CN101510875A

CN101510875A - Identification authentication method based on N-dimension sphere

Info

Publication number: CN101510875A
Application number: CNA2009100382490A
Authority: CN
Inventors: 唐韶华; 张华�; 卢伯荣
Original assignee: South China University of Technology SCUT
Current assignee: South China University of Technology SCUT
Priority date: 2009-03-27
Filing date: 2009-03-27
Publication date: 2009-08-19
Anticipated expiration: 2029-03-27
Also published as: WO2010108335A1; CN101510875B

Abstract

The invention discloses an identity authentication method based on an N-dimensional sphere. The authentication server accepts user registration and identity authentication after initialization; Authentication server, the authentication server designates an ID _g for the user as the identity of the user; the authentication server combines its own secret vector and the vector submitted by the user to determine an N-dimensional sphere; the authentication server randomly selects several different points on this N-dimensional sphere to form The encrypted file is delivered to the user through a secure channel; when the user requests identity authentication, he uses his own password and the encrypted file containing the identity authentication logo to perform calculations, and transmits the result to the authentication server, and the authentication server checks to determine whether to accept the authentication after calculation. User ID. The invention can effectively reduce the storage information and calculation amount of the authentication server, and prevent counterfeiting of the authentication server.

Description

A Method of Identity Authentication Based on N-Dimensional Sphere

技术领域 technical field

本发明涉及计算机系统安全和网络安全中的身份认证方法，具体是涉及一种基于N维球面的身份认证方法。The invention relates to an identity authentication method in computer system security and network security, in particular to an identity authentication method based on an N-dimensional sphere.

背景技术 Background technique

随着在线交易和电子商务、电子政务的发展，层出不穷的网络犯罪，引起了人们对网络身份的信任危机，因此身份认证变得越来越重要。身份认证技术能够密切结合企业、政府的业务流程，阻止对重要资源的非法访问。也可以说，身份认证是整个信息安全体系的基础。目前比较常用的身份认证方法有：口令、动态口令、智能卡认证、公钥基础设施(PKI)、生物认证等。With the development of online transactions, e-commerce, and e-government, endless cybercrimes have caused a crisis of trust in people's online identities, so identity authentication has become more and more important. Identity authentication technology can be closely combined with business processes of enterprises and governments to prevent illegal access to important resources. It can also be said that identity authentication is the basis of the entire information security system. At present, the commonly used identity authentication methods include: password, dynamic password, smart card authentication, public key infrastructure (PKI), biometric authentication, etc.

口令认证的基本思想是每个用户都有一个身份标识(ID)和口令，当用户想进入系统时，他必须提供其ID及口令，系统就可以检验用户的合法性。故口令认证具有价格低廉、容易实现、用户界面友好等特点。但是基于口令的身份认证很容易被窃取，而且强度往往也难以抵抗口令猜测，而且还有可能受到重放攻击等。The basic idea of password authentication is that each user has an identity (ID) and password. When a user wants to enter the system, he must provide his ID and password, and the system can verify the legitimacy of the user. Therefore, password authentication has the characteristics of low price, easy implementation, and friendly user interface. However, password-based identity authentication is easy to be stolen, and its strength is often difficult to resist password guessing, and it may also be subject to replay attacks.

动态口令技术是一种让用户密码按照时间或使用次数不断变化、每个密码只能使用一次的技术。它采用一种叫作动态令牌的专用硬件，内置电源、密码生成芯片和显示屏，密码生成芯片运行专门的密码算法，根据当前时间或使用次数生成当前密码并显示在显示屏上。认证服务器采用相同的算法计算当前的有效密码。用户使用时只需要将动态令牌上显示的当前密码输入客户端计算机，即可实现身份认证。由于每次使用的密码必须由动态令牌来产生，只有合法用户才持有该硬件，所以只要通过密码验证就可以认为该用户的身份是可靠的。而用户每次使用的密码都不相同，即使黑客截获了一次密码，也无法利用这个密码来仿冒合法用户的身份。然而动态口令虽然解决了安全性的问题，但其成本较高。Dynamic password technology is a technology that allows user passwords to change according to time or the number of times they are used, and each password can only be used once. It uses a special hardware called dynamic token, built-in power supply, password generation chip and display screen, the password generation chip runs a special password algorithm, generates the current password according to the current time or the number of times of use and displays it on the display screen. The authentication server uses the same algorithm to calculate the currently valid password. When users use it, they only need to input the current password displayed on the dynamic token into the client computer to realize identity authentication. Since the password used each time must be generated by a dynamic token, and only legitimate users hold the hardware, the user's identity can be considered reliable as long as the password is verified. And the password that the user uses every time is different, even if the hacker intercepts the password once, also can't use this password to counterfeit the identity of legitimate user. However, although the dynamic password solves the problem of security, its cost is relatively high.

智能卡是一种内置集成电路的芯片，芯片中存有与用户身份相关的数据，智能卡由专门的厂商通过专门的设备生产，是不可复制的硬件。智能卡由合法用户随身携带，登录时必须将智能卡插入专用的读卡器读取其中的信息，以验证用户的身份。智能卡认证通过智能卡硬件不可复制来保证用户身份不会被仿冒。然而由于每次从智能卡中读取的数据是静态的，通过内存扫描或网络监听等技术还是很容易截取到用户的身份验证信息，因此还是存在安全隐患。A smart card is a chip with a built-in integrated circuit. The chip stores data related to the user's identity. The smart card is produced by a special manufacturer through special equipment and is non-replicable hardware. The smart card is carried by the legal user. When logging in, the smart card must be inserted into a special card reader to read the information in it to verify the user's identity. Smart card authentication ensures that user identities will not be counterfeited by making the smart card hardware non-replicable. However, since the data read from the smart card is static each time, it is still easy to intercept the user's identity verification information through technologies such as memory scanning or network monitoring, so there are still potential security risks.

公钥基础设施(PKI)采用数字证书管理公钥，通过第三方的可信机构即认证中心(CA)把用户的公钥和用户的标识信息捆绑在一起。作为一项基础设施，PKI似乎可以解决绝大多数网络安全问题，并初步形成一套完整的解决方案和理论。然而由于PKI系统在使用上的复杂性以及成本等问题使它在实际的应用中遇到很多问题。Public key infrastructure (PKI) uses digital certificates to manage public keys, and binds the user's public key with the user's identification information through a third-party trusted organization, the certification authority (CA). As an infrastructure, PKI seems to be able to solve most network security problems, and initially formed a complete set of solutions and theories. However, due to the complexity and cost of PKI system in use, it encounters many problems in practical application.

生物认证主要是指通过可测量的身体或行为等生物特征进行身份认证的一种技术。生物特征是指唯一的可以测量或可自动识别和验证的生理特征或行为方式。生物特征分为身体特征和行为特征两类。身体特征包括：指纹、掌型、视网膜、虹膜、人体气味、脸型、手的血管和DNA等；行为特征包括：手写签名、语音、行走步态等。生物认证技术具有传统的身份认证手段无法比拟的优点。采用生物认证技术，可不必再记忆和设置密码，使用更加方便，但高昂的成本、复杂的技术阻碍了它的推广和应用。Biometric authentication mainly refers to a technology for identity authentication through measurable biological characteristics such as body or behavior. Biometrics refer to the only physiological characteristics or behavior patterns that can be measured or automatically recognized and verified. Biological characteristics are divided into two categories: physical characteristics and behavioral characteristics. Physical characteristics include: fingerprints, palm shape, retina, iris, human body odor, face shape, hand blood vessels and DNA, etc.; behavioral characteristics include: handwritten signature, voice, walking gait, etc. Biometric authentication technology has advantages that traditional identity authentication methods cannot match. With biometric authentication technology, it is no longer necessary to memorize and set passwords, and it is more convenient to use, but the high cost and complicated technology hinder its promotion and application.

发明内容 Contents of the invention

本发明的目的在于克服现有技术的缺点和不足，利用“已知满足一定条件的N+1个N维空间上的点，可以唯一确定一个N维球面(N-sphere/hyper sphere/N维圆)”的数学原理，提供了一种基于N维球面的身份认证方法，通过特定秘密信息比较认证服务器和用户是否可以重构同一个N维球面来进行身份认证。N维球面是普通的球面在任意维度的推广，特别的，在2维空间称为圆，3维空间称为球面，4维以上空间称为超球面。该方法能有效地减少服务器信息存储量、服务器和用户计算量，而且该方法不以某种数学难解问题为理论基础，从而有效避免了由于解决数学难题新方法的提出而被攻破的可能性。The purpose of the present invention is to overcome the shortcoming and deficiency of prior art, utilize " the point on the N+1 N-dimensional space that satisfies certain condition, can uniquely determine an N-dimensional sphere (N-sphere/hypersphere/N dimension Circle)” mathematical principle provides an identity authentication method based on an N-dimensional sphere, and compares whether the authentication server and the user can reconstruct the same N-dimensional sphere through specific secret information for identity authentication. The N-dimensional sphere is the generalization of the ordinary sphere in any dimension. In particular, the 2-dimensional space is called a circle, the 3-dimensional space is called a sphere, and the space above 4 dimensions is called a hypersphere. This method can effectively reduce the amount of server information storage, server and user calculations, and this method is not based on some mathematically difficult problem, thus effectively avoiding the possibility of being broken due to the proposal of a new method for solving mathematical problems .

