The present invention pertains to communications and more particularly to data security in communication systems.
Computer systems often handle classes of data (such as security levels) that must not be permitted to intermingle due to the criticality of their data content such as in banking or safety applications. An isolated path must be established for transmitting a given class of data between elements of the computer system with assurance that the data has been transmitted from the proper source, has been received by an authorized recipient and that unauthorized elements of the system have not intercepted or altered the data.
Separate buses (one for each class of data) can be established between elements of the computer system but this arrangement makes the system overly complex as the number of security levels increases. Separate buses dictate custom hardware composition for the computer system elements as they must have the ability to interface to the various buses for each class of data and must incorporate logic that permits their association with certain classes of data and prohibits their association with other security levels. Separate buses also make the system less flexible if the rules governing which elements of the computer system are associated with which classes of data should change.
It would be advantageous to have a means by which a single computer bus may be used to convey the various classes of data in a manner that ensures that the different classes of data remain physically isolated. That is, each of the computer elements connected to the bus at any given time must all be authorized to transmit and receive a common class of data.