Network message security method and apparatus

What is claimed is:

1. In a local area network having a plurality of input/output devices coupled to a multiport repeater, a method for securing data on the network comprising the steps of:

receiving at the repeater a data frame having a data field and a frame check sequence field; and

replacing a content of said data field with a substitute bit pattern to form a secured data field.

2. The method for securing data of claim 1, further comprising the step of replacing said content of said data field with said substitute bit pattern on all frames transmitted out a given port.

3. The method for securing data of claim 1, further comprising the step of transmitting said secured data frame to a given port.

4. The method for securing data of claim 1, wherein said data frame includes a destination address field and further comprising the step of:

examining said destination address field to determine if said data field is to be secured.

5. The method for securing data of claim 1, wherein said data frame includes a source address field and further comprising the step of:

examining said source address field to determine if said data field is to be secured.

6. The method for securing data of claim 1, further comprising the steps of examining a repeater port identification at which said data frame was received to determine if said data field is to be secured.

7. The method for securing data of claim 1, further comprising the step of faithfully transmitting unsecured data frames.

8. The method for securing data of claim 1, further comprising the step of examining a first bit after a start frame delimiter of said data frame to determine if said data field is to be secured.

9. In a local area network having a plurality of input/output devices coupled to a multiport repeater, a repeater structure for securing data on the local area network comprising:

means for replacing a content of a data field of a data frame received at said repeater with a substitute bit pattern to form a secured data field.

10. The repeater structure of claim 9, further comprising:

means, coupled to an input of said repeater, for identifying a given one of a plurality of data frames received at said repeater to be secured; and

means, coupled to said means for identifying and to said means for replacing a content of said data field, for activating said means for replacing a content of said data field.

11. In a local area network having a plurality of input/output devices coupled to a multiport repeater, a repeater structure for securing data on the local area network comprising:

means for replacing a content of a data field of a data frame received at said repeater with a substitute bit pattern to form a secured data field;

a security selection logic circuit, coupled to a local area network management system, to said means for replacing a content of a data field and to a receive port of said repeater, having:

(i) means for identifying given ones of a plurality of data frames received at said receive port to be secured; and

(ii) means for activating said means for replacing.

12. The repeater structure of claim 11, further comprising a means for replacing, with said substitute bit pattern, a remaining content of said data frame located after a frame check sequence field.

13. The repeater structure of claim 11, wherein said means for replacing a content of a data field comprises:

a bit pattern generator; and

a multiplexer, having an input coupled to said bit pattern generator, to said security selection logic circuit and to an encoder of said repeater, and having an output coupled to a transmit port of said repeater.

14. The repeater structure of claim 11, wherein said means for replacing a content of a data field is disposed between an encoder of said repeater and a transmit port of said repeater.

15. The repeater structure of claim 11, wherein said means for replacing a content of a data field is disposed between a decoder of said repeater and an elasticity buffer of said repeater.

16. The repeater structure of claim 11, wherein said means for replacing a content of a data field is disposed between an elasticity buffer of said repeater and an encoder of said repeater.

17. The method for securing data of claim 1, further comprising the step of examining a characteristic of said data frame to determine if said data frame is to be secured.

18. The method for securing data of claim 1, wherein said step of replacing a content of a data field further comprises the step of:

cryptographically replacing the content of said data field.

19. A secure repeater for use in a local area data network that utilizes data frames of preset format having in a predetermined position in the frame a destination address segment, the repeater including:

means for receiving incoming data frames and for retransmitting data frames during a time interval that begins before a complete frame of data has been received;

means for storing identifications for transmitting/receiving devices connected to the repeater;

means for reading at least one portion of the destination address segment of each incoming data frame and comparing the portion so read with the identification to determine whether the frame is permitted; and

means for corrupting the frame in retransmission to predetermined ones of the transmitting/receiving devices if the frame is not permitted.

20. A repeater, as claimed in claim 19, wherein the data frames include a source address segment, the repeater including means for reading and comparing both the destination address segment and the said source address segment of the incoming frame.

21. A repeater, as claimed in claim 19, wherein the said means for corrupting the data frame comprises means for overwriting said data frame with a series of binary digits selected from all 1's, all 0's, cyclically repeated sequences and pseudo-random sequences.

