authentication message Meg can not reuse.

The 4th, can effectively resist and forge the authentication message attack, if the disabled user intercepts and captures authentication message Meg, also can only know point on the sphere, can't reconstruct sphere UC _g, also can't know centre coordinate.If disabled user's modification time stabs, but can't construct legal some M _g, also just can't forge authentication message, even intercepted and captured many authentication messages, also can't therefrom recover enough effective information reconstruct spheres, so the disabled user can't forge legal authentication message.

The 5th, can effectively resist off-line password conjecture (dictionary attack), the secret information f (PW of user self password in this authentication method _g) do not expose to the open air in network, thereby it is difficult to do dictionary attack.The assailant has intercepted and captured authentication message Meg simultaneously, also can only know M _gAnd B _G1, can't the reconstruct sphere.Even through dictionary attack conjecture user password PW _g, and then conjecture B _G0, also can only know two some B on the sphere _G0And B _G1, still can't the reconstruct sphere.The possible value space of other point is just very big on the N n-dimensional sphere n, thus dictionary attack to the attack dynamics of the inventive method very a little less than.In each authentication message that generates, B _G1Point all is identical, so even the assailant has intercepted and captured many authentication messages, can not obtain more information about sphere.

The 6th, can effectively resist the personation certificate server and attack, the process that certificate server is constructed secret sphere will be used the N dimensional vector of the linear independence of N own secret.Validated user can only be known N+1 point on the secret sphere of own institute reconstruct, and this secret sphere of authentication server computes is to utilize other N point on the sphere, adds the B that is generated by user password _G0Point, the user does not know N some A of certificate server _Gi(wherein i=1 ..., N), it is secret vectorial not know that more certificate server generates N of these points, so validated user is difficult to palm off certificate server.

The 7th, can effectively resist fake user and attack, if validated user wants to pretend to be other user, can revise the ID in the authentication message _g, but can't know that the secret that other user and certificate server are shared (is other ID _gThereby can't generate legal some M the center of corresponding secret sphere), _g, also just can't forge authentication message, so can't pretend to be other validated user.

Description of drawings

Fig. 1 is the identity authorization system configuration diagram of the preferred embodiment of the present invention;

Fig. 2 is a view after the authentication server initialization of the preferred embodiment of the present invention;

Fig. 3 is user's 1 registration process sketch map of the preferred embodiment of the present invention;

Fig. 4 is user's 1 registration process authentication server calculating process sketch map of the preferred embodiment of the present invention;

Fig. 5 is user's 2 registration process sketch mapes of the preferred embodiment of the present invention;

Fig. 6 is user's 2 registration process authentication server calculating process sketch mapes of the preferred embodiment of the present invention;

Fig. 7 is the registration process authentication server operation result two-dimensional representation of the preferred embodiment of the present invention;

Fig. 8 is the user authentication process sketch map of the preferred embodiment of the present invention;

Fig. 9 is user authentication process user's computing sketch map of the preferred embodiment of the present invention;

Figure 10 is the user authentication process authentication server computing sketch map of the preferred embodiment of the present invention;

Figure 11 is the verification process operation result two-dimensional representation of the preferred embodiment of the present invention.

Embodiment

Below in conjunction with embodiment and accompanying drawing, the present invention is done to specify further, but execution mode of the present invention is not limited thereto.

Embodiment

Typical identity authorization system framework is as shown in Figure 1, and this system comprises certificate server (CA), and user 1, user 2.Certificate server (CA), each user connect through world-wide web.

As shown in Figure 2, certificate server (CA) is set relevant parameter after initialization, wherein is the secret parameter of preserving in the solid box, and frame of broken lines is an open parameters.The situation that present embodiment is chosen N=2 specifies, because in 2 dimension spaces, " 2 n-dimensional sphere n " is actual to be " circle ", so in the following description, adopts " 2 dimension circle " this term to substitute " N n-dimensional sphere n ".Like 2 dimensional vector S among the figure ₁And S ₂Be that the secret secret vector of preserving is (so only select 2 dimensional vectors for simple declaration here; In practical application, can select the more secret vector of dimensions vector conduct); Safe one-way function f is disclosed with big prime number p, and the whole process of embodiment is all carried out under finite field gf (p).

As shown in Figure 3, user U ₁(CA) registers to certificate server.

