CN100596060C - A method, system and device for preventing optical network unit in passive optical network from being counterfeiting - Google Patents
A method, system and device for preventing optical network unit in passive optical network from being counterfeiting Download PDFInfo
- Publication number
- CN100596060C CN100596060C CN200610152218A CN200610152218A CN100596060C CN 100596060 C CN100596060 C CN 100596060C CN 200610152218 A CN200610152218 A CN 200610152218A CN 200610152218 A CN200610152218 A CN 200610152218A CN 100596060 C CN100596060 C CN 100596060C
- Authority
- CN
- China
- Prior art keywords
- onu
- device identification
- key
- optical network
- olt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
This invention relates to a method, a system and a device for preventing imitating optical network units in a passive optical network system, in which, the method includes: A, an OLT utilizes a ciphered key to cipher the identification information of an ONU and sends a result to the ONU, B, the ONU gets the indentification information of the ONU from the result. This invented system includes: a management module of the OLT key and an authentication module of ONU, which includes a management module of ONU key and a comparison/ judgement module. This invented device includes: an OLT device and an ONU device in a passive optical network.
Description
Technical field
The present invention relates to a kind of communication technical field, relate in particular to and a kind ofly prevent that optical network unit is by counterfeit method, system and equipment in the passive optical network.
Background technology
The light access technology, especially PON (EPON) is an important access technology in the Access Network field.PON comprises GPON (gigabit passive optical network) and EPON (Ethernet passive optical network).
As shown in Figure 1, the PON system is made up of three parts: OLT (optical line terminal), ODN (light distributed network) and ONU/ONT (network unit/optical network terminal).
OLT connects at least one ODN for system provides the network side interface; ODN is the passive optical splitters part, and the data that OLT is descending are transferred to each ONU/ONT along separate routes, the upstream data of a plurality of ONU/ONT is gathered to be transferred to OLT simultaneously; ONU provides user side interface for the PON system, uply links to each other with ODN, if ONU directly provides User Port Function, the ethernet user's port as PC online usefulness then is called ONT.
The GPON system in ONU powers on the process that activates, adopts PLOAM message to carry out, the application that OLT obtains the SN (SN, sequence number) of ONU to the ONU transmission, and ONU responds described application, and distributes ONU-ID to ONU.
OLT is that ONU distributes ONU-ID to occur in the SN-State (sequence number obtains state) of ONU activation in the GPON system, and detailed process is:
OLT sends a SN Request (serial number request) PLOAM message and gives ONU, and the PLOAM message that described OLT sends is broadcast;
After ONU receives SN Request PLOAM message, the SN of ONU (sequence number) is sent to OLT by SN-response (sequence number response) PLOAM message;
After OLT receives the SN-response PLOAM message of ONU, be that ONU distributes the unique ONU sign under this PON system by Assign ONU-ID (distributing the ONU sign) PLOAM message.Assign ONU-IDPLOAM message sends the SN of ONU and the ONU-ID that OLT distributes to ONU by clear-text way;
After ONU received Assign ONU-ID message, if the SN of SN wherein and this ONU coupling, then this ONU used the ONU-ID that is distributed to be used to discern this ONU as sign to OLT transmission PLOAM message;
ONU discovery procedure in the EPON system, OLT distributes LLID (LLID) by MPCPDU (Multi-point Control Protocol message) for ONU.ONU sends REGISTER_REQ (register requirement) MPCPDU message in the discovery window that OLT authorizes.After OLT receives the REGISTER_REQ message of ONU, be that ONU distributes a LLID according to the MAC Address of ONU, and the MAC Address of LLID and ONU is sent to ONU by REGISTER (registration) MPCPDU message.OLT also binds the MAC Address of LLID that distributes to ONU and ONU.If the target MAC (Media Access Control) address in the REGISTER MPCPDU message is the MAC Address of this ONU, then ONU receives this message, obtains the LLID that OLT distributed.
