WO1999045676A1 - Network security - Google Patents

Network security Download PDF

Info

Publication number
WO1999045676A1
WO1999045676A1 PCT/GB1998/003610 GB9803610W WO9945676A1 WO 1999045676 A1 WO1999045676 A1 WO 1999045676A1 GB 9803610 W GB9803610 W GB 9803610W WO 9945676 A1 WO9945676 A1 WO 9945676A1
Authority
WO
WIPO (PCT)
Prior art keywords
transmit
repeater
data
bit sequence
port
Prior art date
Application number
PCT/GB1998/003610
Other languages
French (fr)
Inventor
Nigel Horspool
David Law
Quang Tien Trang
Patrick Overs
Original Assignee
3Com Technologies
Butcher, Ian, James
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GBGB9804843.2A external-priority patent/GB9804843D0/en
Priority claimed from GB9826253A external-priority patent/GB2333676B/en
Application filed by 3Com Technologies, Butcher, Ian, James filed Critical 3Com Technologies
Publication of WO1999045676A1 publication Critical patent/WO1999045676A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches

Definitions

  • the present invention relates to computer networks and in particular to the functioning of a communications hub within such a computer network. It is well known to provide computer networks such as local area networks by way of which computing devices can be connected together so that they can communicate with each other. Such interconnection is typically achieved by using one or more communications hubs, each such hub having a plurality, for instance 24, of ports to each of which a computing device may be connected.
  • One type of communications hub is known as a "repeater " and a repeater functions such that any communication received on any port is simply retransmitted on every other port. This means that any communication sent by any computing device attached to the network is received by all of the other devices attached to the network including the intended destination or destinations.
  • a bridge stores information regarding which devices are attached to which of its ports and, on - 2 - receipt of a communication, determines the intended destination and retransmits it only on that port or those ports necessary to enable the communication to reach its intended destination or destinations.
  • a bridge is however inherently more complex than a repeater and also forwards communications slower than a repeater as typically a bridge will wait to receive a good proportion if not all of a communications packet before beginning to retransmit it, while a repeater will begin its retransmissions very shortly after starting to receive a communication.
  • One typical architecture within a repeater is to provide a single ASIC which implements the core repeater functions, that is receiving and tidying up a communication and forming the retransmissions.
  • Each port on the repeater device has a corresponding physical layer device (PHY) through which the ASIC communicates with the respective port.
  • PHY physical layer device
  • FIG. 1 is a schematic illustration of signals which typically pass between ASIC 1 and PHY 2.
  • TXD transmit data
  • TXCLK transmit clock
  • TXEN transmit enable
  • TXER transmit error
  • the TXEN and TXER signals are both kept at a logical low or zero level.
  • the TXEN signal is set to a logical high or one level to indicate the transmission of data.
  • the TXER signal may be set to have a logical high or one level to transmit error symbols according to the Ethernet specification.
  • Signals passing from PHY 2 to ASIC 1 include the received data (RXD), also carried on a four bit wide signal path, a receive clock (RXCLK), receive data valid (RXDV) and a receive error (RXER) signal.
  • RXD received data
  • RXCLK receive clock
  • RXDV receive data valid
  • RXER receive error
  • Figure 1 is not intended to show anything in particular about the architecture of the overall repeater device, details of which will be discussed below. Also, as this invention is primarily concerned with the transmission of data from the ASIC 1 via the PHY devices 2 to the network, the remainder of this description will be in terms of the transmit signals only.
  • each PHY has its own data connection to the ASIC such that the PHYs are connected to the ASIC in a star formation.
  • FIG 2 shows a single ASIC 1 acting as the core of a repeater and an example four PHY devices 2. It will be seen that each of the PHY devices 2 in Figure 2 has its own TXD, TXEN and TXER connections to the ASIC 1. TXCLK as illustrated in Figure 1 will also be provided but for simplicity is omitted from Figure 2.
  • TXCLK as illustrated in Figure 1 will also be provided but for simplicity is omitted from Figure 2.
  • FIG 2 there is a security function implemented in ASIC 1.
  • a source of scrambled or meaningless data is provided within the ASIC and either this or the proper data is transmitted on each of the TXD lines to the PHY devices 2 associated with end stations permitted to receive the uncorrupted data. And is shown by way of representation, this may be considered to be implemented by a multiplexer controlled by a security signal, the security signal for each port being set independently to achieve the desired function.
  • a communication packet is transmitted to each PHY each time a communication packet is received, but in the packet transmitted to those PHYs corresponding to non-intended destination addresses the data within the packet is replaced with a scrambled or non-information bearing bit sequence. This means that any device which receives such a packet will either conclude that an erroneous packet has been received or at least the data within the communication packet cannot be received.
  • each PHY 2 has its own data connection to the core ASIC.
  • a data bus 10 to which each PHY is connected and which is also connected into the repeater core.
  • logic for controlling access to the bus which receives requests from the PHYs for access to the bus and provides enable signals etc. to the PHYs such that access to the bus is properly controlled.
  • overall such an architecture is preferred as it limits the number of connections, and therefore physical pins, which must be made on the ASIC 1, or at least reduces the number of high speed data connections which must be made to the ASIC.
