RU2150790C1 - Method and device for confidential identification of mobile user in communication network - Google Patents

Abstract

FIELD: computer engineering. SUBSTANCE: information protection is important for information exchange between users in computer network, including user identification and tracing. Goal of invention is achieved by encryption of user identifier and/or password and synchronization indicator, preferably using fixed time interval and secret one-way function. Then encrypted message, which is called dynamic user identifier, is transmitted to authorized body of home region, where the user is registered. Authorized body of home region has set of mapping tables, which are preliminary calculated for each time interval (or another chosen method for synchronization), between dynamic user identifiers and respective real personal data about users. This results in possibility of rapid detection whether given encrypted message is sent by registered user or not. On the other hand, a hacker cannot decode personal data about user from encrypted message and track movements of user. EFFECT: increased protection of mobile user, prevention of tracing of movements of user. 15 cl, 5 dwg

Description

 The invention relates to communication between mobile users through a computer network, in particular, it relates to a method and device that provide secure identification of a mobile user in a communication network.

Description of the Prior Art
In modern communication networks, user mobility is becoming a very important and common feature, in particular in radiotelephone or cellular networks. Being very useful and desirable, this increased user mobility raises a number of important issues related to the protection of information. One of them is the confirmation or recognition (authority) of the user; the other is tracking the movements of a mobile user and his current location.

 In systems with moving objects, a typical situation arises when an object, that is, a user or a device, is registered in a particular, "home" region, and appears in another, "alien" region. Since this user is not known in a foreign region, he / she must be identified (authenticated) and his / her solvency or stable reputation must be confirmed to the authorized body of the foreign region. In the following description, this process is called "authentication" (confirmation of access rights), as is usually accepted by specialists. Of course, the only one who is able to confirm the identity of the user and his solvency at the moment is the authorized body of his / her home region. From modern literature there are several ways to solve this problem, some of which we address below. However, authentication is not the subject of the present invention.

 As a result of user mobility, another problem arises in connection with information security. This is the confidentiality of the user's identity and the routes of his / her movements. Ideally, only the authorized body of the local region should be informed of the relocation and current location of the user. In the future, this process of identifying the mobile user, that is, determining who is actually trying to get services from a particular region, will be called "identification".

 Ideally, no object other than the user himself and the authorized body in the user's home region, that is, in the subnet or part of the network in which the user usually works, should not know who the user really is and / or know the actual location of this mobile user. In existing systems, this problem is either not solved at all, or the solution is based on the hardware capabilities of the user's personal device.

 In the general case, it can be considered that the known solutions to this problem, proposed in modern cellular and other systems working with mobile objects, are either inadequate or too limited to provide reliable identification while maintaining secrecy, as will be described in detail below.

 One of the available solutions was published by M. Rahnema in (1). In this so-called GSM (digital mobile telephone network) system, a mobile user, when he / she appears in a foreign region, is assigned a temporary identifier (TMSI in GSM) in the standard way. However, TMSI is assigned only after the initial authentication of the mobile user in a foreign region; in this operation, which is performed by GSM, valid user identity data (IMSI in the GSM language) is transmitted openly and therefore can be disclosed and used by an attacker.

 Another solution is described in the description (2) of the Cellular Diqital Packet Data (CDPD) system. The approach adopted in the CDPD system gives a higher degree of protection than in the aforementioned decision adopted in GSM. In the CDPD system, before the mobile user transmits information about his identity, he / she enters the key exchange protocol with the authorized body of the local, that is, a foreign region of Diffie-Hellman. This protocol is described by W. Diffie and M. Hellman in (2). As a result, both parties have access to the secret key. The mobile user encrypted under this key then transfers the data about itself to the authorized body of the foreign region.

 Giving a higher level of protection than GSM, this approach has two serious drawbacks. Firstly, it enables the authorized body of a local, that is, a foreign, region to disclose valid information about the identity of a mobile user. In the case of CDPD, this alone is not a problem. However, ideally, the identity of the mobile user should not be provided to the authorized body of the local region. It is enough to confirm identity and current creditworthiness if it is confirmed or approved by the authorized body of the home region. The second problem stems from the features of the Diffie-Hellman key exchange protocol. Its purpose is to quickly establish a secret key. This makes it possible for an attacker to disguise himself as an authorized body of a local region and thus enter the key exchange protocol with a mobile user and obtain a shared key with him. Then, when the mobile user transmits the true data about his identity, encrypted using this shared key, the attacker can simply decrypt this transfer.