本发明的目的通过下述技术方案实现：一种基于N维球面的身份认证方法，包括以下步骤：The purpose of the present invention is achieved through the following technical solutions: a method for identity authentication based on an N-dimensional sphere, comprising the following steps:

(1)认证服务器初始化：认证服务器选择有限域GF(p)和安全单向函数f，同时选择若干秘密向量；其中GF(p)确定了群组运算所在的有限域，即所有的群组运算过程都在有限域GF(p)中进行，p是一个大素数；(1) Authentication server initialization: the authentication server selects a finite field GF(p) and a secure one-way function f, and selects several secret vectors at the same time; where GF(p) determines the finite field where the group operation is located, that is, all group operations The process is carried out in the finite field GF(p), p is a large prime number;

(2)用户注册：用户根据自身选定的口令PW_g通过安全单向函数f计算出一个向量提交给认证服务器，认证服务器检查用户身份，为用户指定一个ID_g作为用户身份的标识，各用户身份的标识是各不相同的；认证服务器结合自身的秘密向量和用户提交的向量唯一确定一个N维球面，如果不能构造这样的N维球面，则认证服务器重新选择该用户身份的标识再进行计算；认证服务器通过安全信道将在这个N维球面随机选择的若干不相同的点，并与用户ID_g、大素数p和安全单向函数f组成加密文件传递给用户；(2) User registration: The user calculates a vector through the secure one-way function f according to the password PW _g selected _by the user and submits it to the authentication server. The identification of the identity is different; the authentication server combines its own secret vector and the vector submitted by the user to uniquely determine an N-dimensional sphere. If such an N-dimensional sphere cannot be constructed, the authentication server will re-select the identity of the user to calculate ;The authentication server will pass several different points randomly selected on this N-dimensional sphere through a secure channel, and form an encrypted file with the user ID _g , the large prime number p and the secure one-way function f to the user;

(3)用户生成认证信息：当用户需要认证服务器识别其身份时可以利用认证服务器传回的加密文件，并结合自身选定的口令PW_g，重新构造一个N维球面，同时选择这个N维球面上的几何特征作为认证信息传递给认证服务器进行验证；(3) User-generated authentication information: When the user needs the authentication server to identify his identity, he can use the encrypted file returned by the authentication server and combine the password PW _g selected by himself to reconstruct an N-dimensional sphere, and select this N-dimensional sphere at the same time The geometric features on the network are passed to the authentication server as authentication information for verification;

(4)认证服务器验证用户认证信息：认证服务器接受用户的认证信息同时利用自身的秘密向量重新构造一个N维球面，并计算用户约定使用的N维球面的几何特征，最后将计算结果和用户提交的认证信息进行比较，如果相同则接受用户身份，否则拒绝用户身份。(4) The authentication server verifies the user's authentication information: the authentication server accepts the user's authentication information and uses its own secret vector to reconstruct an N-dimensional sphere, and calculates the geometric features of the N-dimensional sphere that the user agrees to use. Finally, the calculation result and the user's submission The authentication information is compared, if the same, the user identity is accepted, otherwise the user identity is rejected.

为更好地实现本发明，所述步骤(1)认证服务器初始化，具体包括以下步骤：For realizing the present invention better, described step (1) authentication server initialization specifically comprises the following steps:

(1.1)认证服务器选择安全单向函数f，某个大素数p，认证服务器选定f和p后将其公开；(1.1) The authentication server selects a secure one-way function f and a certain large prime number p, and the authentication server selects f and p and makes them public;

(1.2)认证服务器秘密选定N个N维向量(各向量间是线性无关的)：(S₁₁、S₁₂......S_1N)，......，(S_N1、S_N2......S_NN)，其中S_kl在有限域GF(p)中随机选择，k＝1、...、N，l＝1、...、N；认证服务器可以公开N值，但是这N个N维向量只能由认证服务器秘密保存，且一旦选定就不再改变。(1.2) The authentication server secretly selects N N-dimensional vectors (the vectors are linearly independent): (S ₁₁ , S ₁₂ ... S _1N ), ..., (S _N1 , S _N2 ... S _NN ), where S _kl is randomly selected in the finite field GF(p), k=1,...,N, l=1,...,N; the authentication server can disclose N value, but these N N-dimensional vectors can only be kept secretly by the authentication server, and once selected, they will not change.

优选的：所述大素数满足p＝8n+3，n为某一正整数，这样可使步骤2.3在有限域GF(p)中寻找除A_g0和A_gi以外的任意N个点的二次剩余对更容易，运算更方便。Preferably: the large prime number satisfies p=8n+3, n is a certain positive integer, so that step 2.3 can be used to find the quadratic of any N points except A _g0 and A _gi in the finite field GF(p) Remainder pairs are easier and more convenient to compute.

所述步骤(2)用户注册，具体包括以下步骤：The step (2) user registration specifically includes the following steps:

(2.1)用户U_g选定一个口令PW_g，其中U_g是下标为g的用户，PW_g是下标为g的用户U_g所选定的口令，该口令可以由字母和数字组成，因字符串可以转换为数字，以下所述的PW_g是指转换以后的整数，下面各个步骤所有计算均在有限域GF(p)中进行；(2.1) The user U _g selects a password PW _g , where U _g is the user whose subscript is g, and PW _g is the password selected by the user U _g whose subscript is g. The password can be composed of letters and numbers, Because character strings can be converted into numbers, the PW _g described below refers to the converted integer, and all calculations in the following steps are performed in the finite field GF(p);

用户计算向量A_g0＝(f(PW_g)，f(2×PW_g)，...，f(N×PW_g))并传递给认证服务器；The user calculates the vector A _g0 =(f(PW _g ), f(2×PW _g ),..., f(N×PW _g )) and transmits it to the authentication server;

(2.2)认证服务器为该用户指定一个唯一的ID_g，并计算N维球面方程：(2.2) The authentication server assigns a unique ID _g to the user, and calculates the N-dimensional spherical equation:

(a)认证服务器根据自身秘密保存的N个N维向量，计算N个向量：(a) The authentication server calculates N vectors according to the N N-dimensional vectors it keeps secretly:

$\begin{matrix} {A A}_{g g 11} = = ((f f (({ID ID}_{g g} \times \times {S S}_{1111})),, f f (({ID ID}_{g g} \times \times {S S}_{1212})),, . . . . . .,, f f (({ID ID}_{g g} \times \times {S S}_{11 N N})))) \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {A A}_{gn gn} = = ((f f (({ID ID}_{g g} \times \times {S S}_{N N 11})),, f f (({ID ID}_{g g} \times \times {S S}_{N N 22})),, . . . . . .,, f f (({ID ID}_{g g} \times \times {S S}_{NN NN})))) \end{matrix}\}$

(b)把A_gi的坐标记为(a_i1，a_i2，...，a_iN)，其中i＝1、2、...、N；把A_g0坐标记为(a₀₁，a₀₂，...，a_0N)。这N+1个向量A_g0、A_g1、...，、A_gN构造N维球面方程(b) Mark the coordinates of A _gi as (a _i1 , a _i2 , ..., a _iN ), where i=1, 2, ..., N; mark the coordinates of A _g0 as (a ₀₁ , a ₀₂ ,..., a _0N ). These N+1 vectors A _g0 , A _g1 ,..., A _gN construct N-dimensional spherical equations

(x₁-c₁)²+(x₂-c₂)²+...+(x_N-c_N)²＝R² (1)(x ₁ -c ₁ ) ² +(x ₂ -c ₂ ) ² +...+(x _N -c _N ) ² ＝R ² (1)

其中(c₁，c₂，...，c_N)为N维球面的中心，R为该N维球面的半径，(x₁，x₂，...，x_N)是球面上任意点；Where (c ₁ , c ₂ , ..., c _N ) is the center of the N-dimensional sphere, R is the radius of the N-dimensional sphere, (x ₁ , x ₂ , ..., x _N ) is any point on the sphere ;

(c)认证服务器将求得的N+1个向量代入方程(1)，得方程组(2)(c) The authentication server substitutes the obtained N+1 vectors into equation (1), and obtains equation group (2)

$\begin{matrix} {(({a a}_{0101} - - {c c}_{11}))}^{22} + + {(({a a}_{0202} - - {c c}_{22}))}^{22} + + . . . . . . + + {(({a a}_{00 N N} - - {c c}_{N N}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ {(({a a}_{1111} - - {c c}_{11}))}^{22} + + {(({a a}_{1212} - - {c c}_{22}))}^{22} + + . . . . . . + + {(({a a}_{11 N N} - - {c c}_{N N}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \\ {(({a a}_{N N 11} - - {c c}_{11}))}^{22} + + {(({a a}_{N N 22} - - {c c}_{22}))}^{22} + + . . . . . . + + {(({a a}_{NN NN} - - {c c}_{N N}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \end{matrix}\} - - - - - - ((22))$

分别将它们前一式减后一式，可以得到关于c₁、c₂、...、c_N的线性方程组(3)：Subtracting the previous formula and the latter formula respectively, we can get the linear equation system (3) about c ₁ , c ₂ ,..., c _N :

$\begin{matrix} 22 (({a a}_{1111} - - {a a}_{0101})) {c c}_{11} + + . . . . . . + + 22 (({a a}_{11 N N} - - {a a}_{00 N N})) {c c}_{N N} &equiv; &equiv; (({Σ Σ}_{j j = = 11}^{N N} {a a}_{11 j j}^{22} - - {Σ Σ}_{j j = = 11}^{N N} {a a}_{00 j j}^{22})) mod mod p p \\ \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot \cdot \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \\ 22 (({a a}_{N N 11} - - {a a}_{((N N - - 11)) 11})) {c c}_{11} + + . . . . . . + + 22 (({a a}_{NN NN} - - {a a}_{((N N - - 11)) N N})) {c c}_{N N} &equiv; &equiv; (({Σ Σ}_{j j = = 11}^{N N} {a a}_{Nj Nj}^{22} - - {Σ Σ}_{j j = = 11}^{N N} {a a}_{((N N - - 11)) j j}^{22})) mod mod p p \end{matrix}\} - - - - - - ((33))$

如果在计算过程中，方程组(3)的系数矩阵行列式为零，则重新选择ID_g进行计算，这样保证方程唯一确定该球面的中心C(c₁，c₂，...，c_N)；再将这个中心坐标代入方程组(2)的任意一个式子进行计算，即可得到R²；然后把c₁、c₂、...、c_N和R²代入方程(1)，于是该球面的方程就能确定，这个方程就是下标为g的用户和认证服务器共享的秘密球面UC_g，设该方程为：If during the calculation process, the coefficient matrix determinant of equation group (3) is zero, then re-select ID _g for calculation, so as to ensure that the equation uniquely determines the center C of the sphere (c ₁ , c ₂ ,..., c _N ); then substitute this center coordinate into any formula of the equation group (2) for calculation, and then get R ² ; then put c ₁ , c ₂ ,..., c _N and R ² into the equation (1), Then the equation of the sphere can be determined. This equation is the secret sphere UC _g shared by the user with the subscript g and the authentication server. Let the equation be:

(x₁-c₁)²+(x₂-c₂)²+...+(x_N-c_N)²≡R² mod p(x ₁ -c ₁ ) ² +(x ₂ -c ₂ ) ² +...+(x _N -c _N ) ² ≡R ² mod p

