top - download
⟦22251b251⟧ Wang Wps File
Length: 18248 (0x4748)
Types: Wang Wps File
Notes: Crossfox Tilbud
Names: »1800A «
Derivation
└─⟦e1d52bc1b⟧ Bits:30006228 8" Wang WCS floppy, CR 0137A
└─ ⟦this⟧ »1800A «
WangText
APPENDIX 1 OF VOL IV
1982-03-05
MESSAGE SUBSYSTEM
Page
#
TECHNICAL PROPOSAL
2. O̲P̲E̲R̲A̲T̲I̲O̲N̲A̲L̲ ̲P̲R̲O̲C̲E̲D̲U̲R̲E̲S̲
Implementation of the MSF operational procedures will
be based on the experience that Christian Rovsing A/S
has gained from implementation of similar communication
systems. During the design of CAMPS, for example,
Christian Rovsing A/S has conducted a number of reviews
with SHAPE operational staff to ensure effective and
easy to use man-machine interfaces and operational
aspects.
The objectives for the MS design have been: to build
a secure and reliable system; to provide the system
with great modularity and flexibility in both software
and hardware; and to retain as much commonality with
other NATO systems as possible.
This section describes the essential operational procedures
performed by the proposed Message Subsystem. Further
description of the function level is given in section
4.2 of this appendix.
2.1 B̲R̲O̲A̲D̲C̲A̲S̲T̲ ̲O̲F̲ ̲M̲E̲S̲S̲A̲G̲E̲S̲
The methods and procedures for the operation of the
CROSSFOX Broadcast will be implemented in the MPF in
accordance with the relevant paragraphs in ACP127 Supplement
1 as listed in the IFB. Below, these operational procedures
will briefly be described. For detailed information
please refer to section 4.2.2 of this appendix.
2.1.1 T̲r̲a̲n̲s̲m̲i̲s̲s̲i̲o̲n̲ ̲o̲n̲ ̲t̲h̲e̲ ̲B̲r̲o̲a̲d̲c̲a̲s̲t̲
The MPF will automatically broadcast incoming messages
destined for relay and locally generated messages in
accordance with the message routing information and
the channel assignment.
The supervisor will have facilities for channel assignment
i.e. specifying which of the ships, or other authorities
copying the broadcast, shall be associated with each
channel of the broadcast.
The format of the messages to be transmitted on the
broadcast will be in accordance with ACP 127 supp.
3 with format lines 1 to 4 and 7 and 8 removed.
Each message destined for transmission on the broadcast
may, if specified by the supervisor, be subject to
vetting and/or screening by an operator before its
entry into a broadcast channel queue.
2.1.2 D̲i̲s̲s̲e̲m̲i̲n̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲t̲r̲a̲f̲f̲i̲c̲ ̲c̲o̲n̲t̲r̲o̲l̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲.
The MPF will have the facilities for transmitting service
messages informing of broadcast channel assignment
and disseminated message traffic. The following information
is transmitted:
o Channel allocation list, indicating to ships and
other copying authorities the assignment of Broadcast
Channels. This service message is sent via the
Broadcast service channel.
o ZOU list will be routed to supervisor specified
authorities giving the routing information. This
service message will be compiled and transmitted
at 3.00 each day on the supervisors discretion.
o Channel frequency change, notifying the ships of
changes to the frequency of the broadcast channels.
o Traffic check list, including an identification
of all messages transmitted on a channel basis
will be transmitted periodically on each channel.
2.1.3 R̲e̲t̲r̲a̲n̲s̲m̲i̲s̲s̲i̲o̲n̲ ̲o̲n̲ ̲B̲r̲o̲a̲d̲c̲a̲s̲t̲
Ships can send requests for retransmission via the
ship-to-shore subsystem, and the MPF will automatically
retransmit the required message. Also the supervisor
will have the facility to request retransmissions.
The MPF will provide for re-runs of traffic. The supervisor
will specify the level of precedence above which messages
shall be subject to re-run. The above procedures are
subject to modifications as introduced by expiration
time and message screening and vetting.
2.1.4 P̲r̲o̲c̲e̲d̲u̲r̲e̲ ̲f̲o̲r̲ ̲C̲r̲y̲p̲t̲o̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲.
To allow the accomplishment of key change procedures,
the supervisor can suspend broadcast traffic in an
orderly fashion for a specified period of the day.