 Other approaches are described by R. Molva and others in (4) and M. Beller and others in (5). One side effect associated with key distribution is described in PCT Application PCT / EP 93/01989 (6) and another side effect related to password or key exchange is described in PCT / EP 93/02540 (7) PCT Applicant .

Object of the invention
Thus, there are essentially three tasks underlying the problem of confidentiality of data on the identity of a mobile user and his movement.

 The main task of protecting personal data is to prevent disclosure of correspondence between a mobile user and a user registered in a specific home region; in other words, the central issue is maintaining the confidentiality of user identity data. The easiest, most intuitive solution is to assign each mobile user or device a pseudonym when leaving your home region. As shown below, this alias may be fixed or change from time to time. Thus, the main objective of the invention is to propose a method and system adapted for using such aliases.

 The second important issue is the maintenance of foreign regions "in the dark" (in the unknown). If in a foreign region you are not required to know the valid information about the user's identity, then it is enough to use a pseudonym. In most cases, such a pseudonym should still be agreed with the authorized body of the home region. Thus, another objective of the invention is the creation of a method and system that enables the transmission of information flows through a network without familiarizing a foreign region with information about the user's identity. (Regardless of whether or not pseudonyms are used, there may be reasons why the authorized body of a foreign region will need to obtain valid information about the user's identity. In this case, the authorized body of the home region may secretly transmit data about the user's identity, bearing in mind, of course, that these two authorized bodies possess pre-installed means of secure communication, however, even in this case, the authorized body of a foreign region does not initially have user identity data )

 The third question is the prevention of tracking or correlation (disclosing the relationship between the password and the user's identity). Even if a mobile user uses a pseudonym when moving, his / her moves can be tracked by an attacker. The probability of this is especially high if the alias is permanent, for example, fixed for a given trip of the user or permanently assigned to the specified user. An alias of this type is like a long-term password; once disclosed, data on the user's identity and movements (in the hands of the attacker) can serve as a source of danger for the user for a long time. Therefore, another object of the invention is to prevent the possibility of tracking the user by creating a system adapted to use frequently changing aliases without delaying information flows.

References
(1) Rahnema: "Overview of the GSM System and Protocol Architecture", IEEE Communications Magazine, April 1993, Vol. 31, N 4, pp. 92-101.

 (2) "Cellular Digital Packrt Data (CDPD) System Specification", Release 1.0, 19 July 1993, CDPD Industry Input Coordinator, Costa Mesa, California, USA.

 (3) W. Diffie and M. Hellman: "New Directions in Cryprography", IEEE Transactions on Information Theory ", November 1976, Vol. 22, No. 6, pp. 644-654.

 (4) R. Molva, D. Samfat, G. Tsudik: "Authentication of Mobile Users", IEEE Network, Special Issue on Mobile Communications, Spring 1994, pp. 25-35.

 (5) M. Beller, L. Chang, Y. Jacobi: "Privacy and Authentication on a Portable Communications System, IEEEJSAC, Special Issue on Wireless Personal Communications, August 1993, Vol. 11, N 6. pp. 821-829.

 (6) Patent Application PCT / EP 93/01989, entitled "Method and Apparatus for Providing Secure Key Distribution in a Communication System", by IBM Corporation and P. Janson, G. Tsudik.

 (7) Patent Application PCT / EP 93/02540, entitled "Method and System for Changing an Authorization Password or Key in a Distributed Communication System" by IBM Corporation and R. Hauser, P. Janson, R. Molva, G. Tsudik, E. Van Herreweghen.

 (8) US National Bureau of Standards: "Federal Information Processing Standards", Publication 46, 1977.

 (9) R. Rivest: "The MD5 Message Digest Algorithm", Internet REC 1321, Internet Activities Board, April 1992.

 (10) R. Molva and G. Tsudik: "Authentication Method with Impersonal Token Cards", 1993 IEEE Symposium on Research in Security and Privacy. May 1993, Proceedings published by IEEE Computer Society Press, Los Alamitos, California, USA.

 (11) Security Dynamics Technologies, Inc., Cambridge, Massachusetts, USA: "The ACE System Access Control Encryption", Product Information, 1992.

SUMMARY OF THE INVENTION
The present invention provides a solution to the above problems. In short, in order to reduce the likelihood of either avoiding tracking and identifying a mobile user, a method is proposed for assigning a moving user temporary, simple, one-time aliases, which is very effective and not tied to specific hardware. On the one hand, the invention enables the unambiguous and almost instantaneous identification of a moving user by the authorized body of his home region; on the other hand, an unauthorized party will not be able to identify the mobile user or track his / her movement.