  • the present invention provides a repeater device for a computer network in which a plurality of network devices may be interconnected and enabled to communicate with each other, the repeater device comprising: a plurality of ports via which network communications may be received and transmitted; repeater core means arranged to receive network communications received at all of said ports; transmit data bus means arranged to carry network communications from said repeater core to said ports for re-transmission; transmit means associated with each port arranged to receive said network communications from said transmit data bus; and bit sequence generation means arranged to provide at each transmit means a meaningless sequence of data bits; wherein said repeater core means is arranged to provide an indication to each of said transmit means whether or not each network - 5 - communication carried by said transmit data bus is to be transmitted via the respective port in a corrupted form and each said transmit means is responsive to a said indication that a network communication is to be transmitted via the respective port in a corrupted form to substitute bits received from said bit sequence generation means for at least part of said network communication for transmission via said port.
  • the meaningless sequence bits is substituted for at least part of the data field
  • the ASIC sends an indication to each PHY which will receive each retransmitted communication packet, to indicate whether that PHY should transmit the data in an uncorrupted fashion or whether it should substitute scrambled or non-information bearing bits.
  • the PHYs are provided with an alternative source of data bits, which may be random or which may be a predetermined meaningless sequence for substitution into at least the data portion of a communication packet according to the signal received from the ASIC.
  • the signal from the ASIC to the PHY that a particular packet should be corrupted is given by utilising a particular combination of control signals which already pass, in previous arrangements, between the ASIC and the PHY.
  • a particular combination of control signal levels which previously was not used or meaningless is used to signal that the data should be corrupted.
  • This implementation is particularly advantageous as it does not require the addition of a further control signal, and therefore pin on the ASIC and each PHY.
  • Fig. 1 is a schematic diagram illustrating typical interconnections between a PHY device and an ASIC within a repeater device
  • Fig. 2 is a schematic illustration of a typical star connected architecture of a prior art repeater device
  • Fig. 3 is a schematic illustration of a known bus architecture within a repeater device
  • Fig. 4 is a schematic illustration of a first preferred embodiment of the present invention.
  • Fig. 5 is a schematic illustration of part of the operation of the PHY devices in the embodiment of Figure 4.
  • Fig. 6 is a schematic illustration of a second preferred embodiment of the present invention.
  • Fig. 7 is a schematic illustration of the operation of the PHY devices in the embodiment of Figure 6.
  • data packets are corrupted for re-transmission at selected ports. Uncorrupted data is passed to each port via a transmit data bus together with an indication of whether each port should transmit it in a corrupted or uncorrupted form. If the former is indicated, the PHY device at the port substitutes meaningless data bits into the packet on transmission.
  • the corrupt indication is given by an unused combination of previously existing control signals so that the number of control connections to the PHY devices is not increased.
  • FIG. 4 illustrates, in schematic form, the first embodiment of the present invention.
  • the core repeater functions are provided by ASIC 1 which provides data and control signals for the PHY devices 20.
  • One PHY device 20 is provided for each of the ports of the repeater device in the normal way.
  • the data to be transmitted is put, by the ASIC 1, onto data bus 10 and each PHY device 20 has a TXD connection from bus 10 in order to receive the data to be transmitted.
  • TXEN and TXER signals are also - 7 - provided by ASIC 1 for each of the PHY devices 20 and, as illustrated in Figure 4, the TXER signal may also be provided on a bus.
  • ASIC 1 also provides to each PHY device 20 a security signal which indicates whether the transmit data is to be transmitted in a corrupted or uncorrupted fashion by each PHY device 20.
  • Figure 5 illustrates in schematic form the functionality within each PHY device 20
  • Switching means 22 outputs TXD' as the output of the PHY device via the port to the network and TXD' will, according to the security signal from ASIC 1 be either the received TXD from bus 10 or the scrambled data.
  • the ASIC 1 in the repeater device when it is distributing a received data packet for retransmission onto the network via the other ports, it signals to the plurality of PHY devices 20 whether or not each PHY device is to retransmit the communication packet in a corrupted or uncorrupted form. Simultaneously, the ASIC is transmitting the communications packet in question in an uncorrupted form onto the data bus within the repeater. A PHY device 20 which is not instructed to scramble the communication packet simply retransmits the packets in an uncorrupted form via its port in the normal way.
  • a PHY device which receives an indication that it should not transmit the communication packet in an uncorrupted form, acts to substitute at least the data portion of the communication packet with the meaningless data generated by means 20. This will either have the effect that when the packet is - 8 - received the error control which is present within a communication packet will indicate that the packet has been corrupted in transmission or, even if the packet is not recognised as a corrupted packet, there will be no useful data within the packet which can be recovered. This means that the information within the original communication packet is not transmitted via the ports to which non- intended destinations are connected.
  • the signal from the ASIC to each PHY device to indicate whether or not the packet is to retransmitted in an uncorrupted manner is simply provided by a further control line running from ASIC 1 to each PHY device 20.
  • a further control line running from ASIC 1 to each PHY device 20 this immediately requires the presence of 24 additional pins on the ASIC 1 which has disadvantages in terms of the complexity and cost of manufacturing and using the ASIC. It also requires the addition of a pin to each PHY device to receive the additional security control signal.
  • this combination of these two control signals is used to indicate to the PHY devices that the communication packet should be transmitted in a corrupted form.
  • Such an implementation has no effect on the normal operation of the device as all of the above discussed combinations of these two signals can be used when a packet is to be transmitted in an uncorrupted form.
  • this combination of previously existing control signals in a previously unknown and undefined way provides a simple and advantageous way of providing the additional control signal required by the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