Because inherent characteristic---the downlink broadcast of PON network sends to PLOAM message or the descending MPCPDU message of ONU so all ONU can both receive OLT.And distribute in the activation in the message or message of ONU-ID or LLID, be used for adaptive SN or MAC Address to send by clear-text way, therefore ONU can get access to SN and ONU-ID or MAC Address and the LLID of all other ONU.And in ONU activation, be to adopt the device identification (SN of ONU or MAC Address) of ONU to verify whether ONU is legal.
Like this, PLOAM message or MPCPDU message SN or the MAC Address that just might get access to other ONU of disabled user by monitoring ONU activation, and in ensuing any suitable time, SN or MAC Address with legal ONU are registered to OLT, finish the activation of other ONU, therefore, the safety problem of PON system just can not get ensureing.
Summary of the invention
In view of above-mentioned existing in prior technology problem, the purpose of this invention is to provide and a kind ofly prevent that optical network unit is by counterfeit method, system and equipment in the passive optical network, identify in the process of (ONU-ID or LLID) by assignment logic in ONU activation or discovery procedure, descending message is encrypted, reach the purpose that logical identifier (ONU-ID or LLID) that the device identification (SN or MAC Address) that prevents ONU and/or OLT distribute to ONU is eavesdropped, thereby avoided ONU by counterfeit problem.
The objective of the invention is to be achieved through the following technical solutions:
The invention provides and a kind ofly prevent that optical network unit is comprised by counterfeit method in the passive optical network:
A, optical line terminal OLT are given optical network unit ONU assignment logic sign, utilize encryption key that the device identification of described ONU is encrypted, obtain the encrypted result of the device identification of described ONU, and encrypted result XSN and described logical identifier are sent to described ONU;
B, described ONU are decrypted described encrypted result XSN according to decruption key, obtain device identification, and the device identification of device identification that deciphering is obtained and described ONU storage compares, if identical, then accept described logical identifier; Perhaps described ONU encrypts the device identification of described ONU storage according to the decruption key identical with described encryption key, obtains encrypted result RSN, and RSN and XSN are compared, if identical, then accepts described logical identifier.
Wherein, described steps A also comprises: right at least one key of configuration between OLT and each ONU, described key is to comprising encryption key and decruption key.
Described steps A also comprises:
OLT selects encryption keys in a plurality of cipher key pair, and the sequence number of the encryption key selected is sent to ONU, and ONU selects decruption key according to the sequence number of the encryption key of described selection.
Described steps A also comprises:
The encryption key that ONU is set or generates sends to OLT.
The present invention also provides a kind of and prevents that optical network unit is comprised by counterfeit method in the passive optical network:
A, optical line terminal OLT are given optical network unit ONU assignment logic sign, utilize encryption key that device identification and the described logical identifier of described ONU are encrypted, obtain the encrypted result of described device identification and described logical identifier, and the encrypted result of described device identification and described logical identifier is sent to described ONU;
B, described ONU are decrypted described encrypted result according to decruption key, obtain device identification and logical identifier, and the device identification of device identification that deciphering is obtained and described ONU storage compares, if identical, then accept described logical identifier.
The present invention also provides a kind of counterfeit system of optical network unit in the passive optical network that prevents, comprising:
The OLT key management module is used for the device identification of ONU being encrypted according to encryption key to optical network unit ONU assignment logic sign, and the XSN as a result that will encrypt and described logical identifier send to ONU;
The ONU authentication module: be used for according to decruption key described XSN being decrypted, obtain the device identification of ONU, the device identification of device identification that deciphering is obtained and described ONU storage compares, if identical, then accepts described logical identifier; Perhaps the device identification of described ONU storage is encrypted, obtain encrypted result RSN, RSN and XSN are compared,, then accept described logical identifier if identical according to the decruption key identical with described encryption key.