22. A repeater, as claimed in claim 19, wherein the said means for corrupting the data frame comprises an encrypting means.

23. A repeater, as claimed in claim 19, wherein the said identifications are established on the basis of the identity of equipment connected to ports of the repeater.

24. Apparatus having a number of ports coupled to a plurality of data transmitting/receiving devices to communicate data received at one of the number of ports from a sending one of the plurality of data transmitting/receiving devices for retransmission from the other of the number of ports to other, including a receiving one, of the plurality of data transmitting/receiving devices, the apparatus including structure for securing the data, comprising:

means for examining the data;

means, coupled to the examining means, for determining which of the other of the number of ports are selected to retransmit the data; and

means coupled to the determining means for replacing a portion of the data communicated from the other of the number of ports not selected to retransmit the data.

25. The apparatus of claim 24, wherein the data includes identification of the receiving one of the plurality of data transmitting/receiving devices, the determining means operating in response to the identification of the receiving one of the plurality of data transmitting/receiving devices for determining which of the other of the number of ports are selected to retransmit the data.

26. The apparatus of claim 24, wherein the data includes identification of the sending one of the plurality of data transmitting/receiving devices, the determining means operating in response to the identification of the sending one of the plurality of data transmiting/receiving devices for determining which of the other of the number of ports are selected to retransmit the data.

27. The apparatus of claim 24, the apparatus having means identifying the one of the number of ports to the determining means, the determining means operating in response to the identification of the one of the number of ports to determine which of the other of the number of ports are selected to transmit the data.

Description Submit all comments and votes

BACKGROUND OF THE INVENTION

The present invention relates to secured data transmission in multiuser computer architectures. More particularly, the present invention relates to prevention of unauthorized access to data communicated on local area networks.

A local area network (LAN) is a communications link between data processing equipment located in a limited geographic area. LANs connect personal computers, mini- and mainframe computers, printers and other similar devices implementing a concept that permits programs, data files, and resources to be shared throughout the network.

FIG. 1 contains a diagram of a typical LAN setup. In FIG. 1, the data processing equipment located in a discrete physical area, for example, different buildings, or in a discrete organization, for example, a department, are interconnected to form a local or departmental LAN. In the topology of FIG. 1 these smaller local LANs are interconnected via a backbone 8 by repeaters 10 to form the system-wide LAN.

Repeaters (also known as concentrators or hubs) are devices which regenerate LAN signals received at the repeater input and then output the regenerated signals to individual stations or nodes. Repeaters thus extend maximum network radius. Frames of data applied to any of the repeaters 10 are regenerated by the repeater for faithful rebroadcast to the station(s) or node(s) to which the individual repeater is connected. As illustrated by the repeater 10-3 of FIG. 1, repeaters 10 may also be connected to other repeaters.

The local departmental networks depicted in FIG. 1 may also contain routers and/or bridges 14. The bridges and routers serve to isolate the strictly local departmental traffic from the backbone traffic. Backbone traffic not destined for a local station is not forwarded across the bridge to the departmental LAN. Similarly, strictly local traffic is not forwarded across the bridge and placed on the backbone.

The bridge, however, does nothing to protect the interdepartmental and local traffic on the departmental LAN from being observable by all stations within that departmental LAN. This fact is especially applicable in broadcast based communications protocols, such as Ethernet, wherein all communications within the given LAN are received by all stations in that LAN. Sensitive and valuable user data is thus available to "promiscuous mode" or eavesdropping reception by any station connected to the departmental LAN. The eavesdropping connection can be made on any convenient place on the LAN (e.g., an office outlet) and is virtually undetectable.

The security threat presented by potential eavesdroppers has become increasingly credible as LAN equipment, personal computers, and portable network diagnostic equipment prices continue to drop, thereby making the equipment to eavesdrop readily available. Eavesdropping is also simpler to implement and more difficult to detect than in the past because LAN networks can now be interconnected with the same wiring systems used for telephones rather than the specialty cables required under other, earlier standards.

Merely suspending transmission of data to nodes that are not authorized to receive the data is an unsatisfactory solution in LANs using broadcast-based communication protocol. To do so may result in unacceptable collisions when stations on the "quiet" nodes, seeing no communications traffic, begin transmitting data despite the presence of communications traffic on other nodes of the LAN.