In a bus architecture repeater device in a computer network, data packets are corrupted for re-transmission at selected ports. Uncorrupted data is passed to each port via a transmit data bus together with an indication of whether each port should transmit it in a corrupted or uncorrupted form. If the former is indicated, the PHY device at the port substitutes meaningless data bits into the packet on transmission. Preferably the corrupt indication is given by an unused combination of previously existing control signals so that the number of control connections to the PHY devices is not increased.

Description

1 Network Security
The present invention relates to computer networks and in particular to the functioning of a communications hub within such a computer network. It is well known to provide computer networks such as local area networks by way of which computing devices can be connected together so that they can communicate with each other. Such interconnection is typically achieved by using one or more communications hubs, each such hub having a plurality, for instance 24, of ports to each of which a computing device may be connected. One type of communications hub is known as a "repeater" and a repeater functions such that any communication received on any port is simply retransmitted on every other port. This means that any communication sent by any computing device attached to the network is received by all of the other devices attached to the network including the intended destination or destinations. In many situations it is quite satisfactory for all communications to be sent to all devices attached to the network with the non-intended destinations simply ignoring communications which they receive which are not intended for them. However, in some circumstances it may be considered unacceptable for all communications to be received by all devices attached to the network as, in principle, even the non-intended destinations are capable of receiving and reading the communications between other parties on the network. This may have implications from a security or confidentiality viewpoint within a company where many different departments may have access to the same network. Also, the above situation may be undesirable from the point of view of all devices on the network having to interpret the received communications to decide whether or not it is intended for them.
One well known way to reduce such problems is to configure a network using communication devices known as bridges. A bridge stores information regarding which devices are attached to which of its ports and, on - 2 - receipt of a communication, determines the intended destination and retransmits it only on that port or those ports necessary to enable the communication to reach its intended destination or destinations. A bridge is however inherently more complex than a repeater and also forwards communications slower than a repeater as typically a bridge will wait to receive a good proportion if not all of a communications packet before beginning to retransmit it, while a repeater will begin its retransmissions very shortly after starting to receive a communication. One typical architecture within a repeater is to provide a single ASIC which implements the core repeater functions, that is receiving and tidying up a communication and forming the retransmissions. Each port on the repeater device has a corresponding physical layer device (PHY) through which the ASIC communicates with the respective port.
Figure 1 is a schematic illustration of signals which typically pass between ASIC 1 and PHY 2. For the transmission of data through a PHY there is provided a transmit data (TXD) link which is typically four bits wide. Along with this there are provided known control signals including a transmit clock (TXCLK) synchronised with TXD, transmit enable (TXEN) and a transmit error (TXER) signal.
In the normal well known operation of a repeater device of this type these last two control signals are used as follows. When no data is being transmitted by the ASIC, the TXEN and TXER signals are both kept at a logical low or zero level. When data is being transmitted to a particular PHY device, the TXEN signal is set to a logical high or one level to indicate the transmission of data. In this situation the TXER signal may be set to have a logical high or one level to transmit error symbols according to the Ethernet specification.
Signals passing from PHY 2 to ASIC 1 include the received data (RXD), also carried on a four bit wide signal path, a receive clock (RXCLK), receive data valid (RXDV) and a receive error (RXER) signal. The signals shown in Figure 1 are shown by way of example and the configuration illustrated in __> -
Figure 1 is not intended to show anything in particular about the architecture of the overall repeater device, details of which will be discussed below. Also, as this invention is primarily concerned with the transmission of data from the ASIC 1 via the PHY devices 2 to the network, the remainder of this description will be in terms of the transmit signals only.
Typically, each PHY has its own data connection to the ASIC such that the PHYs are connected to the ASIC in a star formation. In such an architecture, it has been known previously to implement the above discussed desired security measures by implementing a security scheme in the ASIC itself. The principles of such a system are illustrated in Figure 2 which shows a single ASIC 1 acting as the core of a repeater and an example four PHY devices 2. It will be seen that each of the PHY devices 2 in Figure 2 has its own TXD, TXEN and TXER connections to the ASIC 1. TXCLK as illustrated in Figure 1 will also be provided but for simplicity is omitted from Figure 2. As is shown schematically in Figure 2, there is a security function implemented in ASIC 1. In this scheme a source of scrambled or meaningless data is provided within the ASIC and either this or the proper data is transmitted on each of the TXD lines to the PHY devices 2 associated with end stations permitted to receive the uncorrupted data. And is shown by way of representation, this may be considered to be implemented by a multiplexer controlled by a security signal, the security signal for each port being set independently to achieve the desired function.