 Although this invention relates to all three aspects discussed above and provides a comprehensive solution, there are a number of limitations that are difficult to circumvent. One of such restrictions, for example, is the need for the authorized body of a foreign region to have data on the home region of the moving user. This is likely to be the case when there is a sufficiently large number of systems that work with mobile users, since the tariffs for services accepted by "abroad" must ultimately be transferred to the home region. In addition, as mentioned earlier, only the home region can provide information on the user's current creditworthiness. (In order to solve this specific problem, a system can be provided where communication between the authorized bodies of the regions is carried out anonymously through the central clearing house. In this case, it is convenient to assign aliases to the regions so that the moving user can refer to their home region using the alias; then you can contact with the central clearing house to disclose home aliases).

 In the method according to this invention, an attempt is made to reconcile two seemingly contradictory requirements: authentication and confidentiality of personal data. In order to authenticate an object, it is first necessary to declare specific data about its identity and then show or confirm that something is known that only the real submitter of this personality data can know. On the other hand, the confidentiality of personal data requires that this data be kept confidential. This leads in a sense to a paradoxical situation that must be resolved.

 In short, the essence of the new method is to calculate short-term aliases for moving objects, which are hereinafter referred to as "dynamic user identifiers". A user traveling outside his home region can obtain such a pseudonym and hide the relationship with the actual data about his personality. Moreover, this remains valid even if a foreign region (or any unauthorized party) organizes the opening of the password of the moving user.

Designations and brief description of drawings
Notation Used
In this description, the following notation is used:
D _x is the name of the region,
AS _x is an authorized body of region D _x , usually a server for authentication,
U is the roaming user assigned to the region D _x ,
U _x is the (real) name of this roaming user U,
A _u is the nickname or identifier of this roaming user U,
PW _u - password of user U,
SUid - dynamic user identifier,
δ _x - time interval of region X,
T _u - an indicator of the time interval, that is, the current time of the user U, rounded to the nearest value δ.
The drawings show:
FIG. 1 is a smart card used in the present invention in both modes,
FIG. 2 - an example of the information flow from a smart card to an authorized body of the user's home region,
FIG. 3 is a network with two regions to demonstrate the use of the invention,
FIG. 4 is an example of a process organization for an authorized body of a home region, and
FIG. 5 is an example of a process at an input workstation or terminal of a foreign region.

DETAILED DESCRIPTION OF THE INVENTION
First, each mobile user, in addition to permanent data about his identity, is assigned a long-term alias for moving A _u . In principle, A _u should not differ from the actual user identifier U _x . The protective properties of this circuit are independent of A _u , which is secret. In a system where each user is equipped with an intelligent card or some similar device, A _u can be nothing more than a serial number, or some other identifier of the user device. The list of these aliases for movements A _{u is} maintained by the authorized body of the home region along with passwords and other user information.

For each region D _x , the time interval δ _x for the entire region is selected. This time interval δ _x can be quite rough, for example, an hour or a day.

When the user U, for whom the home region is D _x , enters the foreign region D _y , then he / she must first be identified (and authenticated). Then, a temporary entry can be created for him / her in D _y to facilitate subsequent access to this foreign region. In other words, if the user plans to stay inside D _y for some time, it may be beneficial for him to set up some temporary “home” for himself, instead of contacting his home region with every access. But this is only one additional opportunity. The main objective of the invention is the identification of the user.

A detailed description of the protocol for user authentication can be found in the publication Molva (4), which is incorporated here by reference. In the context of the present invention, the exact format of the authentication flows does not matter. Regardless of the specific authentication features, the user identity U must be transferred to the authorized body AS _{x of} his / her home region. Since user U cannot directly contact the authorized body of the AS _x home region, all communication must be through the local authorized body of AS _y . This is shown in FIG. 2, which is described below.

 Alternatively, a two-way Diffie-Hallman key exchange can be performed before the authentication protocol, as disclosed in the above description of the CDPD system (2). In this case, the whole procedure becomes protected from passive intruders, since all messages can be encrypted using a new key.

In general, the flow for identification should contain a dynamic user identifier SUid; this is valid both for the (first) stream from the smart card / user to the authorized body of the foreign region AS _y , and for the (second) stream from AS _y to the authorized body of the home region of the user AS _x . A dynamic user identifier may consist directly of SUid or, alternatively, an encrypted version of SUid.