The present invention also provides a kind of counterfeit system of optical network unit in the passive optical network that prevents, comprising:
The OLT key management module is used for according to encryption key device identification and the described logical identifier of ONU being encrypted, and the encrypted result of described device identification and described logical identifier being sent to ONU to optical network unit ONU assignment logic sign;
ONU authentication module: be used for being decrypted according to the encrypted result of decruption key to described device identification and described logical identifier, obtain device identification and the logical identifier of ONU, the device identification of device identification that deciphering is obtained and described ONU storage compares, if identical, then accept described logical identifier.
The present invention also provides the device of optical network unit in a kind of EPON, comprising: the ONU authentication module, and described ONU authentication module specifically comprises:
Key management module: being used to receive from XSN as a result after the encryption of OLT and described OLT is the logical identifier that described ONU distributes, and according to decryption key described XSN is decrypted the device identification of obtaining ONU, triggers comparison module then; Perhaps be used to receive from the XSN as a result after the encryption of OLT and the logical identifier after encrypting, according to decryption key to described XSN and the logical identifier after encrypting be decrypted, obtain device identification and the logical identifier of ONU, trigger comparison module;
Judge module relatively: be used for the device identification of will obtain and the equipment of described ONU storage and compare,, then accept described logical identifier if identical.
As seen from the above technical solution provided by the invention, utilization of the present invention is provided with key between OLT and ONU.OLT encrypts by the ONU identification information that up link sends ONU, and give ONU encrypted result by down link, ONU is decrypted, device identification that deciphering is obtained and the device identification of ONU compare, if identical, then accept the logical identifier of OLT to its distribution, otherwise do not accept the logical identifier that distributed, like this, the device identification of each ONU all can not be obtained by other ONU, prevents that ONU is by counterfeit purpose in the PON system thereby reach.
Description of drawings
Fig. 1 is the structural representation of the PON system of prior art;
Fig. 2 is the interaction figure of the distribution ONU_ID of the embodiment of the invention;
Fig. 3 carries out the encrypted process schematic diagram for the single key of sharing of the utilization of the embodiment of the invention;
Fig. 4 shares key for the utilization of the embodiment of the invention more is carried out the encrypted process schematic diagram.
Embodiment
Core concept of the present invention is to the purpose of this invention is to provide a kind ofly to prevent that optical network unit is by counterfeit method, system and equipment in the passive optical network, in the process by the sign of the assignment logic in the activation on ONU, descending message is encrypted, thereby prevent that ONU is by counterfeit.
Elaborate to accompanying drawing 4 pairs of methods of the present invention, system and equipment below in conjunction with accompanying drawing 2.
Here, only be that example describes with GPON, wherein, the device identification of ONU is generally SN, and the logical identifier of ONU is generally ONU-ID.
At first method of the present invention is described in detail.
As shown in Figure 2, the present invention need set in advance key between OLT and ONU, be exactly specifically, it is right at first OLT and a plurality of ONU to be provided with different keys respectively, described key is to comprising encryption key and decruption key, and encryption key can be identical with decruption key, also can be different;
Existing password is learned and is mainly contained two kinds of cipher modes: symmetric cryptography and asymmetric encryption.In the symmetric encipherment algorithm, encryption key can derive out from decruption key, and decruption key also can derive out from encryption key, and general encryption key is the same with decruption key, and it requires sender and recipient before secure communication, decides through consultation a key; Rivest, shamir, adelman also is public key algorithm, and encryption key is different from decruption key, and decruption key can not calculate according to encryption key.Encryption key can disclose, and anyone can obtain encryption key, but has only decruption key ability decryption information.In the public key architecture, it is right that each user has a key: encryption key is called public-key cryptography, can disclose; Decruption key is called private key, preserves by the user is secret.Among the present invention, can adopt symmetric cryptography or asymmetric encryption according to specific circumstances, for these two kinds of cryptographic algorithm, existing ripe scheme in the prior art, this is not the problem that the present invention will discuss, here, be that example describes only to share key (encryption key is identical with decruption key).
Described OLT and ONU share at least one key,, single shared key can be arranged between OLT and the ONU that is; A plurality of shared keys also can be arranged, and from a plurality of shared keys, select a shared key at random as the current key of encrypting or deciphering.
