1. Field of the Invention
The present invention relates to a system for preventing an illegal interception of information (data information, image information and voice information) in an ATM (Asynchronous Transfer Mode) communication network where the information is transferred as segmented ATM cells.
2. Prior Art
In recent years, an ATM system has been adopted as a digital information transferring system for a B-ISDN (Broadband Integrated Service Digital Network) that is a public network and a LAN (Local Area Network). According to the ATM system, all pieces of communication information having different bandwidth are segmented into cells each having a fixed length (53 octets) and these cells are transferred in mixture through a transmission path by hardware switching. The communication network utilizing the ATM system described above is referred to as an ATM network.
According to the ATM system described above, a large quantity of digital information transferred and switched at a high speed, and consequently the damages caused by wiretap become enormous. Therefore, a variety of methods of preventing the wiretap in the ATM network have been proposed. FIG. 43 shows one example of those methods.
Referring to FIG. 43, an ATM network 720 is constructed of a multiplicity of ATM network devices connected to each other via physical lines. ATM nodes 700, 740 are individually connected to two units of ATM network devices 710, 730. User terminals (not shown) are further respectively connected to these ATM nodes 700, 740.
In the case of transmitting information due to a call set between the user terminals, the ATM node 700 at the transmission side divides the information from the user terminal to store the information in a multiplicity of ATM cells. The ATM node 700 transmits the ATM cells towards the ATM network device 710 in a first-in first-out order.
In the ATM network device 710, a transmission path control unit 711 receives the ATM cells transmitted from the ATM node 700. An ATM switch control unit 714 identifies an ATM virtual channel allocated to the call to which the ATM cell concerned belongs on the basis of a VPI (Virtual Path Identifier)/VCI (Virtual Channel Identifier) written to the header of the ATM cell received by the transmission path control unit 711, and controls an ATM switch unit 712 in order to send the same ATM cell along the identified ATM virtual channel (writes routing information to the header of the ATM cell concerned so as to be outputted from a desired port within the ATM switch unit 712, and rewrites the VPI/VCI of the ATM cell concerned in an outgoing-side transmission path control unit 713). ATM switch control data 717 stored in a storage device 716 is referred to by the ATM switch control unit 714 when controlling this switching process.
In a receiving-side ATM network device 730, as a transmission path control unit 731 receives the ATM cell from the ATM network device 710, an ATM switch control unit 734 controls an ATM switch unit 732 to transfer the ATM cells towards the receiving-side ATM node 740.
Incidentally, an output buffer random control unit 715 of the transmitting-side ATM network device 710, if the ATM cell received by the transmission path control unit 711 belongs to a wiretap prevention call, allocates this wiretap prevention call to the plurality of unused ATM virtual channels shown by dotted line in FIG. 43 connected to the receiving-side ATM network device 730 in addition to the originally allocated ATM virtual channels shown by solid lines in FIG. 43. Then, the output buffer random control unit 715 controls the ATM switch unit 712 to select one ATM virtual channel at random from the plurality of ATM virtual channels allocated to the wiretap prevention call for each ATM cell and to transmit it towards the receiving-side ATM network device 730 .
In the receiving-side ATM network device 730, when the transmission path control unit 731 receives the ATM cells transferred along any one of the plurality of ATM virtual channels, the output buffer random control unit 735 controls the ATM switch unit 732 to merge these ATM cells with the ATM cells transmitted through the ATM virtual channels (indicated by the solid lines) originally allocated to the call. As a result, a string of ATM cells is restored in the receiving-side ATM network device 730.
According to such a system, the ATM cells belonging to the wiretap prevention call are transferred while being distributed to the plurality of ATM virtual channels, and hence, even if the ATM cells being transferred along some ATM virtual channels are intercepted and contents of payloads thereof are connected, the information transmitted due to the wiretap prevention call can not be restored. In consequence, a confidentiality of the information is perfectly kept.