The crucial point of the protocol from the point of view of confidentiality of data from the user's identity is the calculation of the dynamic user identifier SUid; it is calculated as
SUid = F (A _u , T _u , PW _u ),
where F is a strictly unidirectional function. Examples are DES (Data Encryption Standards) described in Publication 46 of the National Bureau of Standards, compare with (8) in the References section, or MD5 disclosed by Rivest in (7). In the case of DES or some other encryption functions, it is important to bear in mind that there is no need for an additional secret key to calculate the function F, since for this purpose it is enough to have the user password PW _u . T _u - current time, rounded to the nearest value of δ. If the user is not equipped with a device such as a smart card, then he enters his PW _u password into a public workstation or other similar terminal, that is, an input device connected to an authorized body of a foreign region AS _y . For a user with a smart card, PW _u can be either: 1) in the form of a specific key inside the smart card (for those smart cards that do not have a keyboard or other input means) or 2) in the form of a combination of a smart card key and user password (for smart cards with input capabilities).

As it was determined, the value of the dynamic user identifier SUid is not clear to the authorized body of the foreign region AS _y . The only information that the authorized body of a foreign region AS _y can receive is information that the mobile user is registered in the (home) region D _x . In the second stream, the authorized body of the foreign region AS _y transmits the SUid (together with other information, for example, for authentication) to the authorized body of the home region AS _x , declared by the user.

The question is how does the authorized body of the AS _x home region determine that the SUid corresponds to the user U registered by the local authority. This is done by maintaining a constantly updated table that maintains a list of corresponding dynamic SUid values for each "native" (own for this region) user . Such a translation or reference table is recalculated at each interval δ _x . Since the authorized body of the home region AS _x already stores the pseudonym A _u and the password PW _u for each user, there is all the necessary information for calculating the translation tables.

It should be noted that since dynamic SUid user identifiers do not depend on the current location of users, translation tables can be recalculated autonomously and in advance. In particular, this refers to the case where a relatively coarse δ _x value is used, for example, one hour or one day, as mentioned above.

Of course, establishing "valid" data about the identity of a mobile user is only half the battle; the authorized authority of the AS _x home region should then verify the authentication data coming in from the second stream. However, as mentioned earlier, see the example in (4) by Molva et al., This is not related to the problem under consideration.

The next section describes a profitable option that reduces “computational overhead” (amount of computation). In a system where only a few users move outside their home region, it may be completely ineffective and even unprofitable to pre-calculate, maintain and search tables with temporary aliases for all users. In this case, a way to reduce costs is to require user U to inform the pre-authorized body of his home region AS _x about his intention to leave. Then the authorized body of the home region will have to monitor only those users who are really away. Then there is no need for users to disclose their exact location, they just have to register the beginning of each departure "abroad", that is, in a foreign region. After notification, the authorized body of the home region AS _x places the departing user on a special list that is used to calculate the temporary dynamic identifier. However, the user does not need to inform the authorized body of the AS _x home region about the completion of each trip, the authorized body of the home region can calculate that this user has returned home when this user tries to log in using his real, that is, his home ID (identifier) with an authorized body in the home region.

Next, we consider the clock synchronization of the authorized body of the home region and the authorized body of a foreign region. For most systems, the assumption that the user maintains crude synchronization with an authorized authority in the home region is very realistic. It is clear that a user having a smart card can rely on a smart card clock to track user time T _u . For a user who does not have such a card, an internal workstation clock will be sufficient. Also, the user can monitor the time simply by a wall or wristwatch. Of course, the partition interval δ _x is decisive. Despite the obvious ease of tracking user time T _u , it can be assumed that in some cases, tracking time T _u for some reason will be impossible.

To solve this problem, the protocol must be modified either by: 1) the authorized body of the local (that is, someone else's) region AS _y provides time T _u , or 2) it is provided by the authorized body of the home region of the user AS _x . In any case, time should be allocated to the user (or his device) in advance, that is, in an additional stream preceding the first stream described above. This can be made open, that is, unencrypted text, since the time T _{x is} not a secret value.

Summarizing the above, the most important factor in maintaining incognito traveling is the frequent change of the alias and the lack of communication between them, that is, between dynamic user identifiers. As long as permanent or long-term identifiers are used, it becomes possible to establish a connection between identifiers and tracking. Ideally, the alias or dynamic identifier should be a one-time, that is, be used only once. The method according to this invention does not fully meet this standard, since it allows the reuse of aliases within the time interval defined by δ _x . Therefore, if a user travels through one region δ _x through several regions, then he / she becomes vulnerable in terms of the possibility of limited tracking of the identifier.

