[MUD-Dev] Identifying Players (was Counting Massive Multi Players)

Crosbie Fitch crosbie at cyberspaceengineers.org
Thu Jul 31 11:20:45 CEST 2003 

A scheme to identify players and generally restrict the control of a
player's character to a single person.

  Human H wants to create player P on massive multiplayer game G.

  H picks a private key Kpx.

  H picks a public key Kp and gives it to G.

  Kp represents P's identity code and ensures that if H wishes to
  remain the only person to play P, this is assured for as long as H
  keeps Kpx secret.

  Each time H' wishes to play P identified by Kp, G creates a random
  number N, encrypts it with Kp to create En and challenges H' to
  reply with N.  H' uses Kpx to transform En to N' and sends N' to
  G.  G knows that as only H knows Kpx, that if N'=N that H' is H
  (or that H' has discovered Kpx).

  Moreover, if there ever exist two simultaneous occurrences of H,
  then G knows that Kpx has been compromised and can blacklist P
  (requiring H to create P2 and H' to create Q or repeat their
  ability to compromise P2).

This scheme permits a person interested in maintaining exclusive
control of a particular player to do so (on the assumption that a
person can retain a secret in memory). It also enables the game to
ensure that a player is played by at most one person at a time, and
attempts to infringe this are usually indications that either the
player has wilfully abandoned exclusive control or that someone has
discovered the person's secret via nefarious means.

This scheme does not prevent a person from having multiple
players. However, the more players a person has, the more secret
keys they need to memorise.

Don't forget though, that H needs to be protected from G' (a game
imposter).  G' can easily challenge H with En (given Kp is
public). One could put confidential player information within N such
that N comprises Ncode (the random number), Ndate (the current date
& time), Nip (IP address of G) and Ninfo and that only Ncode must be
returned to G. This way the player is assured that G' is either G,
or that G' has obtained Ninfo via nefarious means. Ndate and Nip
protect a little bit against replay attacks, e.g. G' intercepting En
and forwarding it to H. Though H can always send G' several Ncode
suggestions and ask G' to say which one is correct.

Ok, perhaps a dedicated hacker can compromise P, but at least the
game is assured that in general, each player is controlled by one
person.

Dunno if this helps anyone in the MMOG field, but I'm leaving it in
my toolset until someone tells me it's fundamentally flawed. ;-)
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list