According to the wiretap prevention method described above, however, since one wiretap prevention call occupies a plurality of ATM virtual channels, it reduces using efficiency of resources. Accordingly, if a case where a large amount of calls occur simultaneously, the number of ATM virtual channels usable in the ATM network abruptly decreases. This might cause a problem in which the whole ATM network becomes short of resources.
Further, although wiretap can be prevented in a higher layer (an application layer) in the ATM network, it needs an individual wiretap prevention process for every application, and this is therefore insufficient terms of providing a service.
To overcome the problems described above, a primary object of the present invention is to provide system and device for preventing wiretap that can prevent wiretap in a lower layer than the application layer, that is an ATM layer, without using a plurality of ATM virtual channels.
To accomplish the object, the wiretap prevention system and the device according to the present invention adopt the following constructions.
According to a first aspect of the invention, there is provided a wiretap preventing system between a transmitting-side communication device for transmitting ATM cells and a receiving-side communication device for receiving the ATM cells. The transmitting-side communication device comprises a receiving unit for sequentially receiving ATM cells each stored with transmitting target information in a segmented state, a synchronous cell inserting unit for inserting a synchronous cell in a string of the ATM cells received by the receiving unit at an interval of a predetermined number of ATM cells, a sequence changing unit for changing, in accordance with a predetermined pattern, a sequence of the redetermined number of ATM cells interposed between the synchronous cells inserted by the synchronous cell inserting nit, and a transmitting unit for transmitting, towards the receiving-side communication device, the string of ATM cells the sequence of which has been changed by the sequence changing unit. The receiving-side communication device comprises a receiving unit for sequentially receiving the ATM cells transmitted from the transmitting-side communication device, and a sequence restoring unit for restoring, tracing back the predetermined pattern, the sequence of the predetermined number of ATM cells interposed between the synchronous cells in the string of ATM cells received by the receiving unit, and discarding the synchronous cells.
With this construction, the sequence changing unit changes the sequence of the grouped ATM cells interposed between the synchronous cells, in which state the ATM cell string is sent from the transmitting-side communication device. Therefore, even if the third party intercepts the ATM cell string on the path to the receiving-side communication device, the third party is unable to reproduce the original transmitting target information by connecting data contents of the respective ATM cells. It is therefore feasible to prevent the wiretap in the ATM layer without using the plurality of ATM virtual channels. Note that the receiving-side communication device is capable of recognizing the group of ATM cells the sequence of which has been changed, by identifying the synchronous cell, and has information about the predetermined pattern use for changing the sequence thereof, whereby the sequence of ATM cells can be restored.
According to a second aspect of the invention, a transmitting-side communication device comprises a receiving unit for sequentially receiving ATM cells each stored with transmitting target information in a segmented state, a synchronous cell inserting unit for inserting a synchronous cell in a string of the ATM cells received by the receiving unit at an interval of a predetermined number of ATM cells, a sequence changing unit for changing, in accordance with a predetermined pattern, a sequence of the predetermined number of ATM cells interposed between the synchronous cells inserted by the synchronous cell inserting unit, and a transmitting unit for transmitting, towards a receiving-side communication device, the string of ATM cells the sequence of which has been changed by the sequence changing unit.
