1. Field of the Invention
The invention concerns an encryption device and a decryption device for information conveyed by asynchronous transfer mode cells. They enable an encrypted service to be offered in a telecommunication network in which cells are transmitted from a node towards network units using a point-to-multipoint or node to network units broadcast technique. The invention is applicable in particular in a telecommunication network including at least one optical access node connected to at least one passive optical network.
2. Description of the Prior Art
FIG. 1 shows the block diagram of one embodiment of a telecommunication network branching point of this kind. It includes: an optical access node OAN and passive optical networks. FIG. 1 shows by way of example a single passive optical network APON connected to a plurality of network units ONU1, ONU2, ONU3, ONU4 and subscriber terminals ST1, . . . , ST12. The optical access node OAN is connected to other nodes of a telecommunication network by multiplexes IM1, . . . , IMp which can be 2 Mbit/s synchronous multiplexes, for example, or broadband multiplexes transmitting asynchronous transfer mode cells.
The node OAN includes a coupling device TUAN including the optical line termination function and connected by an optical fiber to a passive directional coupler DC of the network APON. Similarly, each of the units ONU1, . . . , ONU4 is connected to the coupler DC by an optical fiber. The optical fibers and the coupler DC constitute the passive optical network APON which is in the shape of a star. The coupler DC has the property of broadcasting identically to all the units ONU1, ONU2, ONU3, ONU4 the optical signals emitted by the node OAN. On the other hand, any optical signal emitted by any one of the units is routed by the coupler DC only to the node OAN, because of the directional properties of the coupler DC.
Each network unit ONU1, . . . , ONU4 is connected to one or more subscriber terminals. For example, the unit ONU1 is connected to three subscriber terminals ST1, ST2, ST3 by an optical fiber, a broadband electrical connection or a conventional narrowband electrical connection. In the latter case, the network unit includes a conventional asynchronous/synchronous and synchronous/asynchronous converter.
To use the resources of asynchronous transfer mode networks more efficiently, the use of composite cells is envisaged, each such cell conveying several units of information addressed to different subscriber terminals but conveyed in the same cell along at least part of the path.
FIG. 1 shows one example of routing a composite cell CL1 that is constructed by the coupling device TUAN from information received via the multiplexes IM, . . . , IMp. The composite cell CL1 is broadcast identically to each of the units ONU1, . . . , ONU4 by the coupler DC. Operation and maintenance messages tell the unit ONU1 that the cell CL1 contains an information unit U1 addressed to the subscriber terminal ST1 and an information unit U3 addressed to the subscriber terminal ST3, the terminals ST1 and ST3 being connected to the unit ONU1. Similarly, the unit ONU3 knows that the cell CL1 contains an information unit U2 addressed to the subscriber terminal ST7 connected to the unit ONU3. In this example the unit ONU1 extracts the two information units from the cell CL1 and forwards them in cells CL2 and CL3, respectively on an optical fiber connecting the unit ONU1 to the subscriber terminal ST1 and on an optical fiber connecting the unit ONU1 to the subscriber terminal ST3. The unit ONU3 extracts the information unit U2 from the cell CL1 and forwards it in a cell CL4 on an optical fiber connected to the terminal ST7.
In other examples, a unit forwards the information units in the form of synchronous frames on copper pairs connecting subscriber terminals to the unit.
Each information unit can be an octet of a conventional synchronous telephone circuit, identified by its position, which is constant in each cell, or a data micropacket, identified by a label at the beginning of the data micropacket.
A telecommunication network branching point of this kind has certain advantages, in particular enabling very easy broadcasting of information units addressed to all subscribers, for example for broadcasting audiovisual programs. However, it has the disadvantage that information transmitted from the broadcast node to any one of the network units is not confidential. Each network unit ONU1, . . . , ONU4 receives all the cells transmitted by the coupling device TUAN, including cells that do not contain any information unit addressed to subscriber terminals connected to the unit concerned. A subscriber who has a network unit can therefore receive all information transmitted by the coupling device TUAN. It is therefore necessary to provide means of protecting the confidentiality of information units that are not addressed to all subscriber terminals.
There are many encryption methods:
Block encryption methods consist in applying an encryption algorithm to a set of data constituting a block of given length, which makes it necessary to wait for an entire data block to be available before the data block can be encrypted. The blocks are transmitted with flags identifying the limits of each block. Consequently, it is easy to synchronize encryption and decryption. On the other hand, these methods introduce an encryption and decryption time-delay that is proportional to the block size. Further, the least transmission error can compromise the decryption of a complete block.
"On the fly" encryption methods consist in using an exclusive-OR gate to add successively each bit of the stream of binary data to be transmitted to a bit of a pseudo-random binary sequence to obtain an encrypted bit stream. Decryption consists in using an exclusive-OR gate to add successively each bit of the encrypted bit stream to a pseudo-random binary sequence identical to that used for encryption. It is essential to synchronize the pseudo-random binary sequence used for encryption and that used for decryption. Further, the synchronization of the pseudo-random sequences must be re-established quickly if it is lost because of transmission errors.
European patent application 0 374 028 describes a device for encrypting information units conveyed in composite packets that are broadcast from an optical access node to subscriber installations, each of which may be deemed to comprise a network unit and a single subscriber terminal. Each composite packet conveys a plurality of information units, each information unit being addressed to a different subscriber installation. To assure confidentiality, each information unit is encrypted. Each subscriber installation receives all the composite packets but can decrypt only the information units addressed to it.
To encrypt each information unit the node includes an on the fly encryption device which calculates an encrypted value for each bit of the information unit, according to a respective bit of a pseudo-random sequence that is dependent on the destination subscriber installation. This stream simply comprises bits of the last information unit transmitted by this subscriber installation and received without error by the node. The information units are transmitted to the node in clear since the directional nature of the coupler prevents the other subscriber installations from receiving them. The subscriber installations transmit information units that can be of any kind and therefore different from one subscriber installation to another. Each information unit received in error by the node can therefore constitute a pseudo-random sequence specific to a subscriber installation. Each subscriber installation holds in memory the last information unit that it transmitted to the node if it receives an acknowledgement indicating that transmission occurred without error. A decryption device in the subscriber unit subsequently utilizes this information unit as a pseudo-random sequence for decrypting an information unit included in the next packet transmitted by the node.
The pseudo-random sequence used by the encryption device and that used by the decryption device are synchronized because the encryption device systematically uses as the pseudo-random sequence the last information unit it has received without error and the decryption device systematically uses the last information unit that it transmitted and that was received without error by the node.
This encryption device and this decryption device have the disadvantage of being able to operate only if the bit rates are equal in both transmission directions and if there is some degree of synchronism between the transmission of information units by the node and by the subscriber installations:
If the bit rate of the information units addressed to a subscriber installation is greater than the bit rate of the information units transmitted by that installation, the encryption device sometimes lacks the information to constitute the pseudo-random sequence needed for bit by bit encryption. If the transmission of an information unit to the node is not interleaved between the transmission of two information units to the subscriber installation, the encryption device lacks information to constitute the pseudo-random sequence for encrypting an information unit.
Thus these prior art devices are not usable in practise in an asynchronous transfer mode network because one feature and one advantage of a network of this kind is precisely that it allows high variations in bit rate and asynchronous operation.
An aim of the invention is to propose an encryption device and a decryption device that are free of the above drawbacks.