top - download
⟦27d14c50d⟧ Wang Wps File
Length: 19596 (0x4c8c)
Types: Wang Wps File
Notes: Spelunked
Names: »~ORPHAN75.00«
Derivation
└─⟦17da89677⟧ Bits:30006229 8" Wang WCS floppy, CR 0126A
└─ ⟦this⟧ »~ORPHAN75.00«
WangText
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
2. OPERATIONAL PROCEDURES ......................
2.1 BROADCAST OF MESSAGES .....................
2.1.1 Transmission on Broadcast .............
2.1.2 Dissemination of Traffic control
Information ...........................
2.1.3 Retrasmission on Broadcast ...........
2.1.4 Procedure for Crypto Handling .........
2.2.1 Receiving Messages on Ship-to-Shore ...
2.2.2 Dissemination of Information ..........
2.2 SHIP-to-SHORE MESSAGE HANDLING ...........
2.3 OPERATOR SYSTEM INTERFACE .................
2.4 LOCAL MESSAGE PREPARATION .................
2.5 SUPERVISORY FUNCTIONS .....................
2.5.1 Systems Control .......................
2.5.2 Mesage Handling ......................
2.5.3 Message Release .......................
2.5.4 Channel Control .......................
2.5.5 System Monitoring .....................
2.5.6 Security Control .....................
2.6 STORAGE & RETRIEVAL .......................
2.7 SYSTEM CONFIGURATION CONTROL,
INITIALIZATION & RECOVERY .................
2.8 ACCOUNTABILITY PROCEDURES .................
2.9 OPERATIONAL SECURITY .....................
…86…1 …02… …02… …02… …02…
2. O̲P̲E̲R̲A̲T̲I̲O̲N̲A̲L̲ ̲P̲R̲O̲C̲E̲D̲U̲R̲E̲S̲
Implementation of the MSF operational procedures will
be based on the experience that Christian Rovsing A/S
has gained from implementation of similar ommunication
systems. During the design of CAMPS, for example,
CR has conducted a number of reviews with SHAPE operational
staff to ensure effective and easy to use man-machine
interfaces and operational aspects.
The objectives for the MS designhave been: to build
a secure and reliable system; to provide the system
with great modularity and flexibility in both software
and hardware; and to retain as much commonality with
other NATO systems as possible.
This section describes the essentil operational procedures
performed by the proposed Message Subsystem. Further
description of the function level is given in section
4.2 of this appendix.
2.1 B̲R̲O̲A̲D̲C̲A̲S̲T̲ ̲O̲F̲ ̲M̲E̲S̲S̲A̲G̲E̲S̲
The methods and procedures for the operation of the
CROSSFOX roadcast will be implemented in the MPF in
accordance with the relevant paragraphs in ACP127 Supplement
1 as listed in the IFB. Below, these operational procedures
will briefly be described. For detailed information
please refer to section 4.2.2 f this appendix.
2.1.1 T̲r̲a̲n̲s̲m̲i̲s̲s̲i̲o̲n̲ ̲o̲n̲ ̲t̲h̲e̲ ̲B̲r̲o̲a̲d̲c̲a̲s̲t̲
The MPF will automatically broadcast incoming messages
destined for relay and locally generated messages in
accordance with the message routing information and
the channel assignment.
The supervisor will have facilities for channel assignment
i.e. specifying which of the ships, or other authorities
copying the broadcast, shall be associated with each
channel ofthe broadcast.
The format of the messages to be transmitted on the
broadcast will be in accordance with ACP 127 supp.
3 with format lines 1 to 4 and 7 and 8 removed.
Each message destined for transmission on the broadcast
may, if specified by te supervisor, be subject to vetting
and/or screening by an operator before its entry into
a broadcast channel queue.
The MPF will have facilities for minimimizing transmission
on the broadcast taking into account that a given ship
may be listenin to more than one Broadcast channel.
2.1.2 D̲i̲s̲s̲e̲m̲i̲n̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲t̲r̲a̲f̲f̲i̲c̲ ̲c̲o̲n̲t̲r̲o̲l̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲.
The MPF will have the facilities for transmitting service
messages informing of broadcast channel assignment
and disseminated message traffic. The followng information
is transmitted:
o Channel allocation list, indicating to ships and
other copying authorities the assignment of Broadcast
Channels. This service message is sent via the
Broadcast service channel.
o ZOU list will be routed to supevisor specified
authorities giving the routing information. This
service message will be compiled and transmitted
at 23.59 each day or at the supervisors discretion.
o Channel frequency change, notifying the ships of
changes to the frequency of the broadcast channels.
o Traffic check list, including an identification
of all messages transmited on a channel basis will
be transmitted periodically on each channel.