According to a third aspect of the invention, there is provided a wiretap preventing system between a transmitting-side communication device for transmitting ATM cells and a receiving-side communication device for receiving the ATM cells. The transmitting-side communication device comprises a receiving unit for receiving data cells defined as the ATM cells each stored with transmitting target information in a segmented state in sequence of data stream of the transmitting target information, a transmitting buffer including a storage area storable with a single synchronous cell defined as an ATM cell for synchronization and a predetermined number of data cells, a memory for retaining a predetermined relationship between a storage location and a storage sequence from a point of time when starting a storing operation, a storing unit for storing, when starting the storing operation, a predetermined storage location in the storage area with the synchronous cell, and storing the storage area with the data cells received by the receiving unit in a receiving sequence thereof in accordance with the predetermined relationship, a fetching unit for fetching the ATM cells stored in the storage area in sequence from a head location in the storage area when the storing unit completes the storage of the predetermined number of data cells into the storage area, a notifying unit for making the storing unit start operating at a point of time when the receiving unit receives the data cell at first and when the fetching unit completes the fetching of the ATM cell out of the storage area, and a sending unit for sending the ATM cells fetched by the fetching unit towards the receiving-side communication device in a fetching sequence. The receiving-side communication device comprises a receiving unit for sequentially receiving the ATM cells transmitted from the transmitting-side communication device, a receiving buffer including a storage area storable with the predetermined number of data cells, a memory for retaining the predetermined relationship between the storage location and the storage sequence from the point of time when starting the storing operation, a storing unit, starting the storing operation when the receiving unit receives the synchronous cell, for storing the data cells received by the receiving unit in the receiving sequence thereof in accordance with a relationship reversal to the predetermined relationship, and a fetching unit for fetching the ATM cells stored in the storage area in sequence from a head location in the storage area when the storing unit completes the storage of the predetermined number of data cells into the storage area.
With this construction, the storing unit stores the storage area in the transmitting buffer with the synchronous cell as well as storing the data cells in accordance with the predetermined relationship. Hence, the ATM cell string fetched by the fetching unit is brought into a state where the sequence of the grouped data cells interposed between the synchronous cells is changed. Therefore, even if the third party intercepts the ATM cell string sent from the transmitting-side communication device in such a state on the path to the receiving-side communication device, the third party is unable to reproduce the original transmitting target information by connecting data contents of the respective data cells. It is therefore feasible to prevent the wiretap in the ATM layer without using the plurality of ATM virtual channels. Note that the storing unit in the receiving-side communication device recognizes the head of the group of data cells the sequence of which has been changed, by identifying the synchronous cell, and stores the storage area of the receiving buffer with the data cells, whereby the sequence of data cells in the ATM cell string fetched by the fetching unit can be restored.
According to a fourth aspect of the invention, a transmitting-side communication device comprises a receiving unit for receiving data cells defined as the ATM cells each stored with transmitting target information in a segmented state in sequence of data stream of the transmitting target information, a transmitting buffer including a storage area storable with a single synchronous cell defined as an ATM cell for synchronization and a predetermined number of data cells, a memory for retaining a predetermined relationship between a storage location and a storage sequence from a point of time when starting a storing operation, a storing unit for storing, when starting the storing operation, a predetermined storage location in the storage area with the synchronous cell, and storing the storage area with the data cells received by the receiving unit in a receiving sequence thereof in accordance with the predetermined relationship, a fetching unit for fetching the ATM cells stored in the storage area in sequence from a head location in the storage area when the storing unit completes the storage of the predetermined number of data cells into the storage area, a notifying unit for making the storing unit start operating at a point of time when the receiving unit receives the data cell at first and when the fetching unit completes the fetching of the ATM cell out of the storage area, and a sending unit for sending the ATM cells fetched by the fetching unit towards the receiving-side communication device in a fetching sequence.
According to a fifth aspect of the invention, in the wiretap preventing system according to the first aspect, the transmitting-side communication device is an ATM node including an ATM control unit for dividing the transmitting target information, storing the ATM cell with each of information segments, and transferring these ATM cells to the receiving unit, and the receiving-side communication device is an ATM node including an ATM control unit for reproducing the transmitting target information by connecting in sequence the data stored in the data cells the sequence of which has been restored by the sequence restoring unit.
According to a sixth aspect of the invention, in the wiretap preventing system according to the third aspect, the transmitting-side communication device is an ATM node including an ATM control unit for dividing the transmitting target information, storing the ATM cell with each of information segments, and transferring these ATM cells to the receiving unit, and the receiving-side communication device is an ATM node including an ATM control unit for reproducing the transmitting target information by connecting in sequence the data stored in the data cells fetched by the fetching unit.
According to a seventh aspect of the invention, in the wiretap preventing system according to the first or third aspect, the transmitting-side communication device and the receiving-side communication device are network devices each including an ATM switch unit for switching the ATM cell in accordance with a virtual channel identifier of the ATM cell.