PW wherein ₁Be user U ₁The password of self is preserved by user self is secret, and this password can be made up of letter and number, and character string can convert numeral into.The user sends register requirement to certificate server (CA), and self password is carried out safe one-way function f computing obtains A as a result ₁₀=(f (PW ₁), f (2*PW ₁)) send to certificate server (CA) as identity information.Certificate server (CA) utilizes self secret vectorial S ₁, S ₂And be encrypted to the encrypt file of " userInfo " by name behind the corresponding User Identity of information calculations submitted to of user, send it to user U again ₁:

Fig. 4 shows the calculating relative users identify label calculating process that certificate server (CA) is carried out when user 1 registers:

Certificate server (CA) is user U ₁Specify a unique ID ₁, the representative of consumer identity.Certificate server (CA) calculates 2 vectors based on 2 that preserve secret vectors:

A ₁₁＝(f(ID ₁×S ₁₁)，f(ID ₁×S ₁₂))

A ₁₂＝(f(ID ₁×S ₂₁)，f(ID ₁×S ₂₂))

A ₁₁Coordinate be designated as (a ₁₁, a ₁₂), A ₁₂Coordinate be designated as (a ₂₁, a ₂₂), add the A that the user sends ₁₀(be designated as (a ₀₁, a ₀₂)), these three vectors are formed the equation group of one 2 dimension circle, and the substitution relevant parameter gets:

\begin{matrix} {(a_{01} - c_{1})}^{2} + {(a_{02} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(a_{21} - c_{1})}^{2} + {(a_{22} - c_{2})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Subtract preceding Shi Kede through the back formula:

2 (a_{11} - a_{01}) c_{1} + 2 (a_{12} - a_{02}) c_{2} &equiv; (Σ_{v = 1}^{2} a_{1 v}^{2} - Σ_{v = 1}^{2} a_{0 v}^{2}) \mod p

2 (a_{21} - a_{11}) c_{1} + 2 (a_{22} - a_{12}) c_{2} &equiv; (Σ_{v = 1}^{2} a_{2 v}^{2} - Σ_{v = 1}^{2} a_{1 v}^{2}) \mod p

Through finding the solution this linear equation in two unknowns group, can obtain center C (c ₁, c ₂), and then radius squared R ²If, can't find the solution this equation group in the computational process, then reselect user U ₁ID ₁, recomputate again up to can solving equation.Choose two other different some B from this 2 dimension circle at last ₁₁, B ₁₂(these two points are different from A ₁₀, A ₁₁, A ₁₂), detailed process is following:

Select two pairs of quadratic residues to (e ₁₁, d ₁₁), (e ₁₂, d ₁₂) make e ₁₁≡ d ₁₁ ²Modp and e ₁₂≡ d ₁₂ ²Modp, and satisfy

e ₁₁+e ₁₂≡R ²modp

Order

b ₁₁≡(d ₁₁+c ₁)modp

b ₁₂≡(d ₁₂+c ₂)modp

B ₁₁＝(b ₁₁，b ₁₂)；

Select two pairs of quadratic residues to (e equally again ₂₁, d ₂₁), (e ₂₂, d ₂₂) make e ₂₁≡ d ₂₁ ²Modp and e ₂₂≡ d ₂₂ ²Modp, and satisfy

e ₂₁+e ₂₂≡R ²modp

Order

b ₂₁≡(d ₂₁+c ₁)modp

b ₂₂≡(d ₂₂+c ₂)modp

B ₁₂＝(b ₂₁，b ₂₂)；

At last with B ₁₁, B ₁₂And big prime number p, safe one-way function f all encrypt in the file, is called " userInfo ", and " userInfo " passed back the U to the user ₁

As shown in Figure 5, user U ₂(CA) registers to certificate server.This process and user U ₁Registration process is the same.Be that present certificate server (CA) has used ID ₁This ID must reselect other ID and compose the U to the user ₂

As shown in Figure 6, certificate server (CA) is at user U ₂The calculating process that is carried out when registering.This process is consistent with Fig. 4 calculating process, is user U this moment ₂The ID that uses is ID ₂