Some limited methods for access control security to counter the eavesdropping threat do exist. However, these existing methods are themselves subject to interception on the LAN. For example, a password, even in its encoded form, must travel through the network and is subject to interception.

SUMMARY OF THE INVENTION

The present invention provides a method and apparatus for countering the eavesdropping threat and for controlling access to LAN data transmissions within the local LAN. Broadly, the present invention provides LAN security by removing, at selected transmit ports of a repeater unit, the information contained in a data frame received by the repeater, and substituting therefor an independent bit pattern. The security processing can be selectively controlled at the network management or user level.

According to embodiments of the invention, the security process of the present invention may be implemented statically or dynamically. If implemented statically, security will be activated for all data frames transmitted from a given transmit port of a repeater. If implemented dynamically, security will be selectively activated only for certain data frames transmitted from a given transmit port while other data frames are faithfully transmitted from other transmit ports. The data frames for which security is dynamically activated can be determined by the destination address, source address, receiving port identification or other variables or combinations thereof.

According to other embodiments of the present invention, the security process may be either transparent or non-transparent to the LAN. If security is transparent, a valid, although altered, data frame is transmitted. In transparent security the frame check sequence is recalculated to account for the alteration of the data frame made by the substitution of the frame's data field. If security is implemented non-transparently, the frame check sequence field is not recalculated and an invalid frame is transmitted from the repeater to the attached device.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a local area network;

FIG. 2 is a diagram of a medium access control data frame format according to IEEE standard 802.3;

FIG. 3 is a block diagram of a local area network in which security has been activated dynamically according to an embodiment of the present invention;

FIG. 4 is a block diagram of an IEEE 802.3 N-port repeater showing modifications according to embodiments of the present invention; and

FIG. 5 is a block diagram of a bit substitution pattern generation and repeater architecture according to an embodiment of the present invention.

DESCRIPTION OF SPECIFIC EMBODIMENTS

FIG. 2 contains an example of a data transfer frame 30 according to IEEE standard 802.3 for use in LAN data transmission of the type illustrated in FIG. 1. As FIG. 2 illustrates, the data frame 30 contains five fields, 32-40, of information that follow the preamble and a start frame delimiter (SFD) fields 31. A six-byte destination address (DA) field 32, indicates the node or station for which the data frame 30 is destined; a six-byte source address (SA) field 34 identifies the node or station sending the data frame 30; a 2-byte field 36 specifies the length of the data contained in an information field 38 which may be 46-1500 bytes long. The final field of the data frame 30 is the frame check sequence (FCS) field 40. A frame check sequence field 40 assists in error detection, and typically, contains an n-bit number having a value F that is appended to the k bits contained in fields following the extent of the frame form a k+n bit quantity. The value of F is computed by the sending device so that the k+n bit quantity, when divided by a predetermined n+1 bit number P, results in a predetermined n-bit remainder R. The device receiving the data frame divides the k+n bit portion of the frame by P and, if the resulting remainder is equal to R, assumes there are no errors contained in the data frame. Otherwise it is assumed that an error has occurred somewhere with the k+n bit quarterly. In the IEEE 802.3 example, n=32 and the CRC-32 system for computing F is specified. A detailed discussion of LAN architectures and data transfer standards may be found in The Handbook of Computer Communications Standards, Vol. 2, 2d Ed. by William Stallings, Ph.D; Howard Sams & Co., 1990.

Operational Overview

In the present invention, LAN security is provided by removing, at selected transmit ports of a given repeater unit, the data contained in the information field 38 of the data frame received by the repeater, substituting therefor an independent bit pattern for transmission on the LAN to nodes or stations having no need to receive the data frame (i.e., unauthorized destinations). At the same time, the data frame 30 is faithfully transmitted from other ports to the authorized destinations. In this manner, valid data is received only at stations or nodes connected to authorized transmit ports of the repeater unit. Eavesdropping stations attached to other ports receive only frames with the substituted bit pattern.

Although the IEEE 802.3 LAN standard is discussed herein, the present invention may be used on other types LAN configurations, such as those using other Carrier Sense Multiple Access with Collision Detection (CSMA/CD) standards or protocols.

The eavesdropping protection provided by the present invention may be implemented in two ways: non-transparently and transparently. In either implementation, the independent bit pattern can be statically or dynamically substituted for frames received and/or transmitted.

