DE102007028093A1 - Method for controlling data communication between subscriber units in communication network, involves transmitting local revocation list with identification data of unreliable subscriber units at respective group - Google Patents

Abstract

The method involves assigning attribute characters (R2) to each subscriber units. A global revocation list (GCRL) is provided (R1) with identification data of unreliable subscriber units in a communication network. The subscriber units are assigned in groups (R3) as a function of the attribute characters, where the subscriber units of the respective group have the same attribute characters. A local revocation list (LCRL) is transmitted (R5) with identification data of unreliable subscriber units, which is assigned to the same group, at a respective group of assigned subscriber units. Independent claims are also included for the following: (1) a computer program product for the execution of method (2) a communication network.

Description

The The present invention relates to a method for controlling data communication between subscribers in a communication network, taking into account will, whether trustworthy and untrusted Participating institutions are involved. The invention further relates a computer program product as well as a communication network that to carry out of the method is suitable.

In Many applications today become communication networks for one Variety of subscriber facilities, such. Mobile phones, used. Especially in traffic monitoring and control or in providing traffic information to participating vehicles Communication networks used. It is z. B. conceivable that between Vehicles for example for the slippery or accident warning monitoring facilities of respective transport infrastructure. It is Z. B. conceivable that a strong braking vehicle via suitable, for. B. wireless communication paths, messages sends off, so close Vehicles located the respective driver a corresponding warning message can signal.

A Possibility, transmit corresponding data messages to surrounding vehicles, exists in the so-called flood, whereby all a respective transmitter surrounding subscriber devices, such as corresponding ones equipped vehicles that receive message and turn on transmit the surrounding other vehicles. Geographically, you can the range for the corresponding flooded data transport by the number of Limit redirects.

at the variety of possible data transfers in a communication network, in particular if the subscriber facilities, which communicate with each other, are mobile, it is desired that manipulated or unreliable data not transferred become. It can be z. For example, integrity or reliability the data of the respective transmitter by a digital signature in the nature of a cryptographic checksum. To untrusted subscriber facilities be excluded from communication, z. B. Certificates distributed and certificate revocation lists (certificate revocation list = CRL). Such revocation lists, which also as Blacklists can be called, indicate that the listed there Participant end devices are untrusted and thus shipped Data messages should be discarded.

A possibility exists z. B. is that upon receipt of a corresponding data message the receiver performs an online certificate verification, ie asks at a central server if the certificate information the sender has been revoked or is valid. This will however Overall, the data communication in the network very expensive because corresponding online certificate checks the Load network.

In The past has therefore been proposed, central revocation lists and to generate these in the respective current version of the subscriber facilities Completely zuzuspielen. This requires a regular download of the current ones Revocation list or CRL. The bigger the Number of communication participants is the larger the respective global revocation list. To the burden of the communication network by updating the for all participating participant institutions global and same Limit revocation list has been proposed to the subscriber facilities only changes, So z. B. the inclusion of additional Certificate information in the revocation list or deleting To transfer certificate information from the revocation list. Nevertheless, are for all, in particular mobile subscriber devices such as mobile telephones or vehicles with appropriate navigation devices or Communication facilities many elaborate and recurring updates necessary.

It is therefore an object of the present invention, an improved Method for controlling data communication between subscriber devices to create in a communication network.

These The object is achieved by methods according to claims 1 and 20 solved.

Accordingly, a Method for controlling data communication between subscriber devices proposed in a communication network, each subscriber device at least one attribute property is assigned. It includes the steps: Providing a global revocation list with identification data from untrusted Subscriber devices in the communication network; Assign the subscriber devices in groups depending on assigned attribute properties, wherein the subscriber devices of a respective group are the same have associated attribute properties; and transferring a local revocation list with identification data from untrusted subscriber devices, which have been assigned to the same group, to a respective group Group associated subscriber facilities.

There is thus a classification or Grouping based on attributes of the participant facilities. The subscriber facilities may, for. B. mobile phones or communication devices which are connected to vehicles such. As cars, aircraft, trains or ships are coupled. As attributes in particular the whereabouts, z. B. a registration of a special radio cell or a coverage area of a base station, in general, a geographical position of the subscriber device or more in question. It is conceivable that the subscriber devices assigned to a group communicate in particular with one another, for example because they are present in the coverage area of a common base station. By creating local revocation lists, only the revocation information which is currently required is transmitted to a respective subscriber device.