(2.3)认证服务器随机选择秘密球面UC_g上除A_g0和A_gi以外的N个点B_gi，B_gi＝(b_i1，b_i2，...，b_iN)，其中i＝1、...、N；B_gi的每个坐标分量均在有限域GF(p)内找，B_gi的每个坐标具体求解如下：(2.3) The authentication server randomly selects N points B gi on the secret spherical surface UC _g except A _g0 and A _gi , B _gi ₌ (b _i1 , b _i2 ,..., b _iN ), where i=1,. .., N; each coordinate component of B _gi is found in the finite field GF(p), and the specific solution of each coordinate of B _gi is as follows:

(A)找到N-2个数对即二次剩余对(e_iq，d_iq)，使得e_iq≡d_iq ² mod p，其中q＝1、...、N-2，e_iq、d_iq是有限域GF(p)中满足e_iq≡d_iq ² mod p条件的任意两个整数，并且满足(A) Find N-2 pairs of numbers, that is, quadratic residue pairs (e _iq , d _iq ), such that e _iq ≡ _{d iq} ² mod p, where q=1,..., N-2, e _iq , d _iq is any two integers satisfying the condition e _iq ≡d _iq ² mod p in the finite field GF(p), and satisfying

b_i1≡(d_i1+c₁)mod pb _i1 ≡(d _i1 +c ₁ ) mod p

b_i2≡(d_i2+c₂)mod pb _i2 ≡(d _i2 +c ₂ ) mod p

...... …

b_i(N-2)≡(d_i(N-2)+c_N-2)mod pb _i(N-2) ≡(d _i(N-2) +c _N-2 ) mod p

(B)再选择两对二次剩余对(e_iz，d_iz)，使得e_iz≡d_iz ² mod p，其中z＝N-1、N，e_iz、d_iz是有限域GF(p)中满足e_iz≡d_iz ² mod p条件的任意两个整数，并且满足(B) Choose two pairs of quadratic residue pairs (e _iz , d _iz ), such that e _iz ≡d _iz ² mod p, where z=N-1, N, e _iz , d _iz are finite fields GF(p) Any two integers satisfying the condition of e _iz ≡d _iz ² mod p, and satisfying

${e e}_{i i ((N N - - 11))} + + {e e}_{iN i} &equiv; &equiv; (({R R}^{22} - - {Σ Σ}_{y the y = = 11}^{N N - - 22} {e e}_{iy iy})) mod mod p p$

令make

b_i(N-1)≡(d_i(N-1)+c_N-1)mod pb _i(N-1) ≡(d _i(N-1) +c _N-1 ) mod p

b_iN≡(d_iN+c_N)mod pb _iN ≡(d _iN +c _N ) mod p

上述步骤(A)和(B)是N≥3时适用的情况，当N＝2时则直接使用步骤(B)；重复N次计算，可以得到N个B_gi点，每次计算后验证一下，确保得到的N个点是互不相同的；The above steps (A) and (B) are applicable when N≥3, and when N=2, use step (B) directly; repeat N calculations, you can get N B _gi points, verify after each calculation , to ensure that the obtained N points are different from each other;

(2.4)认证服务器把p、f、ID_g、以及B_g1、B_g2、...，、B_gN以加密的形式保存在文件中并发送给用户，加密算法可以使用现有的安全加密算法，如AES等，用户保存加密后的文件，用户输入PIN码可解密文件并得到所需信息，以下我们称该加密文件为“userInfo”。(2.4) The authentication server saves p, f, ID _g , and B _g1 , B _g2 , ..., B _gN in encrypted form in the file and sends it to the user. The encryption algorithm can use the existing security encryption algorithm , such as AES, etc., the user saves the encrypted file, and the user enters the PIN code to decrypt the file and obtain the required information. Hereinafter, we call the encrypted file "userInfo".

所述步骤(3)用户生成认证信息，具体包括以下步骤：Described step (3) user generates authentication information, specifically comprises the following steps:

(3.1)下标为g的用户U_g输入PIN码解密认证服务器传递的含有注册成功信息的加密文件“userInfo”，得到p、f、ID_g、以及B_g1、B_g2、...，、B_gN；(3.1) The user U _g whose subscript is g enters the PIN code to decrypt the encrypted file "userInfo" containing the successful registration information delivered by the authentication server, and obtains p, f, ID _g , and B _g1 , B _g2 , ...,, B _{g N} ;

(3.2)用户在客户端输入自身口令PW_g，可以计算出B_g0＝(f(PW_g)，f(2×PW_g)，...，f(N×PW_g))；(3.2) The user enters his own password PW _g on the client terminal, and can calculate B _g0 = (f(PW _g ), f(2×PW _g ),..., f(N×PW _g ));

(3.3)用户根据B_g0加上文件“userInfo”中存储的N点B_g1、B_g2、...、B_gN，一共N+1个点，利用这N+1个向量构造N维球面方程，可以重构出原来的秘密球面UC_g；即将B_g0和B_g1、B_g2、...，、B_gN代入N维球面方程，得方程组：(3.3) According to B _g0 plus the N points B _g1 , B _g2 , ..., B _gN stored in the file "userInfo", the user has a total of N+1 points, and uses these N+1 vectors to construct an N-dimensional spherical equation , the original secret spherical surface UC _g can be reconstructed; that is, B _g0 and B _g1 , B _g2 , ..., B _gN are substituted into the N-dimensional spherical equation, and the equation system is obtained:

$\begin{matrix} {(({b b}_{0101} - - {c c}_{11}))}^{22} + + {(({b b}_{0202} - - {c c}_{22}))}^{22} + + . . . . . . + + {(({b b}_{00 N N} - - {c c}_{N N}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ {(({b b}_{1111} - - {c c}_{11}))}^{22} + + {(({b b}_{1212} - - {c c}_{22}))}^{22} + + . . . . . . + + {(({b b}_{11 N N} - - {c c}_{N N}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \\ {(({b b}_{N N 11} - - {c c}_{11}))}^{22} + + {(({b b}_{N N 22} - - {c c}_{22}))}^{22} + + . . . . . . + + {(({b b}_{NN NN} - - {c c}_{N N}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \end{matrix}\}$

分别将它们前一式减后一式，可以得到关于c₁、c₂、...、c_N的线性方程组：Subtracting the former formula and the latter formula respectively, we can get the linear equations about c ₁ , c ₂ ,..., c _N :

$\begin{matrix} 22 (({b b}_{1111} - - {b b}_{0101})) {c c}_{11} + + . . . . . . + + 22 (({b b}_{11 N N} - - {b b}_{00 N N})) {c c}_{N N} &equiv; &equiv; (({Σ Σ}_{j j = = 11}^{N N} {b b}_{11 j j}^{22} - - {Σ Σ}_{j j = = 11}^{N N} {b b}_{00 j j}^{22})) mod mod p p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 22 (({b b}_{N N 11} - - {b b}_{((N N - - 11)) 11})) {c c}_{11} + + . . . . . . + + 22 (({b b}_{NN NN} - - {b b}_{((N N - - 11)) N N})) {c c}_{N N} &equiv; &equiv; (({Σ Σ}_{j j = = 11}^{N N} {b b}_{Nj Nj}^{22} - - {Σ Σ}_{j j = = 11}^{N N} {b b}_{((N N - - 11)) j j}^{22})) mod mod p p \end{matrix}\}$

于是可以求解线性方程组，可得中心坐标C(c₁，c₂，...，c_N)；So the linear equations can be solved, and the center coordinates C(c ₁ ,c ₂ ,...,c _N ) can be obtained;

(3.4)用户计算w₁＝f(c₁×t)，w2＝f(c₂×t)，...，w_N＝f(c_N×t)，其中t为时间戳，令W_g＝(w₁，w₂，...，w_N)；(3.4) The user calculates w ₁ =f(c ₁ ×t), w2=f(c ₂ ×t), ..., w _N =f(c _N ×t), where t is the timestamp, let W _g = (w ₁ , w ₂ , . . . , w _N );

(3.5)过W_g和C做直线L，在极少见的情况下，如果W_g和C相同，重新选择时间戳t，再计算W_g(重新计算后，由于时间戳已不同，一定能保证这两个向量不相同)；直线L的参数方程如下(3.5) Make a straight line L through W _g and C. In rare cases, if W _g and C are the same, re-select the time stamp t, and then calculate W _g (after the recalculation, because the time stamp is different, it must be able to Guarantee that these two vectors are not the same); the parametric equation of the straight line L is as follows

$\{\begin{matrix} {y the y}_{11} &equiv; &equiv; (({w w}_{11} + + (({c c}_{11} - - {w w}_{11})) \times \times k k)) mod mod p p \\ {y the y}_{22} &equiv; &equiv; (({w w}_{22} + + (({c c}_{22} - - {w w}_{22})) \times \times k k)) mod mod p p \\ \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \\ {y the y}_{N N} &equiv; &equiv; (({w w}_{N N} + + (({c c}_{N N} - - {w w}_{N N})) \times \times k k)) mod mod p p \end{matrix}$

其中k为自变量参数，y₁、...、y_N为因变量；Among them, k is an independent variable parameter, and y ₁ , ..., y _N are dependent variables;

取L上除W_g和C之外的任意一点M_g(m₁，...，m_N)，即k取除0和1外的有限域GF(p)中的任意数时对应的(y₁，...，y_N)值；Take any point M _g (m ₁ ,...,m _N ) on L except W _g and C, that is, when k takes any number in the finite field GF(p) except 0 and 1, the corresponding ( y ₁ ,...,y _N ) value;

(3.6)用户将认证消息Meg＝{t，ID_g，B_g1，M_g}发送给认证服务器，其中，t为时间戳，ID_g是代表下标为g的用户身份的标识，B_g1是存储在文件“userInfo”中的在球面UC_g上的一个点，M_g是生成的直线L上的任意一点，同一个用户每次生成的认证消息中，t和M_g是不同的，ID_g和B_g1总是相同的。(3.6) The user sends the authentication message Meg={t, ID _g , B _g1 , M _g } to the authentication server, where t is the time stamp, ID _g is the identity of the user whose subscript is g, and B _g1 is A point on the spherical surface UC _g stored in the file "userInfo", M _g is any point on the generated straight line L, in each authentication message generated by the same user, t and M _g are different, ID _g and B _g1 are always the same.