Non-Transparent Security

Non-transparent eavesdropping protection will result in transmission of a data frame that is not a legal frame according to the communications protocol implemented by the LAN (i.e., IEEE 802.3). In addition to the data contained in the information field, any or all other bits in the frame, including the preamble and start frame delimiter field 31 may also be replaced with an independent bit pattern. Any station connected to a transmit port of the repeater with non-transparent security activated will be able to send traffic in accordance with the CSMA/CD medium access control protocol, but will be unable to receive any valid data frames--except those authorized for that port.

Non-transparent eavesdropping protection has the advantage of being inexpensive and easy to implement. As discussed below, transparent protection depends upon being able to identify the data frame and its content (e.g., the start of the frame, the beginning of the various fields, etc.). In addition, under the popular Ethernet local area network (LAN) protocol (as opposed to IEEE 802.3) it is even more difficult to implement eavesdropping security transparently since there is no way for the repeater without including an even more complex circuitry to interpret information in upper layer protocol) to determine in advance the length of the data frame and thus the start of the FCS field. Thus, in this case, the re-calculated FCS cannot be substituted for the last four bytes of the data frame. Lengthening the frame by four bytes would adversely impact the operation of the carrier sense multiple access with collision detection (CSMA/CD) protocol mechanism.

Transparent Security

When eavesdropping protection is implemented transparently, the resulting data frame is correctly formed. At a minimum, the information field 38 is replaced with an independent bit pattern, in effect obliterating the information content of the data frame; other particulars (e.g., source address) may remain the same, except that a re-calculated FCS must replace the original FCS to reflect the substitution of the independent bit pattern. In transparent protection, the security logic of the repeater unit supports the usual IEEE 802.3 repeater process up until start of the bit pattern substitution process. Depending upon the type of security active (i.e., static or dynamic), this may begin at any point after the Start Frame Delimiter, but no later than the beginning of the information field 38 containing user data. At this point, all subsequent bits of the frame (except the length field 36) through the information field 38 are modified by substituting the output of a bit pattern generator. At the end of the replacement information field, a new frame check sequence field 40 that has been recomputed using the new frame contents is also substituted as the final field of the frame. The result is a completely legal IEEE 802.3 frame, which has had its information contents (and possibly its source and/or destination address) completely overwritten.

The integrity of the basic CSMA/CD media access control protocol is preserved in both the transparent and non-transparent security processes by ensuring that the number of bits in all repeated frames are identical, regardless of whether they are substituted for or not. Any security process in which bit repetition out unauthorized ports is merely suspended results in unacceptable collisions if stations on those "suspended" ports start transmitting despite the presence of traffic on other ports. In the case of transparent eavesdropping protection, the integrity of the IEEE 802.3 frame format is also preserved by leaving the length field (and possibly the source and destination address fields) unchanged and recomputing and substituting the frame check sequence field to produce a well-formed and legal IEEE 802.3 frame. This recalculation prevents misleading frame check sequence error counts being registered by stations attached to the secured port.

Both transparent and non-transparent security can be implemented statically or dynamically for all frames on a particular transmit port.

Static Security

Implementing security statically on a given transmit port results in all data frames transmitted from that port being encoded with the substitute bit pattern without regard to the source address, destination address, or the like of each received data frame. A station connected to this port could not eavesdrop on any traffic, even traffic addressed to that station. Static security thus prevents any reception of unaltered frames by a station connected to this transmit port but allows the station to communicate one-way (i.e., transmit) to other stations on the network. For example, a station might first authenticate itself (e.g., a password) to an access control server that then deactivates the security state for the appropriate port if the requesting station/user is authorized full connectivity. Confidentiality and access control security services are thus both supported by this implementation.

Dynamic Security

Dynamic security permits security selection to be based on criteria that are particular to each individual data frame such as, for example, the destination address of the data frame. Thus, for example, dynamic security may be activated by comparing the frame's destination address with those authorized for a particular port. A receiving station attached to that port would not be able to eavesdrop on traffic addressed to other stations (no match), but continues to enjoy full reception of frames addressed to it (match).