Preferably will therefore be exclusive a transmission the identification data of untrusted subscriber facilities a group of subscribers of the same group.

Preferably is also in a change of a Attribute property of a subscriber device the respective local Revocation list for the group of subscribers representing the subscribers with the changed Attributes property was updated. This will ensure that each user equipment the necessary for them local revocation list and when received messages can each check whether the message from a trusted one User device originates or the respective certificate z. B. revoked has been.

It For example, data from a sending user equipment transmitted to a receiving subscriber device, and it is doing checked by the receiving subscriber device, whether the receiving Subscriber device present local revocation list identification data the sending subscriber device has. As identification data For example, depending on the network, the IP address, a mobile number, the certificate data or more in question. If the received data from a subscriber device their identification data in the local revocation list are recorded, the data from the receiving subscriber device ignored. This ensures that that the data z. B. traffic information or alerts reliable and trustworthy are. By means of the procedures a particularly high data security and Manipulation security created. To the local revocation list even more secure, can be used to generate the respective local Revocation list a checksum dependent on of identification data of the untrusted subscriber facilities be determined.

It It is also conceivable that group lists with the identification data the subscriber equipment associated with a respective group to be created. This is z. B. on a central server possible, the to generate local revocation lists up-to-date and the respective subscriber equipment, for example about zuzuspielen appropriate base stations.

A preferred application finds the method for controlling the data communication in traffic information systems. The subscriber facilities are in particular mobile subscriber devices and, for example coupled to a vehicle. The attribute property is then the Presence or non-existence of the respective subscriber device in a spatial Supply area of a transmitting / receiving device selected. It will then be present in the respective supply area Monitored subscriber devices and there will be a local revocation list with identification data from untrusted subscribers, which are present in the service area to those in the service area present subscriber devices transmitted by the respective transmitting / receiving device.

The Transceivers are also called base stations, for example in the execution referred to as mobile network, or infrastructure components. Also the term "network node" is common. At the Use in a traffic information system is preferably further the step performed: transfer traffic information from a sending mobile subscriber device a receiving mobile subscriber device, wherein from the received Subscriber device is checked, whether the local revocation list is an identification date of the sending Subscriber device has.

It is also conceivable for a neighborhood list to be generated for a transceiver which has identification data of mobile subscriber devices present in the coverage area of the transceiver. Preferably, the identification data of the revoked vehicles or subscriber devices are transmitted wirelessly to all vehicles in their respective radio coverage area. The corresponding messages can z. B. be digitally signed by the transmitting / receiving device. The transmission is preferably wireless and can be made encrypted. It is possible to send the updates or the local revocation lists as a broadcast in the coverage area or via a flood distributed to the respective subscriber facilities.

In A variant of the method are provided by a first transmitting / receiving device the identification data of the local revocation list to a second Transmitting / receiving device transmitted, which in particular spatially adjacent to the first transmitting / receiving device is. Optionally, the respective transmitting / receiving device or Infrastructure component So the revocation information in addition to the surrounding Infrastructure components continue. The selection of the respective adjacent Infrastructure component is preferably dependent from a movement of the mobile subscriber devices. It is Z. Possible, that when passing through several service areas one direction of movement the subscriber device is detected and thus, if the corresponding identification is in a revocation list to forward this revocation information.

Preferably becomes a geographical area through several transmitting / receiving devices or their supply areas spatially covered. This can be z. In the manner of a cellular wireless network respectively.

In Another variant of the method becomes identification data as pseudonyms of a respective subscriber device depending generated by a main identification date. Then the main identification date becomes stored in the respective local and / or global revocation list. It is z. B. conceivable that the main identification data centrally from a server device of the communication network stored and managed. As possible Method for determining the pseudonyms comes z. B. the application a hash function on the main identification date in question.

According to one more Another variant of a method for controlling a data communication between Subscriber devices in a communication network are the Participants facilities first Pseudonyms assigned as identification data. The pseudonyms will be dependent on from a main identification date of a respective subscriber device certainly. In a data communication between subscriber devices becomes exclusive transmit an identification date or a pseudonym of the sending subscriber device, and the receiving subscriber device checks whether the Pseudonym derivable from a main identification date, which an untrusted one Subscriber device has been assigned.

Thereby The scope of the respective revocation list can be significantly reduced because not all pseudonyms are listed, but only the main identification data, for example referred to as master ID, considered Need to become.