In such a scheme, a communication packet is transmitted to each PHY each time a communication packet is received, but in the packet transmitted to those PHYs corresponding to non-intended destination addresses the data within the packet is replaced with a scrambled or non-information bearing bit sequence. This means that any device which receives such a packet will either conclude that an erroneous packet has been received or at least the data within the communication packet cannot be received.
More recently an alternative repeater architecture has been proposed, - 4 - an example of which is shown in Figure 3, in which it is not the case that each PHY 2 has its own data connection to the core ASIC. Rather, there is provided within the repeater device a data bus 10, to which each PHY is connected and which is also connected into the repeater core. Also implemented within the ASIC is logic (not shown) for controlling access to the bus which receives requests from the PHYs for access to the bus and provides enable signals etc. to the PHYs such that access to the bus is properly controlled. However, overall such an architecture is preferred as it limits the number of connections, and therefore physical pins, which must be made on the ASIC 1, or at least reduces the number of high speed data connections which must be made to the ASIC.
In such a "bus" architecture it is not possible to implement the above mentioned scrambling security scheme within the ASIC itself as there is only one point of data transmission from the ASIC and good data must be transmitted from this point onto the bus if any port is to receive the proper communication packet. The present invention provides a repeater device for a computer network in which a plurality of network devices may be interconnected and enabled to communicate with each other, the repeater device comprising: a plurality of ports via which network communications may be received and transmitted; repeater core means arranged to receive network communications received at all of said ports; transmit data bus means arranged to carry network communications from said repeater core to said ports for re-transmission; transmit means associated with each port arranged to receive said network communications from said transmit data bus; and bit sequence generation means arranged to provide at each transmit means a meaningless sequence of data bits; wherein said repeater core means is arranged to provide an indication to each of said transmit means whether or not each network - 5 - communication carried by said transmit data bus is to be transmitted via the respective port in a corrupted form and each said transmit means is responsive to a said indication that a network communication is to be transmitted via the respective port in a corrupted form to substitute bits received from said bit sequence generation means for at least part of said network communication for transmission via said port.
Preferably, in the context of a network protocol in which the communications are in the form of packets, the meaningless sequence bits is substituted for at least part of the data field According to the present invention therefore, which is implemented in a "bus" architecture as discussed above, the ASIC sends an indication to each PHY which will receive each retransmitted communication packet, to indicate whether that PHY should transmit the data in an uncorrupted fashion or whether it should substitute scrambled or non-information bearing bits. The PHYs are provided with an alternative source of data bits, which may be random or which may be a predetermined meaningless sequence for substitution into at least the data portion of a communication packet according to the signal received from the ASIC.
In a particularly preferred embodiment of this invention the signal from the ASIC to the PHY that a particular packet should be corrupted is given by utilising a particular combination of control signals which already pass, in previous arrangements, between the ASIC and the PHY. In particular, a particular combination of control signal levels which previously was not used or meaningless is used to signal that the data should be corrupted. This implementation is particularly advantageous as it does not require the addition of a further control signal, and therefore pin on the ASIC and each PHY.
This invention will be better understood from the following description from a preferred embodiment given by way of example and by reference to the accompanying figures in which: - 6 -
Fig. 1 is a schematic diagram illustrating typical interconnections between a PHY device and an ASIC within a repeater device;
Fig. 2 is a schematic illustration of a typical star connected architecture of a prior art repeater device; Fig. 3 is a schematic illustration of a known bus architecture within a repeater device;
Fig. 4 is a schematic illustration of a first preferred embodiment of the present invention;
Fig. 5 is a schematic illustration of part of the operation of the PHY devices in the embodiment of Figure 4.
Fig. 6 is a schematic illustration of a second preferred embodiment of the present invention; and
Fig. 7 is a schematic illustration of the operation of the PHY devices in the embodiment of Figure 6. In this invention, in a bus architecture repeater device in a computer network, data packets are corrupted for re-transmission at selected ports. Uncorrupted data is passed to each port via a transmit data bus together with an indication of whether each port should transmit it in a corrupted or uncorrupted form. If the former is indicated, the PHY device at the port substitutes meaningless data bits into the packet on transmission. Preferably the corrupt indication is given by an unused combination of previously existing control signals so that the number of control connections to the PHY devices is not increased.