The concept of dynamically implemented eavesdrop security is better understood with reference to FIG. 3, which illustrates a LAN including repeaters 42, 44, 46 having transmit/receive ports 42a, 44a, and 46a connected to a backbone communication link 48 (the repeater 46 being connected via a bridge unit 49). Insofar as FIG. 3 shows, the repeater unit 42 receives at input port 50 data frames that are communicated from a station 1; data is communicated from the repeater unit 42 to stations 2, 3, and 4 via transmit ports 52, 53, and 54, respectively. Similarly, the repeater unit 44 has stations 5, 6, 7, and 8 (this latter being a Net Manager station) connected to transmit ports 56, 57, 58 and 59, respectively.

The repeater unit 46 is connected via transmit ports 60 and 61 to input ports of other repeaters, while the transmit ports 62 and 63 are connected to stations 9 and 10.

Certain repeater ports of the LAN of FIG. 3 have security dynamically activated. Ports 50, 52, 53, 54, 56, 57, 58, 62, and 63 have been assigned authorized destination addresses corresponding to stations 1, 2, 3, 4, 5, 6, 7, 9, and 10, respectively.

Certain repeater ports of the LAN of FIG. 3 preferably have eavesdrop security disabled. Such is the case for the transmit ports 42a, 44a and 46a of the repeater units 42, 46, 48. One reason is that to implement security at these points would be redundant since it can also (and most likely will--in this example) be implemented at a transmit port further downstream the communication path. For basically the same reason eavesdrop security is disabled at the transmit ports 60 and 61 that connect to the Departments C and D repeaters. Another reason is that some stations must be given access to all traffic. For example, the Net Manager station (station 8) connected to port 59 has eavesdrop security disabled so that it can be given access to all LAN traffic for operational reasons.

In FIG. 3 the transmit ports having eavesdrop security disabled are identified with the letter "D" adjacent thereto.

FIG. 3 illustrates destination based, dynamic eavesdrop security. Assume station 1 assembles and transmits a data frame destined for station 10. The repeater unit 42 will receive the data frame (at input port 50) and communicate it to its transmit ports 42a, 52, 53, and 54. Since eavesdrop security at transmit/receive port 42a is disabled, the data frame will be passed, unaltered, onto the backbone connection 48 for receipt by the repeater units 44, 46 (via bridge 49) at their respective transmit/receive ports 44a, 46a.

The transmit ports 52, 53, 54 of the repeater unit 42 also send the data frame. However, since station 10 is not an authorized destination address for any of those transmit ports, eavesdrop security will be implemented by replacing the information field 38 (FIG. 2) with an independent bit pattern. All other aspects of the data frame (e.g., destination address, source address, etc.) remain unchanged, with the exception of the FCS field; it will be computed to reflect the data frame as sent, including the independent bit pattern now contained by the information field 38.

In similar fashion the transmit ports 56, 57, 58 of the repeater 44 will note that the data frame is destined for a station other than which is authorized for the transmit port and implement eavesdrop security (i.e., replace the information field 38 with an independent bit pattern). Since the transmit port 59 has eavesdrop security disabled, the data frame will be communicated, undisturbed, to station 8.

The repeater unit 46 will likewise pass the received data frame to its transmit ports 60-63. The data from Station 1 will be communicated unchanged from the transmit ports 60 and 61 since eavesdrop security is disabled. Eavesdrop security, being enabled on the transmit port 62, and the destination address (Station 10) not being authorized for transmit port 62, will result in a modified data frame with the original information removed being delivered to Station 9.

Station 10, the destination of the data frame from Station 1, is connected to the transmit port 63. The repeater recognizes this fact (by comparing the destination address of the data frame with the address authorized for port 63) and forgoes instituting eavesdrop security, communicating the data frame in its true form to Station 10.

Security on a particular transmit port can be determined on a per-frame basis using the destination address field as illustrated above, but also by using a logical combination of the receiving port identification, the frame's destination address and/or source address to make the security decision. Thus, other stations (e.g., Stations 3 and 4--FIG. 3) may also be permitted to receive the original data frame, in addition to the destination (e.g., Station 10) by authorizing ports 53 and 54 to transmit traffic unaltered if it came from port 50, was sent by Station 1 and/or was sent to Station 10. The bit substitution process can be the same in each case except the timing of the security decision will vary. For example, for decisions based solely on the receive port identification, the security process is identical to that of address-based bit substitution, except that the decision to alter the information field can be made much earlier in the process of frame relay (i.e., prior to the start of the destination address field). If it is desirable, bit substitution can begin as soon as the combinatorial logic is satisfied, consistent with the transparency requirements chosen.

Repeater Architecture

FIG. 4 is a generalized block diagram of a typical IEEE 802.3 N-port repeater modified, as will be further described, according to the teachings of the present invention.

As illustrated in FIG. 4, the IEEE 802.3 N-port repeater unit, designated generally with the reference numeral 80, includes an input unit 82 connected to receive ports 1-N of the LAN (not shown) in which the repeater 80 is connected via input bus 81. N, here, is 13; thus, the repeater 80 has thirteen (13) receive ports at any one of which a data frame can be received. Since each port 1-N can also function as a transmit port, the repeater 80 will, similarly, have thirteen port outputs 1-N. The receiver unit 82 is, in effect, typically nothing more than an OR gate or a wired-OR connection.

The receiver unit conducts the data frame, containing both a clock signal and the data in Manchester encoded form to a decoder 86. The decoder 86 operates to extract the embedded clock signal and data. The data so extracted is applied to an elasticity buffer 88 (i.e., a first in-first out (FIFO) memory) that is used to synchronize the data to the clock signal of the repeater unit 80. The output of the decoder 86 is also conducted (along with the input bus 81) to the security logic of FIG. 5 by a signal line 87.

The output of the elasticity buffer 88 is, in turn, applied to a multiplexer (MPX) 90, which also receives the output of a preamble generator 92. Under control of the global state machine 84, the preamble will be added to the data frame to be communicated by the repeater unit 80, via the MPX 90.

The output of the MPX 90 is applied to an encoder 94, where the data is returned to Manchester coding for transmission, via the transmit logic elements 96, to the thirteen output ports 1-N.

As will be seen, with respect to FIG. 5, in order to incorporate a preferred embodiment of the invention, the transmit logic elements 96 are configured to include multiplex circuitry to selectively communicate the output of the encoder 94 to the corresponding output port, or an independent bit stream from the security logic (FIG. 5).

Control of the elements constituting the repeater unit 80 is maintained by the global state machine 84 in conventional fashion. Responsive to signaling on one of the signal lines of the input bus 81, indicating a data frame is being received at one of the receive ports 1-N, the global state machine 84 will develop control signals that are communicated on the control bus 85 to the various components of the receiver unit 80. For example, when the global state machine 84 detects initiation of signaling on the input bus 81, it will immediately develop control signalling to cause the preamble generator 92 to begin generating a data frame preamble, switch the MPX 90 to couple the preamble generator 92 to the encoder 94, and enable all transmit ports 96 except the one associated with the receive port receiving the data frame (to avoid effecting a collision by trying to "repeat" the data frame back to its sender).

Although the repeater unit 80 can be fabricated in discrete circuitry, there is now available, and preferred, integrated circuitry available from a number of companies, including National Semiconductor Corporation (Part No. DP83950) which will perform the functions of the repeater unit 80. However, using the National Semiconductor product will require multiplex circuitry, as will be seen, to be added at the transmit ports 96 of the product.

Referring now to FIG. 5, there is illustrated the security logic of the present invention, designated generally with the reference number 100, for implementing eavesdrop security. As FIG. 5 shows, the input bus 81 is coupled from the repeater unit 80 (FIG. 4) to a security state machine 136, and a random-access memory (RAM) unit 129. The signal line 87 from the repeater unit 80 is received by source address (SA) and destination address (DA) registers 104, 106, a byte counter 108 and a length register 110. The SA and DA registers operate to capture and hold the source and destination addresses of the data frame being received by the repeater unit 80, while the byte counter 108 operates to count the bytes of the received data frame. The length register will receive and hold the 2-byte length field 36 (FIG. 2).

The state machine 136 provides the control necessary over various of the elements e.g., MPXs 112, 120, 134) that constitute the security logic 100. As FIG. 5 illustrates, the state machine 136 receives, via a network management bus 123, command information, enabling it to determine whether or not the security logic 100 will operate in a dynamic or static mode, a mixture of dynamic modes, and whether operation will be transparent or non-transparent.