In the method, the further method steps are preferably carried out:
Defining a revocation list with master identification data from untrusted subscriber premises in the communication network;
Sending a message from a sending user device specifying the pseudonym of the sending user device;
Receiving the message from a receiving subscriber device;
Retrieving the main identification data of the revocation list from the receiving user equipment;
Determining the pseudonyms of the main identification data requested by the revocation list by the receiving subscriber device; and
Discarding the receiving message if the pseudonym of the sending subscriber device corresponds to a determined pseudonym calculated from a main identification data listed in the revocation list.

It is thus a significant reduction of the revocation information to be transmitted possible in the communication network, because not all identification data or pseudonyms are transmitted Need to become, but the subscriber facilities only the main identification data have to query or transferred to this become. From the subscriber facilities can then by a corresponding Calculation algorithm from the main identification date the respective Pseudonyms are determined to be the untrusted subscriber facilities belong. It is possible that a respective Nth pseudonym becomes a main identification date dependent on from the main identification date and an index N, in particular using a hash function, is uniquely determined.

The The invention further relates to a computer program product comprising the execution a corresponding method for controlling a data communication between subscriber devices in a communication network on one or more programmatic subscriber devices and / or on a program-controlled transmitting / receiving device causes.

It is conceivable z. As the delivery of the computer program product as a storage medium, such as memory card, USB stick, floppy, CD-ROM, DVD or even in the form of a downloadable file from a server in a network. This can be z. In a wireless communication network by the transmission of a corresponding file with the computer program product on the subscriber devices and transmitting / receiving devices done.

The Invention relates to this In addition, a communication network according to claim 24, which equipped with several subscriber devices and at least one transceiver is, wherein the aforementioned methods for controlling the data communication be executed.

In a preferred embodiment is the communication network as a traffic monitoring system with several Transmitting / receiving devices executed which each have a given spatial coverage area is assigned. The subscriber devices are mobile subscriber devices accomplished and in particular arranged in vehicles. It can with the respective Transceiver devices and with each other a data communication operate.

Further advantageous embodiments of the invention are the subject of the dependent claims and the in the following described embodiments the invention. Furthermore, the invention is based on preferred embodiments with reference to the attached Figures closer explained. It shows:

1 a flowchart of a first variant of a method for controlling a data communication in a communication network;

2 a schematic representation of an embodiment of a communication network;

3 a flowchart of a second variant of a method for controlling a data communication in a communication network;

4 a schematic representation of a second embodiment of a communication network as a traffic monitoring system; and

5 a flowchart of a third variant of a method for controlling a data communication in a communication network.

In The figures are the same or functionally identical elements with the same Reference signs have been provided unless otherwise stated.

The 1 shows a flowchart of a first variant of a method for controlling the data communication between subscriber devices in a communication network.

In a first step R1, a global revocation list GCRL is created, which identification data of subscriber facilities, such as vehicles includes, the unreliable or untrusted Send data. The identification data can also be understood as certificates and the revocation list as a so-called blacklist. The one in one corresponding withdrawal list listed subscriber facilities or identification data are thus classified as untrustworthy. However, it is expensive a global revocation list to all subscriber devices in the network transferred to.

in the Step R2 will therefore be present in the communication network Subscriber devices associated with attributes or attribute properties. This can be z. B. the location of the respective subscriber device be. Then, in step R3, an assignment of each user equipment takes place into a group, with subscriber devices having the same attribute properties each assigned to the same group. It can z. B. groups of subscriber facilities formed in the same radio coverage area of a base station available. In particular, it is possible to have a monitoring determine whether the subscriber facilities are the service areas leave and thus have to be assigned to another group.

By the formation of groups of participant facilities makes it possible to have a respective local revocation list LCRL (Local Certificate Revocation List) to create the identification data of those subscriber facilities includes, the untrusted Send data to other subscribers. To every group, For example, each supply area becomes its own local Revocation list generated. The local cancellation lists clearly include fewer entries, that is, identification data from untrusted subscriber facilities as the global revocation list LCRL.

Therefore, in step R5 a much lower data transfer capacity is required than for the transmission of the global revocation list GCRL. In step R5, the local revocation lists are thus transmitted to the subscriber equipment assigned to the respective group. This makes it possible that in a message exchange between subscriber devices of the same group, for example subscriber devices that are in the same coverage area of a base station, the transmitted messages on their plausibility or Checked trustworthiness checks.

