How to identify or authorize members of a time travel organisation?

Many organizations today have identity cards, and use passwords and multi-factor authentication to authenticate and authorize people. If there's trouble, things can be done: Identity cards can be replaced with new serial numbers; passwords can be changed; digital certificates revoked; keys and locks changed.

If your organization can travel in time, most of these methods break down. If my password is compromised and a malicious actor can travel in time, then revoking it from 'now' doesn't help, and ensuring that password is never issued just means that password2 is compromised instead. You also can't ask someone to look over the access logs and verify it was all them, because it might be them, it just might not have happened to them yet.

On top of that, changing anything when one of your own is out of sync with you, means that they could return and give the incorrect passphrase, or have the wrong key, or simply return at a point you're not expecting them to.

How would you reliably identify a person who's a part of your organization, assuming there are too many people to simply memorize?

The best I've come up with so far is that each person on each journey gets a unique code. Whenever they return, they can be connected to a specific trip. It does mean that all the codes would have to be determined in advance, though, and still suffers from problems if the list of codes is compromised.

11 Answers
11

The problem with time travel is that it leads to paradoxes. You will have to decide in your story or game setting how you deal with it. How about this:

The only way this would break down is if the mission fails and A1 never reports back, but in that case why waste resources to help him?

Another scenario:

There's a Spanish Language show called "The Ministry of Time" (El Ministerio Del Tiempo) that handles this question.

The agency is pretty broad and had been running since around the twelfth century. Each time period manages their agents: so the 1950s ministry deals with 1950s agents, in a manner analogous to field offices. The present (whenever that is) is the ultimate decision-making authority. Message tubes, time-travelling e-mail, and time-travelling phone allow field offices to communicate with the home office in the present. The future is not yet set. They rely on memory and paperwork to know which agents are theirs, what missions they are on, and what those agents have done in the past. As you have pointed out, higher-tech solutions are as vulnerable to time as paper.

The time travel mechanism in this setting does not effect people currently travelling in time. Agents go home every night (unless on a mission) to their own time, unless something (like being too famous) makes staying in their own time difficult. In this manner, and protected from time-travels effects during the working day, you have a good reality-check as each agent can report anomalies when they get home, with reporters spread pretty well across both geography and time.

It's a porous system, and the show has dealt with the consequences of that porousness, but by and large it works and seems credible.

DC's Legends of Tomorrow (season #1) takes an alternative solution. The preferred time period, where the agency's home office is located, is the end of time. Time is already as the agency would prefer it, and they possess a supercomputer sufficiently powerful to detect if suddenly a new history would be more optimal (which would probably be a sign that something has changed).

Ships are tracked using something like transponders, but individual agents are not. This method also is very porous, but also seems to largely get the job done. There is also a problem where changes that are "better" (however that is decided) are promoted to the new baseline, without any soul-searching about it.

A radioactive clock to detect tampering with mission timelines

An agent goes out on a mission, and is given a certain timeline for how long he can be gone. The agent might be given 8 hours of agent-time to do what he is assigned to do. By strictly enforcing this agent-time, you can help guard against unusual events in the timeline.

Each member of the time team is given a radioactive clock built into a chip. This clock will contain an isotope that decays over time. The chip will be inserted into the agent. The activity of the isotope and its decay emissions will give you an exact time of how long it has been since the card was issued. By varying the isotope, you can vary the time limit. If a mission is only authorized for one day, then give an isotope with a 5 hour half-life. Measurements of the resulting decay will be accurate to the minute. If the mission is authorized for a week of travel time, then the isotope should have a 40 hour half-life, and time measurements will be accurate to ~10 minutes.

Obviously, choose an isotope that isn't going to kill the user. Anything that $beta$ decays (i.e. electron emission) can be placed in a very thin conductive metal case in the chip to protect the holder from radiation. For example, Gallium-73 $beta$ decays with a 4.9 hour half-life for short missions; Scandium-48 $beta$ decays in 44 hours for longer missions. Elements on the lower end of the atomic mass spectrum don't tend to emit high energy gammas, so there are plenty of mostly benign atomic species.

How to make the clocks

Basically, you have to isolate a sufficient amount of a certain isotope in order to make each clock for the mission. The equipment to perform this is pricey; but, one purchase, it just costs a high electric bill to run. Choose the isotope you want to synthesize and determine what you need to bombard with neutrons to get it. Load the stable material you need to bombard into a spallation facility, then bombard it with neutrons.

For example, to make Gallium-73, you would bombard Gallium-71 ( a stable isotope with 40% abundance) with neutrons until some atoms pick up two extra neutrons. Gallium-72 has a 14 hour half-life, so many of the intermediary products would survive to pick up a second neutron. Then you use the isotope separation technique best suited to whatever element you are working with to concentrate your once isotope.

