The question was asked by a Russian ham:

Do we have a procedure to implement this feature (air interface authentication) in D-Star?
For radio digital protocol it should not be difficult technically.

There is nothing in the protocol to support authentication, it only provides identification.  Current generation radios implement the standard and that standard has no mechanism for authentication.  Authentication would have to be an add on application and for current radios, that would mean some form of external device to handle the authentication mechanism.  Any true authentication would have to have an irrefutable token, probably some public/private key mechanism with distribution of keys to licensees off the air (e.g. via secure Internet transfer).  In some countries it may be problematic to use such an authentication system since it might include an encrypted token between radios and some countries forbid encryption on RF, though this might be considered a control signal.  Such a system also would be fairly impractical because of database size and updates for mobile stations.

You can’t depend on a network based authentication service as such an extension would, by definition, have to support simplex transmissions off the network.

For most of us, there is no need for such a system as this is amateur radio, a hobby, and largely self policed.  There are regulations that can support prosecution of those who choose to abuse the hobby.  For example, in the US it would be very easy to say that anything other than the operator’s station callsign in the “MYCALL” field of a D-STAR signal would be a false identification, which is expressly forbidden in the US Regulations  97.113a(4) “…messages encoded for the purpose of obscuring their meaning, except as otherwise provided herein; obscene or indecent words or language; or false or deceptive messages, signals or identification;” …  There will always be callsign pirates and those who do not identify at all, and weak authentication just will encourage increased anti-social behavior.

At the repeater/gateway level, it would be fairly easy to filter out calls that don’t have recognized callsigns.  This should probably be implemented.  I have written a regex (Regular Expression) filter that is pretty effective in finding patterns that look like amateur callsigns or one could implement a filter that checks a database of callsigns (such as the G1/G2 registration system), but none of these prevent pirates.  One hazard of such a filter is bit loss in the address fields creating an unrecognizable callsign, which would be rejected for an otherwise legitimate transmission, with no feedback to the transmitting operator who may speak for an extended period.

The Callsign Regex

^[A-Z0-9]{1}[A-Z0-9]{0,1}[0-9]{1}[A-Z ]{4,8}[A-Z 0-9]{0,1}$

I support a no pre-registration approach. A new user should be able to buy a radio, program MYCALL, and get on the network from RF (network connected devices are another story).  This means either the filter has rules of what a MYCALL should look like, or have automatic lookup of any and all callsigns issued — pretty easy to do in countries like the US where the license database is a public record and freely distributed (with daily updates) but may be nearly impossible in countries where such data is not freely and regularly available.

So “technically” solutions could be derived, but from a regulatory, D-STAR standard extension, and pragmatic point of view, this may be very difficult.