Method and apparatus for privacy of traffic behavior on a shared medium network

US 5,442,702 A
Filed: 11/30/1993
Issued: 08/15/1995
Est. Priority Date: 11/30/1993
Status: Expired due to Term

First Claim

Patent Images

1. A circuit for the generation and validation of new encryption patterns for the transmission of data cells and commands on a shared medium network having a line termination transmitting the data cells and commands, and a plurality of network terminations, each transmitted data cell or command containing encrypted address information of its destination network termination, the address information being the destination network termination address plus additional identifier bits, and a different encryption pattern being used for each destination network termination, the circuit comprising;

a microprocessing unit for performing the generating and verifying of the new encryption patterns; and

a memory device for storing and retrieval of active encryption pattern information, the memory device being connected to the processing unit, wherein the processing unit generates a new encryption pattern for a particular network termination which is verified by sequentially processing it with each of the active encryption patterns to detect for potential misdeliveries, and storing it in a respective location of the memory device if a potential misdelivery condition is not detected in each of the processing results, and generating a new encryption pattern to be verified if any of the processing results indicate potential misdeliveries.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a telecommunication network utilizing a passive optical network connecting a plurality of network terminations to a local exchange. Information cells and commands are transmitted on the network by the local exchange to all the network terminations. The information cells and commands contain routing address information for the particular network termination to which the information cell or command is destined. The address information contains the address of the destination network termination and additional identifier bits to facilitate encryption of the address information for security and privacy of traffic behavior without producing misdelivery occurrences. In addition, a system for repeatedly changing encryption patterns for the network terminations which detects misdelivery conditions is provided.

57 Citations

View as Search Results

39 Claims

1. A circuit for the generation and validation of new encryption patterns for the transmission of data cells and commands on a shared medium network having a line termination transmitting the data cells and commands, and a plurality of network terminations, each transmitted data cell or command containing encrypted address information of its destination network termination, the address information being the destination network termination address plus additional identifier bits, and a different encryption pattern being used for each destination network termination, the circuit comprising;
- a microprocessing unit for performing the generating and verifying of the new encryption patterns; and
  
  a memory device for storing and retrieval of active encryption pattern information, the memory device being connected to the processing unit, wherein the processing unit generates a new encryption pattern for a particular network termination which is verified by sequentially processing it with each of the active encryption patterns to detect for potential misdeliveries, and storing it in a respective location of the memory device if a potential misdelivery condition is not detected in each of the processing results, and generating a new encryption pattern to be verified if any of the processing results indicate potential misdeliveries.
- View Dependent Claims (2, 3)
- - 2. The circuit of claim 1, further comprising:
    - a pseudo-random number generator being connected to the processing unit for generating the new encryption patterns.
  - 3. The circuit of claim 1, wherein a format of the memory table having the encryption patterns at memory address locations corresponding to the addresses of the respective network terminations.

4. A method of generating and evaluating pseudo-random encryption patterns for encrypting destination address information contained in data cells or commands on a shared medium network, the network having a line termination and a plurality of network terminations, the method comprising:
- generating a new pseudo-random encryption pattern for the address information of data cells or commands destined for a particular network termination, the address information containing the destination network termination address and additional identifier bits;
  
  generating a sum for each encrypted address information for data cells or commands destined for the other network terminations by adding, using modulo 2 addition, the encrypted address information for the other network terminations with a portion of the new encryption pattern used for encrypting the address information; and
  
  comparing each sum with the address of the particular network termination for which the new encryption pattern is generated, wherein if all sums are not equal to the address of the particular network termination for which the pattern was generated, then the new encryption pattern is valid and may be used in the network.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The method of claim 4, further comprising:
    - notifying the particular network termination of the new encryption pattern which has been generated and determined valid for use of encrypting the address information for data cells and commands destined to that network termination.
  - 6. The method of claim 4, further comprising:
    - storing the encryption patterns for the network termination in a memory device.
  - 7. The method of claim 4, wherein the method is repeatedly sequentially performed to generate and evaluate new encryption patterns corresponding to each network termination in the network.
  - 8. The method of claim 4, wherein the method is repeatedly randomly performed to generate new encryption patterns corresponding to each network termination in the network.
  - 9. The method of claim 4, further comprising:
    - ranking each network termination based on the required level of security wherein new encryption patterns will be generated and tested more frequently for the network terminating requiring a higher level of security than those requiring a lesser level of security.

