Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Security Implementation for Token Bus Communication Protocol

IP.com Disclosure Number: IPCOM000106056D
Original Publication Date: 1993-Sep-01
Included in the Prior Art Database: 2005-Mar-20
Document File: 6 page(s) / 210K

Publishing Venue

IBM

Related People

Udupa, DKR: AUTHOR

Abstract

This implementation makes selective use of security for Token Bus protocols. Here, changes are proposed to the Token Bus protocol for adding security feature.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 22% of the total text.

Security Implementation for Token Bus Communication Protocol

      This implementation makes selective use of security for Token
Bus protocols.  Here, changes are proposed to the Token Bus protocol
for adding security feature.

      For this implementation to work, all stations in a network will
have to follow a general set of rules on security while transmitting
data.

      Security levels are assigned (Fig. 1) to each station in a
network.  Only frames which have security levels matching or below a
security level will be processed.  As an example, if a station has a
security level of B (Fig. 1), it will process all the frames which
have security levels of B and below B.  Every station has to include
the security level in the frame, while it transmits.

      One station in a network will be designated as a system
administrator.  This station will control the whole of range security
operations in the network.  However, there should be a backup station
to take-up the role of system administrator, if that station fails.

      To add flexibility to the security scheme, these securities
should be configurable one.  As an example, it must be possible for a
system administrator to change the order of security levels or add
new security levels to those given in Fig. 1.  There should also be a
default security table.

      While connecting different LAN networks and segments, there
should be an option to bypass this security implementation, as some
networks may not have this security implementation at all.  There can
be one of the following options in the routers and bridges :

o   If there is no security implementation, we will remove the
    security related data and adjust the length in routers and
    bridges.  As a result, if the subsequent LAN segment has security
    implementation, the security implementation will not be
    available.  This case is analogous to the present Token Bus
    operation without this security implementation.

o   Another option is to modify all the existing stations, which do
    not have security implementation, in a network to ignore the
    security related data.  In segments and LAN networks, which do
    not implement this security scheme, security level data has to be
    suitably encrypted in the routers and bridges to reduce the
    exposure of security scheme.  However, if the next segment or LAN
    network has security implementation, this security implementation
    will work.

Of the above two strategies, which one to chose is left as an
implementation option.

      A segment with security implementation can receive data from a
segment with no security implementation.  In such a case, the data
will have the lowest security level (F in Fig. 1) so that all the
stations in the segment with the security implementation can process
it.  This security level has to be adjusted in the routers or
bridges.  This is one of the s...