As shown in Figure 7, certificate server (CA) is at user U ₁, user U ₂Registration back operation result 2 dimension sketch mapes.Wherein 2 tie up circle UC ₁Be user U ₁Utilizing self provides password information A ₁₀And the secret vectorial S of certificate server (CA) ₁, S ₂(utilize ID ₁Carry out computing and obtain A ₁₁, A ₁₂) structure, B ₁₁, B ₁₂Be two other different point that certificate server (CA) is selected, deposit in the encrypt file " userInfo ", self take care of by user 1; 2 dimension circle UC ₂Be user U ₂Utilizing self provides password information A ₂₀And the secret vectorial S of certificate server (CA) ₁, S ₂(utilize ID ₂Carry out computing and obtain A ₂₁, A ₂₂) structure, B ₂₁, B ₂₂Two other the different point that is certificate server (CA) selection is as user U ₂The identity sign.Because user U ₁, user U ₂ID different, the 2 dimension fenestras that certificate server (CA) constructs are not the same, and can increase the fail safe of whole identity authorization system thus.

Fig. 8 is user U ₁Process sketch map to certificate server (CA) request authentication.User U wherein ₁Calculate earlier, utilize the identify label that self password and encrypt file " userInfo " contain to construct 2 dimension circles again, again with information B ₁₁, M ₁, timestamp t and self ID ₁Send to certificate server (CA).Certificate server (CA) at first the review time stab t whether in tolerance interval, if exceed the time qualified authentication failure of just thinking, as t effectively then certificate server (CA) utilize B ₁₁Also construct sphere again with self secret vector, and inspection M ₁Whether correct, whether the checking that determines one's identity thus is successful.

As shown in Figure 9, user U ₁Process sketch map to certificate server (CA) request authentication user self computing.User U ₁Utilize self password PW ₁Calculate A ₁₀, note A ₁₀=(f (PW ₁), f (2*PW ₁))=(a ₀₁, a ₀₂) and " userInfo " in B ₁(b ₁₁, b ₁₂), B ₁₂(b ₂₁, b ₂₂) three points are formed the equation group of 2 dimension circles, and the substitution relevant parameter gets:

\begin{matrix} {(a_{01} - c_{1})}^{2} + {(a_{02} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(b_{21} - c_{1})}^{2} + {(b_{22} - c_{2})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Subtract preceding Shi Kede through the back formula:

2 (b_{11} - a_{01}) c_{1} + 2 (b_{12} - a_{02}) &equiv; (Σ_{v = 1}^{2} b_{1 v}^{2} - Σ_{j = 1}^{2} a_{0 v}^{2}) \mod p

2 (b_{21} - b_{11}) c_{1} + 2 (b_{22} - b_{12}) c_{2} &equiv; (Σ_{v = 1}^{2} b_{2 v}^{2} - Σ_{v = 1}^{2} b_{1 v}^{2}) \mod p

Through finding the solution this linear equation in two unknowns group, can obtain center C (c ₁, c ₂), and then obtain radius squared R ²User U ₁Select a timestamp t again, and calculate W ₁, W wherein ₁(w ₁, w ₂)=(f (c ₁* f (c t), ₂* t)).The user crosses W then ₁, C makes straight line L, detailed process is following:

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y \\ _{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \end{matrix}

Wherein k is an independent variable, y ₁, y ₂Be dependent variable, and on straight line L, select wherein to be different from C, W ₁A bit be designated as M ₁(m ₁, m ₂).End user is Meg={t, ID ₁, B ₁₁, M ₁Send to certificate server (CA) as authentication information, accept the checking of certificate server (CA), and etc. result to be verified.

Shown in figure 10, the process sketch map of user 1 certificate server (CA) self computing when certificate server request authentication.Certificate server (CA) checks that at first the user sends the timestamp t of authentication information, if overtime then authentication failed, otherwise would continue down checking.Certificate server (CA) utilizes self secret vectorial S ₁, S ₂And ID ₁Computing obtains A ₁₁, A ₁₂:

A ₁₁(a ₁₁，a ₁₂)＝(f(s ₁₁*ID ₁)，f(s ₁₂*ID ₁))

A ₁₂(a ₂₁，a ₂₂)＝(f(s ₂₁*ID ₁)，f(s ₂₂*ID ₁))

Add the B that the user sends ₁₁, these three points can be formed one 2 dimension equation of a circle group again, and with the parameter substitution wherein

\begin{matrix} {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(a_{21} - c_{1})}^{2} + {(a_{22} - c_{2})}^{2} &equiv; R^{2} \mod p \\ {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Subtract preceding formula through the back formula and can obtain a linear equation in two unknowns group