所述步骤(4)认证服务器验证用户认证信息，具体包括以下步骤：Described step (4) authentication server verifies user authentication information, specifically comprises the following steps:

(4.1)认证服务器收到用户U_g的认证消息Meg，先检查时间戳是否有效，无效则认证失败，有效则进入下一步；(4.1) The authentication server receives the authentication message Meg of the user U _g , first checks whether the timestamp is valid, if invalid, the authentication fails, and if valid, enters the next step;

(4.2)认证服务器根据ID_g及自身秘密向量集计算向量(4.2) The authentication server calculates the vector according to the ID _g and its own secret vector set

A_gi＝(f(ID_g×S_i1)，f(ID_g×S_i2)，...，f(ID_g×S_iN))，(i＝1，...，N)A _gi =(f(ID _g ×S _i1 ), f(ID _g ×S _i2 ), . . . , f(ID _g ×S _iN )), (i=1, . . . , N)

把A_gi的坐标记为(a_i1，a_i2，...，a_iN)，其中i＝1、2、...、N，这样N个向量再加上认证消息中的点B_g1，一共N+1个向量，于是认证服务器能够重构与用户共享的球面UC_g，利用这N+1个向量构造N维球面方程，即将B_g1、以及A_g1、A_g2、...、A_gN代入N维球面方程：Mark the coordinates of A _gi as (a _i1 , a _i2 , ..., a _iN ), where i=1, 2, ..., N, such that N vectors plus the point B _g1 in the authentication message, There are a total of N+1 vectors, so the authentication server can reconstruct the spherical surface UC _g shared with the user, and use these N+1 vectors to construct an N-dimensional spherical equation, that is, B _g1 , and A _g1 , A _g2 , ..., A Substitute _gN into the N-dimensional spherical equation:

$\begin{matrix} {(({b b}_{1111} - - {c c}_{11}))}^{22} + + {(({b b}_{1212} - - {c c}_{22}))}^{22} + + . . . . . . + + {(({b b}_{11} - - {c c}_{N N}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ {(({a a}_{1111} - - {c c}_{11}))}^{22} + + {(({a a}_{1212} - - {c c}_{22}))}^{22} + + . . . . . . + + {(({a a}_{11 N N} - - {c c}_{N N}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \\ {(({a a}_{N N 11} - - {c c}_{11}))}^{22} + + {(({a a}_{N N 22} - - {c c}_{22}))}^{22} + + . . . . . . + + {(({a a}_{NN NN} - - {c c}_{N N}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \end{matrix}\}$

分别将它们的前一式减后一式，可以得到关于c₁、c₂、...、c_N的线性方程组：Subtracting the former formula and the latter formula respectively, we can get a system of linear equations about c ₁ , c ₂ ,..., c _N :

$\begin{matrix} 22 (({a a}_{1111} - - {b b}_{1111})) {c c}_{11} + + . . . . . . + + 22 (({a a}_{11 N N} - - {b b}_{11 N N})) {c c}_{N N} &equiv; &equiv; (({Σ Σ}_{j j = = 11}^{N N} {a a}_{11 j j}^{22} - - {Σ Σ}_{j j = = 11}^{N N} {b b}_{11 j j}^{22})) mod mod p p \\ \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot \cdot \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \\ 22 (({a a}_{N N 11} - - {a a}_{((N N - - 11)) 11})) {c c}_{11} + + . . . . . . + + 22 (({a a}_{NN NN} - - {a a}_{((N N - - 11)) N N})) {c c}_{N N} &equiv; &equiv; (({Σ Σ}_{j j = = 11}^{N N} {a a}_{Nj Nj}^{22} - - {Σ Σ}_{j j = = 11}^{N N} {a a}_{((N N - - 11)) j j}^{22})) mod mod p p \end{matrix}\}$

于是可以求解线性方程组的中心坐标C(c₁，c₂，...，c_N)；Then the center coordinate C(c ₁ , c ₂ ,...,c _N ) of the linear equation system can be solved;

(4.3)认证服务器计算W_g＝(f(c₁×t)，f(c₂×t)，...，f(c_N×t)，重构过点W_g及中心C的直线L：(4.3) The authentication server calculates W _g = (f(c ₁ ×t), f(c ₂ ×t), ..., f(c _N ×t), and reconstructs the straight line L passing through point W _g and center C :

$\{\begin{matrix} {y the y}_{11} &equiv; &equiv; (({w w}_{11} + + (({c c}_{11} - - {w w}_{11})) \times \times k k)) mod mod p p \\ {y the y}_{22} &equiv; &equiv; (({w w}_{22} + + (({c c}_{22} - - {w w}_{22})) \times \times k k)) mod mod p p \\ \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot \cdot \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \\ {y the y}_{N N} &equiv; &equiv; (({w w}_{N N} + + (({c c}_{N N} - - {w w}_{N N})) \times \times k k)) mod mod p p \end{matrix};;$

(4.4)认证服务器验证点M_g(m₁，...，m_N)是否在直线L上，若是则通过认证，否则认证失败，验证的过程如下：(4.4) The authentication server verifies whether the point M _g (m ₁ ,..., m _N ) is on the straight line L, if so, the authentication is passed, otherwise the authentication fails, the verification process is as follows:

把m₁、...、m_N分别代入直线方程的每一个子式进行计算，得到：Substitute m ₁ ,..., m _N into each sub-expression of the straight line equation for calculation, and get:

$\{\begin{matrix} {m m}_{11} &equiv; &equiv; (({w w}_{11} + + (({c c}_{11} - - {w w}_{11})) \times \times {k k}_{11})) mod mod p p \\ {m m}_{22} &equiv; &equiv; (({w w}_{22} + + (({c c}_{22} - - {w w}_{22})) \times \times {k k}_{22})) mod mod p p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {m m}_{N N} &equiv; &equiv; (({w w}_{N N} + + (({c c}_{N N} - - {w w}_{N N})) \times \times {k k}_{N N})) mod mod p p \end{matrix}$

则有：Then there are:

$\{\begin{matrix} {k k}_{11} &equiv; &equiv; (({m m}_{11} - - {w w}_{11})) \times \times {(({c c}_{11} - - {w w}_{11}))}^{- - 11} mod mod p p \\ {k k}_{22} &equiv; &equiv; (({m m}_{22} - - {w w}_{22})) \times \times {(({c c}_{22} - - {w w}_{22}))}^{- - 11} mod mod p p \\ \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot \cdot \cdot &Center Dot; \cdot &Center Dot; \\ {k k}_{N N} &equiv; &equiv; (({m m}_{N N} - - {w w}_{N N})) \times \times {(({c c}_{N N} - - {w w}_{N N}))}^{- - 11} mod mod p p \end{matrix}$

若k₁＝k₂＝...＝k_N，则说明点M_g在直线L上，认证服务器接受用户身份；否则点M_g不在直线L上，用户身份验证失败。If k ₁ =k ₂ =...=k _N , it means that the point M _g is on the straight line L, and the authentication server accepts the user identity; otherwise, the point M _g is not on the straight line L, and the user identity verification fails.

本发明的作用原理是：利用“已知满足一定条件的N+1个N维空间上的点，可以唯一确定一个N维球面(N-sphere/hyper sphere/N维圆)”的数学原理，设计了一种基于N维球面的身份认证方法，通过特定秘密信息比较认证服务器和用户是否可以重构同一个N维球面来设计的相应身份认证方法。The working principle of the present invention is: utilize the mathematical principle of "N+1 points on the N-dimensional space known to satisfy certain conditions can uniquely determine an N-dimensional sphere (N-sphere/hyper sphere/N-dimensional circle)", An identity authentication method based on N-dimensional sphere is designed, and the corresponding identity authentication method is designed by comparing whether the authentication server and the user can reconstruct the same N-dimensional sphere through specific secret information.

本发明与现有技术相比，具有如下优点和有益效果：Compared with the prior art, the present invention has the following advantages and beneficial effects:

第一，认证方法用到的主要运算是对线性方程组的求解，所以认证方法的三个需计算的步骤所需时间都很短，可以很好地运用于实际应用。First, the main operation used in the authentication method is the solution of linear equations, so the time required for the three calculation steps of the authentication method is very short, which can be well used in practical applications.

第二，认证服务器不需要为每个用户保存用户数据，认证服务器所需要保存的仅仅是N个对所有用户都通用的N维秘密向量：(S₁₁，S₁₂......S_1N)，......，(S_N1，S_N2......S_NN)。这样认证服务器端仅需要保存很少的数据就可以实现对大量用户身份的验证，大大节省了存储空间。Second, the authentication server does not need to save user data for each user. What the authentication server needs to save is only N N-dimensional secret vectors common to all users: (S ₁₁ , S ₁₂ ......S _1N ), ..., (S _N1 , S _N2 ... S _NN ). In this way, the authentication server only needs to save a small amount of data to verify the identities of a large number of users, which greatly saves storage space.

第三，可以有效抵御重放攻击，因为认证服务器会检查时间戳，因而认证消息Meg不能重复使用。Third, replay attacks can be effectively resisted, because the authentication server will check the timestamp, so the authentication message Meg cannot be reused.

第四，可以有效抵御伪造认证消息攻击，如果非法用户截获认证消息Meg，也只能知道球面上一个点，无法重构球面UC_g，也无法知道中心坐标。如果非法用户修改时间戳，但无法构造合法的点M_g，也就无法伪造认证消息，即使截获了多条认证消息，也无法从中恢复足够的有效信息重构球面，因此非法用户无法伪造合法的认证消息。Fourth, it can effectively resist forged authentication message attacks. If an illegal user intercepts the authentication message Meg, he can only know a point on the sphere, and cannot reconstruct the spherical surface UC _g , nor can he know the center coordinates. If the illegal user modifies the time stamp, but cannot construct the legal point M _g , the authentication message cannot be forged. Authentication message.