Figure 4 illustrates, in schematic form, the first embodiment of the present invention. As with the arrangements described above, the core repeater functions are provided by ASIC 1 which provides data and control signals for the PHY devices 20. One PHY device 20 is provided for each of the ports of the repeater device in the normal way. The data to be transmitted is put, by the ASIC 1, onto data bus 10 and each PHY device 20 has a TXD connection from bus 10 in order to receive the data to be transmitted. TXEN and TXER signals are also - 7 - provided by ASIC 1 for each of the PHY devices 20 and, as illustrated in Figure 4, the TXER signal may also be provided on a bus. For simplicity, other signals, such as TXCLK and the receive signals, are omitted from Figure 4, although these would be implemented in a known fashion, and similarly only four PHY devices 20 are shown although, as is well known, many more PHY devices and ports may be implemented in a repeater device.
In addition to the known signals, ASIC 1 also provides to each PHY device 20 a security signal which indicates whether the transmit data is to be transmitted in a corrupted or uncorrupted fashion by each PHY device 20. Figure 5 illustrates in schematic form the functionality within each
PHY device 20 and it will be seen that there is provided a switching means or multiplexer 22 which receives the input TXD signal at one of its inputs and a source of scrambled data at the other. This scrambled data may simply be randomly generated data bits or alternatively may be sequence of bits having no meaning. Switching means 22 outputs TXD' as the output of the PHY device via the port to the network and TXD' will, according to the security signal from ASIC 1 be either the received TXD from bus 10 or the scrambled data. Therefore, when the ASIC 1 in the repeater device is distributing a received data packet for retransmission onto the network via the other ports, it signals to the plurality of PHY devices 20 whether or not each PHY device is to retransmit the communication packet in a corrupted or uncorrupted form. Simultaneously, the ASIC is transmitting the communications packet in question in an uncorrupted form onto the data bus within the repeater. A PHY device 20 which is not instructed to scramble the communication packet simply retransmits the packets in an uncorrupted form via its port in the normal way.
A PHY device which receives an indication that it should not transmit the communication packet in an uncorrupted form, acts to substitute at least the data portion of the communication packet with the meaningless data generated by means 20. This will either have the effect that when the packet is - 8 - received the error control which is present within a communication packet will indicate that the packet has been corrupted in transmission or, even if the packet is not recognised as a corrupted packet, there will be no useful data within the packet which can be recovered. This means that the information within the original communication packet is not transmitted via the ports to which non- intended destinations are connected.
In the above embodiment, the signal from the ASIC to each PHY device to indicate whether or not the packet is to retransmitted in an uncorrupted manner is simply provided by a further control line running from ASIC 1 to each PHY device 20. However, in a device which has a large number of ports (and devices having 24 ports are not uncommon) this immediately requires the presence of 24 additional pins on the ASIC 1 which has disadvantages in terms of the complexity and cost of manufacturing and using the ASIC. It also requires the addition of a pin to each PHY device to receive the additional security control signal.
In the second preferred embodiment of this invention illustrated in Figure 6 already existing control signals are used to provide the necessary signal to the PHY devices 20. In Figure 6 the data to be transmitted is again provided via data bus 10 which supplies the TXD inputs of all the PHY devices 20. As compared to Figure 4, and indeed the prior art of Figure 3, the TXER signals are individually provided for each PHY device 20. In this embodiment, advantage is taken of the fact that the combination of TXEN having a logical low level and TXER having a logical high level has no meaning according to the normal usage of these signals, as explained above. Therefore, in this embodiment of the invention, this combination of these two control signals is used to indicate to the PHY devices that the communication packets should be transmitted in a corrupted form.
This functionality is illustrated in Figure 7. It will be appreciated that the parts of Figure 7 correspond to the parts illustrated in Figure 5 except that - 9 - the security signal is derived from the received TXEN and TXER signals by way of a simply logical combination.
Such an implementation of this invention has no effect on the normal operation of the device as all of the above discussed combinations of the signals TXEN and TXER can be used when a packet is to be transmitted in an uncorrupted form. However, the use of this combination previously existing control signals in a previously unknown and undefined way provides a simple and advantageous way of providing the additional control signal required by the present invention. In particular, it does not require the presence of any additional pins on the PHY devices and provides some reduction in the number of pins required on the ASIC device 1. In particular, it is the case that the combination of TXEN having a logical low level and TXER having a logical high level has no meaning in the normal use of the signals as explained above. Therefore, in the particularly preferred embodiment of this invention, this combination of these two control signals is used to indicate to the PHY devices that the communication packet should be transmitted in a corrupted form. Such an implementation has no effect on the normal operation of the device as all of the above discussed combinations of these two signals can be used when a packet is to be transmitted in an uncorrupted form. However the use of this combination of previously existing control signals in a previously unknown and undefined way provides a simple and advantageous way of providing the additional control signal required by the present invention.