2.1.3 R̲e̲t̲r̲a̲n̲s̲m̲i̲s̲s̲i̲o̲n̲ ̲o̲n̲ ̲B̲r̲o̲a̲d̲c̲a̲s̲t̲
Ships can send requests for retransmission via the
ship-to-shore subsystem, and the MPF will automatically
retransmit the required messae. Also the supervisor
will have the facility to request retransmissions.
The MPF will provide for re-runs of traffic. The supervisor
will specify the level of precedence above which messages
shall be subject to re-run. The above precedures ar
subject to modifications as introduced by expiration
time and message screening and vetting.
2.1.4 P̲r̲o̲c̲e̲d̲u̲r̲e̲ ̲f̲o̲r̲ ̲C̲r̲y̲p̲t̲o̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲.
To allow the accomplishment of key change procedures,
the supervisor can suspend broadcast traffic in an
orderlyfashion for a specified period of the day.
The MPF will support the supervisor in transmitting
the proper service messages and in the execution of
the message transmission procedures.
Initialization and synchronization of the crypto's
will be cntrolled from the MPF through a crypto control
box. The MPF will use V24 lines to request synchronization
and receive a ready-to-transmit-message.
2.2 S̲H̲I̲P̲-̲T̲O̲-̲S̲H̲O̲R̲E̲ ̲M̲E̲S̲S̲A̲G̲E̲ ̲H̲A̲N̲D̲L̲I̲N̲G̲
The processing of the Ship-To-Shore message traffic
implemented in the MPF will support the operational
procedures laid down in the relevant paagraphs of ACP127
Supp. 1, as listed in the IFB. Below a short description
of the operational procedures will be given. For further
details please refer to section 4.2.1 of this appendix.
2.2.1 R̲e̲c̲e̲i̲p̲t̲ ̲o̲f̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲ ̲o̲n̲ ̲S̲h̲i̲p̲-̲t̲o̲-̲S̲h̲o̲r̲e̲
When ship wish to send a message via the Ship-to-Shore,
they will choose one of the available channels and
continue to send an initial test message until answer
from the MPF is received.
When the MPF registers the test message, the supervisor
will be infomed, and the channel will be marked "in
use" in the channel status.
If the quality of the received message compiled by
the MCM is accpetable according to the character ambiguity
level defined by the supervisor, then an invitation
to commence the ransmission is send to the ship.
The messages sent from the ship after "go ahead" will
be either acknowledged or not; the MPF supervisior
may request a retransmission in case of message garbling.
The transmission session will end with an end-oftransmission-signal
and the MPF will mark the channel "available for common
trafic" in the status table.
If the message is of an unacceptable quality then the
supervisor shall be informed and the received message
shall be queued at the supervisor's printer. Apart
from issuing a pre-ransmission request the action to
be taken by the supervisor may be to advise the ship
to change frequency by sending a service message.
2.2.2 D̲i̲s̲s̲e̲m̲i̲n̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲t̲r̲a̲f̲f̲i̲c̲ ̲c̲o̲n̲t̲r̲o̲l̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲
The MPF will have facilities for monitoring channel
usge and supporting the supervisor in disseminating
the proper information and advice to the users.
The following support is provided
o Dissemination of a channel availability list, including
information on which channels are available for
commonuse. A status list will be maintained by
the MPF
o Assessing circuit quality and contention and advising
ships to change frequency.
2.3 O̲P̲E̲R̲A̲T̲O̲R̲ ̲S̲Y̲S̲T̲E̲M̲ ̲I̲N̲T̲E̲R̲F̲A̲C̲E̲
The MPF will be implemented with a user-convenient
man/machine interface base on a VDU. This has been
developed by Christian Rovsing A/S together with NATO
staff for use in the CAMPS system. The interface is
based on an interactive dialog that assists the user
in entering data, so a fast and error free data entry
can be ahieved. The dialog is partly based on menues-to
facilitate a quick change among the different functions
and transactions, and partly on a form-completion procedure-to
ease date entry.
The man/machine interface will be implemented for the
following users of the MPF subsystem:
o MCSF user
o Supervisor
o Message service operator
o Maintenance engineerig operator.
The main functions related to the interface fall into
the following categories:
o Access Control
o Message Preparation
o Message Retrieval
o Status Enquiries
o System Control
o System Monitoring
o Message Service.