The signal line 87 also communicates the data frame to one input of a multiplex (MPX) circuit 112. The other input of the MPX circuit 112 receives an output of a bit stream generator 114. The selected signal (i.e., that carried by the signal line 87, or the output of the bit stream generator 114) is applied to a frame check sequence (FCS) generator which develops the FCS that will be added to the data frame when its information field is modified according to the present invention. The FCS calculated by the FCS generator 116 will reflect the modified data frame as a whole.

The bit stream generator 114 produces the independent bit stream used for implementing the eavesdrop security of the invention. The bit stream is a 5 MHz signal (in the case of 10 Mbps Manchester-encoded data) which is a string of alternating ONEs and ZEROs.

The content of the SA and DA registers 104, 106 are selectively applied, via a multiplex circuit 120 (controlled by the security state machine 136), to a content addressable memory (CAM) 122. The output of the CAM 122 is a value that will identify which of the port outputs (FIG. 4) will receive the data frames, and which will have eavesdrop security implemented (based upon the source or destination address of the data frame), receiving instead the independent bit stream. That value will ultimately operate to control multiplexer circuits 130-1, . . . , 130-N that form a part of the transmit logic elements 96 of the repeater unit 80. The MPX circuits 130-1, . . . 130-N operate to select between the output of the encoder 94, which supplies the data frame received by the repeater unit 80, and the output of the multiplex (MPX) circuit 134--in the first instance, the independent bit stream produced by the bit stream generator 114. The MPX circuit 134, in turn, selects between the bit stream generator 114 and the FCS generator 116.

The CAM 122 is of conventional design, operable to receive a 48-bit "content" and provide in response an 8-bit "address" when the applied value matches the content of one or more locations of the CAM 122. When such a match is identified, the (8-bit) address is loaded in an output register (not shown) of the CAM. If more than one match is found, the results of the first match will be loaded in the output register (not shown) of the CAM 122, and a "match" flag will be set to indicate that other matches were found. As will be evident to those skilled in this art, because of the large number of Ethernet addresses available, the use of a CAM results in a much smaller memory than if a conventional memory were used (i.e., 2.sup.48 .times.8 locations for convention memory vs. 2.sup.8 .times.48 for the CAM 122). Only four of the 8-bits provided by the CAM are used since the repeater unit 80 will typically have only 13 transmit ports (although more, or less, transmit ports can be implemented).

The CAM 122 is connected to the security state machine 136 by a control bus 136a, permitting the state machine to effect control over the CAM for unloading the CAM's output register (not shown). The security state machine 136 is also capable, via the control bus 136a, of determining the state of the match flag of the CAM.

The 4-bit output of the CAM 22 is applied to a decode unit 124. The decode unit 124 includes a register file (not shown) for receiving the addresses from the CAM 22 corresponding to each match identified for the applied source or destination address. The register file (not shown) is loaded by control signals communicated from the CAM 122 by control lines 122a. The contents of the register file (not shown) are combined by the decode unit 124, decoded, and used to form selection signals, one for each MPX 130 that is to pass the data frame from the encoder 94 to the corresponding port output. The CAM 122, therefore, will deliver (under supervisorial control of the security state machine 136) one or more values corresponding to the matches between CAM contents and the value received from the SA or DA registers 104, 106 and applied the input of the CAM 122. The value(s) received by the decoder unit 124 is (are) indicative of one or more of the port outputs to receive the true (unmodified) data frame; conversely, the value(s) will also identify those port outputs designated to receive the independent bit stream provided by the security logic 100. Thus, responsive to the value(s) received, the decode unit 124 will assert a logic ONE on the output line(s) corresponding to the port output to receive the data frame from the encoder 94. Conversely, logic ZEROs will be asserted on the output line(s) of the decode 124 corresponding to the port output(s) not authorized to receive the data frame; these port output(s) will receive instead the bit stream from the security logic 100.

The outputs of the decode unit 124 are each individually applied to a corresponding one of an array 126 of two input AND gates. The second input of each AND gate of the array 126 is coupled to receive a corresponding output from an array 128 of NOR gates. When eavesdrop protection is based upon the source or destination addresses contained in the data frame being received, the outputs of the NOR gates will be forced HIGH to enable port output selection by the signals on the outputs of the decoder 124, with the exception that the selection(s) being made, based upon address (source or destination), can be overridden; that is, as will be explained further below, a port output designated to receive the data frame by the address contained in that data frame, can be forced to receive instead the bit stream of the security logic 100