Patent
1995-04-19
1997-06-10
Lee, Thomas C.
39520021, H04J 302, H04L 1242, H04L 1246
Patent
active
056385129
DESCRIPTION:
BRIEF SUMMARY
2. Field of the Invention
This invention relates to computer communication networks, and more particularly to a system for providing secure communications between devices connected to a ring network.
3. Description of Related Art
As computers become increasingly relied upon to perform diverse functions, the necessity to share information and resources between computers is also increasing. Computer networks are a common means for accomplishing the necessary interconnection between computers which allow such sharing to take place. Computer networks allow one computer or terminal (a "node") to pass information to another computer or terminal ("node") for the purpose of performing operations for which the receiving node is more appropriate. Additionally, information may be passed from local nodes to central processing and storage centers. An example of such a network is the automatic teller machines (ATMs) installed at many banks today.
One of the biggest concerns of managers of such networks, after network operational availability ("uptime"), is ensuring the security of the network, i.e., protecting the network from intentional penetration by unauthorized users. There are many ways to provide security for networks. The effectiveness of most of these security means depends upon the configuration of the particular network to be secured. One known means for securing a network is to provide end-to-end encryption. Such end-to-end encryption requires each message that is transmitted from one node on the network to another node on the network to be encrypted such that only authorized nodes can send and receive messages. The receiving node, upon receipt of an encrypted message, must decode the message based upon the encoding method used. However, use of such an end-to-end encryption scheme is costly, difficult to manage, and slow. A preferred method is to have the network provide the security means.
Networks often comprise multiple subnetworks having bridges and routers interconnecting them. Security can be added to the bridges and routers such that they do not allow unauthorized traffic onto a network. However, this does not prevent a node from receiving messages that are not intended for that node. The problem of preventing unauthorized nodes from receiving messages intended only for authorized nodes is a substantial one, since "snooping" using an unauthorized node could reveal very sensitive information, including user passwords and file contents being transferred across the network. For example, a disgruntled employee who legitimately has access to the network may gain much greater access than necessary. This could unnecessarily jeopardize highly sensitive information. This problem is exacerbated by the ease with which network analyzers and other low-cost network monitoring devices can be obtained and connected to networks having hubs with ports which interconnect subnetworks of nodes within the network. Connection of such network monitoring devices permits an intruder to monitor the traffic on the network and decode the higher layer protocols (usually available from the analyzer). This would allow an intruder, for example, to do such things as monitor specific conversations between users and hosts as users log-on, revealing to the intruder the users' passwords and other information necessary to log-on to hosts.
An approach to the security problem which is less cumbersome than end-to-end encryption is implemented in bussed network configurations, such as Ethernet.
FIG. 1 illustrates the configuration of a typical bussed network. All incoming data from any port 101 of the hub 100 that is transmitting is put onto the hub bus 102 in the form of frames, and then broadcast out to all the ports 101 on port busses 105. To provide security, a "thrasher" circuit 103 is inserted between the hub's bus 102 and each port 101. The hub 100 determines the address(es) of the nodes 104 on a particular port 101a. When a frame is to be transmitted out onto that port 101a, the thrasher circuit 103a coupled to that port compares the d
REFERENCES:
patent: 4160120 (1979-07-01), Barnes et al.
patent: 4341925 (1982-07-01), Doland
patent: 4386416 (1983-05-01), Gilner et al.
patent: 5161192 (1992-11-01), Carter et al.
patent: 5177788 (1993-01-01), Schanning et al.
patent: 5235644 (1993-08-01), Gupta et al.
patent: 5251203 (1993-10-01), Thompson
patent: 5329623 (1994-07-01), Smith et al.
patent: 5371852 (1994-12-01), Attanasio et al.
patent: 5495580 (1996-02-01), Osman
Ruth Nelson "End-to-End Encryption at the network layer", Computer Sercurity Apllication Conference, 1989, p.28.
Osman Fazil
Perloff Ronald
Dinh D.
Lee Thomas C.
XLNT Designs, Inc.
LandOfFree
Ring network security system with encoding of data entering a su does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Ring network security system with encoding of data entering a su, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Ring network security system with encoding of data entering a su will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-772146