Network message security method and apparatus

US 5,305,385 A
Filed: 11/25/1992
Issued: 04/19/1994
Est. Priority Date: 10/15/1991
Status: Expired due to Term

First Claim

Patent Images

1. In a local area network having a plurality of input/output devices coupled to a multiport repeater, a method for securing data on the network comprising the steps of:

receiving at the repeater a data frame having a data field and a frame check sequence field; and

replacing a content of said data field with a substitute bit pattern to form a secured data field.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system for local area networks (LAN) to prevent eavesdropping of or to control access to LAN traffic at repeater or concentrator ports. The security system determines which repeater ports are to have security activated according to a given set of criteria. For ports with security activated, the contents of the data field of data frame transmitted from the repeater port to the local device are replaced with an arbitrary bit pattern.

59 Citations

View as Search Results

27 Claims

1. In a local area network having a plurality of input/output devices coupled to a multiport repeater, a method for securing data on the network comprising the steps of:
- receiving at the repeater a data frame having a data field and a frame check sequence field; and
  
  replacing a content of said data field with a substitute bit pattern to form a secured data field.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17, 18)
- - 2. The method for securing data of claim 1, further comprising the step of replacing said content of said data field with said substitute bit pattern on all frames transmitted out a given port.
  - 3. The method for securing data of claim 1, further comprising the step of transmitting said secured data frame to a given port.
  - 4. The method for securing data of claim 1, wherein said data frame includes a destination address field and further comprising the step of:
    - examining said destination address field to determine if said data field is to be secured.
  - 5. The method for securing data of claim 1, wherein said data frame includes a source address field and further comprising the step of:
    - examining said source address field to determine if said data field is to be secured.
  - 6. The method for securing data of claim 1, further comprising the steps of examining a repeater port identification at which said data frame was received to determine if said data field is to be secured.
  - 7. The method for securing data of claim 1, further comprising the step of faithfully transmitting unsecured data frames.
  - 8. The method for securing data of claim 1, further comprising the step of examining a first bit after a start frame delimiter of said data frame to determine if said data field is to be secured.
  - 17. The method for securing data of claim 1, further comprising the step of examining a characteristic of said data frame to determine if said data frame is to be secured.
  - 18. The method for securing data of claim 1, wherein said step of replacing a content of a data field further comprises the step of:
    - cryptographically replacing the content of said data field.

9. In a local area network having a plurality of input/output devices coupled to a multiport repeater, a repeater structure for securing data on the local area network comprising:
- means for replacing a content of a data field of a data frame received at said repeater with a substitute bit pattern to form a secured data field.
- View Dependent Claims (10)
- - 10. The repeater structure of claim 9, further comprising:
    - means, coupled to an input of said repeater, for identifying a given one of a plurality of data frames received at said repeater to be secured; and
      
      means, coupled to said means for identifying and to said means for replacing a content of said data field, for activating said means for replacing a content of said data field.

11. In a local area network having a plurality of input/output devices coupled to a multiport repeater, a repeater structure for securing data on the local area network comprising:
- means for replacing a content of a data field of a data frame received at said repeater with a substitute bit pattern to form a secured data field;
  
  a security selection logic circuit, coupled to a local area network management system, to said means for replacing a content of a data field and to a receive port of said repeater, having;
  
  (i) means for identifying given ones of a plurality of data frames received at said receive port to be secured; and
  
  (ii) means for activating said means for replacing.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The repeater structure of claim 11, further comprising a means for replacing, with said substitute bit pattern, a remaining content of said data frame located after a frame check sequence field.
  - 13. The repeater structure of claim 11, wherein said means for replacing a content of a data field comprises:
    - a bit pattern generator; and
      
      a multiplexer, having an input coupled to said bit pattern generator, to said security selection logic circuit and to an encoder of said repeater, and having an output coupled to a transmit port of said repeater.
  - 14. The repeater structure of claim 11, wherein said means for replacing a content of a data field is disposed between an encoder of said repeater and a transmit port of said repeater.
  - 15. The repeater structure of claim 11, wherein said means for replacing a content of a data field is disposed between a decoder of said repeater and an elasticity buffer of said repeater.
  - 16. The repeater structure of claim 11, wherein said means for replacing a content of a data field is disposed between an elasticity buffer of said repeater and an encoder of said repeater.

19. A secure repeater for use in a local area data network that utilizes data frames of preset format having in a predetermined position in the frame a destination address segment, the repeater including:
- means for receiving incoming data frames and for retransmitting data frames during a time interval that begins before a complete frame of data has been received;
  
  means for storing identifications for transmitting/receiving devices connected to the repeater;
  
  means for reading at least one portion of the destination address segment of each incoming data frame and comparing the portion so read with the identification to determine whether the frame is permitted; and
  
  means for corrupting the frame in retransmission to predetermined ones of the transmitting/receiving devices if the frame is not permitted.
- View Dependent Claims (20, 21, 22, 23)
- - 20. A repeater, as claimed in claim 19, wherein the data frames include a source address segment, the repeater including means for reading and comparing both the destination address segment and the said source address segment of the incoming frame.
  - 21. A repeater, as claimed in claim 19, wherein the said means for corrupting the data frame comprises means for overwriting said data frame with a series of binary digits selected from all 1'"'"'s, all 0'"'"'s, cyclically repeated sequences and pseudo-random sequences.
  - 22. A repeater, as claimed in claim 19, wherein the said means for corrupting the data frame comprises an encrypting means.
  - 23. A repeater, as claimed in claim 19, wherein the said identifications are established on the basis of the identity of equipment connected to ports of the repeater.

24. Apparatus having a number of ports coupled to a plurality of data transmitting/receiving devices to communicate data received at one of the number of ports from a sending one of the plurality of data transmitting/receiving devices for retransmission from the other of the number of ports to other, including a receiving one, of the plurality of data transmitting/receiving devices, the apparatus including structure for securing the data, comprising:
- means for examining the data;
  
  means, coupled to the examining means, for determining which of the other of the number of ports are selected to retransmit the data; and
  
  means coupled to the determining means for replacing a portion of the data communicated from the other of the number of ports not selected to retransmit the data.
- View Dependent Claims (25, 26, 27)
- - 25. The apparatus of claim 24, wherein the data includes identification of the receiving one of the plurality of data transmitting/receiving devices, the determining means operating in response to the identification of the receiving one of the plurality of data transmitting/receiving devices for determining which of the other of the number of ports are selected to retransmit the data.
  - 26. The apparatus of claim 24, wherein the data includes identification of the sending one of the plurality of data transmitting/receiving devices, the determining means operating in response to the identification of the sending one of the plurality of data transmiting/receiving devices for determining which of the other of the number of ports are selected to retransmit the data.
  - 27. The apparatus of claim 24, the apparatus having means identifying the one of the number of ports to the determining means, the determining means operating in response to the identification of the one of the number of ports to determine which of the other of the number of ports are selected to transmit the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Newbridge Networks Corporation (Nokia Corporation)
Original Assignee
Ungermann-Bass, Inc. (HP Inc.)
Inventors
Tavana, Sadredin, Schanning, Brian, Archambault, Steven E., Hayssen, Carl G. III
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/982,217
Time in Patent Office

510 Days
Field of Search

380/23, 380/25, 380/49, 380/50, 375/3
US Class Current

726/13
CPC Class Codes

H04L 63/1441 Countermeasures against mal...

Network message security method and apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Network message security method and apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links