2.4 L̲O̲C̲A̲L̲ ̲M̲E̲S̲S̲A̲G̲E̲ ̲P̲R̲E̲P̲A̲R̲A̲T̲I̲O̲N̲
The MPF will provide facilities for local message preparation
at the MCSF user terminal and at any of the four supervisory
terminals. The drafter of a message will be advised,
by the interactive dialog's use of ormatted screen
layouts, how to prepare a correct message. The message
will be validated when entered into the host, and,
if invalid, the drafter will be …86…1 …02… …02… …02…
…02…
notified by an error code/message, with the erroneous
field highlighted. The drafter may then, by use of
the convenient edit functions, correct the invalid
data.
Related functins to the message preparation function
are:
o Message delivery, i.e. display/printing of a incoming/outgoing
message at a terminal for read only purposes.
o Message retrieval, i.e. display of a previously
processed and stored message for the pupose of
read only or retransmission.
o Message status, i.e. keep track of messages prepared
and displayed at each terminal.
To facilitate a CAMPS-compatible user-interface, the
work station in the MCSF room has been equiped with
a VDU and receie-only-printer.
2.5 S̲U̲P̲E̲R̲V̲I̲S̲O̲R̲Y̲ ̲F̲U̲N̲C̲T̲I̲O̲N̲S̲
The operational staff running the Message Subsystem
are provided with many usefull supervisory capabilities
such as:
o system control
o message handling
o message release
o channel control…86…1 …02… …02… …02… …02…
o system monitoring
o security control
The functions and transactions to be performed by the
MPF are requested by the operator by use of commands
entered via the formatted VU dialog. To protect against
unintended actions each command is to be accompanied
by a permisive entry code and a confirmation code.
2.5.1 S̲y̲s̲t̲e̲m̲s̲ ̲C̲o̲n̲t̲r̲o̲l̲
Commands will exist that allow the supervisor to achieve
access to the system data forthe purpose of generating,
updating and printing the stored data. System data
consist of:
o addressing tables
o ACP127/ACP126 format parameters
o counters
o terminal/operator information
o external channel information
The supervisr will also be capable of controlling the
print out of messages and supervisory data, controlling
the off-line storage to fulfil the archiving and retrieval
requirements, and controlling the security aspects
of the system.
2.5.2 M̲e̲s̲s̲a̲g̲e̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
The operational staff will have different facilities
for supervision and control of relay of messages from
the ship commanders to the shore commanders andvice
versa. The main facilities are:
o retransmission of previously transmitted messages
o screening and vetting of messages before transmittal
o allow specification of different actions to
be performed for mesages of certain classificatin
levels, special handling categories, or precedence
levels.
o correction of garbled incoming messages
o routing assignment of messages when the automatic
translation fails.
2.5.3 M̲e̲s̲s̲a̲g̲e̲ ̲R̲e̲l̲e̲a̲s̲e̲
Each locally prepared message, shall befre transmittal,
have a release authorization. The MCSF user and the
supervisor have authorization to release messages themselves,
whereas messages drafted by other supervisory staff
need to be released by the supervisor before transmittal.
When rlease is requested by the originator the message
is displayed at the supervisor terminal requesting
release authorization. The supervisor may then decide
to release, defer or reject the message.
2.5.4 C̲h̲a̲n̲n̲e̲l̲ ̲C̲o̲n̲t̲r̲o̲l̲
The supervisor will have facilities to control the
external as well as the internal channels by means
of the procedures for open and close of channels, theprocedures
for channel accountability, the procedures for traffic
of operational messages and service messages over the
channels. Further the supervisor will be able to specify
the periodicity of service messages to be received/transmitted
automaically over a channel and to specify the maximum
classification of a message that may be transmitted
over a channel.
2.5.5 S̲y̲s̲t̲e̲m̲ ̲M̲o̲n̲i̲t̲o̲r̲i̲n̲g̲
To draw the attention of the supervisory staff to specific
events, the MPF will be implemented with anextensive
reporting facility. The reports will fall into the
following categories:
o warning reports
o channel status reports
o queue status reports
o command completion reports
o security reports
The reports will be printed at th supervisory printer.
Besides the reporting of specific events, log printouts
of all transactions and events make it possible for
the supervisory staff to reconstruct any sequence of
past transactions and events. Statistical data are
compiled andprinted out every hour, day, week and month,
among other things facilitating the performance measurements
of the system.
2.5.6 S̲e̲c̲u̲r̲i̲t̲y̲ ̲C̲o̲n̲t̲r̲o̲l̲
The supervisor will be in charge of controlling the
security procedures (see section 2.7) proposed in the
system solution for the purpose of ensuring thatno
data can be entered or received by unauthorized people.