A transmitting subscriber device transmitted with the transmission a message always their identification or their certificate or her name. The receiving subscriber device now checks on the basis of who sent her local revocation list, whether the respective identification of the sending Subscriber device is present in the revocation list. Provided this is the case, the message and the so transmitted Data is discarded because it is classified as unreliable or untrustworthy become. The respective local revocation lists may also be replaced by the facilities, which distribute the revocation lists, so for example, base stations the network infrastructure, with a digital signature, which the authenticity the transmitted Withdrawal list documented.

In the 2 a communication network is shown schematically. An implementation of the in the 1 explained method can be realized from the interaction of the subscriber devices, transmitting and receiving devices or base stations and corresponding software in the form of a computer program product.

The communication network 1 has several transmitting / receiving devices 2 . 3 . 4 . 5 which are, for example, base stations for mobile networks or other proprietary transmitting and receiving devices of the network. Each transceiver 2 . 3 . 4 . 5 operates a service area 10 . 11 . 12 . 13 , that is, an area that is dependent on the radio signals of the respective transceiver 2 . 3 . 4 . 5 is reached.

Furthermore, in the 2 customer premises equipment 6 . 7 . 8th . 9 represented, in principle, in the whole of the supply areas 10 . 11 . 12 . 13 covered geographical area. For example, vehicles such as cars can 7 . 9 be equipped with a corresponding subscriber device. Also mobile phones 6 . 8th come as a participant facilities in question.

The transceiver devices 2 . 3 . 4 . 5 are via suitable communication channels D1, D2, D3, D4 with a central server device 20 communicatively connected. The participant facilities 6 . 7 . 8th . 9 can communicate with each other wirelessly, which is indicated by the double arrows K4, K5, K6, K7. Furthermore, a message exchange K0, K1, K2, K3 between the subscriber devices 6 . 7 . 8th . 9 and the respective transceiver device 2 . 3 possible.

A field of application are, for example, traffic information systems in which the subscriber devices, such as the cars 7 . 9 to provide information to other subscribers in their vicinity. Such information can be transmitted by messages, for example, with regard to a road condition, acceleration, traffic situation, weather or other traffic information. Each subscriber device 6 . 7 . 8th . 9 can in principle send messages, which from the other subscriber facilities 7 . 8th . 9 be received.

However, it is questionable whether the data sent are certified as trustworthy. For example, in the case of a defective subscriber device, which sends constantly contradictory data, these are classified as untrustworthy. Their certificate information or their identification date is then written in a revocation list. Ie. the identification data to those subscriber facilities 6 . 7 . 8th . 9 which exchange in a revocation list, the respective certificate, which authenticated the trustworthiness of the sent data, was revoked. The central server device 20 represents, for example, the stored global revocation list 15 ready.

The one respective coverage area 10 . 11 . 12 . 13 operating transceiver devices 2 . 3 . 4 . 5 monitor whether in their catchment area 10 . 11 . 12 . 13 one or more subscriber facilities 6 . 7 . 8th . 9 stop them. As soon as a subscriber device sends out a signal or a message, this is also recognized by the transceiver device. For example, the transceiver recognizes 2 that if the subscriber facilities 6 . 7 . 8th . 9 Exchange messages with each other, so send signals that such subscriber devices 6 . 7 . 8th . 9 in the supply area 10 available. It is possible that if a respective subscriber device sends no signal or no message, it remains unnoticed for the respective transmission receiving device.

Since the transmitting / receiving device 2 has recognized that three subscriber facilities 6 . 7 . 8th in their supply area 10 this may be a corresponding neighborhood list with the respective identification data of the present subscriber facilities 6 . 7 . 8th invest. This may be, for example, to the central server device 20 be transmitted. Then, a local revocation list LCRL1 is compiled, which can only have identification data which corresponds to that in the supply area 10 the transceiver device 2 present subscriber facilities 6 . 7 . 8th correspond. This local revocation list 16 becomes the transceiver device 2 for example, transmitted via the data channel D1.

Alternatively, an online query for those in the coverage area 10 present subscriber facilities 6 . 7 . 8th through the transceiver 2 at the server device 20 be performed. As a result, the transceiver receives 2 then the identification data of those subscriber facilities in their catchment area 10 who are untrustworthy.

The local revocation list 16 will then be sent to those in their care area 10 present subscriber facilities 6 . 7 . 8th transmitted via suitable communication channels K1, K2, K3. If, for example, the certificate of the subscriber device 8th has been revoked is the corresponding identification date in the local revocation list 16 stored. This is for all participant facilities 6 . 7 . 8th in the supply area 10 accessible, or the local revocation list 16 was transmitted to them. For example, sends the subscriber device 8th a message K6 to the vehicle 7 , can from the vehicle 7 be recognized if the message is untrusted and is to be discarded, since the identification date of the sending subscriber device 8th is entered in the local revocation list LCRL1. On the other hand, if there is no entry in the local revocation list LCRL1, the message can be processed.