10. A method for transmitting data cells from a line termination to a plurality of network terminations over a shared medium network having privacy of traffic behavior, each network termination having a unique address, the method comprising:
- combining identifier bits with destination address information for each data cell to form a corresponding expanded address;
  
  inserting the expanded address into the destination address field of the corresponding data cell;
  
  encrypting the expanded address using a particular encryption pattern corresponding to the destination network termination;
  
  transmitting the data cell on the shared medium network, each network termination receiving the data cell transmitted on the network;
  
  processing the encrypted expanded address of the data cell with a particular decryption pattern corresponding to a network termination to form a processed address, each network termination performing such processing on the received data cell; and
  
  verifying whether identifier bits of the processed address are proper if a destination address of the processed address corresponds to the network termination address.
- View Dependent Claims (11, 12, 20, 21, 22)
- - 11. The method of claim 10, wherein the identifier bits correspond to particular bits of the destination network termination address.
  - 12. The method of claim 10, wherein the identifier bits are derived from the destination network termination address.
  - 20. The method of claim 10, further comprising the steps of:
    - updating the encryption pattern and corresponding decryption pattern for each network termination address; and
      
      providing the updated decryption patterns to the respective network terminations.
  - 21. The method of claim 20, wherein the steps of updating and providing the decryption patterns to the network terminations is performed periodically.
  - 22. The method of claim 20, wherein the steps of updating and providing the decryption patterns to the network terminations is performed randomly.

13. A shared-medium network having privacy of traffic behavior comprising:
- a line termination having a processing unit connected to a memory device, wherein the line termination is operable to transmit data cells and to combine identifier bits with a destination address to form an expanded address, and insert the expanded address into an address field of each data cell to be transmitted and encrypt the expanded address using a particular encryption pattern corresponding to a destination network termination, and;
  
  a shared medium network operably connected to the line termination processing unit; and
  
  a plurality of network terminations connected to the network, each network termination having a processing unit connected to a memory device, the processing unit being operably connected to the network, each network termination having a unique address, wherein each network termination processing unit is operable to process the encrypted expanded addresses of each data cell received from the network with a decryption pattern corresponding to the network termination address, and to verify that identifier bits of the processed address are proper if a destination address of the processed address corresponds to the network termination address.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The network of claim 13, wherein the identifier bits correspond to particular bits in the destination network termination address.
  - 15. The network of claim 13, wherein the identifier bits are derived from the destination network termination address.
  - 16. The network of claim 13, wherein the shared-medium network is a optical network.
  - 17. The network of claim 16, wherein the passive optical network has a tree-and-branch topology.
  - 18. The network of claim 13, wherein the data cells are asynchronous transfer mode cells.
  - 19. The network of claim 13, wherein the data cells contain commands giving authority to the particular destination network termination to transmit data to the line termination.

23. A method for transmitting data cells to a plurality of network terminations over a shared medium network, wherein each network termination has a unique address, the method comprising:
- combining identifier bits with destination address information for each data cell to form a corresponding expanded address;
  
  inserting the expanded address into a destination address field of the corresponding data cell;
  
  encrypting the address field using a particular encryption pattern corresponding to the destination address; and
  
  transmitting the data cell with encrypted address field on the shared medium network.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The method of claim 23, wherein the identifier bits correspond to particular bits of the destination network termination address.
  - 25. The method of claim 24, wherein the identifier bits are derived from the destination network termination address.
  - 26. The method of claim 23, further comprising the step of updating the encryption pattern for each network termination address.
  - 27. The method of claim 26, wherein the step of updating the encryption patterns is performed periodically.
  - 28. The method of claim 26, wherein the step of updating the encryption patterns is performed randomly.
  - 29. The method of claim 26, further comprising the step of notifying each of the network terminations of an updated decryption pattern corresponding to the respective updated encryption pattern.