The supervisor maintains security profiles for communication
lines, for terminals and for users of the system, specifying
the maximum classification level and special handling
category ofinformation that are allowed to be exchanged
over the external lines and to/from the terminals and
users. It will be possible for the supervisor at any
time to change the password for the users and to block
terminals so no access to the system canbe achieved.
Any attempts to violate the security rules will immediately
cause the terminal to be blocked and the event to be
reported to the supervisor for further action.
2.6 S̲T̲O̲R̲A̲G̲E̲ ̲&̲ ̲R̲E̲T̲R̲I̲E̲V̲A̲L̲
All messages reloged or generated by the MPFwill be
stored for later retrieval in the Historical Data Base.
Each valume of storage will account for 7 days of traffic.
Retrieval keys are based on address information, time
of file, sequence numbering, and internal item references
facilitatng unique identification.
2.7 S̲Y̲S̲T̲E̲M̲ ̲C̲O̲N̲F̲I̲G̲U̲R̲A̲T̲I̲O̲N̲ ̲C̲O̲N̲T̲R̲O̲L̲,̲ ̲I̲N̲I̲T̲I̲A̲L̲I̲Z̲A̲T̲I̲O̲N̲ ̲&̲ ̲R̲E̲C̲O̲V̲E̲R̲Y̲
An engineering position is available for the following
tasks
- physical reconfiguration
- loading and control of dagnostic and maintenance
S/W (standby PU in off-line mode)
- manual initialization of switchover. Switchover
to standby PU is normally automatic.
- control of different start up modes in case of
total error, i.e. recovery not possible via swithover.
Dump of new system data base based on present configuration
may be initiated by the supervisor. This data base
is used at reinitialization from off line disk. This
corresponds to absolute worsecase of recovery and is
only of interest in ase of fatal damage to the on-line
mirrored-disks. In almost all cases of recovery it
is based on the historical data base on the mirrored-disks
combined with frequent checkpointing of transactinos.
2.8 A̲C̲C̲O̲U̲N̲T̲A̲B̲I̲L̲I̲T̲Y̲ ̲P̲R̲O̲C̲E̲D̲U̲R̲E̲S̲
The system wll account for messages exchanged with
external stations and transactions between the user/supervisor
and the terminals. Whenever anomalies are detected
a suitable warning and report will be generated to
the supervisor. Based on the log of informtion in
the historical data base the supervisor will be able
to inspect the sequence of messages and…86…1 …02…
…02… …02… …02…
transactions. By using proper procedures he will be
able to effect tracer actions. Each record of the
accountbility log will be uniquely identified by a
reference identifier, a ime stamp and a code indicating
the type of the record, i.e. type of message, type
of transaction. Furthermore, each record will contain
sufficient information as to the action taken.
The second part of the accountability is performed
through th control of messages exchanged with the external
stations connected to the Message Subsystem. The transmission
and receiption of messages will be controlled by using
unique channel designators together with the transmission
serial number.
The sytem will continously monitor the continuity of
traffic based on the transmission serial numbers.
If discrepancies are discovered a warning message will
be forwarded to the supervisor indicating the error
and the transmission identification of the essage involved.
Further, to ensure continuity of the traffic on some
channels, procedures will be implemented for sending/receiving
channel check and channel continuity service messages.
2.9 O̲P̲E̲R̲A̲T̲I̲O̲N̲A̲L̲ ̲S̲E̲C̲U̲R̲I̲T̲Y̲
In order to achieve a systm which provides a high operational
security, the proposed MPF includes security checks
as an integral well-embedded part of the entire system.
The most important security procedure is the terminal
access control, i.e. ensuring that only certain people
can gain access to the system via a terminal. This
is achieved by keylock function and by a sign-on procedure
implemented in the terminals. These procedures, the
physical and the logical, are effective protection
against unauthorized use of the system.
While the physical key is in the "OFF" state the terminal
is locked and no data can be entered or fetched via
the terminal. By turning the key to the "ON" state
the terminal will be ready for the sign-on-procedure,
where a correct password and identification code shall
be entered before access to the systemcan be obtained.
Once the user has passed the sign-on-procedure, the
system will check his authorization whenever information
is to displayed on the terminal. This is done via
the security warning procedure which requires a valid
security keywor to be entered before display of information
of specific classification and/or special handling
type as specified by the supervisor.
All terminal equipment, communication lines, and users
of the MPF subsystem will be associated with a security
prfile. This profile determines the allowed functions
and the highest permissible classification level to
be accessed. The system will always check against
these profiles before any exchange of data are performed
In the absence of a reply or in case of an erroneous
answer to the security procedures described above the
user will be denied access and the terminal will be
blocked
