Browse Prior Art Database

Adding Data Security to Asynchronous Communications

IP.com Disclosure Number: IPCOM000035741D
Original Publication Date: 1989-Aug-01
Included in the Prior Art Database: 2005-Jan-28
Document File: 3 page(s) / 38K

Publishing Venue

IBM

Related People

Bealkowski, R: AUTHOR [+2]

Abstract

This article describes a scheme for security of data in a computer system wherein an encryption/decryption subsystem is placed between the host and asynchronous communications subsystem (ACS) hardware.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 47% of the total text.

Page 1 of 3

Adding Data Security to Asynchronous Communications

This article describes a scheme for security of data in a computer system wherein an encryption/decryption subsystem is placed between the host and asynchronous communications subsystem (ACS) hardware.

There are two ways to protect data on computer systems or between computer systems. The first method is physical protection. This method controls physical access to computer systems and data. There are times when denying physical access to portions of a computer system can be difficult or even impossible. Data communications frequently take place over public systems such as telephone lines and microwave transmissions. It is impossible to restrict access to all portions of the telephone network. Although data transmissions cannot be prevented from interceptions, a second form of protection for security can be provided.

Security insures that intercepted data transmissions are unintelligible and hence of no use to the "thief". Security will be provided in the form of data encryption.

An encryption "front end" is added to the ACS. An encryption/ decryption subsystem is placed between the host and the ACS hardware. A block diagram of this selectable encryption decryption subsystem (SEDS) is shown in the drawing. SEDS is fully programmable and only operates when enabled. When disabled, SEDS performs no data manipulation. When enabled and initialized, SEDS operates transparently to an application. That is, no change in the algorithms used to handle the ACS is required.

When enabled, SEDS will perform data encryption/decryption. When the host outputs a clear text data byte, SEDS will encrypt the byte and present it to the ACS. When the ACS produces a cipher text data byte, SEDS will decrypt it and present it to the host.

Since SEDS is a subsystem between the ACS and the host, SEDS is independent of any buffering occurring in the ACS. Thus, in a mixed clear text, cipher text transmission SEDS can be enabled or disabled at the appropriate time. If SEDS is between the ACS and the communications line, buffering could result in SEDS being switched off too late in a transmission. For example, a cipher text data stream contains an indication to discontinue cipher text mode. The indication and subsequent data bytes are in the ACS buffer. When the indication is finally processed, the clear text data bytes have already been processed by SEDS. This motivates the placement of SEDS between the host and the ACS.

The drawing illustrates the interconnection of the data cipher processor (DCP) unit and the communications controller (CC) to the host. Both the DCP unit and the CC present three-state buses for control and data exchange with the host. The host data bus is also buffered by a three-state device. Multi-port control logic (MPCL) is responsible for decoding the host bus signals and steering data to the appropriate unit. Normal operation of the CC entails sending various bytes of setup data via its I...