Obviously, with a 5 hour half-life on some of the clocks, you don't have much time, so the Time Agency is going to need to have the clock production facility on site. The minute that a 1 gram sample is embedded in a chip, that chip needs to be embedded in an agent and the agent sent on their mission.

How this helps you

What this gives you is a way to determine how long the person spent while time travelling. They can re-appear at the very same instant that they were gone, but the id card will give you a foolproof way to determine the time elapsed for that person. If some crazy time hijinks involved the agent spending a year of time (from the agent's perspective) stuff, the id card will tell you that.

By inserting the chip into the agent, you can ensure that the same agent came back.

This method should be used in addition to other methods, namely, biometrics and encrypted passcodes. But while encrypted passcodes can be cheated through time travel, and while biometrics could be foiled by the same person from a different timeline, the inserted chip will ensure this is the same agent and that he spent the amount of time he said he did while travelling.

How would you reliably identify a person who's a part of your organization, assuming there are too many people to simply memorize?

All of the above are uniquely linked to an individual, time invariant and can hardly be counterfeited.

This answer is heavily influenced by Public Key Cryptography

All time travelers agree on a secret prime number X. When two time travelers meet they can used some simple division to tell if the other person is in the secret society.

The Algorithm

Time traveler 1 picks some random number called number1, and ask for Time Travel 2 to answer divide number1 by X and tell him the remainder (it's important he doesn't tell him the actual answer)

Time Travel 2 picks another random number, and challenges Time Traveler 1 to give the remainder of this new number divided by X

If both of them know X, they can easily validate the other one's knowledge without explicitly saying X. Anyone overhearing the conversation, even with the ability to time travel will not be able to reuse the answer, as it will change each time the question is asked.

What if someone gets Time Traveler 3 drunk and gets the secret number X out of them? You Ask.

A Way To Further Protect The Time Travel Council Members

Use Carbon-Dating to ensure the Time Traveler has visited HQ recently. HQ has a large collection of hard-to-replicate trinkets all set to the same Carbon-Dated time. Use these as a way to track how long each time traveler has been away from HQ. If they haven't visited HQ in the last month (by carbon-dated time) then don't trust them.

But the guy who learned X is now able to masquerade as a member of the Time Council

Yep, he is, but this is the more mundane problem of people leaking passwords. Even in non-time traveling secret societies, I'd imagine the members have to meet regularly, and determine the new passwords.

By using a secret number and a remainder, there is no way anyone overhearing a conversation would be able to travel back in time, and preemptively use it. It won't protect you from loose lips.

EDIT

Several astute commenters pointed out that cryptography uses the fact it would take billions of years to guess the number as protection against attacks (which the time traveler has since they can just jump 1 billion years in the future).

One way to at least make this harder would be to use secret number X as a starting point, then come up with an algorithm based on the calendar date (i.e. multiply X by month then divide by day). Now the Time Council has to know a secret number and a secret algorithm.

By adding this algorithm, no single observation of Time Council members would be enough to determine X. The attacker would have to observe several meetings, which would take "real time" in the attacker's world.

By pairing this with an expiring trinket system (see above), you could effectively limit the guessing power of the attacker.

Still, nothing protects you from a disgruntled time traveler simply publishing the secret.

Authorization is granted to those who possess the secret knowledge.
The secret knowledge is itself the authorization.

https://www.youtube.com/watch?v=DZSRKNw-lTE

http://www.witchcraftandwitches.com/related_rosicrucianism.html

According to the 18th Century secret society called the "Golden and
Rosy Cross", the Rosicrucian Order was created in the year AD 46 when
an Alexandrian Gnostic sage named Ormus and his six followers were
converted by one of Jesus' disciples, Mark. From this conversion,
Rosicrucianism was supposedly born, by purifying Egyptian mysteries
with the new higher teachings of early Christianity, and they adopted
the symbol of a red cross surmounted by a rose.

Your time travelers are part of a secret society. To understand time travel and the responsibilities, they first must master the secret knowledge which the society exists to protect. It is not trivial. These secrets cover time travel and much more besides. One who understands these secrets can travel in time (among other things), and this knowledge compels those who have it to act in accordance with the precepts of the society.

If one forgets the secrets because of age or illness, one also loses the ability to travel in time.

The reality is that you can't develop a time travel identification system to solve these problems independent of your story's particular time travel methodology. The two must be intertwined because your identification system is designed to solve problems particular to your time travel methodology. The rules you need to support for a Novikov Self-Consistency Principle based world are very different from those required to support a Heinlein style Time Corps, and are very different from those you would want in a Primer style time travel scheme.

The best answer in all cases comes from Heinlein's short story, All You Zombies. If you can't find a copy, I recommend at least watching the movie Predestination, which is a reasonably 1:1 movie rendition of it. It contains probably the most brutal example of how hard it is to ID a time traveler, but it also contains the best rule: don't depend on your ability to ID people. If you don't need to know who they are, it doesn't matter if you know or not. Consider the question of rank. Who is the higher ranking time traveler?