The MPF will support the supervisor in transmitting
the proper service messages and in the execution of
the message transmission procedures.
Initialization and synchronization of the crypto's
will be controlled from the MPF through a crypto control
box. The MPF will use V24 lines to request synchronization
and receive a ready-to-transmit-message.
2.2 S̲H̲I̲P̲-̲T̲O̲-̲S̲H̲O̲R̲E̲ ̲M̲E̲S̲S̲A̲G̲E̲ ̲H̲A̲N̲D̲L̲I̲N̲G̲
The processing of the Ship-To-Shore message traffic
implemented in the MPF will support the operational
procedures laid down in the relevant paragraphs of
ACP127 Supp. 1, as listed in the IFB. Below a short
description of the operational procedures will be given.
For further details please refer to section 4.2.1 of
this appendix.
2.2.1 R̲e̲c̲e̲i̲p̲t̲ ̲o̲f̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲ ̲o̲n̲ ̲S̲h̲i̲p̲-̲t̲o̲-̲S̲h̲o̲r̲e̲
When ships wish to send a message via the Ship-to-Shore,
they will choose one of the available channels and
continue to send an initial test message until answer
from the MPF is received.
When the MPF registers the test message, the supervisor
will be informed, and the channel will be marked "in
use" in the channel status.
If the quality of the received message compiled by
the MCU is acceptable according to the character ambiguity
level defined by the supervisor, then an invitation
to commence the transmission is sent to the ship.
The messages sent from the ship after "go ahead" will
be either acknowledged or not; the MPF supervisior
may request a retransmission in case of message garbling.
The transmission session will end with an end-of-transmission-signal
and the MPF will mark the channel "available for common
trafic" in the status table.
If the message is of an unacceptable quality then the
supervisor shall be informed and the received message
shall be queued at the supervisor's printer. Apart
from issuing a retransmission request the action to
be taken by the supervisor may be to advise the ship
to change frequency by sending a service message.
2.2.2 D̲i̲s̲s̲e̲m̲i̲n̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲t̲r̲a̲f̲f̲i̲c̲ ̲c̲o̲n̲t̲r̲o̲l̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲
The MPF will have facilities for monitoring channel
usage and supporting the supervisor in disseminating
the proper information and advice to the users.
The following support is provided
o Dissemination of a channel availability list, including
information on which channels are available for
common use. A status list will be maintained by
the MPF.
o Assessing circuit quality and contention and advising
ships to change frequency.
2.3 O̲P̲E̲R̲A̲T̲O̲R̲ ̲S̲Y̲S̲T̲E̲M̲ ̲I̲N̲T̲E̲R̲F̲A̲C̲E̲
The MPF will be implemented with a user-convenient
man/machine interface based on a VDU. This has been
developed by Christian Rovsing A/S together with NATO
staff for use in the CAMPS system. The interface is
based on an interactive dialog that assists the user
in entering data, so a fast and error free data entry
can be achieved. The dialog is partly based on menues-to
facilitate a quick change among the different functions
and transactions, and partly on a form-completion procedure-to
ease date entry.
The man/machine interface will be implemented for the
following users of the MPF subsystem:
o MCSF user
o Supervisor
o Message service operator
o Maintenance engineering operator.
The main functions related to the interface fall into
the following categories:
o Access Control
o Message Preparation
o Message Retrieval
o Status Enquiries
o System Control
o System Monitoring
o Message Service.
2.4 L̲O̲C̲A̲L̲ ̲M̲E̲S̲S̲A̲G̲E̲ ̲P̲R̲E̲P̲A̲R̲A̲T̲I̲O̲N̲
The MPF will provide facilities for local message preparation
at the MCSF user terminal and at any of the four supervisory
terminals. The drafter of a message will be advised,
by the interactive dialog's use of formatted screen
layouts, how to prepare a correct message. The message
will be validated when entered into the host, and,
if invalid, the drafter will be
notified by an error code/message, with the erroneous
field highlighted. The drafter may then, by use of
the convenient edit functions, correct the invalid
data.
