The present invention relates to messaging techniques within an optical communication network. More specifically, the present invention provides a secure communication approach in an optical network environment which reduces overhead operations and avoids the necessity for additional equipment.
Communication systems have become an important portion of todays electronic society. Generally speaking, these networks and systems provide the ability for vast amounts of information to be communicated as desired and/or necessary. As is well known, examples of these communication systems include the internet, Ethernet systems, networks within contained systems (i.e. automobiles, aircraft, etc.), home networks, and wireless networks. Further, cellular telephone, WiFi, SatCom, IEEE 802.11, etc. systems are also considered to be other types of a communication network.
In each of the above listed examples, a necessity or desire exists to communicate information from one component to another in a specified manner. In certain instances this communication may be more widespread, including transmission to multiple receivers. When transmitting to multiple receivers, the process is often straightforward as “receiver considerations” are not necessary. Stated alternatively, these transmissions can simply be broadcast and allowed to be picked up by any receiver desiring to acquire the particular signal. As an example, broadcasts over on-air systems to multiple receivers is considered to be one such system.
More challenging however, is the communication from one specific source to a single desired receiver. This will often include communication amongst components in a network (e.g. a processor to a printer in an office network). Further, if security is required the challenge of such communication is increased.
To achieve organized communication across virtually any network, protocols and standards are essential. Stated alternatively, some common understanding regarding the way information is transmitted, and the format in which it will be received, is required for these systems to be operational. Many variations may exist depending on the particular circumstances involved. For example, an open network may be involved such as the internet in which information can be widely broadcast and user access is very widespread. The generation of a website accessible on the internet is one example of this communication scheme. Alternatively, closed networks may be involved where only dedicated equipment is connected to the network, thus limiting communication accordingly. One example of this type of configuration is a small office Ethernet that allows communication amongst various computers. Obviously, in a closed environment communication protocols and standards can be much more easily controlled due to the limited access provided. Additionally, the type of information being transmitted may impact the protocol utilized.
Fiber optic communication is widely utilized in various systems due to the well known advantages of optical communication. That said, optical communication networks and systems are continuously evolving as the technology becomes more and more advanced. The further development of optical components allows for new applications and options involving optical signals. System designers simply have more tools at their disposal, thus giving them more options.
As mentioned above, communication amongst components and different systems has become an integral part of society. One of the most basic issues dealt with in communication relates to the addressing and routing of messages or information to achieve smooth communication flow. Another issue relates to the security and controlled access to the communicated messages. Those skilled in the art of network communication are typically familiar with packet type communication in which messages are generated in a “packet” format which can then be routed to appropriate locations. This packet communication methodology is utilized in many areas including the Internet and various voice communication systems.
Security has become an inherent concern in the communications field for some time. As a starting point, it is desirable to ensure that messages are appropriately transmitted and received by the various components within a system. The next level of security relates to controlled access and the avoidance of messages being intercepted or accessed by undesired recipients. To achieve a desired level of security, various measures have been historically utilized, including encryption, limited network access, and addressing security. One previously utilized method of addressing security involves the incorporation of a security kernel into each source and destination within the system. This security kernel methodology incorporates hardware and software components to achieve desired security levels. In essence, this security methodology utilizes look-up tables at both the source and destination which are consulted to ensure access is appropriate. Stated alternatively, each message contains a source and destination indicator, and the security kernel within each node verifies the approved source and destination combination. Utilizing a look-up table at the message source, the intended recipient is verified to ensure delivery is appropriate. Similarly, a recipient will have access to a virtually identical look-up table. When a message is received, this look-up table is consulted in ensure that the recipient rightfully has access to the received message. Once this verification takes place, access to the message itself is verified thereby allowing message communication to be further carried out.
As generally described above, prior art secure communication systems have utilized a security kernel to provide secure communications. One exemplary system carrying out this security methodology is illustrated in FIG. 1. This exemplary system illustrates a pair of nodes within a system—one transmitting node 20 and one receiving node 50. For purposes of simplicity, receiving node 50 and transmitting node 20 have been simplified by omitting additional components. For example, any components that may exist within either node to allow dual purpose operation (transmit and receive) has been omitted. Naturally, the receiving portion of communication nodes simply mirrors the transmission portion, and vise-versa.