2 (a_{21} - a_{11}) c_{1} + 2 (a_{22} - a_{12}) c_{2} &equiv; (Σ_{v = 1}^{2} a_{2 v}^{2} - Σ_{v = 1}^{2} a_{1 v}^{2}) \mod p

2 (b_{11} - a_{21}) c_{1} + 2 (b_{12} - a_{22}) c_{2} &equiv; (Σ_{v = 1}^{2} b_{1 v}^{2} - Σ_{v = 1}^{2} a_{2 v}^{2}) \mod p

Can obtain center C (c through finding the solution this linear equation in two unknowns group ₁, c ₂), and then obtain radius squared R ²Certificate server (CA) is obtained W again ₁, W ₁(w ₁, w ₂)=(f (c ₁* f (c t), ₂* t)), wherein t is the timestamp in the user authentication information, crosses C, W then ₁Make straight line L, and checking user U ₁The M that sends ₁On straight line, verification method is following for point:

\{\begin{matrix} k_{1} &equiv; ((m_{1} - w_{1}) \times {(c_{1} - w_{1})}^{- 1}) \mod p \\ k \\ _{2} &equiv; ((m_{2} - w_{2}) \times {(c_{2} - w_{2})}^{- 1}) \mod p \end{matrix}

If K ₁Equal K ₂, M then ₁On straight line L, thus the authentication success; If K ₁Be not equal to K ₂, M then ₁Not on straight line L, thus the authentication failure.

Shown in figure 11, user 1 is to certificate server request authentication operation result two-dimensional representation.User U ₁Utilize self information structure 2 dimension circles, obtained center C and W ₁Straight line, and on this straight line, select arbitrarily a some M ₁If certificate server (CA) utilizes corresponding information also can construct same 2 dimension circles, and utilizes user U ₁The correct information that provides just can be verified M ₁With sphere centre C and W ₁Cross same straight line L, can judge user U thus ₁Identity.Simultaneously because W ₁Be to change in time, so in the t ' time, the user will construct other straight line L ', the straight line of promptly constructing in the each authentication process itself of user all can be inequality, so just more can improve security of system.

The foregoing description is a preferred implementation of the present invention; But execution mode of the present invention is not limited by the examples; Other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; All should be the substitute mode of equivalence, be included within protection scope of the present invention.

Claims

1. identity identifying method based on the N n-dimensional sphere n may further comprise the steps:

(2) user's registration: the user is according to self selected password PW _gCalculate a vector through safety one-way function f and submit to certificate server, certificate server inspection user identity is for the user specifies an ID _gAs the sign of user identity, the sign of each user identity has nothing in common with each other; Vectorial unique definite N n-dimensional sphere n that certificate server combines the secret vector sum user of self to submit to, if can not construct such N n-dimensional sphere n, then certificate server is reselected the sign ID of this user identity _gCalculate again; The point some inequality that last certificate server will be selected at this N n-dimensional sphere n through safe lane at random is with the sign ID of user identity _g, the encrypt file formed of big prime number p and safe one-way function f passes to the user;

(3) user generates authentication information: the encrypt file that when the user needs its identity of certificate server identification, utilizes certificate server to pass back, and combine self selected password PW _g, construct a N n-dimensional sphere n again, select geometric properties on this N n-dimensional sphere n to pass to certificate server simultaneously and verify as authentication information;

(4) certificate server checking user authentication information: the authentication information that certificate server is accepted the user utilizes the secret vector of self to re-construct a N n-dimensional sphere n simultaneously; And calculate the geometric properties on the N n-dimensional sphere n that the user arranges to use; Authentication information with result of calculation and user's submission compares at last; If identical then accept user identity, otherwise refusing user's identity;

The some secret vectors of selection in the said step (1) are meant the N dimensional vector of secret selected N the linear independence of certificate server: (S ₁₁, S ₁₂..., S _1N) ..., (S _N1, S _N2..., S _NN), S wherein _KlIn finite field gf (p), select at random, k=1 ..., N, l=1 ..., N; The open N value of certificate server, but this N N dimensional vector can only preserve by certificate server is secret, and in case selected with regard to no longer change;

Said step (2) user registration specifically may further comprise the steps:

(2.1) user U _gSelected password PW _g, U wherein _gBe the user who is designated as g down, PW _gBe the user U that is designated as g down _gSelected password, this password is made up of letter and number, because of character string can convert numeral into, the PW of the following stated _gBe meant the later integer of conversion, below all calculating of each step all in finite field gf (p), carry out;

\begin{matrix} A_{g 1} = (f ({ID}_{g} \times S_{11}), f ({ID}_{g} \times S_{12}), . . ., f ({ID}_{g} \times S_{1 N})) \\ . . . . \\ A_{gN} = (f ({ID}_{g} \times S_{N 1}), f ({ID}_{g} \times S_{N 2}), . . ., f ({ID}_{g} \times S_{NN})) \end{matrix}\}

(b) A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N, add the A that the user transmits _G0, A _G0Coordinate is designated as (a ₀₁, a ₀₂..., a _0N), utilize N+1 vectorial A _G0, A _G1..., A _GNStructure N n-dimensional sphere n equation, the substitution spherical equation:

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _N-c _N) ²＝R ²

:

\begin{matrix} {(a_{01} - c_{1})}^{2} + {(a_{02} - c_{2})}^{2} + . . . + {(a_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ . . . . . . . . . . . . \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Respectively the same form before them is subtracted the back same form then, obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (a_{11} - a_{01}) c_{1} + . . . + 2 (a_{1 N} - a_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} a_{0 j}^{2}) \mod p \\ . . . . . . . . . . . . \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\}

If in computational process, the coefficient matrix determinant of equation group is zero, then reselects ID _gCalculate, guarantee the unique center C (c that confirms this sphere of equation group like this ₁, c ₂..., c _N); Then obtain R ²Then just according to c ₁, c ₂..., c _NAnd R ²Confirm spherical equation, definite spherical equation is exactly to be designated as the user of g and the secret sphere UC that certificate server is shared down _g, establish this equation and be:

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _N-c _N) ²≡R ²?mod?p

(2.3) certificate server is selected secret sphere UC at random _gGo up and remove A _G0, A _G1..., A _GNN in addition some B _Gi, B _GiIn i=1,2 ..., N, B _Gi=(b _I1, b _I2..., b _IN); B _GiEach coordinate components all in finite field gf (p), look for B _GiEach coordinate specifically find the solution as follows:

(a) find the N-2 number to being that quadratic residue is to (e _Iq, d _Iq), make e _Iq≡ d _Iq ²Mod p, wherein q=1 ..., N-2, e _Iq, d _IqBe to satisfy e in the finite field gf (p) _Iq≡ d _Iq ²Any two integers of mod p condition, and satisfy

b _i1≡(d _i1+c ₁)mod?p

b _i2≡(d _i2+c ₂)mod?p

......

b _i(N-2)≡(d _i(N-2)+c _N-2)mod?p

(b) select two pairs of quadratic residues to (e again _Iz, d _Iz), make e _Iz≡ d _Iz ²Mod p, wherein z=N-1, N, e _Iz, d _IzBe to satisfy e in the finite field gf (p) _Iz≡ d _Iz ²Any two integers of mod p condition, and satisfy

e_{i (N - 1)} + e_{iN} &equiv; (R^{2} - Σ_{y = 1}^{N - 2} e_{iy}) \mod p

Order

b _i(N-1)≡(d _i(N-1)+c _N-1)mod?p

b _iN≡(d _iN+c _N)mod?p

Above-mentioned steps (a) and step (b) are N >=3 o'clock suitable situation, when N=2, then directly use step (b);

Repeat N time and calculate, obtain N B _GiPoint is verified after each the calculating, guarantees that N the point that obtains is mutually different;

(2.4) certificate server is p, f, ID _gAnd B _G1, B _G2..., B _GNPreserve hereof and send to the user with the form of encrypting, AES is to use existing secure cryptographic algorithm, and the user preserves the file after the encryption, and the user imports the PIN code declassified document and obtains information needed, and we claim that this encrypt file is " userInfo ";

(3.1) be designated as the user U of g under _gThe encrypt file that contains the information of succeeding in registration " userInfo " of input PIN code decrypted authentication server transmission obtains p, f, ID _gAnd B _G1, B _G2..., B _GN

(3.2) user is at client input self password PW _g, calculate B _G0=(f (PW _g), f (2 * PW _g) ..., f (N * PW _g)), A _G0=B _G0