Claims

- 10 - CLAIMS:
1. A repeater device for a computer network in which a plurality of network devices may be interconnected and enabled to communicate with each other, the repeater device comprising: a plurality of ports via which network communications may be received and transmitted; repeater core means arranged to receive network communications received at all of said ports; transmit data bus means arranged to carry network communications from said repeater core to said ports for re-transmission; transmit means associated with each port arranged to receive said network communications from said transmit data bus; and bit sequence generation means arranged to provide at each transmit means a meaningless sequence of data bits; wherein said repeater core means is arranged to provide an indication to each of said transmit means whether or not each network communication carried by said transmit data bus is to be transmitted via the respective port in a corrupted form and each said transmit means is responsive to a said indication that a network communication is to be transmitted via the respective port in a corrupted form to substitute bits received from said bit sequence generation means for at least part of said network communication for transmission via said port.
2. A repeater device according to claim 1 in which each network communication is in the form of a data packet having a predefined format including a data field and said transmit means is responsive to said indication to substitute bits received from said bit sequence generation means for at least part of said data field. - 1 1 -
3. A repeater device according to claim 1 or 2 in which said transmit means is a physical layer device associated with each said port.
4. A repeater device according to claim 1, 2 or 3 in which a plurality of control signals are provided by said repeater core means to control operation of said transmit means and said indication that a network communication is to be transmitted in a corrupted form is given by a combination of levels of at least two of said control signals which is otherwise meaningless.
5. A repeater device according to claim 1, 2, 3 or 4 in which said bit sequence generation means is arranged to provide a predetermined but meaningless bit sequence.
6. A repeater device according to claim 1, 2, 3 or 4 in which said bit sequence generation means is arranged to provide a random or pseudo random bit sequence.
7. A repeater device according to any of claims 1-6 in which said bit sequence generation means comprises a bit sequence generator associated with each of said transmit means.
8. A repeater device substantially as hereinbefore described with reference to the accompanying drawings.
PCT/GB1998/003610 1998-03-06 1998-12-03 Network security WO1999045676A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB9804843.2 1998-03-06
GBGB9804843.2A GB9804843D0 (en) 1997-11-28 1998-03-06 Network security
GB9826253.8 1998-11-30
GB9826253A GB2333676B (en) 1997-11-28 1998-11-30 Network security