To avoid this, the invention proposes two alternative approaches:
1) pseudonyms are formed regardless of the region visited, or
2) close synchronization is maintained between the user and the authorized body of his / her home region.

If the name of a foreign region SUid is used in the calculation of a dynamic user identifier, correlation of identifiers becomes impossible, since a user migrating from one foreign region to another (even within a very short time, that is, inside one time interval δ _x ) will move, having unrelated dynamic user identifiers. The main disadvantage of this approach is the need for a large investment of time for its implementation. Since in this case the authorized body of the AS _x home region is not able to predict the movements of users, it cannot calculate translation tables in advance. Therefore, if the authorized body of the home region AS _x is presented together with the dynamic user ID SUid and the name of the authorized body of the foreign region D _y , then there is no way to immediately make a decision or interpret the SUid, which means that you can immediately give an answer, since there is no previously calculated stored in memory translation table. Instead, for each registered user U, the authorized authority of the home region AS _x should calculate the appropriate SUid value using D _y as input. This puts a significant burden on the authorized body of the AS _x home region.

 Another possibility is to maintain close synchronization between the user (or rather, the user's personal device) and the authorized body of the home region. This synchronization can be maintained based on time, a secret sequence of numbers, or using random number generators with the same initial number. This approach provides the highest level of protection because it ensures that the alias or dynamic user identifier is never reused. However, this is due to the same drawback that is characteristic of pseudonyms depending on the region. In addition, this approach requires each user to have a reliable, personal device protected from unauthorized access.

 The above temporary aliases can be implemented in systems oriented to the use of, for example, devices such as smart cards, cell phones, or in more traditional systems where the traveling user has only a password for identification. In the latter case, the user is inevitably exposed to risk (password disclosure) from public workstations or other non-personal terminal equipment that is used to access the network. The following is one preferred embodiment of the invention.

 Particular advantages of implementing the invention are associated with the use of smart cards. The simplest of all possible smart cards is a card that has only a small display and possibly an on / off key. Inside the secure enclosure, the smart card contains a clock and a secret key unique to each card. This type of smart card is described by R. Molva in (10). A commercially available product that can be adapted to operate in this mode is the SecureID token described in (11).

Implementation
In FIG. 1-5 in a graphical form shows the implementation of the invention with smart cards. Their detailed description follows.

The smart card 1 shown in FIG. 1, has a serial number of 2, which is usually fixed on the card and is unique; there is also a processor and a display screen 3, often in the form of a small LCD (LED), while all elements are battery powered. As explained below, the smart card 1 has two different modes: the following features are provided to support the method of temporary dynamic user identification:
1. A switch is programmed, either automatically or on demand, between two modes: "authentication mode", in which the card displays the authenticator (which, as mentioned above, we do not touch here), and "user ID mode", in which the card displays the dynamic SUid user ID. Automatic switching occurs at a certain frequency, for example, every ten seconds. An automatically switched smart card is especially convenient since it does not require any modifications to the external surface or hardware of the currently existing smart cards. Alternatively, a button or mode 4 switch may be provided that allows the user to switch from one mode to another.

 2. The clock of the smart card used in authentication mode, when calculating the user ID SUid "rude". It is not necessary to have a separate clock for the user ID mode, but it can be provided.

 In user ID mode, smart card 1 displays a decimal number of 6-8 digits or another sequence of characters shown as XX XX XXX in FIG. 1 as a temporary dynamic user identifier. This user identifier may include a label 5 in front to indicate that the user indicator is displayed. The user at the right time enters it as his "user ID" into the terminal or workstation for transmission to the authorized body of a foreign region. As indicated below, this input step can also be performed automatically. It should be clear here that the dynamic user identifier carries data identifying the user only in encrypted form; no attacker should be able to extract true user identity data from it. In addition, it should be clear that since the dynamic user identifier at the end of the specified interval changes, it is obvious that in any sequence of dynamic user identifiers they are not connected with each other and do not give any visible indications of their belonging to the same user .

 In authentication mode, the smart card 1 displays another decimal number of 6-8 digits, or another sequence of characters shown as YYY YYY YY in FIG. 1 as a user authenticator. The user enters this authenticator as his "password" into the terminal, which, in turn, passes it to the authorized body of a foreign region. (As mentioned above, the authentication process itself is not part of this invention and therefore is not further described in detail).

 Such a smart card can be implemented by modifying a commercially available smart card such as a SecurID card, mentioned in (11), which already contains a clock and a processor. It is clear to specialists that writing the appropriate software, if necessary, and adapting the card is not a big problem. Physical modification of the card is not necessary if the option with automatic switching from the user ID mode to the authentication mode is selected.