第五，可以有效抵御离线口令猜测(字典攻击)，本认证方法中用户自身口令的秘密信息f(PW_g)并没有曝露在网络中，因而做字典攻击较难。同时攻击者截获了认证消息Me_g，也只能知道M_g和B_g1，无法重构球面。即使通过字典攻击猜测用户口令PW_g，进而猜测B_g0，也只能知道球面上两个点B_g0和B_g1，还是无法重构球面。N维球面上其它点的可能取值空间就很大了，因此字典攻击对本发明方法的攻击力度非常弱。每次生成的认证消息中，B_g1点都是相同的，所以即使攻击者截获了多条认证消息，也不能获得更多关于球面的信息。Fifth, it can effectively resist offline password guessing (dictionary attack). In this authentication method, the secret information f(PW _g ) of the user's own password is not exposed in the network, so it is difficult to do dictionary attack. At the same time, the attacker intercepts the authentication message Me _g , and can only know M _g and B _g1 , and cannot reconstruct the spherical surface. Even if the user password PW _g is guessed through dictionary attack, and then B _g0 is guessed, only two points B _g0 and B _g1 on the sphere can be known, and the sphere cannot be reconstructed. The possible value space of other points on the N-dimensional sphere is very large, so the attacking force of the dictionary attack on the method of the present invention is very weak. In each authentication message generated, the B _g1 point is the same, so even if the attacker intercepts multiple authentication messages, he cannot obtain more information about the sphere.

第六，可以有效抵御假冒认证服务器攻击，认证服务器构造秘密球面的过程要用到自己的N个秘密的线性无关的N维向量。合法用户只能知道自己所重构秘密球面上的N+1个点，而认证服务器计算这个秘密球面是利用球面上另外N个点，加上由用户口令生成的B_g0点，用户不知道认证服务器的N个点A_gi(其中i＝1、...、N)，更不知道认证服务器生成这些点的N个秘密向量，因此合法用户难以假冒认证服务器。Sixth, it can effectively resist the attack of fake authentication server. The process of constructing the secret sphere of the authentication server needs to use the linearly independent N-dimensional vector of its own N secrets. The legitimate user can only know the N+1 points on the secret sphere reconstructed by himself, and the authentication server calculates the secret sphere by using the other N points on the sphere, plus the B _g0 point generated by the user password, the user does not know the authentication The N points A _gi (where i=1,...,N) of the server do not know the N secret vectors generated by the authentication server, so it is difficult for legitimate users to impersonate the authentication server.

第七，可以有效抵御假冒用户攻击，合法用户如果想冒充别的用户，可以修改认证消息中的用户ID_g，但却无法知道其它用户与认证服务器共享的秘密(即别的ID_g对应的秘密球面的中心)，因而无法生成合法的点M_g，也就无法伪造认证消息，所以无法冒充别的合法用户。Seventh, it can effectively resist counterfeit user attacks. If a legitimate user wants to pretend to be another user, he can modify the user ID _g in the authentication message, but he cannot know the secret shared by other users and the authentication server (that is, the secret corresponding to other ID _g The center of the sphere), so the legal point M _g cannot be generated, and the authentication message cannot be forged, so it is impossible to impersonate other legal users.

附图说明 Description of drawings

图1是本发明优选实施例的身份认证系统架构示意图；Fig. 1 is a schematic diagram of an identity authentication system architecture of a preferred embodiment of the present invention;

图2是本发明优选实施例的身份认证服务器初始化后状态示意图；Fig. 2 is a schematic diagram of the status after initialization of the identity authentication server in the preferred embodiment of the present invention;

图3是本发明优选实施例的用户1注册过程示意图；Fig. 3 is a schematic diagram of a user 1 registration process in a preferred embodiment of the present invention;

图4是本发明优选实施例的用户1注册过程身份认证服务器运算过程示意图；Fig. 4 is a schematic diagram of the operation process of the identity authentication server of the user 1 registration process in the preferred embodiment of the present invention;

图5是本发明优选实施例的用户2注册过程示意图；Fig. 5 is a schematic diagram of a user 2 registration process in a preferred embodiment of the present invention;

图6是本发明优选实施例的用户2注册过程身份认证服务器运算过程示意图；Fig. 6 is a schematic diagram of the operation process of the user 2 registration process of the identity authentication server in the preferred embodiment of the present invention;

图7是本发明优选实施例的注册过程身份认证服务器运算结果二维示意图；Fig. 7 is a two-dimensional schematic diagram of the operation result of the identity authentication server in the registration process of the preferred embodiment of the present invention;

图8是本发明优选实施例的用户认证过程示意图；Fig. 8 is a schematic diagram of a user authentication process in a preferred embodiment of the present invention;

图9是本发明优选实施例的用户认证过程用户运算示意图；Fig. 9 is a schematic diagram of user operations in the user authentication process of a preferred embodiment of the present invention;

图10是本发明优选实施例的用户认证过程身份认证服务器运算示意图；Fig. 10 is a schematic diagram of operation of the identity authentication server in the user authentication process of the preferred embodiment of the present invention;

图11是本发明优选实施例的认证过程运算结果二维示意图。Fig. 11 is a two-dimensional schematic diagram of the operation result of the authentication process in the preferred embodiment of the present invention.

具体实施方式 Detailed ways

下面结合实施例及附图，对本发明作进一步地详细说明，但本发明的实施方式不限于此。The present invention will be described in further detail below in conjunction with the embodiments and the accompanying drawings, but the embodiments of the present invention are not limited thereto.

实施例Example

典型的身份认证系统架构如图1所示，该系统包括认证服务器(CA)，以及用户1、用户2。认证服务器(CA)、各个用户通过网际网络连接。A typical identity authentication system architecture is shown in Figure 1, the system includes an authentication server (CA), and user 1 and user 2. The authentication server (CA) and each user are connected through the Internet.

如图2所示，在初始化之后认证服务器(CA)设定相关参数，其中实线框内为秘密保存参数，虚线框为公开参数。本实施例选取N＝2的情况给予具体说明，因为在2维空间中，“2维球面”实际是“圆”，所以在以下的描述中，采用“2维圆”这一术语替代“N维球面”。如图中2维向量S₁和S₂是秘密保存的秘密向量(这里为了简单说明所以只选择2维向量，在实际应用中可以选择更高维数向量作为秘密向量)，安全单向函数f和大素数p是公开的，实施例的整个过程都是在有限域GF(p)下进行的。As shown in FIG. 2 , after initialization, the authentication server (CA) sets relevant parameters, wherein the parameters in the solid line box are kept secret, and the dotted line box is the public parameter. This embodiment selects the situation of N=2 to give a specific explanation, because in a 2-dimensional space, a "2-dimensional sphere" is actually a "circle", so in the following description, the term "2-dimensional circle" is used instead of "N Dimensional surface". As shown in the figure, the 2-dimensional vectors S ₁ and S ₂ are secret vectors kept in secret (only 2-dimensional vectors are selected here for the sake of simplicity, and higher-dimensional vectors can be selected as secret vectors in practical applications), and the secure one-way function f and the large prime number p are public, and the whole process of the embodiment is carried out under the finite field GF(p).

如图3所示，用户U₁向认证服务器(CA)进行注册。As shown in Fig. 3, user U ₁ registers with an authentication server (CA).

其中PW₁是用户U₁自身的口令，由用户自身秘密保存，该口令可以由字母和数字组成，且字符串可以转换为数字。用户向认证服务器(CA)发送注册请求，并将自身口令进行安全单向函数f运算得到结果A₁₀＝(f(PW₁)，f(2*PW₁))作为身份信息发送到认证服务器(CA)。认证服务器(CA)利用自身秘密向量S₁、S₂及用户提交的信息计算相应的用户身份标识后加密成名为“userInfo”的加密文件，再将其传送给用户U₁：Wherein PW ₁ is the password of the user U ₁ , which is kept secretly by the user. The password can be composed of letters and numbers, and the character string can be converted into numbers. The user sends a registration request to the authentication server (CA), and performs the secure one-way function f operation on the password to obtain the result A ₁₀ =(f(PW ₁ ), f(2*PW ₁ )) as the identity information and sends it to the authentication server ( CA). The authentication server (CA) uses its own secret vectors S ₁ , S ₂ and the information submitted by the user to calculate the corresponding user identity, encrypts it into an encrypted file named "userInfo", and then sends it to the user U ₁ :

图4示出了认证服务器(CA)在用户1进行注册时所进行的计算相应用户身份标识运算过程：Fig. 4 shows that the authentication server (CA) calculates the corresponding user identification operation process when user 1 registers:

认证服务器(CA)为用户U₁指定一个唯一的ID₁，代表用户身份。认证服务器(CA)根据保存的2个秘密向量，计算2个向量：The authentication server (CA) assigns a unique ID ₁ to the user U ₁ , representing the identity of the user. The authentication server (CA) calculates 2 vectors based on the 2 stored secret vectors:

A₁₁＝(f(ID₁×S₁₁)，f(ID₁×S₁₂))A ₁₁ =(f(ID ₁ ×S ₁₁ ), f(ID ₁ ×S ₁₂ ))

A₁₂＝(f(ID₁×S₂₁)，f(ID₁×S₂₂))A ₁₂ =(f(ID ₁ ×S ₂₁ ), f(ID ₁ ×S ₂₂ ))

把A₁₁的坐标记为(a₁₁，a₁₂)，A₁₂的坐标记为(a₂₁，a₂₂)，再加上用户发送的A₁₀(记为(a₀₁，a₀₂))，这三个向量组成一个2维圆的方程组，并代入相应参数得：Mark the coordinates of A ₁₁ as (a ₁₁ , a ₁₂ ), and the coordinates of A ₁₂ as (a ₂₁ , a ₂₂ ), plus the A ₁₀ sent by the user (denoted as (a ₀₁ , a ₀₂ )), this Three vectors form a 2-dimensional circle equation system, and substitute the corresponding parameters to get:

$\begin{matrix} {(({a a}_{0101} - - {c c}_{11}))}^{22} + + {(({a a}_{0202} - - {c c}_{22}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ {(({a a}_{1111} - - {c c}_{11}))}^{22} + + {(({a a}_{1212} - - {c c}_{22}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ {(({a a}_{21 twenty one} - - {c c}_{11}))}^{22} + + {(({a a}_{22 twenty two} - - {c c}_{22}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \end{matrix}\}$

通过后式减前式可得：Subtract the former from the latter to get:

$22 (({a a}_{1111} - - {a a}_{0101})) {c c}_{11} + + 22 (({a a}_{1212} - - {a a}_{0202})) {c c}_{22} &equiv; &equiv; (({Σ Σ}_{v v = = 11}^{22} {a a}_{11 v v}^{22} - - {Σ Σ}_{v v = = 11}^{22} {a a}_{00 v v}^{22})) mod mod p p$

