The present invention relates to secured data transmission in multiuser computer architectures. More particularly, the present invention relates to prevention of unauthorized access to data communicated on local area networks.
A local area network (LAN) is a communications link between independent data processing equipment located within a moderately sized geographic area. LANs connect personal computers, mini- and mainframe computers, as well as peripheral devices such as hard disks and printers, implementing a concept that permits programs, data files, and resources to be shared throughout the network. Devices attached to a network are commonly referred to as stations. All stations on the LAN are interconnected via a cabling system, which includes the wire or cable that interconnects the devices and any attachment units needed to attach the device to the cable.
A characteristic common to all LANs is that all stations must share access to a single physical transmission medium. Several methods have been developed to control the sharing of access to the transmission medium. With networks that employ a ring or a star-wired topology, the most commonly used access method is token passing. Token passing involves the passing of a special transmission frame, called the token, from one station to the next around the ring. When a network station receives the token, that station is allowed to transmit.
Token ring is a broadcast network in that all stations on a ring can listen to all packets transmitted on that ring. Sensitive and valuable user data is thus available to eavesdropping reception by any station connected to the LAN. The security threat by eavesdroppers has become increasingly credible as LAN equipment, personal computers, and portable network diagnostic equipment prices continue to drop, thereby making the equipment to eavesdrop readily available. Eavesdropping is also simpler to implement and more difficult to detect than in the past because LAN networks can now be interconnected with the same wiring systems used for telephones rather than the specialty cables required under other, earlier standards.
Because the token must pass through all stations, merely suspending transmission of data to stations that are not authorized to receive the data is not an option in a token ring network. Similarly, a concentrator at the hub of a star wired ring can not simply alter the outgoing packets since the data coming back from a station must be transmitted to the next station.
From the foregoing it can be appreciated that there is a need for an effective message security system for token ring networks that does not adversely affect the integrity of network messages.