 In FIG. 2 shows the transfer of a dynamic user identifier and authenticator from a smart card 1 through an authorized body of a foreign region 6 to an authorized body of a user's home region 8.

 One preferred option is when the user enters both displayed values from the smart card 1. Another way is to read the card in a terminal connected to the authorized body of a foreign region 6. Well-known automatic transponders widely used in banking can be adapted for such an operation. (Of course, for authentication, the user can also enter a password, PIN (personal identification number), or any other means can be used in the system for the authentication process. Again, as mentioned above, the authentication process is not part of this invention; any known method).

 The authorized body of a foreign region 6 “knows” to the authorized body of which home region it should contact. This is preferably done by including the corresponding segment in the dynamic user identifier. Alternatively, an authorized body of a foreign region 6 may request a separate entrance to identify the authorized body of a home region.

 An authorized body of a foreign region 6 transmits data via a connection 7 in the form of a cable, schematically shown in FIG. 2, to the authorized body of the home region. Of course, it can be a connection of any kind; from a two-wire line to a radio or infrared communication network. An attacker extracting data from an authorized body of a foreign region 6 or from connection 7 will not be able to obtain true data about the user's identity or his / her last location from where the system was accessed.

 Since the dynamic SUid is already encrypted, another encryption is not necessary to provide a more secure transmission, but, of course, this can be provided.

 In FIG. Figure 3 shows a network consisting of two regions 10 and 20, each of which has several terminals or workstations for user access. The first region 10 has a bus 15 connecting the user terminals 11-13 to the server 14. A communication line, shown here in the form of a trunk or cable, connects the server 14 to the gateway machine 30. Some or all of the terminals or workstations have built-in computing capabilities. Also, the authorized body of the region may be distributed and not be located in a specific machine or server.

 The second region 20 also has a number of terminals or workstations 21-24 connected to the ring network with relay access 25. At least one workstation 24 has built-in computing capabilities and is used as a server for the second region. Connection 26, shown in the form of a communication line, can also be wireless - infrared or radio channel to the gateway machine 30.

 A traveling user U who wants to access the system through a terminal or workstation 12 and who is “at home” for region 20, enters his data, that is, identifier, password, etc. from a keyboard or other input device at terminal 12 and / or inserts its smart card into a reader at a workstation. Since the workstation 12 from the point of view of the user is part of a foreign region, he / she will be asked to enter the name of the home region, or this name will be read from the smart card. Either workstation 12, or, alternatively, the user's smart card computes the dynamic user identifier SUid, as described above. The authorized body of a foreign region 14 that receives this dynamic user identifier is not able to interpret it. However, he must know the user's home region, in this case region 20, in order to send or transmit encrypted data through the gateway machine 30 to the desired (home) region.

 The gateway machine 30 or any other gateway or relay station on the highway is also able to interpret the correct home region of the user, but cannot read or interpret the dynamic user ID SUid. In this case, the gateway machine 30 transmits the received encrypted user ID to the authorized body of the user's home region 24.

The authorized body of the region 24, which accepts the dynamic identifier at the place of residence of the traveling user U, has pre-computed updated tables that contain lists of dynamic identifiers for all users valid for a given time interval δ _x . Thus, by quickly and easily viewing the table, the authorized body of the region can check whether the received dynamic user identifier is valid and to which user it belongs. This is described in more detail in connection with FIG. 4. The authorized body of the region 24 may then transmit back the corresponding message to terminal 12 (from where the user who wants to use the system’s services is located) and / or perform the authentication process.

As shown in FIG. 4, when receiving the dynamic user identifier SUid, the authorized body of the home region 24 selects the corresponding alias table 42, say TV ₂ , from the set of 41 pre-computed tables TB ₁ -TV _n in accordance with the current time interval δ _x . He then searches the selected table using the obtained SUid, and identifies the serial number (or some other ID) of the smart card or user workstation that calculated the SUid. The card serial number uniquely identifies the user. As soon as this identification is completed, an appropriate message can be generated in the authorized body of the region 24.

Finally, in FIG. 5 shows an example of how user input can be processed at an input terminal 12 in a foreign region. User U enters his ID or identifier A _u , his password PW _u and, alternatively, the current time T _u , rounded to the nearest time interval δ _U , in the workstation and terminal 12 in a foreign region. The processing means 51, comprising an encoder 52, encrypts the user input, i.e., i ₁ - i ₃ , which correspond to PW _u , A _u and T _u , as shown in FIG. 5. Here, the junction i ₁ and i ₂ is encrypted according to DES (see the aforementioned publication (8)) using the key i ₃ defining the SUid that is sent to the user's home region. There, the authentication server 24 evaluates the received dynamic SUid.