$22 (({a a}_{21 twenty one} - - {a a}_{1111})) {c c}_{11} + + 22 (({a a}_{22 twenty two} - - {a a}_{1212})) {c c}_{22} &equiv; &equiv; (({Σ Σ}_{v v = = 11}^{22} {a a}_{22 v v}^{22} - - {Σ Σ}_{v v = = 11}^{22} {a a}_{11 v v}^{22})) mod mod p p$

通过求解这个二元一次方程组，可以求出中心C(c₁，c₂)，进而半径平方R²，如果计算过程中无法求解这个方程组，则重新选择用户U₁的ID₁，再重新计算直到可以求解方程。最后从这个2维圆上选取另外两个不同的点B₁₁、B₁₂(这两个点不同于A₁₀、A₁₁、A₁₂)，具体过程如下：By solving this system of binary linear equations, the center C(c ₁ , c ₂ ) can be obtained, and then the square of the radius R ² can be obtained. If this system of equations cannot be solved during the calculation process, then re-select the ID ₁ of user U ₁ and start again Compute until the equation can be solved. Finally, select two other different points B ₁₁ and B ₁₂ from this 2-dimensional circle (these two points are different from A ₁₀ , A ₁₁ and A ₁₂ ), the specific process is as follows:

选择两对二次剩余对(e₁₁，d₁₁)、(e₁₂，d₁₂)使得e₁₁≡d₁₁ ² mod p且e₁₂≡d₁₂ ² mod p，并且满足Choose two pairs of quadratic residue pairs (e ₁₁ , d ₁₁ ), (e ₁₂ , d ₁₂ ) such that e ₁₁ ≡d ₁₁ ² mod p and e ₁₂ ≡d ₁₂ ² mod p, and satisfy

e₁₁+e₁₂≡R² mod pe ₁₁ +e ₁₂ ≡ R ² mod p

令make

b₁₁≡(d₁₁+c₁)mod pb ₁₁ ≡(d ₁₁ +c ₁ ) mod p

b₁₂≡(d₁₂+c₂)mod pb ₁₂ ≡(d ₁₂ +c ₂ )mod p

B₁₁＝(b₁₁，b₁₂)；B ₁₁ =(b ₁₁ , b ₁₂ );

同样再选择两对二次剩余对(e₂₁，d₂₁)、(e₂₂，d₂₂)使得e₂₁≡d₂₁ ² mod p且e₂₂≡d₂₂ ² mod p，并且满足Also select two pairs of quadratic residue pairs (e ₂₁ , d ₂₁ ), (e ₂₂ , d ₂₂ ) such that e ₂₁ ≡d ₂₁ ² mod p and e ₂₂ ≡d ₂₂ ² mod p, and satisfy

e₂₁+e₂₂≡R² mod pe ₂₁ +e ₂₂ ≡ R ² mod p

令make

b₂₁≡(d₂₁+c₁)mod pb ₂₁ ≡(d ₂₁ +c ₁ ) mod p

b₂₂≡(d₂₂+c₂)mod pb ₂₂ ≡(d ₂₂ +c ₂ ) mod p

B₁₂＝(b₂₁，b₂₂)；B ₁₂ =(b ₂₁ , b ₂₂ );

最后将B₁₁、B₁₂及大素数p、安全单向函数f都加密到一个文件中，称为“userInfo”，并将“userInfo”传回给用户U₁。Finally, encrypt B ₁₁ , B ₁₂ , large prime number p, and secure one-way function f into a file called "userInfo", and return "userInfo" to user U ₁ .

如图5所示，用户U₂向认证服务器(CA)进行注册。这个过程和用户U₁注册过程一样。只是现在认证服务器(CA)已经使用ID₁这个ID，必须重新选择其它ID赋给用户U₂。As shown in Figure 5, user U ₂ registers with an authentication server (CA). This process is the same as the user U ₁ registration process. Only now that the authentication server (CA) has used the ID ₁ , another ID must be reselected and assigned to the user U ₂ .

如图6所示，认证服务器(CA)在用户U₂进行注册时所进行的运算过程。这个过程与图4运算过程一致，只是此时用户U₂使用的ID是ID₂。As shown in Fig. 6, the operation process performed by the authentication server (CA) when the user U ₂ registers. This process is consistent with the operation process in Figure 4, except that the ID used by user U ₂ is ID ₂ at this time.

如图7所示，认证服务器(CA)在用户U₁、用户U₂注册后运算结果2维示意图。其中2维圆UC₁是用户U₁利用自身提供口令信息A₁₀和认证服务器(CA)秘密向量S₁、S₂(利用ID₁进行运算得到A₁₁、A₁₂)构造的，B₁₁、B₁₂是认证服务器(CA)选择的另外两个不同的点，存入加密文件“userInfo”中，由用户1自身保管；2维圆UC₂是用户U₂利用自身提供口令信息A₂₀和认证服务器(CA)秘密向量S₁、S₂(利用ID₂进行运算得到A₂₁、A₂₂)构造的，B₂₁、B₂₂是认证服务器(CA)选择的另外两个不同的点作为用户U₂的身份标志。由于用户U₁、用户U₂的ID不同，认证服务器(CA)构造出来的2维圆也不可能相同，由此可以增加整个身份认证系统的安全性。As shown in FIG. 7 , it is a 2-dimensional schematic diagram of the operation result after the authentication server (CA) registers the user U ₁ and the user U ₂ . Among them, the 2-dimensional circle UC ₁ is constructed by the user U ₁ using the password information A ₁₀ provided by the user himself and the authentication server (CA) secret vectors S ₁ , S ₂ (A ₁₁ , A ₁₂ obtained by using ID ₁ to calculate), B ₁₁ , B ₁₂ is another two different points selected by the authentication server (CA), stored in the encrypted file "userInfo" and kept by user 1 itself; 2-dimensional circle UC ₂ is user U ₂ using itself to provide password information A ₂₀ and authentication server (CA) Constructed by secret vectors S ₁ and S ₂ (using ID ₂ to obtain A ₂₁ and A ₂₂ ), B ₂₁ and B ₂₂ are two other different points selected by the authentication server (CA) as user U ₂ identity mark. Since the IDs of user U ₁ and user U ₂ are different, the 2-dimensional circles constructed by the authentication server (CA) cannot be the same, thereby increasing the security of the entire identity authentication system.

图8是用户U₁向认证服务器(CA)请求身份认证的过程示意图。其中用户U₁先进行计算，利用自身口令和加密文件“userInfo”含有的身份标识重新构造2维圆，再将信息B₁₁、M₁、时间戳t和自身ID₁发送给认证服务器(CA)。认证服务器(CA)首先检查时间戳t是否在可接受范围内，如果超出时间限定就认为身份验证失败，如t有效则认证服务器(CA)利用B₁₁和自身秘密向量也重新构造球面，并检查M₁是否正确，由此确定身份验证是否成功。FIG. 8 is a schematic diagram of a process in which user _U1 requests identity authentication from an authentication server (CA). Among them, the user U ₁ performs calculation first, reconstructs a 2-dimensional circle using its own password and the identity contained in the encrypted file "userInfo", and then sends the information B ₁₁ , M ₁ , time stamp t and its own ID ₁ to the authentication server (CA) . The authentication server (CA) first checks whether the time stamp t is within the acceptable range. If it exceeds the time limit, it considers that the identity verification fails. If t is valid, the authentication server (CA) uses B ₁₁ and its own secret vector to reconstruct the spherical surface, and checks Whether M ₁ is correct, thus determine whether the identity verification is successful.

如图9所示，用户U₁向认证服务器(CA)请求身份认证用户自身运算的过程示意图。用户U₁利用自身口令PW₁计算A₁₀，记A₁₀＝(f(PW₁)，f(2*PW₁))＝(a₀₁，a₀₂)和“userInfo”中的B₁(b₁₁，b₁₂)，B₁₂(b₂₁，b₂₂)三个点组成2维圆的方程组，并代入相应参数得：As shown in FIG. 9 , it is a schematic diagram of a process in which the user U ₁ requests the authentication server (CA) for the operation of the identity authentication user itself. User U ₁ uses its own password PW ₁ to calculate A ₁₀ , write A ₁₀ =(f(PW ₁ ), f(2*PW ₁ ))=(a ₀₁ , a ₀₂ ) and B ₁ (b ₁₁ , b ₁₂ ), B ₁₂ (b ₂₁ , b ₂₂ ) three points form the equation system of a 2-dimensional circle, and substitute the corresponding parameters to get:

$\begin{matrix} {(({a a}_{0101} - - {c c}_{11}))}^{22} + + {(({a a}_{0202} - - {c c}_{22}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ {(({b b}_{1111} - - {c c}_{11}))}^{22} + + {(({b b}_{1212} - - {c c}_{22}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ {(({b b}_{21 twenty one} - - {c c}_{11}))}^{22} + + {(({b b}_{22 twenty two} - - {c c}_{22}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \end{matrix}\}$

通过后式减前式可得：Subtract the former from the latter to get:

$22 (({b b}_{1111} - - {a a}_{0101})) {c c}_{11} + + 22 (({b b}_{1212} - - {a a}_{0202})) {c c}_{22} &equiv; &equiv; (({Σ Σ}_{v v = = 11}^{22} {b b}_{11 v v}^{22} - - {Σ Σ}_{v v = = 11}^{22} {a a}_{00 v v}^{22})) mod mod p p$

$22 (({b b}_{21 twenty one} - - {b b}_{1111})) {c c}_{11} + + 22 (({b b}_{22 twenty two} - - {b b}_{1212})) {c c}_{22} &equiv; &equiv; (({Σ Σ}_{v v = = 11}^{22} {b b}_{22 v v}^{22} - - {Σ Σ}_{v v = = 11}^{22} {b b}_{11 v v}^{22})) mod mod p p$

通过求解这个二元一次方程组，可以求出中心C(c₁，c₂)，进而求出半径平方R²。用户U₁再选择一个时间戳t，并计算W₁，其中W₁(w₁，w₂)＝(f(c₁*t)，f(c₂*t))。然后用户过W₁、C作一条直线L，具体过程如下：By solving this system of binary linear equations, the center C(c ₁ , c ₂ ) can be obtained, and then the radius square R ² can be obtained. The user U ₁ selects another time stamp t, and calculates W ₁ , where W ₁ (w ₁ , w ₂ )=(f(c ₁ *t), f(c ₂ *t)). Then the user draws a straight line L through W ₁ and C, the specific process is as follows:

$\{\begin{matrix} {y the y}_{11} &equiv; &equiv; (({w w}_{11} + + (({c c}_{11} - - {w w}_{11})) \times \times k k)) mod mod p p \\ {y the y}_{22} &equiv; &equiv; (({w w}_{22} + + (({c c}_{22} - - {w w}_{22})) \times \times k k)) mod mod p p \end{matrix}$

其中k是自变量，y₁、y₂是因变量，并在直线L上选择其中区别于C、W₁的一点记为M₁(m₁，m₂)。最后用户将Meg＝{t，ID₁，B₁₁，M₁}作为认证信息发送给认证服务器(CA)，接受认证服务器(CA)的验证，并等待验证结果。Where k is the independent variable, y ₁ and y ₂ are the dependent variables, and a point on the straight line L that is different from C and W ₁ is selected as M ₁ (m ₁ , m ₂ ). Finally, the user sends Meg={t, ID ₁ , B ₁₁ , M ₁ } as authentication information to the authentication server (CA), accepts the authentication of the authentication server (CA), and waits for the authentication result.

