In various technical fields, a communication takes place between a central installation such as a central server, and various other communication devices. In this context, the communication devices must identify themselves to the central installation in order to be able to be addressed during the further communication, i.e. to be able to receive messages intended for it. For this purpose, MAC addresses are frequently used which are defined for each communication device. MAC addresses can be unambiguously allocated to the devices. Due to this unambiguous allocatability, it is possible to determine and detect each individual communication device, for example as part of a wireless communication network.
Wireless communication can thus offer advantages with respect to automation/detection systems. For example, it is possible to detect persons or objects via communication devices connected to them and to communicate with these without having to set up terminals or similar devices. This can be advantageous with respect to throughput and comfort.
One possible example of an application is a wireless electronic ticket system for the public short-distance passenger service. In a wireless electronic ticket system, individual trips by users then no longer have to be paid by printed tickets or other types of charge cards, for example when passing through a turnstile. Instead, an intelligent charge card with radio interface can be provided for each customer, which can communicate with the means of transportation, for example via a central communication server. In this way, it is possible to document which means of transportation have been used when by a customer. The accounting can take place in various ways, based on this data, for example similarly to a telephone bill retroactively for the past month and could even contain a verification of a single connection.
When such a wireless interface is used, there is the risk, however, that the communication between the charge card and the means of transportation or the central communication server, respectively, can be monitored. If no suitable measures are taken such as, e.g. encryption of the data transmitted, it is possible, therefore, to identify individual customers or the communication devices allocated to them, respectively, unambiguously due to the monitored data and, in consequence, also to follow their movement. This is also called tracking.
To secure the transmission of data or hinder monitoring or tapping into the data, encryption methods such as SSL can be used, for example, which may ensure that only the desired receiver can decrypt the data. The transmitted data per se can thus be secured.
However, for transferring the data in the network addresses are used, particularly MAC addresses, which allow the individual communication partner to be addressed within the network. Usually, fixed MAC addresses are issued by the manufacturer in networks, as also the internet, for network cards. On the one hand, this can assure that addresses are unambiguous within the networks.
On the other hand, such fixed MAC addresses are already sufficient for enabling users to be tracked since the MAC addresses are unambiguous for each communication device or the network cards contained in these devices and can be easily monitored.
To prevent tracking of communication devices, and thus their users, anonymization on the level of addressing would be desirable additionally apart from encryption at the level of the data.
In a method for generating anonymous MAC addresses, a network subscriber, i.e. a communication device in the network, generates a random MAC address and reports it to a central node or access point. The central node checks this address for unambiguousness. In the case of doubly selected addresses, the network subscriber must generate a new address and start the process again. If the address is unambiguous, the network subscriber is allowed to communicate by using the generated address.
In another embodiment, a central node generates anonymous MAC addresses and distributes these to network subscribers. In comparison with the method mentioned above, this method has the advantage that doubled allocation of addresses can be prevented directly on generation of the address.
Alternatively, a network subscriber can generate a random MAC address by means of a complex connection of a random number to a secret fixed MAC address. This makes it possible to achieve, even with restrictions, that the address generated is random enough for ensuring anonymity and the probability of collisions is so small that no central allocation of the MAC address is required.