For example, when sending a brake signal of a motor vehicle to the surrounding motor vehicles, a corresponding warning message is output to the driver. Analogously, local revocation lists 17 . 18 . 19 for the transceiver devices 3 . 4 . 5 with their respective service areas 11 . 12 . 13 created.

A corresponding procedure is in the 3 shown. In step S1, the process begins. The methods described below and above can be realized by the individual elements of the communication network by suitable programming. In step S2, the radio channel or the service area is monitored and checked by the transceiver, for example, as to whether vehicles or subscriber devices are present in the coverage area. If a further identity, that is to say a previously unregistered identification of a subscriber device, is detected in step S3, it is checked in step S4 whether this identity has been revoked. Ie. It is checked whether the name or the corresponding identification of the subscriber device appears in the global revocation list. If it is found in step S6 that the identification of the newly recognized subscriber device has not been revoked, further monitoring takes place according to steps S2, S3, S4 and S5. If, in this case, no further subscriber devices entering the service area are detected in step S3, further monitoring according to steps S2, S3, S4 likewise takes place.

Becomes on the other hand, in step S5 it is recognized that the subscriber device adjacent to it or their identification date, such as their name, Mobile phone number, IP address or network address has been revoked, d. H. the certificate assigned to it is invalid, the corresponding identification becomes or the identification date to the local revocation list in step S6 added. That is, whenever subscriber devices are recognized, the previously not the group according to theirs Attribute properties were assigned in the present here Case, for example, by their location in the catchment area of a Transceiver, the local revocation list is updated.

in the Step S8 then takes place a transmission of the local revocation list to the present subscriber facilities, which belong to the same group or which in the coverage area of the transceiver device are. Transferring the Local revocation list in step S8 may be such that notifies all subscriber devices by means of a broadcast or by flooding in the supply area present subscriber facilities. In the latter approach a respective subscriber device forwards a received update message with the updated local revocation list this to other subscriber facilities further. The number of redirects will increase the amount of flooding limited. For example, a limitation to two or three redirects is conceivable.

in the Step S9, the process is ended.

In the 4 is a second embodiment of a communication network as a traffic information system 100 shown. There are along a street 22 Infrastructural facilities or transmitting / receiving facilities 10 . 11 for the traffic information system 100 intended. The transmitting / receiving devices 10 . 11 each serve road sections or service areas 10 . 11 , As participant facilities are vehicles 6 . 7 . 8th . 9 . 21 shown that can communicate with each other via wireless communication.

Other elements of the communication network 100 , such as server or control devices that perform a logging of the data transfer or creation and management of revocation lists are in the 4 not shown.

As regards the flowchart of 3 have been discussed, monitor the transceivers 2 . 3 in their supply area 10 . 11 present vehicles 6 . 7 . 8th . 9 . 21 , The vehicles of the respective supply area 10 . 11 a local revocation list is transmitted. The vehicles 6 . 7 . 8th received from the transceiver 2 a local revocation list LCRL1. The vehicles 9 . 21 in the supply area 11 the second transmitting / receiving device 3 receive from this a second local revocation list LCRL2.

At the Data exchange or when receiving messages, these can Revocation information considered locally become. Across from In the prior art, the procedure according to the invention has the advantage that only revocation information is kept, which is the current Affecting the whereabouts of the subscriber device. The mobile Subscriber facilities thus receive only revocation information to the other participants in their local area. This will set the number of transfers Identifications in the revocation lists against a global revocation list considerably reduced.

Also across from an online review of the respective certificate or identification information from senders Subscriber equipment results in a significantly lower communication load in the network. Even the vehicles themselves only need smaller storage areas for the Provide local consoles.

It is about it out possible, that a corresponding entry in a local revocation list is deleted, if the corresponding subscriber device over a predetermined period (Time-out) was no longer detected by a transmitting / receiving device. This can be z. B. be the case when a subscriber device off the supply area and therefore no longer taken into account must become.

It is also possible if, for example, a vehicle 8th from a first service area 11 into a second service area 10 einfährt that the transmitting device 3 the identification date ID8 of the vehicle 8th to the adjacent transmitting / receiving device 2 so that the local revocation list can be updated. This transmission to adjacent transmitting / receiving devices is conveniently carried out only if the corresponding identification occurs in the local revocation list.