如图10所示，用户1向认证服务器请求身份认证时认证服务器(CA)自身运算的过程示意图。认证服务器(CA)首先检查用户发送认证信息的时间戳t，如果超时则验证失败，否则继续往下验证。认证服务器(CA)利用自身秘密向量S₁、S₂和ID₁运算得到A₁₁、A₁₂：As shown in FIG. 10 , it is a schematic diagram of the operation process of the authentication server (CA) itself when user 1 requests identity authentication from the authentication server. The authentication server (CA) first checks the time stamp t of the authentication information sent by the user, and if it times out, the authentication fails; otherwise, the authentication continues. The authentication server (CA) uses its own secret vectors S ₁ , S ₂ and ID ₁ to calculate A ₁₁ and A ₁₂ :

A₁₁(a₁₁，a₁₂)＝(f(S₁₁*ID₁)，f(S₁₂*ID₁))A ₁₁ (a ₁₁ , a ₁₂ )=(f(S ₁₁ *ID ₁ ), f(S ₁₂ *ID ₁ ))

A₁₂(a₂₁，a₂₂)＝(f(S₂₁*ID₁)，f(S₂₂*ID₁))A ₁₂ (a ₂₁ , a ₂₂ )=(f(S ₂₁ *ID ₁ ), f(S ₂₂ *ID ₁ ))

再加上用户发来的B₁₁，这三个点又可以组成一个2维圆方程组，并将参数代入其中Coupled with the B ₁₁ sent by the user, these three points can form a 2-dimensional circular equation system, and the parameters can be substituted into it

$\begin{matrix} {(({a a}_{1111} - - {c c}_{11}))}^{22} + + {(({a a}_{1212} - - {c c}_{22}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ {(({a a}_{21 twenty one} - - {c c}_{11}))}^{22} + + {(({a a}_{22 twenty two} - - {c c}_{22}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \\ {(({b b}_{1111} - - {c c}_{11}))}^{22} + + {(({b b}_{1212} - - {c c}_{22}))}^{22} &equiv; &equiv; {R R}^{22} mod mod p p \end{matrix}\}$

通过后式减前式可以得到一个二元一次方程组A system of linear equations in two variables can be obtained by subtracting the former from the latter

$22 (({b b}_{1111} - - {a a}_{21 twenty one})) {c c}_{11} + + 22 (({b b}_{1212} - - {a a}_{22 twenty two})) {c c}_{22} &equiv; &equiv; (({Σ Σ}_{v v = = 11}^{22} {b b}_{11 v v}^{22} - - {Σ Σ}_{v v = = 11}^{22} {a a}_{22 v v}^{22})) mod mod p p$

通过求解这个二元一次方程组可以求出中心C(c₁，c₂)，进而求出半径平方R²。认证服务器(CA)再求出W₁，W₁(w₁，w₂)＝(f(c₁*t)，f(c₂*t))，其中t为用户认证信息中的时间戳，然后过C、W₁作一条直线L，并验证用户U₁发来的M₁点是否在直线上，验证方法如下：The center C(c ₁ , c ₂ ) can be obtained by solving this binary linear equation system, and then the radius square R ² can be obtained. The authentication server (CA) calculates W ₁ again, W ₁ (w ₁ , w ₂ )=(f(c ₁ *t), f(c ₂ *t)), where t is the timestamp in the user authentication information, Then make a straight line L through C and W ₁ , and verify whether the point M ₁ sent by user U ₁ is on the straight line. The verification method is as follows:

$\{\begin{matrix} {k k}_{11} &equiv; &equiv; (((({m m}_{11} - - {w w}_{11})) \times \times {(({c c}_{11} - - {w w}_{11}))}^{- - 11})) mod mod p p \\ {k k}_{22} &equiv; &equiv; (((({m m}_{22} - - {w w}_{22})) \times \times {(({c c}_{22} - - {w w}_{22}))}^{- - 11})) mod mod p p \end{matrix}$

如果K₁等于K₂，则M₁在直线L上，从而身份验证成功；如果K₁不等于K₂，则M₁不在直线L上，从而身份验证失败。If K ₁ is equal to K ₂ , then M ₁ is on the straight line L, and the authentication is successful; if K ₁ is not equal to K ₂ , then M ₁ is not on the straight line L, and the authentication fails.

如图11所示，用户1向认证服务器请求身份认证运算结果二维示意图。用户U₁利用自身信息构造2维圆，求出过中心C和W₁的直线，并在该直线上任意选择一个点M₁。如果认证服务器(CA)利用相应的信息也可以构造同一个2维圆，并利用用户U₁提供的正确信息就可以验证M₁与球面中心C和W₁过同一直线L，由此可以判定用户U₁的身份。同时由于W₁是随时间而改变，所以在t’时间，用户将会构造另外一条直线L’，即用户每次身份验证过程中构造的直线都会不相同，这样就更能提高系统安全性。As shown in FIG. 11 , a two-dimensional schematic diagram of user 1 requesting an identity authentication operation result from the authentication server. User U ₁ uses his own information to construct a 2-dimensional circle, finds a straight line passing through centers C and W ₁ , and randomly selects a point M ₁ on the straight line. If the authentication server (CA) can also construct the same 2-dimensional circle with the corresponding information, and use the correct information provided by user U ₁ , it can verify that M ₁ passes the same line L as the center of the sphere C and W ₁ , and thus the user can be determined _U1 's identity. At the same time, since W ₁ changes with time, at time t', the user will construct another straight line L', that is, the straight line constructed by the user during each authentication process will be different, which can further improve system security.

上述实施例为本发明较佳的实施方式，但本发明的实施方式并不受所述实施例的限制，其他的任何未背离本发明的精神实质与原理下所作的改变、修饰、替代、组合、简化，均应为等效的置换方式，都包含在本发明的保护范围之内。The above-mentioned embodiment is a preferred embodiment of the present invention, but the embodiment of the present invention is not limited by the embodiment, and any other changes, modifications, substitutions and combinations made without departing from the spirit and principle of the present invention , simplification, all should be equivalent replacement methods, and are all included in the protection scope of the present invention.

Claims

1, a kind of identity identifying method based on the N n-dimensional sphere n may further comprise the steps:

(1) certificate server initialization: certificate server is selected finite field gf (p) and safe one-way function f, selects some secret vectors simultaneously; Wherein GF (p) has determined the finite field at group computing place, and promptly all group's calculating processes all carry out in finite field gf (p), and p is a big prime number;

(2) user's registration: the user is according to self selected password PW _gCalculate a vector by safety one-way function f and submit to certificate server, certificate server is checked user identity, for the user specifies an ID _gAs the sign of user identity, the sign of each user identity has nothing in common with each other; Vectorial unique definite N n-dimensional sphere n that certificate server is submitted in conjunction with self secret vector sum user, if can not construct such N n-dimensional sphere n, then the certificate server sign of reselecting this user identity is calculated again; The point some inequality that last certificate server will be selected at this N n-dimensional sphere n at random by safe lane, and with the sign ID of user identity _g, big prime number p and safe one-way function f form encrypt file and pass to the user;

(3) user generates authentication information: the encrypt file that when the user needs certificate server to discern its identity, utilizes certificate server to pass back, and in conjunction with self selected password PW _g, re-construct a N n-dimensional sphere n, select geometric properties on this N n-dimensional sphere n to pass to certificate server simultaneously and verify as authentication information;

(4) certificate server checking user authentication information: the authentication information that certificate server is accepted the user utilizes the secret vector of self to re-construct a N n-dimensional sphere n simultaneously, and calculate geometric properties on the N n-dimensional sphere n that the user arranges to use, authentication information with result of calculation and user's submission compares at last, if identical then accept user identity, otherwise refusing user's identity.

2, a kind of identity identifying method based on the N n-dimensional sphere n according to claim 1 is characterized in that: described step (1) certificate server initialization specifically may further comprise the steps:

(1.1) certificate server is selected safe one-way function f, and certain big prime number p is open with it behind selected f of certificate server and the p;

(1.2) the N dimensional vector of secret selected N the linear independence of certificate server: (S ₁₁, S ₁₂... S _1N) ..., (S _N1, S _N2... S _NN), S wherein _KlIn finite field gf (p), select at random, k=1 ..., N, l=1 ..., N; The open N value of certificate server, but this N N dimensional vector can only preserve by certificate server is secret, and in case selected with regard to no longer change.

3, a kind of identity identifying method according to claim 2 based on the N n-dimensional sphere n, it is characterized in that: described big prime number satisfies p=8n+3, and n is a certain positive integer.