Referring now specifically to FIG. 1, message transmit node 20 is illustrated which includes a source system 22, a security kernel 24, a transmitter 26 and a look up table 28. As will be appreciated, source 22 will generate the desired message. In this communication scheme, the message is generated in a packet form, which is also illustrated in FIG. 1. More specifically a message packet 30 includes fields denoting an identification of a source 32, a destination 34, a message label 36 and data 38. In operation, message packet 30 is first passed from source system 22 to security kernel 24, which performs the first step of providing necessary security. Security kernel 24 will read the source indicator 32, destination indicator 34 and label 36 so this information can be compared with data stored in look up table 28. Specifically, look up table 28 contains a listing of the approved message communication combinations allowed within the particular system. For example, look up table 28 may contain an indication that a particular source and destination are allowed to communicate only information having a predetermined label. Further, the label may designate the related data as confidential, secret, top secret, or unprotected. In this case, look up table 28 will contain a listing of communication source and destination pairs that are approved for certain levels of information. Using this information, only certain destinations and sources may be approved for top secret information (for example). Security kernel 24 is then capable of providing a first security check before information is transmitted to insure the appropriateness of messages being transmitted. If approved by security kernel 24, message packet 30 is then transferred to transmitter 26 for transmission across network 40.
As further illustrated in FIG. 1, and as will be appreciated by those skilled in the art, the receiving process of nodes connected to network 40 involves the use of a receiver 52, and a security kernel 54 existing at receiving node 50. At this point, receiving security kernel 54 will perform the same security check outlined above, using a look up table 56 which is virtually identical to look up table 28 discussed above. At this point, receiving node 50 security kernel 54 will approve or deny transmission of the message packet 30 to a destination system 58.
Again, utilizing the system described above, certain complications and problems exist utilizing the security kernel approach. Most significantly, this operation requires processing overhead and time during the communication process. Additionally, messages transmitted to a destination node, must first be stored in local memory for comparison by the relevant look up table. If messages are not approved, or not intended for that particular destination, additional steps must be taken to ensure their deletion from local memory. Again, this provides additional overhead and processing. Verification of security kernels will obviously take some amount of time, thus affecting the speed and throughput of message communications. While this may appear to be negligible at first, when higher volumes are transmitted, any additional steps can slow communication. Naturally, this is an undesirable situation. Further, the security kernel 24 exists as an electrical operation, typically before conversion to optical communication signals by transmitter 26. It would be beneficial to provide communication security while still in the optical domain, thus taking advantages of speed and low losses typically involved without the co-communication.
One additional methodology utilized to approach security from a different perspective includes the use of encoding or encrypting of messages. As recognized by those skilled in the art, many different encryption schemes exist. Generally speaking, these encryption schemes apply some scrambling techniques to the actual data, in a controlled and relatively straightforward manner. However, the scrambling technique is only known to the transmitter and receiver, thus allowing access to communication while limiting access by others. Encoding involves a somewhat similar technique, however often directed towards transmission concerns as opposed to security concerns. Again, encoding involves the scrambling of information which can then only be descrambled by those knowing the encoding technique. One well known encoding methodology involves code division multiple access (CDMA) which is widely utilized in voice communication technologies. For example, cell phone communications widely utilize this CDMA technology. Other encoding methods are used for putting parallel digital information into a serial form. Examples include 8B/10B, 4B/5B, Manchester, PPSK, etc.
While various technologies exist for both implementation of optical communications across networks and security measures, further shortcomings still exist. Again, optical communication networks are evolving and continuously improving, however do not operate as flexibly and efficiently as current electrical communication networks. Similarly, the use of encoding methodologies in optical networks is not yet fully developed. As such, it is desirable to develop a communication technique for use in optical networks which ensures both efficiency and security concerns. Other optical encoding methods are SCM, TDM, OFDM, TDMA, etc. Those could be used for some level of encryption or address keying.