 The following is a step-by-step description of the entire process.

Step 0
First and preferably constantly, each authorized AS _x authentication authority (home region), typically the authentication server 24, computes the tables necessary for implementing the process. This is done with a certain frequency, for example, once a day. Thus, a sequence of tables is calculated, for example, TB ₁ , TB ₂ ... TB _n , where n is the number of intervals δ _x in days or in another long-term unit. For example, if δ _x is one hour, then the authentication server 24 calculates 24 tables every day.

Each TV _i table contains as many rows as there are users in the local region. Each row contains two columns:
- username U and
- the result of applying the unidirectional function F (A _u , T _u , PW _u ), where PW _u is the password or PIN of the user U, and T _i = T _o iδ _x .
T ₀ is the absolute time elapsed since the start of the calculation, that is, if the calculation is performed every day, then T _{0 is} set to midnight.

 This is the first part of the process, namely, the calculation of tables, ends. Next, we consider the second part concerning the solution of the identification problem. To facilitate understanding, the description is divided into several steps.

Step 1
User U arrives in a foreign region. At a terminal or workstation in this foreign region, say terminal 12 of region 10 in FIG. 3, he / she enters his ID U _x , or the alias A _u , the value of δ _x and his password (or PIN) PW _u in the workstation. Based on the entered values, the workstation (software and / or hardware) calculates the dynamic user ID
SUid = F (A _u , T _u , PW _u ),
where T _u is the local time at the workstation, rounded to the nearest δ _x , that is, seconds, minutes or hours, depending on the units in which δ _x is measured. Note that at the workstation there is no need to have a clock; in this case, the user also enters the time T _u , for example, by looking at his watch.

 In addition, the user enters some authentication information into the workstation. For the present invention, it does not matter what this information is.

Step 2
The workstation sends the SUid value along with the authentication information to the authorized body of the home region of the user AS _x , for example, the terminal (or workstation) 24 in region 20. This can be done indirectly: first, the workstation 12 can send data to its own local authorized body AS _y , for example, a workstation 14 of region 10, which, in turn, then sends data to AS _x , here it is a terminal or workstation 24.

Step 3
When the data reaches AS _x , that is, workstation 24, it first finds out its local time T _x . Then computed
j = (T _x −T ₀ ) / δ _x using integer division, and
k = (T _x -T ₀ )% δ _x , where% is the symbol for the operation of taking the module.

Step 4
Then, AS _x , that is, workstation 24 searches for the table TB _j (calculated earlier in step 0) using SUid as the desired value.

Step 4a
If the search was successful, then the table element points to user U.

Step 4b
If the search is unsuccessful, then the authorized body of the AS _x region, that is, workstation 24 can (depending on the value of k) search either TB _j-1 or TB _{j + 1} .

Step 5
When the user U is identified, the authorized body of the AS _x region, that is, the workstation 24, checks the authentication information that came with the SUid, as is known to those skilled in the art. Again, the details of this process are not relevant to the present invention.

Step 6
When the authorized body of the AS _x region, that is, workstation 24, made sure that the SUid corresponds to the valid user U and the accompanying authentication information is correct, he contacts the authorized body of the remote region AS _y , here the server 14 in region 10, and reports that SUid is a legitimate user who is entitled to service.

 Obviously, the smart card is not used in the above process. If you want to use a smart card such as card 1, then in step 1 there will be a single exchange. Instead of entering information into the workstation, the user simply reads the value displayed on the user ID smart card and enters it into the workstation 12. Alternatively, this value can be read automatically by the workstation. This value is the SUid already calculated by the smart card 1 in the same way as the workstation does in step 1 above.

As a result, at the end of step 6, the authorized body of the AS _y region, here the workstation 12, can make sure that the user U is legitimate and at the same time, the unauthorized body of the region cannot find out information about the user's identity. In fact, the authorized body AS _y only recognizes SUid, which is nothing more than a short-term alias. The correspondence between SUid u U _{x is} known only to the user U and the authorized body of his home region AS _x .

 Obviously, there are many variations of this invention, from wireless transmission, for example, in the radio frequency or infrared range, to multiplexing, when several users are simultaneously served. In a region with radio communications, one server can be used simultaneously as a transceiver, and as an authorized body of the region. Synchronization can be achieved, for example, using radio-controlled clocks or other synchronizing devices. Smart cards can have significant computing power to make terminals as robust as possible. In all of these embodiments, the essential principles of the invention as defined in the appended claims may be used.