Related functions to the message preparation function
are:
o Message delivery, i.e. display/printing of a incoming/outgoing
message at a terminal for read only purposes.
o Message retrieval, i.e. display of a previously
processed and stored message for the purpose of
read only or retransmission.
o Message status, i.e. keep track of messages prepared
and displayed at each terminal.
To facilitate a CAMPS-compatible user-interface, the
work station in the MCSF room has been equipped with
a VDU and receive-only-printer.
2.5 S̲U̲P̲E̲R̲V̲I̲S̲O̲R̲Y̲ ̲F̲U̲N̲C̲T̲I̲O̲N̲S̲
The operational staff running the Message Subsystem
are provided with many useful supervisory capabilities
such as:
o system control
o message handling
o message release
o channel control
o system monitoring
o security control
The functions and transactions to be performed by the
MPF are requested by the operator by use of commands
entered via the formatted VDU dialog. To protect against
unintended actions each command is to be accompanied
by a permissive entry code and a confirmation code.
2.5.1 S̲y̲s̲t̲e̲m̲s̲ ̲C̲o̲n̲t̲r̲o̲l̲
Commands will exist that allow the supervisor to achieve
access to the system data for the purpose of generating,
updating and printing the stored data. System data
consist of:
o addressing tables
o ACP127/ACP126 format parameters
o counters
o terminal/operator information
o external channel information
The supervisor will also be capable of controlling
the print out of messages and supervisory data, controlling
the off-line storage to fulfil the archiving and retrieval
requirements, and controlling the security aspects
of the system.
2.5.2 M̲e̲s̲s̲a̲g̲e̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
The operational staff will have different facilities
for supervision and control of relay of messages from
the ship commanders to the shore commanders and vice
versa. The main facilities are:
o retransmission of previously transmitted messages
o screening and vetting of messages before transmittal
o allow specification of different actions to
be performed for messages of certain classification
levels, special handling categories, or precedence
levels.
o correction of garbled incoming messages
o routing assignment of messages when the automatic
translation fails.
2.5.3 M̲e̲s̲s̲a̲g̲e̲ ̲R̲e̲l̲e̲a̲s̲e̲
Each locally prepared message, shall before transmittal,
have a release authorization. The MCSF user and the
supervisor have authorization to release messages themselves,
whereas messages drafted by other supervisory staff
need to be released by the supervisor before transmittal.
When release is requested by the originator the message
is displayed at the supervisor terminal requesting
release authorization. The supervisor may then decide
to release, defer or reject the message.
2.5.4 C̲h̲a̲n̲n̲e̲l̲ ̲C̲o̲n̲t̲r̲o̲l̲
The supervisor will have facilities to control the
external as well as the internal channels by means
of the procedures for opening and closing of channels,
the procedures for channel accountability, the procedures
for handling of traffic for operational messages and
service messages over the channels. Further the supervisor
will be able to specify the periodicity of service
messages to be received/transmitted automatically
over a channel and to specify the maximum classification
of a message that may be transmitted over a channel.
2.5.5 S̲y̲s̲t̲e̲m̲ ̲M̲o̲n̲i̲t̲o̲r̲i̲n̲g̲
To draw the attention of the supervisory staff to specific
events, the MPF will be implemented with an extensive
reporting facility. The reports will fall into the
following categories:
o warning reports
o channel status reports
o queue status reports
o command completion reports
o security reports
The reports will be printed at the supervisory printer.
Besides the reporting of specific events, log printouts
of all transactions and events make it possible for
the supervisory staff to reconstruct any sequence of
past transactions and events. Statistical data are
compiled and printed out every hour, day, week and
month, among other things facilitating the performance
measurements of the system.
2.5.6 S̲e̲c̲u̲r̲i̲t̲y̲ ̲C̲o̲n̲t̲r̲o̲l̲
The supervisor will be in charge of controlling the
security procedures (see section 2.9) proposed in the
system solution for the purpose of ensuring that no
data can be entered or received by unauthorized people.
The supervisor maintains security profiles for communication
lines, for terminals and for users of the system, specifying
the maximum classification level and special handling
category of information that are allowed to be exchanged
over the external lines and to/from the terminals and
users. It will be possible for the supervisor at any
time to change the password for the users and to block
terminals so no access to the system can be achieved.
Any attempts to violate the security rules will immediately
cause the terminal to be blocked and the event to be
reported to the supervisor for further action.
