Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
1998-09-15
2002-10-22
Chin, Wellington (Department: 2664)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C370S397000, C713S153000, C713S152000, C380S255000, C380S042000
Reexamination Certificate
active
06470015
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a system for preventing an illegal interception of information (data information, image information and voice information) in an ATM (Asynchronous Transfer Mode) communication network where the information is transferred as segmented ATM cells.
2. Prior Art
In recent years, an ATM system has been adopted as a digital information transferring system for a B-ISDN (Broadband Integrated Service Digital Network) that is a public network and a LAN (Local Area Network). According to the ATM system, all pieces of communication information having different bandwidth are segmented into cells each having a fixed length (53 octets) and these cells are transferred in mixture through a transmission path by hardware switching. The communication network utilizing the ATM system described above is referred to as an ATM network.
According to the ATM system described above, a large quantity of digital information transferred and switched at a high speed, and consequently the damages caused by wiretap become enormous. Therefore, a variety of methods of preventing the wiretap in the ATM network have been proposed.
FIG. 43
shows one example of those methods.
Referring to
FIG. 43
, an ATM network
720
is constructed of a multiplicity of ATM network devices connected to each other via physical lines. ATM nodes
700
,
740
are individually connected to two units of ATM network devices
710
,
730
. User terminals (not shown) are further respectively connected to these ATM nodes
700
,
740
.
In the case of transmitting information due to a call set between the user terminals, the ATM node
700
at the transmission side divides the information from the user terminal to store the information in a multiplicity of ATM cells. The ATM node
700
transmits the ATM cells towards the ATM network device
710
in a first-in first-out order.
In the ATM network device
710
, a transmission path control unit
711
receives the ATM cells transmitted from the ATM node
700
. An ATM switch control unit
714
identifies an ATM virtual channel allocated to the call to which the ATM cell concerned belongs on the basis of a VPI (Virtual Path Identifier)/VCI (Virtual Channel Identifier) written to the header of the ATM cell received by the transmission path control unit
711
, and controls an ATM switch unit
712
in order to send the same ATM cell along the identified ATM virtual channel (writes routing information to the header of the ATM cell concerned so as to be outputted from a desired port within the ATM switch unit
712
, and rewrites the VPI/VCI of the ATM cell concerned in an outgoing-side transmission path control unit
713
). ATM switch control data
717
stored in a storage device
716
is referred to by the ATM switch control unit
714
when controlling this switching process.
In a receiving-side ATM network device
730
, as a transmission path control unit
731
receives the ATM cell from the ATM network device
710
, an ATM switch control unit
734
controls an ATM switch unit
732
to transfer the ATM cells towards the receiving-side ATM node
740
.
Incidentally, an output buffer random control unit
715
of the transmitting-side ATM network device
710
, if the ATM cell received by the transmission path control unit
711
belongs to a wiretap prevention call, allocates this wiretap prevention call to the plurality of unused ATM virtual channels shown by dotted line in
FIG. 43
connected to the receiving-side ATM network device
730
in addition to the originally allocated ATM virtual channels shown by solid lines in FIG.
43
. Then, the output buffer random control unit
715
controls the ATM switch unit
712
to select one ATM virtual channel at random from the plurality of ATM virtual channels allocated to the wiretap prevention call for each ATM cell and to transmit it towards the receiving-side ATM network device
730
.
In the receiving-side ATM network device
730
, when the transmission path control unit
731
receives the ATM cells transferred along any one of the plurality of ATM virtual channels, the output buffer random control unit
735
controls the ATM switch unit
732
to merge these ATM cells with the ATM cells transmitted through the ATM virtual channels (indicated by the solid lines) originally allocated to the call. As a result, a string of ATM cells is restored in the receiving-side ATM network device
730
.
According to such a system, the ATM cells belonging to the wiretap prevention call are transferred while being distributed to the plurality of ATM virtual channels, and hence, even if the ATM cells being transferred along some ATM virtual channels are intercepted and contents of payloads thereof are connected, the information transmitted due to the wiretap prevention call can not be restored. In consequence, a confidentiality of the information is perfectly kept.
According to the wiretap prevention method described above, however, since one wiretap prevention call occupies a plurality of ATM virtual channels, it reduces using efficiency of resources. Accordingly, if a case where a large amount of calls occur simultaneously, the number of ATM virtual channels usable in the ATM network abruptly decreases. This might cause a problem in which the whole ATM network becomes short of resources.
Further, although wiretap can be prevented in a higher layer (an application layer) in the ATM network, it needs an individual wiretap prevention process for every application, and this is therefore insufficient terms of providing a service.
SUMMARY OF THE INVENTION
To overcome the problems described above, a primary object of the present invention is to provide system and device for preventing wiretap that can prevent wiretap in a lower layer than the application layer, that is an ATM layer, without using a plurality of ATM virtual channels.
To accomplish the object, the wiretap prevention system and the device according to the present invention adopt the following constructions.
According to a first aspect of the invention, there is provided a wiretap preventing system between a transmitting-side communication device for transmitting ATM cells and a receiving-side communication device for receiving the ATM cells. The transmitting-side communication device comprises a receiving unit for sequentially receiving ATM cells each stored with transmitting target information in a segmented state, a synchronous cell inserting unit for inserting a synchronous cell in a string of the ATM cells received by the receiving unit at an interval of a predetermined number of ATM cells, a sequence changing unit for changing, in accordance with a predetermined pattern, a sequence of the redetermined number of ATM cells interposed between the synchronous cells inserted by the synchronous cell inserting nit, and a transmitting unit for transmitting, towards the receiving-side communication device, the string of ATM cells the sequence of which has been changed by the sequence changing unit. The receiving-side communication device comprises a receiving unit for sequentially receiving the ATM cells transmitted from the transmitting-side communication device, and a sequence restoring unit for restoring, tracing back the predetermined pattern, the sequence of the predetermined number of ATM cells interposed between the synchronous cells in the string of ATM cells received by the receiving unit, and discarding the synchronous cells.
With this construction, the sequence changing unit changes the sequence of the grouped ATM cells interposed between the synchronous cells, in which state the ATM cell string is sent from the transmitting-side communication device. Therefore, even if the third party intercepts the ATM cell string on the path to the receiving-side communication device, the third party is unable to reproduce the original transmitting target information by connecting data contents of the respective ATM cells. It is therefore feasible to prevent the wiretap in the ATM layer without using the plurality of ATM virtual channels.
Erami Akihisa
Koga Masayuki
Chin Wellington
Fujitsu Limited
Katten Muchin Zavis & Rosenman
Tran Maikhanh
LandOfFree
System and device for preventing wiretap does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and device for preventing wiretap, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and device for preventing wiretap will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2981678