Claims (15)

1. A method for securely identifying a mobile user U in a communication system with a plurality of distributed users grouped by region, each specified user having an identifier A _U and a password or other secret authenticator PW _U , said identifier and password being stored in the home region of the specified user, wherein the method includes a synchronization indicator, preferably using the indicator T _U time slot, said clock input of the user U in chu th region from the home user region, characterized in that the method comprises the steps of: encrypting under a secret function, particularly a one-way function of said identifier A _U, said indicator T _U temporary user password interval and said or other secret authenticator PW _U and the formation of a dynamic user ID SUid, indicating the specified region to the alien from which the specified user U intends to establish a connection, the specified user's home region, Transferring said dynamic user identifier SUID from the specified region of another in the specified user's home region, the definition of authentic data about the specified user identity U in said home area user using the identifier of the dynamic user SUID. 2. The identification method according to claim 1, characterized in that the synchronization indicator T _{U is} derived from random number generators having the same initial numbers, or from secret sequence numbers located in the home region and in a foreign region, or at least sometimes connected to it.  3. The identification method according to claim 1 or 2, characterized in that the regions contain a number of workstations and / or terminals for user access, moreover, the encryption operation is performed in a foreign region, and the dynamic user identifier SUid is transmitted to the specified home region of the user to determine genuine U user identity.  4. The identification method according to claim 1 or 2, characterized in that they use an "intelligent" portable input means, preferably an intelligent card, with built-in computing capabilities, in which encryption and, if required, generation of random numbers is performed in the specified portable input means, and the dynamic SUid is entered into a foreign region.  5. The identification method according to claim 4, characterized in that at least part of the input to a foreign region is performed from a portable input means, preferably by machine reading. 6. The identification method according to any one of claims 1 to 5, characterized in that if the determination of the authentic data on the identity of the specified user U was successful, then a confirmation message is transmitted from the home region D _U , in particular to the foreign region D _y , if the determination is genuine the identity of the specified user U was unsuccessful, then indicate the corresponding failure. 7. The identification method according to claim 1 or 2, characterized in that the encryption function is a one-way function SUid = F (identifier A _U , synchronization indicator T _U , user authenticator PW _U ), and identifier A _U is an alias or secondary user identifier . 8. The identification method according to any one of claims 1 to 7, characterized in that in the home region, before the corresponding time interval σ _U or another indicator of the synchronization interval, one or more potential encrypted messages for the future time interval are pre-computed and stored in the link / translation table .  9. The identification method according to claim 8, characterized in that the reference / translation table in the home region is selectively made, in particular, only for selected mobile users, of whom it is known that they are moving. 10. The identification method according to claim 1 or 2, characterized in that for each region D _x choose a time interval σ _U for the entire region, and the specified selected time interval is one hour, or several hours, or a day.  11. A portable input means, in particular, a smart card adapted for use in a communication system according to the method according to any one of claims 1 to 10, comprising an identifier or key for each specified input means, a clock, a processor for calculating a dynamic user identifier SUid, characterized in that means are provided for switching said input means between the authentication mode and the user ID mode, in which the dynamic user identifier is calculated ovatelya SUid, and means for displaying and / or entering a user identifier SUid computed dynamically in another region.  12. The input means according to claim 11, characterized in that the switching means is a manual mode switch for user-defined switching of said input means between its modes and / or an automatic mode switch for automatically switching said input means, preferably, depending on the time, between its modes. 13. A system for securely identifying a mobile user in a communication network, including a plurality of distributed workstations or terminals grouped by region, the user having an identifier A _U and a secret authenticator PW _U , characterized in that means are provided for grinding in accordance with the secret function, in particular, a unidirectional function, the specified identifier A _U , the synchronization indicator T _U and the specified user authenticator PW _U for generating a dynamic identifier user id SUid and indicating the specified home region of the user, means for transmitting the specified dynamic user ID SUid from the specified foreign region to the specified home region of the user, and means for receiving in the specified home region D _U and the specified dynamic user ID SUid and determine the true identity the specified user U. 14. The identification system according to item 13, wherein the management and processing of messages in a foreign region and / or in the home region is performed within the authority and by virtue of the authority of the region or authentication server AS _y or AS _U, respectively. 15. The identification system according to item 13, characterized in that it contains in the authorized body of the home region AS _{U a} means for storing many translation tables.

Images