Security system for a network concentrator
First Claim
1. A secure communication network comprising:
- a plurality of end stations;
a plurality of end station link means for providing a communication path to and from each of said plurality of said end stations;
concentrator means for connecting said plurality of end station link means and for transferring data packets between said plurality of end stations, said concentrator means having a plurality of ports, each of said plurality of ports having a unique affiliated port address, each of said plurality of ports being affiliated with a specific one of said plurality of end stations and end station link means said concentrator means receiving a data packet from one end station of said plurality of end stations through an affiliated port of said one end station, and then transmitting the data packet through affiliated ports of other end stations to said other end stations, the data packet having a destination address, a source address and a data portion; and
a plurality of security means for cyphering and decyphering said data packet passing into and out of each of said ports based on a comparison of said destination address and said source address with said affiliated port address of said each port, each of said plurality of said security means being affiliated with a port of said concentrator.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing secure communication on open networks. Each port of the network is provided with a security entity which monitors the communication between one port to the other. End stations connected to the ports communicate with other end stations by transmitting data to the port and receiving data from the port. The data is sent out in data packets with a destination address and a source address. Each port has its own unique address. The security entity checks data packets coming into the port for a destination address. The destination address of incoming data packets is compared with the port address of the affiliated port. Also, outgoing data packets from an end station to a port are also monitored by the security entity. The security entity compares the destination and source address of the data packet with the affiliated port address. The security entity cyphers and decyphers a data portion of the data packet depending on whether or not the source address, destination address and port address match. In this way, end stations not destined to read the data portions are thus prevented from doing so. Also end stations which are not authorized to transmit onto the network are prevented from having any users on the network understand their data.
274 Citations
15 Claims
-
1. A secure communication network comprising:
-
a plurality of end stations; a plurality of end station link means for providing a communication path to and from each of said plurality of said end stations; concentrator means for connecting said plurality of end station link means and for transferring data packets between said plurality of end stations, said concentrator means having a plurality of ports, each of said plurality of ports having a unique affiliated port address, each of said plurality of ports being affiliated with a specific one of said plurality of end stations and end station link means said concentrator means receiving a data packet from one end station of said plurality of end stations through an affiliated port of said one end station, and then transmitting the data packet through affiliated ports of other end stations to said other end stations, the data packet having a destination address, a source address and a data portion; and a plurality of security means for cyphering and decyphering said data packet passing into and out of each of said ports based on a comparison of said destination address and said source address with said affiliated port address of said each port, each of said plurality of said security means being affiliated with a port of said concentrator. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A secured network communication method comprising the steps of:
-
providing a plurality of end stations; connecting each of said end stations to an affiliated port of a plurality of ports of a concentrator, assigning each of said plurality of ports a unique affiliated port address; communicating between said plurality of end stations by passing data packets from one of said plurality of end stations through an affiliated port of said one end station, and then transmitted a data packet through affiliated ports of other end stations to said other end stations; assigning each of said data packets a destination address and a source address; and cyphering and decyphering said data packets passing into and out of each of said ports based on a comparison of said destination address and said source address with said affiliated port address of said each port. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
Specification