(3.3) user is according to B _G0Add the N point B of storage in the file " userInfo " _G1, B _G2..., B _GN, N+1 point utilizes this N+1 vector structure N n-dimensional sphere n equation altogether, reconstructs original secret sphere UC _gBe about to B _G0And B _G1, B _G2..., B _GNSubstitution N n-dimensional sphere n equation gets equation group:

\begin{matrix} {(b_{01} - c_{1})}^{2} + {(b_{02} - c_{2})}^{2} + . . . + {(b_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ . . . . . . . . . . . . \\ {(b_{N 1} - c_{1})}^{2} + {(b_{N 2} - c_{2})}^{2} + . . . + {(b_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Respectively the same form before them is subtracted the back same form, obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (b_{11} - b_{01}) c_{1} + . . . + 2 (b_{1 N} - b_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{1 j}^{2} - Σ_{j = 1}^{N} b_{0 j}^{2}) \mod p \\ . . . . . . . . . . . . \\ 2 (b_{N 1} - b_{(N - 1) 1}) c_{1} + . . . + 2 (b_{NN} - b_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{Nj}^{2} - Σ_{j = 1}^{N} b_{(N - 1) j}^{2}) \mod p \end{matrix}\}

Promptly get centre coordinate C (c so find the solution system of linear equations ₁, c ₂..., c _N);

(3.4) user calculates w ₁=f (c ₁* t), w ₂=f (c ₂* t) ..., W _N=f (c _N* t), wherein t is a timestamp, makes W _g=(w ₁, w ₂..., w _N);

(3.5) cross W _gBe straight line L with C, under the situation of seldom seeing, if W _gIdentical with C, reselect timestamp t, calculate W again _gThe parametric equation of straight line L is following:

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y_{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ . . . . . . . . . . . . \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix}

(3.6) user is with authentication message Meg={t, ID _g, B _G1, M _gSend to certificate server, wherein, t is a timestamp, ID _gBe the sign that representative is designated as the user identity of g down, B _G1Be be stored in the file " userInfo " at N n-dimensional sphere n UC _gOn a point, M _gBe that the straight line L that generates goes up except that W _gWith outside the C more arbitrarily, in the each authentication message that generates of same user, t and M _gRespectively with respect to t and M in the authentication message that generates before _gBe different, ID _gAnd B _G1Respectively with respect to the ID in the authentication message that generates before _gAnd B _G1Always identical;

A _gi＝(f(ID _g×S _i1)，f(ID _g×S _i2)，...，f(ID _g×S _iN))

A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N, N vector added the some B in the authentication message like this _G1, altogether N+1 vectorial, so certificate server can reconstruct and the sphere UC that shares of user _g, utilize this N+1 vector structure N n-dimensional sphere n equation, be about to B _G1, A _G1, A _G2..., A _GNSubstitution N n-dimensional sphere n equation:

\begin{matrix} {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ . . . . . . . . . . . . \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

The preceding same form with them subtracts the back same form respectively, obtains about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (a_{11} - b_{11}) c_{1} + . . . + 2 (a_{1 N} - b_{1 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} a_{1 j}^{2}) \mod p \\ . . . . . . . . . . . . \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\}

So find the solution the centre coordinate C (c of system of linear equations ₁, c ₂..., c _N);

(4.3) authentication server computes W _g=(f (c ₁* t), f (c ₂* t) ..., f (c _N* t)), a W is crossed in reconstruct _gAnd the straight line L of center C:

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y_{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ . . . . . . . . . . . . \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix};

\{\begin{matrix} m_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k_{1}) \mod p \\ m_{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k_{2}) \mod p \\ . . . . . . . . . . . . \\ m_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k_{N}) \mod p \end{matrix}

Then have:

\{\begin{matrix} k_{1} &equiv; (m_{1} - w_{1}) \times {(c_{1} - w_{1})}^{- 1} \mod p \\ k_{2} &equiv; (m_{2} - w_{2}) \times {(c_{2} - w_{2})}^{- 1} \mod p \\ . . . . . . . . . . . . \\ k_{N} = (m_{N} - w_{N}) \times {(c_{N} - w_{N})}^{- 1} \mod p \end{matrix}

2. a kind of identity identifying method based on the N n-dimensional sphere n according to claim 1 is characterized in that: said step (1) certificate server initialization specifically may further comprise the steps:

Certificate server is selected safe one-way function f, and certain big prime number p is open with it behind selected f of certificate server and the p.

3. a kind of identity identifying method based on the N n-dimensional sphere n according to claim 2 is characterized in that: said big prime number satisfies p=8n+3, and n is a certain positive integer.