I woke the duty sergeant, showed my I. D., told the sergeant to
bed my companion down with a happy pill and recruit him in the morning. The sergeant looked sour, but rank
is rank, regardless of era; he did what I said—thinking, no doubt, that the next time we met he might be the
colonel and I the sergeant. Which can happen in our corps.

Neither the main character nor the sergeant are dependent on the real truth of who is higher ranking. They simply live a life which is acceptable based on the time they are in. For them, a piece of paper showing that one has higher rank at this particular moment is sufficient.

At any given point in Alice's subjective time, she's used her password a finite number of times. If Eve's stolen the password, Alice can review all the times she's used that password and will ever use that password, ensure that they're all her in her subjective past, then stop using that password. So long as Bob has a list of all the passwords she'll ever use, she can still authenticate.

Use asymmetric keys instead of a shared password, and this is both simple and secure. If time is immutable then you only need check once, and if time is mutable then you'll only need to take action if Alice spots an invalidated password of hers being used after (from her perspective) she's made sure that all the uses of it were past-her.

With this system in play, you can use conventional authentication in a temporally complex environment.

Travel back as far as is possible, and set up secret satellite network where it won't be detected, designed to operate unobtrusively for thousands of years (or more)

When you want to authenticate with a potential fellow agent, you both get out your biometric Personal Authentication Super Secret Passcode & Orders Receiver/Transmitter devices, trigger the log-in, and show them to each other. Your PASSPORTs identify each other, exchange encoded credentials - then connect to the satellite network to verify.

The satellites communicate with the agent's own-time to confirm that each agent is who they say they are by matching the biometric keys, and check that both agents are meeting each other at the same chronospacial coordinates to prevent spoofing. The results are then sent back to the Agents' PASSPORTS, which will both chime to confirm a meeting, AND provide a list of events that each Agent has experienced in their personal timeline that other either Has or Has Not.

(These Synchronised Personal Overview of Individual Life-Event Records not only ensure that Agents do not accidentally pollute each other's future timelines, but allow them to catch up on and discuss events that they have both observed as having already occurred - the opportunity to discuss future events with relative freedom is important for the stress levels and mental health of our Agents.)

As a bonus, the satellite network provides a discreet and secure method of global and temporal communication for agents.

If your login requires that you provide a passcode too, then you have 4-factor security: You need to know something (the passcode), you need to have something (your PASSPORT), you need to be something (for the Biometrics to match), and you need to be somewhen (for the paired handshake with the other Agent)

A lot of the solutions proposed here work until you have to revoke the agent's access across time. Therefore you need something that ties to the age of the agent, and can't just be stolen or faked. Kingledion mention degrading clocks, I propose Biometrics. (They can be combined as well)

Specifically some type of behavioral biometrics. Keystroke dynamics work well and can be done in the background without the agent's knowledge. They just type a passphrase.

In short, keystroke biometrics works because people have millisecond differences between key-down and key-up, as well as key-up and key-down for the next key. Which is enough to reliably identify someone. Especially for a passphrase, which is mostly muscle memory, it is practically impossible for a person to reliably learn and imitate the pattern of a passphrase. (A machine can, if you need to circumvent it...)

While biological biometrics (fingerprint, iris, etc.) are more or less fixed, behavioral biometrics (typing pattern, gait, etc.) can change over time. That is, as the agent ages. It is therefore irrelevant if the agent travel back in time, as he will still be older, and his typing pattern will correspond to an older agent. It works as follows.

When the agent goes rogue, you simply invalidate his latest pattern. All previous patterns are still valid, because it is not feasible for the agent to change his typing pattern for any of the previous passwords to match the valid patterns. He also wouldn't know that there is a pattern to typing it. Which means any younger agent will be unaffected for all points in time, and the older agent is detected at all points in time.

You're still gonna face paradoxes such as older agent convincing younger agent to go rogue, or kill his younger self, but that's an issue with all time travel.

You cannot simply time travel from space-time A to space-time B you first have to time travel to the check-in-space-time C inside the headquarters, where time travelers have to check-in in real time. That means that every time traveler can time travel it's self only towards the check-in-space-time. When time-travelers arrive there, they arrive in a queue that is in continuous time and are served in sequence. After he/she is checked and everything is ok, then he/is sent to it's original destination.

If someones access is revoked for any reason, it is communicated to the check-in-space-time where it takes effect immediately. Then, if this person arrives in the check-in-space-time after the access revocation, he/she will be checked if he/she is the person before or after the access revocation, since they would know which space-time you are coming from, and handled accordingly.

With some proper bureaucracy and planning, access tokens and passwords can be very effective since you can really manage your agents to not have overlapping timelines and go rogue very easily.