2.6 S̲T̲O̲R̲A̲G̲E̲ ̲&̲ ̲R̲E̲T̲R̲I̲E̲V̲A̲L̲
All messages received or generated by the MPF will
be stored for later retrieval in the Historical Data
Base.
Each volume of storage will account for 7 days of traffic.
Retrieval keys are based on address information, time
of file, sequence numbering, and internal item references
facilitating unique identification.
2.7 S̲Y̲S̲T̲E̲M̲ ̲C̲O̲N̲F̲I̲G̲U̲R̲A̲T̲I̲O̲N̲ ̲C̲O̲N̲T̲R̲O̲L̲,̲ ̲I̲N̲I̲T̲I̲A̲L̲I̲Z̲A̲T̲I̲O̲N̲ ̲&̲ ̲R̲E̲C̲O̲V̲E̲R̲Y̲
An engineering position is available for the following
tasks
- physical reconfiguration
- loading and control of diagnostic and maintenance
S/W (standby PU in off-line mode)
- manual initialization of switchover. Switchover
to standby PU is normally automatic.
- control of different start up modes in case of
total error, i.e. recovery not possible via switchover.
Dump of the new system data base, based on the present
configuration may be initiated by the supervisor. This
data base is used at reinitialization from the off-line
disk. This corresponds to an absolute worstcase of
recovery and is only of interest in case of a fatal
damage to the on-line mirrored-disks. In almost all
cases of recovery it is based on the historical data
base on the mirrored-disks combined with the frequent
checkpointing of transactions.
2.8 A̲C̲C̲O̲U̲N̲T̲A̲B̲I̲L̲I̲T̲Y̲ ̲P̲R̲O̲C̲E̲D̲U̲R̲E̲S̲
The system will account for messages exchanged with
external stations and transactions between the user/supervisor
and the terminals. Whenever anomalies are detected
a suitable warning and report will be generated to
the supervisor. Based on the log of information in
the historical data base the supervisor will be able
to inspect the sequence of messages and
transactions. By using proper procedures he will be
able to effect trace actions. Each record of the accountability
log will be uniquely identified by a reference identifier,
a time stamp and a code indicating the type of the
record, i.e. type of message, type of transaction.
Furthermore, each record will contain sufficient information
as to the action taken.
The second part of the accountability is performed
through the control of messages exchanged with the
external stations connected to the Message Subsystem.
The transmission and reception of messages will be
controlled by using unique channel designators together
with the transmission serial number.
The system will continously monitor the continuity
of traffic based on the transmission serial numbers.
If discrepancies are discovered a warning message will
be forwarded to the supervisor indicating the error
and the transmission identification of the message
involved.
Further, to ensure continuity of the traffic on some
channels, procedures will be implemented for sending/receiving
channel check and channel continuity service messages.
2.9 O̲P̲E̲R̲A̲T̲I̲O̲N̲A̲L̲ ̲S̲E̲C̲U̲R̲I̲T̲Y̲
In order to achieve a system which provides a high
operational security, the proposed MPF includes security
checks as an integral well-embedded part of the entire
system.
The most important security procedure is the terminal
access control, i.e. ensuring that only certain people
can gain access to the system via a terminal. This
is achieved by key lock function and by a sign-on procedure
implemented in the terminals. These procedures, the
physical and the logical, are an effective protection
against unauthorized use of the system.
While the physical key is in the "OFF" state the terminal
is blocked and no data can be entered or fetched via
the terminal. By turning the key to the "ON" state
the terminal will be ready for the sign-on-procedure,
where a correct password and identification code shall
be entered before access to the system can be obtained.
Once the user has passed the sign-on procedure, the
system will check his authorization whenever information
is to be displayed on the terminal. This is done via
the security warning procedure which requires a valid
security keyword to be entered before display of information
of specific classification and/or special handling
type as specified by the supervisor.
In the absence of a reply or in case of an erroneous
answer to the security procedures described above the
user will be denied access and the terminal will be
blocked.
All terminal equipment, communication lines, and users
of the MPF subsystem will be associated with a security
profile. This profile determines the allowed functions
and the highest permissible classification level to
be accessed. The system will always check against these
profiles before any exchange of data are performed.