Publications (1)

Publication Number Publication Date
WO1999045676A1 true WO1999045676A1 (en) 1999-09-10

Family

ID=26313240

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1998/003610 WO1999045676A1 (en) 1998-03-06 1998-12-03 Network security

Country Status (1)

Country Link
WO (1) WO1999045676A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015536158A (en) * 2012-12-05 2015-12-21 マイクロコート バイオテクノロジー ゲーエムベーハー Method for recombinant production of horseshoe crab factor C protein in protozoa

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4901348A (en) * 1985-12-24 1990-02-13 American Telephone And Telegraph Company Data transmission security arrangement for a plurality of data stations sharing access to a communication network
US5177788A (en) * 1991-10-15 1993-01-05 Ungermann-Bass, Inc. Network message security method and apparatus
US5559883A (en) * 1993-08-19 1996-09-24 Chipcom Corporation Method and apparatus for secure data packet bus communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4901348A (en) * 1985-12-24 1990-02-13 American Telephone And Telegraph Company Data transmission security arrangement for a plurality of data stations sharing access to a communication network
US5177788A (en) * 1991-10-15 1993-01-05 Ungermann-Bass, Inc. Network message security method and apparatus
US5559883A (en) * 1993-08-19 1996-09-24 Chipcom Corporation Method and apparatus for secure data packet bus communication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015536158A (en) * 2012-12-05 2015-12-21 マイクロコート バイオテクノロジー ゲーエムベーハー Method for recombinant production of horseshoe crab factor C protein in protozoa

Similar Documents

Publication Publication Date Title
US7177325B2 (en) Operations, administration and maintenance (OAM) systems and methods for packet switched data networks
US5251203A (en) Hub privacy filter for active star CSMA/CD network
JP3806183B2 (en) Data communication system and method
US4885742A (en) Node apparatus and communication network
US6081523A (en) Arrangement for transmitting packet data segments from a media access controller across multiple physical links
EP0995333B1 (en) Interface for a highly integrated ethernet network element
GB2333429A (en) Stacked communication devices
US8312512B2 (en) Secure file transfer method
EP0860958B1 (en) Virtual network architecture
US6272640B1 (en) Method and apparatus employing an invalid symbol security jam for communications network security
US6704364B1 (en) Method and apparatus for generating a plurality of CRC digits for data packets having different prescribed network protocols using one CRC generator
KR100300905B1 (en) Network system
US5841974A (en) Ultra high speed data collection, processing and distriubtion ring with parallel data paths between nodes
EP0963080B1 (en) Network transceiver having media independent interface
US6801953B2 (en) Trunking in stacked communication devices
US20060143701A1 (en) Techniques for authenticating network protocol control messages while changing authentication secrets
US6175875B1 (en) Multicast filtering
WO1999045676A1 (en) Network security
GB2333676A (en) Computer network security
Cisco Tunneling of Asynchronous Security Protocols
Cisco Tunneling of Asynchronous Security Protocols
AU655879B2 (en) Accelerated token ring network
Poulton Packet Switching and x. 25 networks
Cohn A lightweight transfer protocol for the US Navy SAFENET local area network standard
KR100334417B1 (en) Backplane system with a point-to-point bus architecture

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase