This patent must be fought tooth and nail. It is loaded with art which
has been done MANY times before. I will be personally taking this on as
a battle for my employers but we need all guns blazing at the patent
office. Lockheed, General Dynamics, and more have done SDR units with
red side/black side in it for JTRS but we just don't want R&S to be able
to patent something so basic as this in a communications system.
This should be on the radar for cellular telephone companies and more.
Bob
http://www.faqs.org/patents/app/20100027782
Inventors: Ingo Voll Boyd Buchin Dieter Soergel
Agents: MARSHALL, GERSTEIN & BORUN LLP
Assignees: Rohde & Schwarz GmbH & Co. KG
Origin: CHICAGO, IL US
IPC8 Class: AH04L918FI
USPC Class: 380 42
Patent application number: 20100027782
Abstract:
The invention relates to a device for processing datastreams in a
communications unit with two mutually-separate data-processing regions,
which provide at least two separate message paths. The message paths are
connected respectively to a message transmitter and a message receiver,
wherein, in each message path, an encoding module is provided, which is
connected both to a first data-processing region and also to a second
data-processing region. Furthermore, in the second data-processing
region, a distribution unit is provided, which is connected to the
message paths of the first data-processing region and to all encoding
modules of the corresponding message paths in order to distribute given
messages in a targeted manner.
Claims:
1. Device for processing datastreams in a communications unit with two
mutually-separate data-processing regions, which provide at least two
separate message paths, which are connected respectively to a message
transmitter and respectively to a message receiver,comprising,an
encoding module in each message path connected both to a first
data-processing region and to a second data-processing region, anda
distribution unit connected to the message paths of the second
data-processing region and to all encoding modules of the corresponding
message paths for the targeted distribution of given messages.
2. Device according to claim 1, whereinthe first data-processing region
is provided for processing of sensitive data, and the second
data-processing region is provided for a processing of non-sensitive data.
3. Device according to claim 1, whereintest rules for data exchange
between the various message paths of the first data-processing region
are provided in each encoding module.
4. Device according to claim 1, whereinin a relay operating mode, a
selective distribution of the datastream to the various message paths is
provided.
5. Device according to claim 4, whereinthe selective distribution of the
datastream is provided on the basis of different domains with an
addressing and/or different classification with regard to confidentiality.
6. Device according to claim 1, whereintest rules for a configurable
data exchange between the first data-processing region and the second
data-processing region of a message path are provided in each encoding
module.
7. Device according to claim 6, whereinthe test rules are address lists
and/or other confidentiality tables.
8. Device according to claim 1, whereinin the case of an error, a data
leakage from the first data-processing region is prevented.
9. Device according to claim 1, whereinan automatic testing of the
incoming and/or outgoing communication between the message paths is
provided in the encoding modules.
10. Device according to claim 1, whereina differentiation of the
datastreams on the basis of a degree of confidentiality is provided.
11. Device according to claim 1, whereinthe distribution unit is
connected to a configuration unit.
12. Device according to claim 6, whereinthe test rules are selectively
configurable in the encoding modules.
13. Device according to claim 1, whereinat least one key capable of
being read in from externally is stored in each encoding module.
14. Device according to claim 13, whereinthe key can be read in by a
memory element.
15. Device according to claim 1, whereinthe various message paths meet
different and/or the same communications standards.
16. Device according to claim 1, whereinthe communications unit is a
radio device.
17. Device according to claim 1, whereineach message path is connected
at a first end to an antenna and at a second end to a user interface.
18. Device according to claim 1, whereina bi-directional operating mode
is provided at least for a subset of the message paths.
19. Method for processing datastreams in a communications unit,
comprising processing the datastreams in two separate data-processing
regions, and transporting the datastreams in at least two separate
message paths between respectively a message transmitter and
respectively a message receiver and are encoded or decoded in each case
by an encoding module in the corresponding message path,wherein each
encoding module is connected to a distribution unit, which distributes
given messages within a first data-processing region and given messages
within a second data-processing region in a targeted manner to various
message paths.
20. Device according to claim 19, comprising processing sensitive data
in the first data-processing region, and processing non-sensitive data
in the second data-processing region.
21. Method according to claim 19, comprisingin a relay operating mode,
selectively distributing the datastream to the various message paths.
22. Method according to claim 19, comprising distributing the datastream
on the basis of different domains with an addressing and/or different
classification with regard to confidentiality.
23. Method according to claim 19, comprising implementing test rules for
a configurable data exchange between the various message paths of the
first data-processing region in each encoding module.
24. Method according to claim 23, comprising using address lists and/or
confidentiality tables as test rules.
25. Method according to claim 23, comprising implementing test rules for
a configurable data exchange between the first data-processing region
and the second data-processing region of a message path in every
encoding module.
26. Method according to claim 23, comprisingin the case of an error, the
test rules preventing data leakage from the first data-processing region.
27. Method according to claim 23, comprisingwith the test rules,
automatically testing incoming and/or outgoing communication between the
message paths.
28. Method according to claim 23, comprisingthe test rules
distinguishing datastreams on the basis of a degree of confidentiality.
29. Method according to claim 23, whereina configuration unit is
connected to the distribution unit.
30. Method according to claim 23, whereinthe test rules are configured
selectively in the encoding modules.
31. according to claim 30,comprising reading at least one key into every
encoding module by a memory element via the configuration unit from
externally.
32. Method according to claim 19, comprising operatingat least one
subset of the message paths bi-directionally.
33. Device according to claim 13, wherein the key can be read in by a
USB plug, which is connected to the configuration unit.
34. Device according to claim 1, wherein the communications unit is a
software-defined radio device.
35. Method according to claim 30, comprising reading at least one key
into every encoding module by a USB plug memory element via the
configuration unit from externally.
Description:
[0001]The invention relates to a device and a method for processing
datastreams in a communications unit.
[0002]A communications network is known from DE 10 2005 050 174 A1,
which provides integrated central devices, wherein, for
security-relevant reasons, one part of the device-internal data
processing is done with encoded data and also with encoded
service-quality data.
[0003]With this communications network, it is disadvantageous that the
infrastructure provided therein meets only a single, defined standard,
and the participating devices are conventional 1-line devices, which
process a single radio communication method.
[0004]The invention is based upon the object of providing a device and a
method, with which several different infrastructures are realized
simultaneously within a device for encoded data communication, and a
participant can use several lines or respectively radio methods
simultaneously or in alternation.
[0005]With regard to the device, the named object is achieved according
to the invention by the features of claim 1. The features of claim 19
achieve the named object with regard to the method according to the
invention.
[0006]Advantageous further developments form the subject matter of the
dependent claims referring back to claim 1 and claim 19 respectively.
[0007]Accordingly, the device according to the invention for processing
datastreams provides a communications unit with two mutually-separate
data-processing regions, which are connected to one another via at least
two separate message paths, wherein the message paths provide
respectively a message transmitter and respectively a message receiver.
An encoding module, which is connected both to a first data-processing
region and also to a second data-processing region, is provided in each
message path. Furthermore, a distribution unit, which is connected to
the message paths of the first data-processing region and to all
encoding modules of the corresponding message paths for a targeted
distribution of given messages, is provided in the second
data-processing region.
[0008]The advantages achieved with the invention consist, in particular,
in that the device according to the invention provides several message
paths or radio lines in its communications unit. Accordingly, the device
according to the invention can be used as a gateway between at least two
differently-designed networks.
[0009]Two mutually-separate data-processing regions are advantageously
provided, wherein sensitive data are processed in the first
data-processing region, and non-sensitive data are processed in the
second data-processing region. This ensures that sensitive and
non-sensitive data are always separated and cannot be mixed.
[0010]This advantageously reduces the cost for the installation of
several network hardware units provided as a network transition
(gateway) for a network infrastructure, because, with the use of the
device according to the invention, only a single hardware unit needs to
be operated as a network transition or gateway within several networks
to be connected.
[0011]Moreover, it is advantageous, if the device according to the
invention is also conceived as a terminal device for the network
participant. The device according to the invention advantageously
provides as a communications unit an SDR radio device (Software Defined
Radio, that is to say, a software-based radio device), in which several
(radio) lines are realized via a software program, so that this radio
device can be adapted in a flexible manner to the respective standards
for network planning. Several conventional radio devices can
advantageously be replaced with the device according to the invention.
[0012]Furthermore, it is advantageous, if the Internet Protocol (IP)
technology is implemented in the device according to the invention, so
that relatively large and non-homogenous network regions can be
connected or networked with one another.
[0013]In particular, it is advantageous, if the device according to the
invention provides a communications unit, which provides several radio
lines or message paths, which can be networked with one another
according to previously-defined rules. Accordingly, a routing function
between different networks, such as an IP-based network and a network
for a government-authorities radio is provided by means of the device
according to the invention or respectively by the method according to
the invention, wherein, according to the advantages of the present
invention, the protection of information is constantly guaranteed.
[0014]Furthermore, it is advantageous, if the communications unit of the
device according to the invention provides an internal-encoding
capability by means of the encoding module integrated within it.
Accordingly, the information protection for high-confidentiality data
(sensitive data) is secured in the case of a transmission via
publicly-accessible networks.
[0015]Beyond this, it is advantageous that data of different domains,
for example, data from different departments of a company, and data of
different classification with regard to their confidentiality can be
processed on a single platform or within the device according to the
invention in such a manner that confidential data are kept within a
previously-defined region. In particular, it is advantageous that, in
the un-encoded condition, confidential data (sensitive data) are
strictly separated from less-confidential data.
[0016]According to one advantageous development of the device according
to the invention, test rules for a data exchange between the various
message paths or respectively radio lines of the second data-processing
region are provided in every encoding module, wherein the message paths
or respectively radio lines within the communications unit
advantageously meet different and/or the same communication standards.
[0017]The distribution unit of the device according to the invention is
expediently connected to a configuration unit. By means of this
configuration unit, the test rules and/or the key can be selectively
configured in the individual encoding modules by connecting a memory
element, in particular a USB plug, which contains the desired
configuration data, to the configuration unit.
[0018]According to one advantageous further development of the device
according to the invention, a bidirectional operating mode is provided
for a subset of the message paths provided in the communications unit.
For at least one subset of the message paths, a uni-directional
operating mode can be provided, which additionally increases the
information protection of given data, because, for example, these cannot
be transmitted, since only a reception path is provided for this type of
data.
[0019]The method according to the invention relates to the fact that
datastreams are processed in two mutually-separate data-processing
regions, wherein the datastreams are transported in at least two
separate message paths between respectively one message transmitter and
respectively one message receiver and encoded or decoded in each case in
an encoding module within the corresponding message path. Each encoding
module is connected to a distribution unit within the second
data-processing region, which distributes given messages of a datastream
in a targeted manner to various message paths within the first
data-processing region and the second data-processing region.
[0020]According to one advantageous further development of the method
according to the invention, test rules for a configurable data exchange
between the various message paths of the first data-processing region
are implemented in every encoding module. Accordingly, sensitive data
are prevented from leaking from this data-processing region in an
uncontrolled manner.
[0021]One further advantage of the method according to the invention is
that test rules for a configurable data exchange between a sensitive
datastream and at least one message path are implemented within every
encoding module in the second data-processing region. Accordingly, it is
possible for sensitive data from the first data-processing region to be
encoded and accordingly released for distribution on public networks in
a controlled manner.
[0022]Moreover, it is advantageous, if the method according to the
invention provides that, with the test rules, incoming and/or outgoing
communication between the message paths are self-analyzed or
automatically analyzed, and datastreams are subdivided on the basis of
their level of confidentiality into sensitive and non-sensitive data.
[0023]Exemplary embodiments of the present invention are described
below. Both the structure and also the method of operation of the
invention and its further advantages and objects are best understood
with reference to the following description in conjunction with the
associated drawings. The drawings are as follows:
[0024]FIG. 1 shows an application scenario for two exemplary embodiments
of the device according to the invention provided as a gateway;
[0025]FIG. 2 shows the problem of uncontrolled data leakage in a device
for a gateway; and
[0026]FIG. 3 shows an exemplary embodiment of a device according to the
invention with three message paths or respectively lines, which avoids
the problem presented in FIG. 2.
[0027]Parts corresponding to one another are provided with the same
reference numbers in all the drawings.
[0028]FIG. 1 shows an application scenario for two exemplary embodiments
1a, 1b of the device 1 according to the invention provided as a network
transition (gateway). In this application scenario, two different Manet
radio networks 16a, 16b (Mobile Ad-hoc Networks, self-configuring radio
networks) are connected to one another via a first exemplary embodiment
1a of the device 1 according to the invention, wherein this first
exemplary embodiment 1a represents a 2-line device, which provides two
different message paths 5a, 5b, 5c or lines. Moreover, the application
scenario provides a radio network 17 for government authorities, which
is connected via a second exemplary embodiment 1b to both Manet radio
networks 16a, 16b, wherein the second exemplary embodiment 1b of the
device 1 according to the invention represents a 3-line device with
three different message paths 5a, 5b, 5c. Conventional radio devices,
which are marked here as the 1-line device 18, communicate within the
three sub-networks 16a, 16b, 17 of the application scenario.
[0029]FIG. 2 illustrates the problem of the un-controlled data leakage
in a device for a gateway, wherein this device provides three lines or
message paths 5a, 5b, 5c. In an open data-processing region 4a, data,
especially sensitive data, are supposed to be prevented from being
exchanged between the message paths 5a, 5b in an uncontrolled manner.
[0030]FIG. 3 shows the second exemplary embodiment 1b of the device 1
according to the invention with three message paths 5a, 5b, 5c or lines,
wherein this exemplary embodiment avoids the problem of uncontrolled
data leakage presented in FIG. 2. The device 1 according to the
invention for processing datastreams 2 in a communications unit 3
comprises two mutually-separate data-processing regions 4a, 4b, which
provide several, separate message paths 5a, 5b, 5c, which are connected
respectively to a message transmitter 6 and respectively to a message
receiver 7. In each message path 5a, 5b, 5c, respectively one encoding
module 8a, 8b, 8c is provided, which is connected both to a first
data-processing region 4a and also to a second data-processing region
4b. Furthermore, in the second data-processing region 4b, a distribution
unit 9 is provided, which is connected to the message paths 5a, 5b, 5c
of the first data-processing region 4a and to all encoding modules 8a,
8b, 8c of the corresponding message paths 5a, 5b, 5c for the targeted
distribution of given messages.
[0031]In the second data-processing region 4b, the conditioning of the
datastream for transmission via the antenna 15 is implemented. This
involves amplifiers, modems, filters and a wave-form control unit. The
substantial requirements result from the respective radio method of the
message path 5a, 5b, 5c, wherein no confidential or sensitive data are
processed in plain text, that is to say, un-encoded, in the second
data-processing region 4b.
[0032]The encoding module 8 separates the second data-processing region
4b from the first data-processing region 4a, wherein all confidential
data are protected through cryptographic methods, which are implemented
in the encoding modules 8a, 8b, 8c.
[0033]In the device 1 according to the invention, there is a need for
the exchange of data between the individual message paths 5a, 5b, 5c,
wherein the data exchange within the second data-processing region 4b is
possible without difficulty via standard methods, such as network
switches. In this context, information protection for the data is
guaranteed because of their encoding.
[0034]The data provided for a given message path 5a, 5b, 5c are now
addressed and marked for subsequent transfer to the encoding module 8a,
8b, 8c. The encoding module 8a, 8b, 8c checks the authorization of the
message path 5a, 5b, 5c for the data exchange and the degree of
confidentiality of the data to be transferred. The encoding module 8a,
8b, 8c then marks the data and transfers them together with the address
of the receiving message path 5a, 5b, 5c to the second data-processing
region 4b.
[0035]The encoded data are now transferred via the distribution unit 9
to the second data-processing region 4b of the corresponding message
path 5a, 5b, 5c. From there, the encoded data are routed to the encoding
module 8a, 8b, 8c of the addressed message path 5a, 5b, 5c, wherein
device-internal addressing methods are used. The encoding module 8a, 8b,
8c of the message path 5a, 5b, 5c, which receives the data determined
for it, checks the markings and decodes the datastream 2 and transfers
the latter to the first data-processing region 4a of this message path
5a, 5b, 5c, where it is further processed according to the radio method
of the receiver message path 5a, 5b, 5c. For example, an output to the
user interface 14 or a transmission via the antenna 15 etc. is implemented.
[0036]Furthermore, in the device 1 according to the invention, a
selective distribution of the datastream 2 is provided with reference to
different domains with an addressing and/or a different classification
with regard to confidentiality or sensitivity. Wherein domains can be
different administrative units within an organization, and a different
classification of the data relates to how secure the encoding method
used must be, that is to say, how confidential the data for the
transmitting domain or for the receiving domain should be.
[0037]In the first data-processing region 4a, the confidential or
sensitive data are processed, wherein the type of data processing
depends upon the type of data occurring for the user and upon the radio
method in the publicly-accessible region.
[0038]The distribution unit 9 allows a general data exchange, which is
subject to the implemented test rules, wherein these test rules also
access the stored key.
[0039]In each encoding module 8a, 8b, 8c, test rules for a data exchange
between the various message paths 5a, 5b, 5c of the first
data-processing region 4a are provided. The distribution unit 9 in the
second data-processing region 4b is connected to a configuration unit
10, so that, via the latter, the test rules can be selectively
configured from externally in the encoding modules 8a, 8b, 8c.
Furthermore, at least one externally-readable key is stored in each
encoding module 8a, 8b, 8c, wherein the key can be read in, for example,
by means of a USB plug 11, which can be connected to the configuration
unit 10.
[0040]The device 1 according to the invention provides that the various
message paths 5a, 5b, 5c within a communications unit 3 fulfill
different and/or the same communication standards, such as UMTS, GSM or
TETRA. In this context, the communications unit 3 is a radio device, in
particular, a software-defined radio device (SDR), so that the various
radio standards can be loaded in a user-defined manner into the
communications unit 3 of the device 1 according to the invention.
[0041]Each message path 5a, 5b, 5c provides an antenna 15 at a first end
and a user interface 14 at a second end 13. In this context, the user
interface 14 can be a human-machine interface or an interface with a
further communications device.
[0042]The device 1 according to the invention can provide a
bi-directional operating mode for one subset of the message path 5a, 5b,
5c and a unidirectional operating mode for a further subset.
[0043]In the communications unit 3, the method according to the
invention processes datastreams 2 in two mutually-separate
data-processing regions 4a, 4b. In this context, the datastreams 2 are
transported in at least two separate message paths 5a, 5b, 5c between
respectively a message transmitter 6 and respectively a message receiver
7 and encoded or decoded in each case by an encoding module 8a, 8b, 8c
in the corresponding message path 5a, 5b, 5c. Each encoding module 8a,
8b, 8c in this context is connected to a distribution unit 9, which
distributes given messages of the sensitive datastream 2 and of the
non-sensitive datastream 2 in a targeted manner to different message
paths 5a, 5b, 5c.
[0044]In each encoding module 8a, 8b, 8c, test rules for a configurable
data exchange between the various message paths 5a, 5b, 5c of a first
data-processing region 4a are implemented for this purpose. Moreover, in
each encoding module 8a, 8b, 8c, test rules for a configurable data
exchange between the first data-processing region 4a and at least one
message path 5a, 5b, 5c of a second data-processing region 4b are
implemented.
[0045]The method according to the invention includes the fact that the
test rules prevent a data leakage from the first data-processing region
4a in the event of an error, wherein the test rules self-test or
automatically test incoming and/or outgoing communication between the
message paths 5a, 5b, 5c or messages, which are directed to the first
data-processing region 4a. In this context, the method according to the
invention distinguishes datastreams 2 by means of the implemented test
rules on the basis of a degree of confidentiality.
[0046]The invention is not restricted to the exemplary embodiment
presented in the drawings, in particular, not to a use in radio
networks, but can also be used in other communications networks, for
example, in IP-based communications networks. All of the features
described above and presented in the drawings can be combined with one
another as required.
Read more: http://www.faqs.org/patents/app/20100027782#ixzz0fBoJpyUl
--
(Co)Author: DttSP, Quiktrak, PowerSDR, GnuRadio
Member: ARRL, AMSAT, AMSAT-DL, TAPR, Packrats,
NJQRP, QRP ARCI, QCWA, FRC.
“All tyranny needs to gain a foothold is for
people of good conscience to remain silent"
-Thomas Jefferson
Active: Facebook,Twitter,LinkedIn
_______________________________________________
Discuss-gnuradio mailing list
Discuss-gnuradio@gnu.org
http://lists.gnu.org/mailman/listinfo/discuss-gnuradio