You need to think about one-way functions (hashes) and trapdoor one-way functions (public key algorithms). There are some additional issues that arise like nonces to thwart replay attacks and the level of protection individuals can be expected to give to secret keys.

Also, even without explicit mathematics the universe will presumably have a concept of entropy and conservation of something, even if it's just conservation of magical energy. If you can come up with a plausible problem that magic can solve given a lot of expended magical energy but can be solved much more easily with the knowledge of a secret, then you can build a challenge-response identify proof so long as it's not easy to steal the secret by watching the demonstration. If additionally it's very hard to derive the secret from the demonstration of its knowledge you probably have the power of a public key system.

Not all the following problems require magic to implement, and many of them actually benefit from not having a knowledge of mathematics and algorithms, since most of these are not cryptographically secure.

• Have each person construct an elaborate puzzle out of oddly shaped objects that can be packed into a small finite volume in only one way (the knapsack problem)
• Each person constructs a (large) set of sticks (or metal rods, or whatever) of varying lengths, of which a subset add up to a standard length like a meter (the subset sum problem)
• Society forms a hierarchical tree of secret handshakes so that each person only has to remember, say, 100 secret handshakes and the tree only has to be log_100 (N) tall so the courts can just subpoena a logarithmic number of individuals to verify handshakes between any two arbitrary people. Obviously any one of your 100 acquaintances can impersonate you, so two or more distinct trees would at least require collusion.
• Any magical item that only functions for its "owner".
• A magical "hash function", like a petronus or an aura, that is unique to every individual (not body) and can't be faked. Producing it would be an effective identifier.

Lastly, I should point out that very few "normal" people in the situation you describe would be able to achieve cryptographic security anyway. I can (barely) memorize a passphrase with 128-bit entropy (using diceware, so I'm certain it actually has 128 bits), and even that's not quite enough to choose a secure secret key for Elliptic Curve DSA. And it would have to only be memorized and never written down anywhere, and only computed on trusted hardware (who the sleep-twin could modify to their heart's content while I slept). So, yeah, Magic.