1. Field of the Invention
The present invention relates to an untrackable method and system for managing network identity.
2. Description of Related Art
Currently, there are many wireless technologies, such as Worldwide Interoperability for Microwave Access (WiMax) and Wireless Local Area Network (WLAN), which utilize Extensible Authentication Protocol (EAP) structure. FIG. 1 is a schematic diagram of a conventional EAP authentication model including three roles, wherein a mobile device 101 is equivalent to a supplicant, an access point 102 (AP) is equivalent to an authenticator, and an authentication, authorization, and accounting server (abbreviated as AAA server) 103 is equivalent to an authentication server. When a user wishes to use the mobile device 101 to connect to a network, he has to provide an identification (ID) to the access point 102, and then the access point 102 transmits the ID to the AAA server 103 so as to perform authentication, authorization, and accounting operations based on the user's identity.
The authentication model in FIG. 1 assumes that the three roles are all on a same network operated by a same network operator or a same Internet Service Provider (ISP). However, EAP may in fact be applied on an inter-domain network, as shown in FIG. 2. Three networks are illustrated in FIG. 2, a home network 230 which the user originally established an account, a visited network 210 which the user wishes to connect, and a proxy network 220 between the said two networks. The above three networks are respectively operated by different network operators or ISPs.
When the user wishes to connect to the visited network 210, he has to use the mobile device 201 to provide an ID to the access point 211 of the visited network 210. The visited network 210 does not have data about the user's identity but the home network 230 does. Therefore, the access point 211 has to transmit the ID all the way to an AAA server 231 of the home network 230 for authentication, authorization, and accounting. The access point 211 and an AAA server 212 of the visited network 210 and an AAA server 221 of the proxy network 220 merely relay packets in between and do not participate in the process of authentication between the mobile device 201 and the AAA server 231.
With more and more emphasis being placed on privacy, users generally wish to use temporary IDs on an untrustworthy network environment to prevent network position and privacy (e.g. the websites which are visited) from being disclosed. The issue of privacy is more important in the abovementioned untrustworthy network environment which may refer in general to all the visited networks outside of the home network, especially a public wireless area network environment where malicious fake access points may exist.
The privacy issue in a same network domain may be solved by using Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) or Protected Extensible Authentication Protocol (PEAP). However, in a cross-domain environment as shown in FIG. 2, the current EAP may not be enough to solve the problem. For privacy, the mobile device 201 may use an anonymous temporary ID and Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or EAP-TTLS to establish a secure channel with the AAA server 231 of the home network and then transmit an encrypted real ID to the AAA server 231 for authentication. However, this way, the AAA server 212 of the visited network in between is not able to decode the encrypted real ID of the user and thus can not perform accounting and authorization.
Because the EAP structure can not provide functionalities of privacy protection, accounting, and authorization at the same time, Internet Engineering Task Force (IETF) proposed RFC 4372 standard to solve this problem. A chargeable user identity (CUI) is introduced in this standard to add a new field in an EAP packet to carry a temporary ID for ISP charges. However, the CUI still has a few problems. For example, the CUI is only for temporary use. If the CUI is used for a long period of time, it may still be used to identify the user. Only the ISP that issues the user's real ID knows the corresponding relationship between the CUI and the real ID. Thus, the CUI has to be transmitted in plain text so that the network operator of the visited network may use the CUI to charge a fee from the ISP of the user's home network. This is because EAP lacks an effective mechanism to manage the CUI.