This patent must be fought tooth and nail. It is loaded with art which has been done MANY times before. I will be personally taking this on as a battle for my employers but we need all guns blazing at the patent office. Lockheed, General Dynamics, and more have done SDR units with red side/black side in it for JTRS but we just don't want R&S to be able to patent something so basic as this in a communications system.

This should be on the radar for cellular telephone companies and more.


Bob





http://www.faqs.org/patents/app/20100027782

Inventors:  Ingo Voll  Boyd Buchin  Dieter Soergel
Agents:  MARSHALL, GERSTEIN & BORUN LLP
Assignees:  Rohde & Schwarz GmbH & Co. KG
Origin: CHICAGO, IL US
IPC8 Class: AH04L918FI
USPC Class: 380 42
Patent application number: 20100027782

Abstract:
The invention relates to a device for processing datastreams in a communications unit with two mutually-separate data-processing regions, which provide at least two separate message paths. The message paths are connected respectively to a message transmitter and a message receiver, wherein, in each message path, an encoding module is provided, which is connected both to a first data-processing region and also to a second data-processing region. Furthermore, in the second data-processing region, a distribution unit is provided, which is connected to the message paths of the first data-processing region and to all encoding modules of the corresponding message paths in order to distribute given messages in a targeted manner.
Claims:
1. Device for processing datastreams in a communications unit with two mutually-separate data-processing regions, which provide at least two separate message paths, which are connected respectively to a message transmitter and respectively to a message receiver,comprising,an encoding module in each message path connected both to a first data-processing region and to a second data-processing region, anda distribution unit connected to the message paths of the second data-processing region and to all encoding modules of the corresponding message paths for the targeted distribution of given messages.

2. Device according to claim 1, whereinthe first data-processing region is provided for processing of sensitive data, and the second data-processing region is provided for a processing of non-sensitive data.

3. Device according to claim 1, whereintest rules for data exchange between the various message paths of the first data-processing region are provided in each encoding module.

4. Device according to claim 1, whereinin a relay operating mode, a selective distribution of the datastream to the various message paths is provided.

5. Device according to claim 4, whereinthe selective distribution of the datastream is provided on the basis of different domains with an addressing and/or different classification with regard to confidentiality.

6. Device according to claim 1, whereintest rules for a configurable data exchange between the first data-processing region and the second data-processing region of a message path are provided in each encoding module.

7. Device according to claim 6, whereinthe test rules are address lists and/or other confidentiality tables.

8. Device according to claim 1, whereinin the case of an error, a data leakage from the first data-processing region is prevented.

9. Device according to claim 1, whereinan automatic testing of the incoming and/or outgoing communication between the message paths is provided in the encoding modules.

10. Device according to claim 1, whereina differentiation of the datastreams on the basis of a degree of confidentiality is provided.

11. Device according to claim 1, whereinthe distribution unit is connected to a configuration unit.

12. Device according to claim 6, whereinthe test rules are selectively configurable in the encoding modules.

13. Device according to claim 1, whereinat least one key capable of being read in from externally is stored in each encoding module.

14. Device according to claim 13, whereinthe key can be read in by a memory element.

15. Device according to claim 1, whereinthe various message paths meet different and/or the same communications standards.

16. Device according to claim 1, whereinthe communications unit is a radio device.

17. Device according to claim 1, whereineach message path is connected at a first end to an antenna and at a second end to a user interface.

18. Device according to claim 1, whereina bi-directional operating mode is provided at least for a subset of the message paths.

19. Method for processing datastreams in a communications unit, comprising processing the datastreams in two separate data-processing regions, and transporting the datastreams in at least two separate message paths between respectively a message transmitter and respectively a message receiver and are encoded or decoded in each case by an encoding module in the corresponding message path,wherein each encoding module is connected to a distribution unit, which distributes given messages within a first data-processing region and given messages within a second data-processing region in a targeted manner to various message paths.

20. Device according to claim 19, comprising processing sensitive data in the first data-processing region, and processing non-sensitive data in the second data-processing region.

21. Method according to claim 19, comprisingin a relay operating mode, selectively distributing the datastream to the various message paths.

22. Method according to claim 19, comprising distributing the datastream on the basis of different domains with an addressing and/or different classification with regard to confidentiality.

23. Method according to claim 19, comprising implementing test rules for a configurable data exchange between the various message paths of the first data-processing region in each encoding module.

24. Method according to claim 23, comprising using address lists and/or confidentiality tables as test rules.

25. Method according to claim 23, comprising implementing test rules for a configurable data exchange between the first data-processing region and the second data-processing region of a message path in every encoding module.

26. Method according to claim 23, comprisingin the case of an error, the test rules preventing data leakage from the first data-processing region.

27. Method according to claim 23, comprisingwith the test rules, automatically testing incoming and/or outgoing communication between the message paths.

28. Method according to claim 23, comprisingthe test rules distinguishing datastreams on the basis of a degree of confidentiality.

29. Method according to claim 23, whereina configuration unit is connected to the distribution unit.

30. Method according to claim 23, whereinthe test rules are configured selectively in the encoding modules.

31. according to claim 30,comprising reading at least one key into every encoding module by a memory element via the configuration unit from externally.

32. Method according to claim 19, comprising operatingat least one subset of the message paths bi-directionally.

33. Device according to claim 13, wherein the key can be read in by a USB plug, which is connected to the configuration unit.

34. Device according to claim 1, wherein the communications unit is a software-defined radio device.

35. Method according to claim 30, comprising reading at least one key into every encoding module by a USB plug memory element via the configuration unit from externally.
Description:
[0001]The invention relates to a device and a method for processing datastreams in a communications unit.

[0002]A communications network is known from DE 10 2005 050 174 A1, which provides integrated central devices, wherein, for security-relevant reasons, one part of the device-internal data processing is done with encoded data and also with encoded service-quality data.

[0003]With this communications network, it is disadvantageous that the infrastructure provided therein meets only a single, defined standard, and the participating devices are conventional 1-line devices, which process a single radio communication method.

[0004]The invention is based upon the object of providing a device and a method, with which several different infrastructures are realized simultaneously within a device for encoded data communication, and a participant can use several lines or respectively radio methods simultaneously or in alternation.

[0005]With regard to the device, the named object is achieved according to the invention by the features of claim 1. The features of claim 19 achieve the named object with regard to the method according to the invention.

[0006]Advantageous further developments form the subject matter of the dependent claims referring back to claim 1 and claim 19 respectively.

[0007]Accordingly, the device according to the invention for processing datastreams provides a communications unit with two mutually-separate data-processing regions, which are connected to one another via at least two separate message paths, wherein the message paths provide respectively a message transmitter and respectively a message receiver. An encoding module, which is connected both to a first data-processing region and also to a second data-processing region, is provided in each message path. Furthermore, a distribution unit, which is connected to the message paths of the first data-processing region and to all encoding modules of the corresponding message paths for a targeted distribution of given messages, is provided in the second data-processing region.

[0008]The advantages achieved with the invention consist, in particular, in that the device according to the invention provides several message paths or radio lines in its communications unit. Accordingly, the device according to the invention can be used as a gateway between at least two differently-designed networks.

[0009]Two mutually-separate data-processing regions are advantageously provided, wherein sensitive data are processed in the first data-processing region, and non-sensitive data are processed in the second data-processing region. This ensures that sensitive and non-sensitive data are always separated and cannot be mixed.

[0010]This advantageously reduces the cost for the installation of several network hardware units provided as a network transition (gateway) for a network infrastructure, because, with the use of the device according to the invention, only a single hardware unit needs to be operated as a network transition or gateway within several networks to be connected.

[0011]Moreover, it is advantageous, if the device according to the invention is also conceived as a terminal device for the network participant. The device according to the invention advantageously provides as a communications unit an SDR radio device (Software Defined Radio, that is to say, a software-based radio device), in which several (radio) lines are realized via a software program, so that this radio device can be adapted in a flexible manner to the respective standards for network planning. Several conventional radio devices can advantageously be replaced with the device according to the invention.

[0012]Furthermore, it is advantageous, if the Internet Protocol (IP) technology is implemented in the device according to the invention, so that relatively large and non-homogenous network regions can be connected or networked with one another.

[0013]In particular, it is advantageous, if the device according to the invention provides a communications unit, which provides several radio lines or message paths, which can be networked with one another according to previously-defined rules. Accordingly, a routing function between different networks, such as an IP-based network and a network for a government-authorities radio is provided by means of the device according to the invention or respectively by the method according to the invention, wherein, according to the advantages of the present invention, the protection of information is constantly guaranteed.

[0014]Furthermore, it is advantageous, if the communications unit of the device according to the invention provides an internal-encoding capability by means of the encoding module integrated within it. Accordingly, the information protection for high-confidentiality data (sensitive data) is secured in the case of a transmission via publicly-accessible networks.

[0015]Beyond this, it is advantageous that data of different domains, for example, data from different departments of a company, and data of different classification with regard to their confidentiality can be processed on a single platform or within the device according to the invention in such a manner that confidential data are kept within a previously-defined region. In particular, it is advantageous that, in the un-encoded condition, confidential data (sensitive data) are strictly separated from less-confidential data.

[0016]According to one advantageous development of the device according to the invention, test rules for a data exchange between the various message paths or respectively radio lines of the second data-processing region are provided in every encoding module, wherein the message paths or respectively radio lines within the communications unit advantageously meet different and/or the same communication standards.

[0017]The distribution unit of the device according to the invention is expediently connected to a configuration unit. By means of this configuration unit, the test rules and/or the key can be selectively configured in the individual encoding modules by connecting a memory element, in particular a USB plug, which contains the desired configuration data, to the configuration unit.

[0018]According to one advantageous further development of the device according to the invention, a bidirectional operating mode is provided for a subset of the message paths provided in the communications unit. For at least one subset of the message paths, a uni-directional operating mode can be provided, which additionally increases the information protection of given data, because, for example, these cannot be transmitted, since only a reception path is provided for this type of data.

[0019]The method according to the invention relates to the fact that datastreams are processed in two mutually-separate data-processing regions, wherein the datastreams are transported in at least two separate message paths between respectively one message transmitter and respectively one message receiver and encoded or decoded in each case in an encoding module within the corresponding message path. Each encoding module is connected to a distribution unit within the second data-processing region, which distributes given messages of a datastream in a targeted manner to various message paths within the first data-processing region and the second data-processing region.

[0020]According to one advantageous further development of the method according to the invention, test rules for a configurable data exchange between the various message paths of the first data-processing region are implemented in every encoding module. Accordingly, sensitive data are prevented from leaking from this data-processing region in an uncontrolled manner.

[0021]One further advantage of the method according to the invention is that test rules for a configurable data exchange between a sensitive datastream and at least one message path are implemented within every encoding module in the second data-processing region. Accordingly, it is possible for sensitive data from the first data-processing region to be encoded and accordingly released for distribution on public networks in a controlled manner.

[0022]Moreover, it is advantageous, if the method according to the invention provides that, with the test rules, incoming and/or outgoing communication between the message paths are self-analyzed or automatically analyzed, and datastreams are subdivided on the basis of their level of confidentiality into sensitive and non-sensitive data.

[0023]Exemplary embodiments of the present invention are described below. Both the structure and also the method of operation of the invention and its further advantages and objects are best understood with reference to the following description in conjunction with the associated drawings. The drawings are as follows:

[0024]FIG. 1 shows an application scenario for two exemplary embodiments of the device according to the invention provided as a gateway;

[0025]FIG. 2 shows the problem of uncontrolled data leakage in a device for a gateway; and

[0026]FIG. 3 shows an exemplary embodiment of a device according to the invention with three message paths or respectively lines, which avoids the problem presented in FIG. 2.

[0027]Parts corresponding to one another are provided with the same reference numbers in all the drawings.

[0028]FIG. 1 shows an application scenario for two exemplary embodiments 1a, 1b of the device 1 according to the invention provided as a network transition (gateway). In this application scenario, two different Manet radio networks 16a, 16b (Mobile Ad-hoc Networks, self-configuring radio networks) are connected to one another via a first exemplary embodiment 1a of the device 1 according to the invention, wherein this first exemplary embodiment 1a represents a 2-line device, which provides two different message paths 5a, 5b, 5c or lines. Moreover, the application scenario provides a radio network 17 for government authorities, which is connected via a second exemplary embodiment 1b to both Manet radio networks 16a, 16b, wherein the second exemplary embodiment 1b of the device 1 according to the invention represents a 3-line device with three different message paths 5a, 5b, 5c. Conventional radio devices, which are marked here as the 1-line device 18, communicate within the three sub-networks 16a, 16b, 17 of the application scenario.

[0029]FIG. 2 illustrates the problem of the un-controlled data leakage in a device for a gateway, wherein this device provides three lines or message paths 5a, 5b, 5c. In an open data-processing region 4a, data, especially sensitive data, are supposed to be prevented from being exchanged between the message paths 5a, 5b in an uncontrolled manner.

[0030]FIG. 3 shows the second exemplary embodiment 1b of the device 1 according to the invention with three message paths 5a, 5b, 5c or lines, wherein this exemplary embodiment avoids the problem of uncontrolled data leakage presented in FIG. 2. The device 1 according to the invention for processing datastreams 2 in a communications unit 3 comprises two mutually-separate data-processing regions 4a, 4b, which provide several, separate message paths 5a, 5b, 5c, which are connected respectively to a message transmitter 6 and respectively to a message receiver 7. In each message path 5a, 5b, 5c, respectively one encoding module 8a, 8b, 8c is provided, which is connected both to a first data-processing region 4a and also to a second data-processing region 4b. Furthermore, in the second data-processing region 4b, a distribution unit 9 is provided, which is connected to the message paths 5a, 5b, 5c of the first data-processing region 4a and to all encoding modules 8a, 8b, 8c of the corresponding message paths 5a, 5b, 5c for the targeted distribution of given messages.

[0031]In the second data-processing region 4b, the conditioning of the datastream for transmission via the antenna 15 is implemented. This involves amplifiers, modems, filters and a wave-form control unit. The substantial requirements result from the respective radio method of the message path 5a, 5b, 5c, wherein no confidential or sensitive data are processed in plain text, that is to say, un-encoded, in the second data-processing region 4b.

[0032]The encoding module 8 separates the second data-processing region 4b from the first data-processing region 4a, wherein all confidential data are protected through cryptographic methods, which are implemented in the encoding modules 8a, 8b, 8c.

[0033]In the device 1 according to the invention, there is a need for the exchange of data between the individual message paths 5a, 5b, 5c, wherein the data exchange within the second data-processing region 4b is possible without difficulty via standard methods, such as network switches. In this context, information protection for the data is guaranteed because of their encoding.

[0034]The data provided for a given message path 5a, 5b, 5c are now addressed and marked for subsequent transfer to the encoding module 8a, 8b, 8c. The encoding module 8a, 8b, 8c checks the authorization of the message path 5a, 5b, 5c for the data exchange and the degree of confidentiality of the data to be transferred. The encoding module 8a, 8b, 8c then marks the data and transfers them together with the address of the receiving message path 5a, 5b, 5c to the second data-processing region 4b.

[0035]The encoded data are now transferred via the distribution unit 9 to the second data-processing region 4b of the corresponding message path 5a, 5b, 5c. From there, the encoded data are routed to the encoding module 8a, 8b, 8c of the addressed message path 5a, 5b, 5c, wherein device-internal addressing methods are used. The encoding module 8a, 8b, 8c of the message path 5a, 5b, 5c, which receives the data determined for it, checks the markings and decodes the datastream 2 and transfers the latter to the first data-processing region 4a of this message path 5a, 5b, 5c, where it is further processed according to the radio method of the receiver message path 5a, 5b, 5c. For example, an output to the user interface 14 or a transmission via the antenna 15 etc. is implemented.

[0036]Furthermore, in the device 1 according to the invention, a selective distribution of the datastream 2 is provided with reference to different domains with an addressing and/or a different classification with regard to confidentiality or sensitivity. Wherein domains can be different administrative units within an organization, and a different classification of the data relates to how secure the encoding method used must be, that is to say, how confidential the data for the transmitting domain or for the receiving domain should be.

[0037]In the first data-processing region 4a, the confidential or sensitive data are processed, wherein the type of data processing depends upon the type of data occurring for the user and upon the radio method in the publicly-accessible region.

[0038]The distribution unit 9 allows a general data exchange, which is subject to the implemented test rules, wherein these test rules also access the stored key.

[0039]In each encoding module 8a, 8b, 8c, test rules for a data exchange between the various message paths 5a, 5b, 5c of the first data-processing region 4a are provided. The distribution unit 9 in the second data-processing region 4b is connected to a configuration unit 10, so that, via the latter, the test rules can be selectively configured from externally in the encoding modules 8a, 8b, 8c. Furthermore, at least one externally-readable key is stored in each encoding module 8a, 8b, 8c, wherein the key can be read in, for example, by means of a USB plug 11, which can be connected to the configuration unit 10.

[0040]The device 1 according to the invention provides that the various message paths 5a, 5b, 5c within a communications unit 3 fulfill different and/or the same communication standards, such as UMTS, GSM or TETRA. In this context, the communications unit 3 is a radio device, in particular, a software-defined radio device (SDR), so that the various radio standards can be loaded in a user-defined manner into the communications unit 3 of the device 1 according to the invention.

[0041]Each message path 5a, 5b, 5c provides an antenna 15 at a first end and a user interface 14 at a second end 13. In this context, the user interface 14 can be a human-machine interface or an interface with a further communications device.

[0042]The device 1 according to the invention can provide a bi-directional operating mode for one subset of the message path 5a, 5b, 5c and a unidirectional operating mode for a further subset.

[0043]In the communications unit 3, the method according to the invention processes datastreams 2 in two mutually-separate data-processing regions 4a, 4b. In this context, the datastreams 2 are transported in at least two separate message paths 5a, 5b, 5c between respectively a message transmitter 6 and respectively a message receiver 7 and encoded or decoded in each case by an encoding module 8a, 8b, 8c in the corresponding message path 5a, 5b, 5c. Each encoding module 8a, 8b, 8c in this context is connected to a distribution unit 9, which distributes given messages of the sensitive datastream 2 and of the non-sensitive datastream 2 in a targeted manner to different message paths 5a, 5b, 5c.

[0044]In each encoding module 8a, 8b, 8c, test rules for a configurable data exchange between the various message paths 5a, 5b, 5c of a first data-processing region 4a are implemented for this purpose. Moreover, in each encoding module 8a, 8b, 8c, test rules for a configurable data exchange between the first data-processing region 4a and at least one message path 5a, 5b, 5c of a second data-processing region 4b are implemented.

[0045]The method according to the invention includes the fact that the test rules prevent a data leakage from the first data-processing region 4a in the event of an error, wherein the test rules self-test or automatically test incoming and/or outgoing communication between the message paths 5a, 5b, 5c or messages, which are directed to the first data-processing region 4a. In this context, the method according to the invention distinguishes datastreams 2 by means of the implemented test rules on the basis of a degree of confidentiality.

[0046]The invention is not restricted to the exemplary embodiment presented in the drawings, in particular, not to a use in radio networks, but can also be used in other communications networks, for example, in IP-based communications networks. All of the features described above and presented in the drawings can be combined with one another as required.

Read more: http://www.faqs.org/patents/app/20100027782#ixzz0fBoJpyUl
--
(Co)Author: DttSP, Quiktrak, PowerSDR, GnuRadio
Member: ARRL, AMSAT, AMSAT-DL, TAPR, Packrats,
NJQRP, QRP ARCI, QCWA, FRC.
“All tyranny needs to gain a foothold is for
 people of good conscience to remain silent"
-Thomas Jefferson
Active: Facebook,Twitter,LinkedIn



_______________________________________________
Discuss-gnuradio mailing list
Discuss-gnuradio@gnu.org
http://lists.gnu.org/mailman/listinfo/discuss-gnuradio

Reply via email to