In the 5 FIG. 3 is a flowchart of another variant of a method for controlling data communication between subscriber devices in a communication network. It is possible to generate pseudonyms or a series of identification data to a so-called master identity or main identification. It is Z. For example, it is possible to apply a hash function to a master identity that uniquely generates so-called pseudonyms. A possible derivation for a pseudonym or an identification date depending on a main identification is a hash function. It is conceivable z. Eg a calculation:
PN = [HMAC - SHA1] (master ID, N) or
PN = H (master ID, N).

there PN denotes the pseudonym to the master ID with the index N.

in the Step T1 is initially a master identification or a master ID to the subscriber facilities assigned in the communication network. In steps T2, T22 will be Pseudonyms, that is several derived from the respective master identity Identification data, for generates the respective subscriber facilities. Parallel takes place the creation of a revocation list in step T22, which the master IDs of untrusted subscriber devices includes.

He follows in step T3, the sending of a message, in step T4 on the receiver side the Revocation list with the main identifications or master IDs read. The receiving subscriber device calculates the. In step T5 arising from the main identifications listed in the revocation list resulting pseudonyms. In step T6 it can then be decided whether the message sent and received in step T3 is from a trusted Subscriber equipment comes or not.

results in step T6, that the identification sent with the message corresponds to a pseudonym consisting of a master or master identification derive a revocation list, the message is classified as untrustworthy and discarded in step T7.

If in step T6, the identification date of the sending Participant device does not correspond to a pseudonym, which is made up of derive a main identification of a revocation list is process the message in step T8.

This measure allows a further reduction of the data load when updating the revocation lists. The regarding the 5 shown method steps can be compared with the respect 1 and or 3 Combine process variants shown. It is Z. For example, it is possible to build the local revocation lists from master identities. Then, for example, the step S4 of 3 according to the steps T3, T4, T5, T6 and T7, wherein instead of a discard the entry is made in the local revocation list.

The Invention allows a limitation of Number in a respective z. B. local revocation list present Certificates or identification data for untrusted subscriber devices. There is a restriction the size of one respective list on the actual existing vehicles that can communicate with each other. By the reduction of the list size may be this frequently and more recently transmitted to the respective vehicles or subscriber facilities become. Total need the vehicles in a received message even a smaller one Check number of revocation information. The update of the local revocation lists can be at intervals z. B. after expiration a given time or always in case of a change the group composition, d. H. wen vehicle from a catchment area in or out.

Even though the present invention with reference to preferred embodiments was explained in more detail, is she not limited to but diverse modifiable. In particular, those shown in the figures Application examples with mobile phones and vehicles can be modified. It can, for example PDAs are used as subscriber devices or others Vehicles such as ships, planes, trains, metro and trams or motorcycles with appropriate communication means are provided so that a Data communication possible is. For the communication between the subscriber devices are also known Network protocols, e.g. B. SPINS (Security Protocols for Sensor Networks) used.

Claims (26)

