Method and apparatus for privacy of traffic behavior on a shared medium network
First Claim
1. A circuit for the generation and validation of new encryption patterns for the transmission of data cells and commands on a shared medium network having a line termination transmitting the data cells and commands, and a plurality of network terminations, each transmitted data cell or command containing encrypted address information of its destination network termination, the address information being the destination network termination address plus additional identifier bits, and a different encryption pattern being used for each destination network termination, the circuit comprising;
- a microprocessing unit for performing the generating and verifying of the new encryption patterns; and
a memory device for storing and retrieval of active encryption pattern information, the memory device being connected to the processing unit, wherein the processing unit generates a new encryption pattern for a particular network termination which is verified by sequentially processing it with each of the active encryption patterns to detect for potential misdeliveries, and storing it in a respective location of the memory device if a potential misdelivery condition is not detected in each of the processing results, and generating a new encryption pattern to be verified if any of the processing results indicate potential misdeliveries.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a telecommunication network utilizing a passive optical network connecting a plurality of network terminations to a local exchange. Information cells and commands are transmitted on the network by the local exchange to all the network terminations. The information cells and commands contain routing address information for the particular network termination to which the information cell or command is destined. The address information contains the address of the destination network termination and additional identifier bits to facilitate encryption of the address information for security and privacy of traffic behavior without producing misdelivery occurrences. In addition, a system for repeatedly changing encryption patterns for the network terminations which detects misdelivery conditions is provided.
57 Citations
39 Claims
-
1. A circuit for the generation and validation of new encryption patterns for the transmission of data cells and commands on a shared medium network having a line termination transmitting the data cells and commands, and a plurality of network terminations, each transmitted data cell or command containing encrypted address information of its destination network termination, the address information being the destination network termination address plus additional identifier bits, and a different encryption pattern being used for each destination network termination, the circuit comprising;
-
a microprocessing unit for performing the generating and verifying of the new encryption patterns; and a memory device for storing and retrieval of active encryption pattern information, the memory device being connected to the processing unit, wherein the processing unit generates a new encryption pattern for a particular network termination which is verified by sequentially processing it with each of the active encryption patterns to detect for potential misdeliveries, and storing it in a respective location of the memory device if a potential misdelivery condition is not detected in each of the processing results, and generating a new encryption pattern to be verified if any of the processing results indicate potential misdeliveries. - View Dependent Claims (2, 3)
-
-
4. A method of generating and evaluating pseudo-random encryption patterns for encrypting destination address information contained in data cells or commands on a shared medium network, the network having a line termination and a plurality of network terminations, the method comprising:
-
generating a new pseudo-random encryption pattern for the address information of data cells or commands destined for a particular network termination, the address information containing the destination network termination address and additional identifier bits; generating a sum for each encrypted address information for data cells or commands destined for the other network terminations by adding, using modulo 2 addition, the encrypted address information for the other network terminations with a portion of the new encryption pattern used for encrypting the address information; and comparing each sum with the address of the particular network termination for which the new encryption pattern is generated, wherein if all sums are not equal to the address of the particular network termination for which the pattern was generated, then the new encryption pattern is valid and may be used in the network. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A method for transmitting data cells from a line termination to a plurality of network terminations over a shared medium network having privacy of traffic behavior, each network termination having a unique address, the method comprising:
-
combining identifier bits with destination address information for each data cell to form a corresponding expanded address; inserting the expanded address into the destination address field of the corresponding data cell; encrypting the expanded address using a particular encryption pattern corresponding to the destination network termination; transmitting the data cell on the shared medium network, each network termination receiving the data cell transmitted on the network; processing the encrypted expanded address of the data cell with a particular decryption pattern corresponding to a network termination to form a processed address, each network termination performing such processing on the received data cell; and verifying whether identifier bits of the processed address are proper if a destination address of the processed address corresponds to the network termination address. - View Dependent Claims (11, 12, 20, 21, 22)
-
-
13. A shared-medium network having privacy of traffic behavior comprising:
-
a line termination having a processing unit connected to a memory device, wherein the line termination is operable to transmit data cells and to combine identifier bits with a destination address to form an expanded address, and insert the expanded address into an address field of each data cell to be transmitted and encrypt the expanded address using a particular encryption pattern corresponding to a destination network termination, and; a shared medium network operably connected to the line termination processing unit; and a plurality of network terminations connected to the network, each network termination having a processing unit connected to a memory device, the processing unit being operably connected to the network, each network termination having a unique address, wherein each network termination processing unit is operable to process the encrypted expanded addresses of each data cell received from the network with a decryption pattern corresponding to the network termination address, and to verify that identifier bits of the processed address are proper if a destination address of the processed address corresponds to the network termination address. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
23. A method for transmitting data cells to a plurality of network terminations over a shared medium network, wherein each network termination has a unique address, the method comprising:
-
combining identifier bits with destination address information for each data cell to form a corresponding expanded address; inserting the expanded address into a destination address field of the corresponding data cell; encrypting the address field using a particular encryption pattern corresponding to the destination address; and transmitting the data cell with encrypted address field on the shared medium network. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
-
30. A method for a network termination for receiving data cells transmitted over a shared medium network to provide privacy of traffic behavior and prevent misdeliveries, each network termination being connected to the network and having a unique address, each transmitted data cell having an address field containing an expanded destination address, the expanded destination address including a particular destination network termination address combined with identifier bits based on the destination address, the address field of each data cell being encrypted using an encryption pattern corresponding to the destination address, the method comprising:
-
processing the expanded encrypted address of the data cell with a particular decryption pattern corresponding to the respective network termination to form a processed address; and verifying whether identifier bits of the processed address are proper if a destination address of the processed address corresponds to the network termination address. - View Dependent Claims (31, 32)
-
-
33. A line termination circuit for transmitting data cells to a plurality of network terminations over a shared medium network having privacy of traffic behavior, each network termination having a unique address, the circuit comprising:
-
a processing unit; and a memory device connected to the processing unit, wherein the processing unit is operable to; combine identifier bits with the destination address for each data cell to form a corresponding expanded address, wherein the identifier bits facilitate verification of the destination address when decrypted, insert the expanded address into an address field of the corresponding data cell, encrypt the address field using a particular encryption pattern corresponding to the destination network termination, and transmit the data cell with encrypted address field on the shared medium network. - View Dependent Claims (34, 35, 36)
-
-
37. A network termination circuit for receiving data cells from a shared medium network, wherein each transmitted data cell contains encrypted expanded address information of a destination network termination, the expanded address information including the destination network termination address combined with identifier bits corresponding to the destination address, the expanded address information being encrypted by an encryption pattern corresponding to the destination network termination, the circuit comprising:
-
a processing unit; and a memory device connected to the processing unit, wherein the processing unit is operable to; process the encrypted expanded address of each received data cell with a particular decryption pattern corresponding to the network termination address to form a processed address, and verify whether identifier bits of the processed address are proper if a destination address of the processed address corresponds to the network termination address. - View Dependent Claims (38, 39)
-
Specification