According to an eighth aspect of the invention, the transmitting-side communication device according to the second or fourth aspect may further comprise an ATM switch unit for switching the ATM cell in accordance with the virtual channel identifier of the ATM cell.
According to a ninth aspect of the invention, in the wiretap preventing system according to the first aspect, the sequence changing unit changes per ATM virtual channel the sequence of the ATM cells in the ATM virtual channel, and the sequence restoring unit restores per ATM virtual channel the sequence of the ATM cells in the ATM virtual channel.
According to a tenth aspect of the invention, in the transmitting-side communication device according to the second aspect, the sequence changing unit changes per ATM virtual channel the sequence of the ATM cells in the ATM virtual channel.
According to an eleventh aspect of the invention, in the wiretap preventing system according to the third aspect, the storage area of the transmitting buffer, the storage area of the receiving buffer and the predetermined relationship, are provided per ATM virtual channel.
According to a twelfth aspect of the invention, in the transmitting-side communication device according to the fourth aspect, the storage area of the transmitting buffer and the predetermined relationship are provided per ATM virtual channel.
According to a thirteenth aspect of the invention, in the wiretap preventing system according to the seventh aspect, the sequence changing unit changes per ATM virtual path the sequence of the ATM cells on the ATM virtual path, and the sequence restoring unit restores per ATM virtual path the sequence of the ATM cells on the ATM virtual path.
According to a fourteenth aspect of the invention, in the transmitting-side communication device according to the eighth aspect, the sequence changing unit changes per ATM virtual path the sequence of the ATM cells on the ATM virtual path.
According to a fifteenth aspect of the invention, in the wiretap preventing system according to the seventh aspect, the storage area of the transmitting buffer, the storage area of the receiving buffer and the predetermined relationship, are provided per ATM virtual channel.
According to a sixteenth aspect of the invention, in the transmitting-side communication device according to the eighth aspect, the storage area of the transmitting buffer and the predetermined relationship are provided per ATM virtual channel.
According to a seventeenth aspect of the invention, in the wiretap preventing system according to the first aspect, the transmitting-side communication device may further comprise an information adding unit for adding information for indicating whether or not the sequence changing unit should change the sequence, to the synchronous cell to be inserted in the string of ATM cells by the synchronous cell inserting unit. The sequence changing unit changes the sequence of ATM cells during only a period beginning from a point of time when the information adding unit adds to the asynchronous cell the information purporting that the sequence be changed up to a point of time when the information adding unit adds to the synchronous cell the information purporting that the sequence not be changed. The sequence restoring unit restores the sequence of ATM cells during only a period beginning from a point of time when receiving the synchronous cell to which the information purporting that the sequence be changed is added up to a point of time when receiving the synchronous cell to which the information purporting that the sequence not be changed is added.
With this construction, the sequence of ATM cells can be selectively changed in the process of communications, and hence it is feasible to change the sequence of ATM cells during only a period for which the data communications requiring the prevention of wiretap and to return, even when the change of the sequence in the transmitting-side communication device desynchronizes with the restoration of the sequence in the receiving-side communication device, it to the communication state based on the normal sequence.
According to an eighteenth aspect of the invention, in the wiretap preventing system according to the first aspect, the sequence changing unit is capable of changing the predetermined pattern. The transmitting-side communication device may further comprise an information adding unit for adding information for indicating the change of the predetermined pattern, to the synchronous cell to be inserted in the string of ATM cells by the synchronous cell inserting unit. The sequence restoring unit changes the predetermined pattern in accordance with the indication of the information at a point of time when receiving the synchronous cell to which the information for indicating the change of the predetermined pattern is added.
With this construction, since the sequence changing pattern of the ATM cells can be changed in the process of communications, it is possible to prevent, even if the sequence changing pattern might have leaked to the third party, damages at the minimum by changing the sequence changing pattern at any time.