Method for controlling data communication between subscriber devices ( 6 . 7 . 8th . 9 . 19 ) in a communication network ( 1 ), each subscriber device ( 6 . 7 . 8th . 9 . 19 ) is associated with at least one attribute property, comprising the steps of: providing a global revocation list (GCRL) with identification data from untrusted subscriber premises ( 6 . 7 . 8th . 9 . 19 ) in the communication network ( 1 ); - Assignment of the subscriber facilities ( 6 . 7 . 8th . 9 . 19 ) in groups depending on the associated attribute properties, the subscriber devices ( 6 . 7 . 8th . 9 . 19 ) of a respective group have the same associated attribute properties; and - transmitting a local revocation list (LCRL) with identification data from untrusted subscriber premises ( 6 . 7 . 8th . 9 . 19 ), which have been assigned to the same group, to the subscriber devices assigned to a respective group ( 6 . 7 . 8th . 9 . 19 ). Method according to claim 1, wherein only a transmission of the identification data from untrusted subscriber devices ( 6 . 7 . 8th . 9 . 19 ) of a group of subscribers ( 6 . 7 . 8th . 9 . 19 ) of the same group. Method according to claim 1 or 2, wherein upon a change of an attribute property of a subscriber device ( 6 . 7 . 8th . 9 . 19 ), the respective local revocation list (LCRL) for the group of subscriber facilities ( 6 . 7 . 8th . 9 . 19 ), which the subscriber device ( 6 . 7 . 8th . 9 . 19 ) associated with the modified attribute property is updated. Method according to one of claims 1-3, wherein a manufacturer identifier, a model name, a communication standard for the data transmission from a subscriber device ( 6 . 7 . 8th . 9 . 19 ), a geographical position of a subscriber device ( 6 . 7 . 8th . 9 . 19 ) and / or a communication frequency of a subscriber device ( 6 . 7 . 8th . 9 . 19 ) is selected as an attribute property. Method according to one of claims 1-4, further comprising data from a sending subscriber device ( 6 . 7 . 8th . 9 . 19 ) to a receiving subscriber device ( 6 . 7 . 8th . 9 . 19 ), and thereby from the receiving subscriber device ( 6 . 7 . 8th . 9 . 19 ) is checked, whether the receiving subscriber device ( 6 . 7 . 8th . 9 . 19 ) transmitted local revocation list (LCRL) identification data of the sending subscriber device ( 6 . 7 . 8th . 9 . 19 ) having. The method of claim 5, wherein the data is received from the receiving user equipment ( 6 . 7 . 8th . 9 . 19 ) are ignored if the local revocation list (LCRL) contains the identification data of the sending subscriber device ( 6 . 7 . 8th . 9 . 19 ) having. Method according to one of claims 1-6, wherein to generate a respective local revocation list (LCRL) a checksum in dependence on the identification data of the untrusted subscriber devices ( 6 . 7 . 8th . 9 . 19 ) is determined. Method according to one of claims 1-7, wherein group lists with the identification data of the subscriber devices assigned to a respective group ( 6 . 7 . 8th . 9 . 19 ) to be created. Method according to one of claims 1-8, wherein the subscriber devices ( 6 . 7 . 8th . 9 . 19 ) are mobile subscriber devices, and as an attribute property the presence or absence of the respective subscriber devices ( 6 . 7 . 8th . 9 . 19 ) in a spatial coverage area ( 10 . 11 . 12 . 13 ) a transmitting / receiving device ( 2 . 3 . 4 . 5 ) of a traffic information system as a communication network is selected, and the steps are performed: - monitoring the in the respective supply area ( 10 . 11 . 12 . 13 ) present subscriber facilities ( 6 . 7 . 8th . 9 . 19 ); and - transmitting a local revocation list (LCRL) with identification data from untrusted subscriber premises ( 6 . 7 . 8th . 9 . 19 ), which in the supply area ( 10 . 11 . 12 . 13 ) in the supply area ( 10 . 11 . 12 . 13 ) present subscriber facilities ( 6 . 7 . 8th . 9 . 19 ) by the respective transmitting / receiving device ( 2 . 3 . 4 . 5 ). The method of claim 9, further comprising the step of: transmitting traffic information from a sending mobile subscriber device ( 6 . 7 . 8th . 9 . 19 ) to a receiving mobile subscriber device ( 6 . 7 . 8th . 9 . 19 ), wherein the receiving subscriber device ( 6 . 7 . 8th . 9 . 19 ) checks whether the local revocation list (LCRL) has an identification date of the sending subscriber device ( 6 . 7 . 8th . 9 . 19 ) having. A method according to claim 9 or 10, wherein a neighborhood list is generated for a transceiver which stores identification data in the coverage area ( 10 . 11 . 12 . 13 ) of the transceiver ( 2 . 3 . 4 . 5 ) mobile subscriber facilities ( 6 . 7 . 8th . 9 . 19 ) having. Method according to one of claims 9-11, wherein a first transmitting / receiving device ( 2 . 3 . 4 . 5 ) the identification data of the local revocation list (LCRL), in particular to a spatially adjacent second transceiver device ( 2 . 3 . 4 . 5 ). Method according to claim 12, wherein the transmission in dependence on one by the transmitting / receiving devices ( 2 . 