30. A method for a network termination for receiving data cells transmitted over a shared medium network to provide privacy of traffic behavior and prevent misdeliveries, each network termination being connected to the network and having a unique address, each transmitted data cell having an address field containing an expanded destination address, the expanded destination address including a particular destination network termination address combined with identifier bits based on the destination address, the address field of each data cell being encrypted using an encryption pattern corresponding to the destination address, the method comprising:
- processing the expanded encrypted address of the data cell with a particular decryption pattern corresponding to the respective network termination to form a processed address; and
  
  verifying whether identifier bits of the processed address are proper if a destination address of the processed address corresponds to the network termination address.
- View Dependent Claims (31, 32)
- - 31. The method of claim 30, wherein the identifier bits are derived from the destination network termination address.
  - 32. The method of claim 30, further comprising:
    - providing the data cell to a customer premises network connected to the network termination if the identifier bits are determined to be proper in the verifying step.

33. A line termination circuit for transmitting data cells to a plurality of network terminations over a shared medium network having privacy of traffic behavior, each network termination having a unique address, the circuit comprising:
- a processing unit; and
  
  a memory device connected to the processing unit, wherein the processing unit is operable to;
  
  combine identifier bits with the destination address for each data cell to form a corresponding expanded address, wherein the identifier bits facilitate verification of the destination address when decrypted,insert the expanded address into an address field of the corresponding data cell,encrypt the address field using a particular encryption pattern corresponding to the destination network termination, andtransmit the data cell with encrypted address field on the shared medium network.
- View Dependent Claims (34, 35, 36)
- - 34. The circuit of claim 33, wherein the encryption patterns for the network terminations are stored in the memory device.
  - 35. The circuit of claim 33, wherein the processing unit is further operable to update the encryption patterns.
  - 36. The circuit of claim 35, wherein the processing unit is further operable to notify each of the network terminations of an updated decryption pattern corresponding to the respective updated encryption pattern.

37. A network termination circuit for receiving data cells from a shared medium network, wherein each transmitted data cell contains encrypted expanded address information of a destination network termination, the expanded address information including the destination network termination address combined with identifier bits corresponding to the destination address, the expanded address information being encrypted by an encryption pattern corresponding to the destination network termination, the circuit comprising:
- a processing unit; and
  
  a memory device connected to the processing unit, wherein the processing unit is operable to;
  
  process the encrypted expanded address of each received data cell with a particular decryption pattern corresponding to the network termination address to form a processed address, andverify whether identifier bits of the processed address are proper if a destination address of the processed address corresponds to the network termination address.
- View Dependent Claims (38, 39)
- - 38. The circuit of claim 37, wherein the decryption pattern is stored in the memory device.
  - 39. The circuit of claim 38, wherein the processing unit is further operable to receive updated decryption patterns and store the updated decryption patterns in the memory device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Telephone & Telegraph Company (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Verbeek, Robert J. M., van Ooijen, Gijsbertus G.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/159,348
Time in Patent Office

623 Days
Field of Search

380/21, 380/46, 380/34, 380/23, 380/49
US Class Current

713/162
CPC Class Codes

H04L 2012/561   Star, e.g. cross-connect, c...

H04L 2012/5673   Coding or scrambling

H04L 2012/5687   Security aspects

H04Q 11/0478   Provisions for broadband co...

H04Q 3/0016   Arrangements providing conn...

Method and apparatus for privacy of traffic behavior on a shared medium network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

39 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for privacy of traffic behavior on a shared medium network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

39 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others