According to a nineteenth aspect of the invention, there is provided a wiretap preventing system between a transmitting-side communication device for transmitting ATM cells and a receiving-side communication device for receiving the ATM cells. The transmitting-side communication device comprises a receiving unit for receiving data cells defined as the ATM cells each stored with transmitting target information in a segmented state in sequence of data stream of the transmitting target information, a transmitting buffer including a synchronous cell storage area storable with a single synchronous cell defined as an ATM cell for synchronization, and first and second storage areas storable with a predetermined number of data cells, a memory for retaining a predetermined relationship between a storage location and a storage sequence from a point of time when starting a storing operation, a storing unit for storing, when starting the storing operation, the synchronous cell storage area with the synchronous cell and also storing any one of the storage areas with the data cells received by the receiving unit in a receiving sequence thereof in accordance with the predetermined relationship, a fetching unit for fetching a single data cell stored in a storage location closer to the head location in the other storage area each time the storing unit stores one storage area with the single data cell, a control unit for exchanging, at a point of time when the storing unit finishes storing one storing unit with the predetermined number of data cells, the storage area in which the storing unit executes the storing process with a storage area from which the fetching unit executes the fetching process, indicating the fetching unit to fetch the synchronous cell, and making the storing unit start the storing operation, and a sending unit for sending the ATM cells, fetched by one fetching unit, of the storing unit towards the receiving-side communication device in a fetching sequence. The receiving-side communication device comprises a receiving unit for sequentially receiving the ATM cells transmitted from the transmitting-side communication device, a buffer including first and second storage areas storable with the predetermined number of data cells, a memory for retaining the predetermined relationship between the storage location and the storage sequence from the point of time when starting the storing operation, a storing unit, starting the storing operation when the receiving unit receives the synchronous cell, for storing any one of the storage areas with the data cells received by the receiving unit in the receiving sequence thereof in accordance with a relationship reversal to the predetermined relationship, a fetching unit for fetching a single data cell stored in a storage location closer to the head location in the other storage area each time the storing unit stores one storage area with the single data cell, and a control unit for exchanging, at a point of time when the storing unit finishes storing one storing unit with the predetermined number of data cells, the storage area in which the storing unit executes the storing process with a storage area from which the fetching unit executes the fetching process, and making the storing unit start the storing operation.
With this construction, it is feasible to make a data cell storing period into the transmitting buffer coincident with a data cell fetching period out of the transmitting buffer, i.e., a receiving period by the receiving-side communication device, and therefore the wiretap can be prevented without deteriorating the quality even when required to make the data cell period fixed as in the case of, e.g., the voice information.
According to a twentieth aspect of the invention, a transmitting-side communication device comprises a receiving unit for receiving data cells defined as the ATM cells each stored with transmitting target information in a segmented state in sequence of data stream of the transmitting target information, a transmitting buffer including a synchronous cell storage area storable with a single synchronous cell defined as an ATM cell for synchronization, and first and second storage areas storable with a predetermined number of data cells, a memory for retaining a predetermined relationship between a storage location and a storage sequence from a point of time when starting a storing operation, a storing unit for storing, when starting the storing operation, the synchronous cell storage area with the synchronous cell and also storing any one of the storage areas with the data cells received by the receiving unit in a receiving sequence thereof in accordance with the predetermined relationship, a fetching unit for fetching a single data cell stored in a storage location closer to the head location in the other storage area each time the storing unit stores one storage area with the single data cell, a control unit for exchanging, at a point of time when the storing unit finishes storing one storing unit with the predetermined number of data cells, the storage area in which the storing unit executes the storing process with a storage area from which the fetching unit executes the fetching process, indicating the fetching unit to fetch the synchronous cell, and making the storing unit start the storing operation, and a sending unit for sending the ATM cells, fetched by the one fetching unit, of the storing unit towards the receiving-side communication device in a fetching sequence.
These together with other objects and advantages which will be subsequently apparent, reside in the details of construction and operation as more fully hereinafter described and claimed, reference being had to accompanying drawings forming a part hereof, wherein like numerals refer to like parts throughout.