4, a kind of identity identifying method based on the N n-dimensional sphere n according to claim 1 is characterized in that: described step (2) user registration specifically may further comprise the steps:

(2.1) user U _gSelected password PW _g, U wherein _gBe the user who is designated as g down, PW _gBe the user U that is designated as g down _gSelected password, this password is made up of letter and number, because of character string can be converted to numeral, the PW of the following stated _gBe meant the later integer of conversion, below all calculating of each step all in finite field gf (p), carry out;

User's compute vector A _G0=(f (PW _g), f (2 * PW _g) ..., f (N * PW _g)) and pass to certificate server;

(2.2) certificate server is specified a unique IDg for this user, and calculates N n-dimensional sphere n equation:

(a) certificate server calculates N vector according to self secret N N dimensional vector of preserving:

\begin{matrix} A_{g 1} = (f ({ID}_{g} \times S_{11}), f ({ID}_{g} \times S_{12}), . . ., f ({ID}_{g} \times S_{1 N})) \\ \cdot \cdot \cdot \cdot \\ A_{gN} = (f ({ID}_{g} \times S_{N 1}), f ({ID}_{g} \times S_{N 2}), . . ., f ({ID}_{g} \times S_{NN})) \end{matrix}\}

(b) A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N, add the A that the user transmits _G0, A _G0Coordinate is designated as (a ₀₁, a ₀₂..., a _0N), utilize N+1 vectorial A _G0, A _G1..., A _GNStructure N n-dimensional sphere n equation, the substitution spherical equation:

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _N-c _N) ²＝R ²

(c wherein ₁, c ₂..., c _N) be the center of N n-dimensional sphere n, R is the radius of this N n-dimensional sphere n, (x ₁, x ₂..., x _N) be arbitrfary point on the sphere;

:

\begin{matrix} {(a_{01} - c_{1})}^{2} + {(a_{02} - c_{2})}^{2} + . . . + {(a_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Respectively the same form before them is subtracted the back same form then, obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (a_{11} - a_{01}) c_{1} + . . . + 2 (a_{1 N} - a_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} a_{0 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\}

If in computational process, the coefficient matrix determinant of equation group is zero, then reselects ID _gCalculate, guarantee the unique center C (c that determines this sphere of equation group like this ₁, c ₂..., c _N); Then obtain R ²Then just according to c ₁, c ₂..., c _NAnd R ²Determine spherical equation, definite spherical equation is exactly to be designated as the user of g and the secret sphere UC that certificate server is shared down _g, establish this equation and be:

(x ₁-c ₁) ²+(x ₂-c ₂) ²+...+(x _n-c _n) ²≡R ²mod?p

(2.3) certificate server is selected secret sphere UC at random _gGo up and remove A _G0And A _GiN in addition some B _Gi, B _Gi=(b _I1, b _I2..., b _IN); B _GiEach coordinate components all in finite field gf (p), look for B _GiEach coordinate specifically find the solution as follows:

(A) find the N-2 number to being that quadratic residue is to (e _Iq, d _Iq), make e _Iq≡ d _Iq ²Mod p, wherein q=1 ..., N-2, e _Iq, d _IqBe to satisfy e in the finite field gf (p) _Iq≡ d _Iq ²Any two integers of mod p condition, and satisfy

b _i1≡(d _i1+c ₁)mod?p

b _i2≡(d _i2+c ₂)mod?p

b _i(N-2)≡(d _i(N-2)+c _N-2)mod?p

(B) select two pairs of quadratic residues to (e again _Iz, d _Iz), make e _Iz≡ d _Iz ²Mod p, wherein z=N-1, N, e _Iz, d _IzBe to satisfy e in the finite field gf (p) _Iz≡ d _Iz ²Any two integers of mod p condition, and satisfy

e_{i (N - 1)} + e_{iN} &equiv; (R^{2} - Σ_{y = 1}^{N - 2} e_{iy}) \mod p

Order

b _i(N-1)≡(d _i(N-1)+c _N-1)mod?p

b _iN≡(d _iN+c _N)mod?p

Above-mentioned steps (A) and step (B) are N 〉=3 o'clock suitable situations, then directly use step (B) when N=2;

Repeat N time and calculate, obtain N B _GiPoint is verified after each the calculating, guarantees that N the point that obtains is mutually different;

(2.4) certificate server is p, f, ID _g, and B _G1, B _G2..., B _GNPreserve hereof and send to the user with the form of encrypting, cryptographic algorithm is to use existing secure cryptographic algorithm, and the user preserves the file after the encryption, and the user imports the PIN code declassified document and obtains information needed, and we claim this encrypt file to be " userInfo ".

5, a kind of identity identifying method according to claim 1 based on the N n-dimensional sphere n, it is characterized in that: described step (3) user generates authentication information, specifically may further comprise the steps:

(3.1) be designated as the encrypt file that contains the information of succeeding in registration " userInfo " of the user Ug input PIN code decrypted authentication server transmission of g under, obtain p, f, ID _g, and B _G1, B _G2..., B _GN

(3.2) user is at client input self password PW _g, calculate B _G0=(f (PW _g), f (2 * PW _g) ..., f (N * PW _g));

(3.3) user is according to B _G0Add the N point B of storage in the file " userInfo " _G1, B _G2..., B _GN, N+1 point utilizes this N+1 vector structure N n-dimensional sphere n equation altogether, reconstructs original secret sphere UC _gBe about to B _G0And B _G1, B _G2..., B _GNSubstitution N n-dimensional sphere n equation gets equation group:

\begin{matrix} {(b_{01} - c_{1})}^{2} + {(b_{02} - c_{2})}^{2} + . . . + {(b_{0 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(b_{N 1} - c_{1})}^{2} + {(b_{N 2} - c_{2})}^{2} + . . . + {(b_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

Respectively the same form before them is subtracted the back same form, obtain about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (b_{11} - b_{01}) c_{1} + . . . + 2 (b_{1 N} - b_{0 N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{1 j}^{2} - Σ_{j = 1}^{N} b_{0 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (b_{N 1} - b_{(N - 1) 1}) c_{1} + . . . + 2 (b_{NN} - b_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} b_{Nj}^{2} - Σ_{j = 1}^{N} b_{(N - 1) j}^{2}) \mod p \end{matrix}\}

Promptly get centre coordinate C (c so find the solution system of linear equations ₁, c ₂..., c _N);

(3.4) user calculates w ₁=f (c ₁* t), w2=f (c ₂* t) ..., w _N=f (c _N* t), wherein t is a timestamp, makes W _g=(w ₁, w ₂..., w _N);

(3.5) cross W _gBe straight line L with C, under the situation of seldom seeing, if W _gIdentical with C, reselect timestamp t, calculate W again _gThe parametric equation of straight line L is as follows:

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y_{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix}

Wherein k is the independent variable parameter, y ₁..., y _NBe dependent variable;

Get upward any 1 M except that Wg and C of L _g(m ₁..., m _N), (y of correspondence when promptly k gets any several in the finite field gf (p) except that 0 and 1 ₁..., y _N) value;

(3.6) user is with authentication message Meg={t, ID _g, B _G1, M _gSend to certificate server, wherein, t is a timestamp, ID _gBe the sign that representative is designated as the user identity of g down, B _G1Be be stored in the file " userInfo " at N n-dimensional sphere n UC _gOn a point, M _gBe on the straight line L that generates more arbitrarily, in the each authentication message that generates of same user, t and M _gBe different, ID _gAnd B _G1Always identical.

6, a kind of identity identifying method based on the N n-dimensional sphere n according to claim 1 is characterized in that: described step (4) certificate server checking user authentication information specifically may further comprise the steps:

(4.1) certificate server is received user U _gAuthentication message Meg, whether elder generation's review time stabs effective, invalid then authentification failure effectively then enters next step;

(4.2) certificate server is according to ID _gReach self secret vector set compute vector

A _gi＝(f(ID _g×S _i1)，f(ID _g×S _i2)，...，f(ID _g×S _in))

A _GiCoordinate be designated as (a _I1, a _I2..., a _IN), wherein i=1,2 ..., N, N vector added the some B in the authentication message like this _G1, altogether N+1 vectorial, so certificate server can reconstruct and the sphere UC that shares of user _g, utilize this N+1 vector structure N n-dimensional sphere n equation, be about to B _G1, A _G1, A _G2..., A _GNSubstitution N n-dimensional sphere n equation:

\begin{matrix} {(b_{11} - c_{1})}^{2} + {(b_{12} - c_{2})}^{2} + . . . + {(b_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ {(a_{11} - c_{1})}^{2} + {(a_{12} - c_{2})}^{2} + . . . + {(a_{1 N} - c_{N})}^{2} &equiv; R^{2} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ {(a_{N 1} - c_{1})}^{2} + {(a_{N 2} - c_{2})}^{2} + . . . + {(a_{NN} - c_{N})}^{2} &equiv; R^{2} \mod p \end{matrix}\}

The preceding same form with them subtracts the back same form respectively, obtains about c ₁, c ₂..., c _NSystem of linear equations:

\begin{matrix} 2 (a_{11} - b_{11}) c_{1} + . . . + 2 (a_{1 N} - b_{1 N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{1 j}^{2} - Σ_{j = 1}^{N} b_{1 j}^{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ 2 (a_{N 1} - a_{(N - 1) 1}) c_{1} + . . . + 2 (a_{NN} - a_{(N - 1) N}) c_{N} &equiv; (Σ_{j = 1}^{N} a_{Nj}^{2} - Σ_{j = 1}^{N} a_{(N - 1) j}^{2}) \mod p \end{matrix}\}

So find the solution the centre coordinate C (c of system of linear equations ₁, c ₂..., c _N);

(4.3) authentication server computes W _g=(f (c ₁* t), f (c ₂* t) ..., f (c _N* t), a W is crossed in reconstruct _gAnd the straight line L of center C:

\{\begin{matrix} y_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k) \mod p \\ y_{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ y_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k) \mod p \end{matrix};

(4.4) certificate server check post M _g(m ₁..., m _N) whether on straight line L, if then by authentication, otherwise authentification failure, the process of checking is as follows:

M ₁..., m _NEach minor of substitution linear equation is calculated respectively, obtains:

\{\begin{matrix} m_{1} &equiv; (w_{1} + (c_{1} - w_{1}) \times k_{1}) \mod p \\ m_{2} &equiv; (w_{2} + (c_{2} - w_{2}) \times k_{2}) \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ m_{N} &equiv; (w_{N} + (c_{N} - w_{N}) \times k_{N}) \mod p \end{matrix}

Then have:

\{\begin{matrix} k_{1} &equiv; (m_{1} - w_{1}) \times {(c_{1} - w_{1})}^{- 1} \mod p \\ k_{2} &equiv; (m_{2} - w_{2}) \times {(c_{2} - w_{2})}^{- 1} \mod p \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ k_{N} &equiv; (m_{N} - w_{N}) \times {(c_{N} - w_{N})}^{- 1} \mod p \end{matrix}

If k ₁=k ₂=...=k _N, some M then is described _gOn straight line L, certificate server is accepted user identity; Otherwise some M _gNot on straight line L, the subscriber authentication failure.