3 . 4 . 5 ) determined movement of the mobile subscriber devices ( 6 . 7 . 8th . 9 . 19 ) he follows. Method according to one of claims 9-13, wherein by means of several transmitting / receiving devices ( 2 . 3 . 4 . 5 ) a geographical area, in particular with traffic routes ( 22 ), is spatially covered. Method according to one of claims 1-14, wherein a transmission the local revocation list (LCRL), the global revocation list (GCRL), the identification data, the data and / or the traffic information wirelessly. Method according to one of the claims 1-15, wherein the local revocation list (LCRL) is assigned by the subscriber devices assigned to a group ( 6 . 7 . 8th . 9 . 19 ) is flooded, wherein a first subscriber device ( 6 . 7 . 8th . 9 . 19 ) receives the local revocation list (LCRL) and sends it to all subscriber equipments ( 6 . 7 . 8th . 9 . 19 ) forwards her group. Method according to one of claims 1-16, wherein identification data are used as pseudonyms (PN) of a respective subscriber device ( 6 . 7 . 8th . 9 . 19 ) of a master identification date (MASTERID) of the subscriber device ( 6 . 7 . 8th . 9 . 19 ) and the master identification data (MASTERID) is stored in the respective local and / or global revocation list (LCRL, GCRL). A method according to claim 17, wherein the master identification data (MASTERID) is stored centrally by a server device ( 15 ) of the communication network ( 1 ) are stored and managed. The method of claim 17 or 18, wherein for determining the pseudonyms (PN) for a main identification date (MASTERID) a hash function is applied. Method for controlling data communication between subscriber devices ( 6 . 7 . 8th . 9 . 19 ) in a communication network ( 1 ), whereby the subscribers ( 6 . 7 . 8th . 9 . 19 ) Pseudonyms (PN) are assigned as identification data, the pseudonyms (PN) depending on a main identification date (MASTERID) of a respective subscriber facilities ( 6 . 7 . 8th . 9 . 19 ) and in data communication between subscriber premises ( 6 . 7 . 8th . 9 . 19 ) exclusively an identification date or a pseudonym (PN) of the sending subscriber device ( 6 . 7 . 8th . 9 . 19 ) and from the receiving user equipment ( 6 . 7 . 8th . 9 . 19 ), it is checked whether the pseudonym (PN) can be deduced from a master identification data (MASTERID) which belongs to an untrusted subscriber device ( 6 . 7 . 8th . 9 . 19 ) has been assigned. The method of claim 20, wherein the steps are performed: - setting a revocation list (GCRL, LCRL) with master identification data (MASTERID) of untrusted subscriber premises ( 6 . 7 . 8th . 9 . 19 ) in the communication network ( 1 ); Sending a message from a sending subscriber device ( 6 . 7 . 8th . 9 . 19 ) stating the pseudonym (PN) of the sending subscriber device ( 6 . 7 . 8th . 9 . 19 ); Receiving the message from a receiving subscriber device ( 6 . 7 . 8th . 9 . 19 ); Querying the main identification data (MASTERID) of the revocation list (GCRL, LCRL) from the receiving subscriber device ( 6 . 7 . 8th . 9 . 19 ); - Determine the pseudonyms (PN) of the main identifiers retrieved from the revocation list (LCRL, GCRL) tion data (MASTERID) by the receiving subscriber device ( 6 . 7 . 8th . 9 . 19 ); and - discarding the received message if the pseudonym (PN) of the sending subscriber device ( 6 . 7 . 8th . 9 . 19 ) corresponds to a determined pseudonym (PN), which was calculated from a master identification date (MASTERID) listed in the revocation list (GCRL, LCRL). The method of claim 20 or 21, wherein a respective Nth pseudonym (PN) for a main identification date (MASTERID) dependent on from the main identification date (MASTERID) and an index N, especially using a hash function, uniquely determined becomes. Computer program product which is stored on a program-controlled subscriber device ( 6 . 7 . 8th . 9 . 19 ) and / or on a program-controlled transmitting / receiving device ( 2 . 3 . 4 . 5 ) causes the implementation of a method according to any one of claims 1-22. Communication network ( 1 ) with several subscriber facilities ( 6 . 7 . 8th . 9 . 19 ) and at least one transmitting / receiving device ( 2 . 3 . 4 . 5 ), which are designed such that a method according to any one of claims 1-22 is performed. Communication network ( 1 ) according to claim 24, wherein the communication network ( 1 ) as a traffic monitoring system with multiple transceivers ( 2 . 3 . 4 . 5 ), each of which has a given spatial coverage area ( 10 . 11 . 12 . 13 ), in which the mobile subscribers ( 6 . 7 . 8th . 9 . 19 ) participating subscribers ( 6 . 7 . 8th . 9 . 19 ), which are arranged in particular in vehicles, with the respective transmitting / receiving devices ( 2 . 3 . 4 . 5 ) can operate a data communication. Communication network ( 1 ) according to claim 24, wherein a server device ( 15 ) is provided for providing the global revocation list (GCRL).