1. Field of the Invention
This invention relates to a secure method for transmitting data over an isochronous network, and more particularly to a secure method which is compatible with existing network protocols, hardware and software.
2. Description of the Prior Art
As will be appreciated by those skilled in the art, in any time division multiplexed (TDM) isochronous network, synchronous data is arranged and grouped into repeating units. These units are referred to as a cycle or frame. Each frame is divided into a fixed number of individual time slots. For example, FDDI-II has 1536 time slots per frame; a frame is generated every 125 used by a master station. Each frame has a header, and up to 96 bytes of circuit-switched data. One isochronous frame every 125 used consumes 6.144 Mbps of bandwidth for the 96 circuit switched channels with a maximum of 16 isochronous frames every 125 used allows up to the 1536 channels and uses 98.3 Mbps of band width.
FDDI-II is a high-performance, fiber optic, token ring LAN running at 100 MBS. FDDI-II is a successor to FDDI with a modification to handle synchronous circuit-switched pulse code modulated (PCM) data for voice or ISDN traffic, in addition to ordinary data. In addition to regular (asynchronous) frames for ordinary data, special frames are permitted for isochronous circuit switched data. These frames are generated every 125 microseconds by a master station. The FDDI-II cycle structure is defined in Section 5 of the ANSI FDDI Hybrid Ring Control standard (X3T9/89-43 Rev 6.3) and incorporated herein by reference. Each new cycle or frame consists of control and data bytes or octets. The master station adjusts the latency of the FDDI-II ring so that there are always an integral number of these frames or cycles on the ring. Each frame is partitioned into four parts: a preamble, a cycle header, a dedicated packet group, and sixteen, wideband channels (WBCs). Each wideband channel can be dynamically allocated to either isochronous or packet data use. For isochronous use, each wideband channel provides 6.144 Mbps of bandwidth, and consists of 96 octets interleaved across the cycle. Once a station has acquired one or more time slots in a frame, those slots are reserved for it until they are explicitly released. The allocation of bandwidth to isochronous users is defined in Section 9.3 of the ANSI FDDI Station Management-2 Isochronous Services (SMT-2-IS) standard (X3T9/93-122 Rev 3.0).
The FDDI-II ring is a collection of ring interfaces connected by point-to-point lines. Each bit arriving at an interface is copied into a buffer and then copied out onto the ring again. Isochronous WBCs can be subdivided into individual transmission channels. A transmission channel consists of a contiguous sequence of octets within a WBC. Each data octet of a transmission channel provides 64 kbps of isochronous bandwidth. A logical channel is a unit of allocation that may consist of one or more transmission channels. WBCs are subdivided into separate logical channels to permit simultaneous, independent isochronous dialogues.
An FDDI-II management agent, such as a call controller, receives an allocation of isochronous bandwidth before completing a connection between two or more isochronous users. It is the responsibility of a Channel Allocator (CA) to create logical channels and assign isochronous bandwidth to those channels for use by call control.
The TDM isochronous network allocates individual channels within the master cycle/frame, on a time slot basis. That is, channel i is assigned time slot(s) x, channel j is assigned time slot(s) y, etc. Usually the time slots hold the equivalent of a single byte. This is not always the case and is not material to the invention. However, a one byte wide time slot will be discussed as an exemplar and because it is the most common allocation.
Thus, the transmitter and receiver are told that they are to communicate by using a particular constant channel. For example, say that they were assigned channel 16, and that channel 16 corresponds to time slot 16. This is the same as byte number 16 in the master cycle. This means that the transmitter and receiver would start counting time slots (or bytes) at the start of each master cycle, and when they counted to time slot 16, the transmitter would put his data into that time slot/byte and that the receiver would pull the data out of that time slot. This would repeat every 125 microseconds and the communication channel would be established.
The problem is that someone on the network who wants to eaves drop or clandestinely listen to, or input false data, could easily lock onto this channel. That is, the channel is not secure.