Then, the SN that OLT sends by up link ONU encrypts and generates XSN, and gives ONU encrypted result XSN and the ONU-ID that distributes to this ONU by down link, and ONU adopts same key that SN is carried out computing, obtain operation result RSN, ONU is RSN and XSN relatively.ONU judges whether to accept the ONU-ID that distributed according to comparative result again, if comparative result is identical, then accepts the ONU-ID that distributed, otherwise does not accept the ONU-ID that distributed.
Perhaps, the SN that OLT sends by up link ONU encrypts and generates XSN, and give ONU encrypted result XSN and the ONU-ID that distributes to this ONU by down link, ONU adopts same key that XSN is decrypted, obtain a SN, ONU compares the SN that deciphering obtains with the local SN that stores, if identical, then accept the ON-ID distributed, otherwise do not accept the ONU-ID that distributed.
Utilizing list to share key below respectively carries out encrypted process to SN and utilizes many shared keys that SN is carried out encrypted process being elaborated respectively.
Utilize and singly to share detailed process that key encrypts SN as shown in Figure 3, shared key PW of configuration between OLT and the ONU at first, when power on back and when entering 03 state (SN state) of activation of ONU, then implement one of following scheme:
Scheme one
1, the OLT request of transmitting Sequence Number, that is, OLT is by the SN of SN request PLOAM message request ONU;
2, ONT response sequence number request, that is, ONU is by after receiving SN request PLOAM message, response request, and SN is sent to OLT by sending SN response PLOAM message;
3, OLT calculate XSN=f (PW, SN), that is, OLT encrypts the SN that obtains from ONU according to sharing key PW, encrypts the result who obtains and is XSN;
4, ONU calculate RSN=f (PW, SN), that is, ONU encrypts according to sharing the SN of key PW to ONU, encrypts the result who obtains and is RSN;
5, OLT issues ONU to XSN and the ONU_ID that distributes to ONU by Assign ONU_ID PLOAM message;
6, ONU compares XSN and RSN, if identical, then accept ONU_ID and enters range finding (04) state of activation;
In the top flow process the 3rd and the 4th step does not have inevitable sequencing, and the 4th step can occur in preceding any position of the 6th step.
Scheme two
1, the OLT request of transmitting Sequence Number, that is, OLT is by the SN of SN request PLOAM message request ONU;
2, ONT response sequence number request, that is, ONU is by after receiving SN request PLOAM message, response request, and SN is sent to OLT by sending SN response PLOAM message;
3, OLT calculate XSN=f (PW, SN), that is, OLT encrypts the SN that obtains from ONU according to sharing key PW, encrypts the result who obtains and is XSN;
4, OLT issues ONU to XSN and the ONU_ID that distributes to ONU by Assign ONU_ID PLOAM message;
5, ONU is decrypted XSN according to sharing key, obtains SN;
6, ONU relatively deciphers SN that obtains and the SN that himself stores, if identical, then accept ONU_ID and enters range finding (04) state of activation.
Above-mentioned flow process is based on the scene of having only a shared key of OLT and ONU, when OLT and ONU have a plurality of shared key, flow process and when the situation of a shared key similar, specific as follows:
Scheme one
1, the OLT request of transmitting Sequence Number, that is, OLT is by the SN of SN request PLOAM message request ONU;
2, ONT response sequence number request, that is, after ONU receives SN request PLOAM message, response request, and SN is sent to OLT by SN response PLOAM message;
3, OLT selects a PWn at random, and OLT calculating XSN=f (PW, SN), that is, OLT can have a plurality of shared key PW, selects PW then therein, according to described PW SN is encrypted, and encrypts the result who obtains and is XSN;
4, OLT by Assign ONU_ID PLOAM message XSN with distribute to the ONU_ID of ONU and the sequence number n of the PW of selection sends to ONU;
5, ONU is known the sequence number n that shares key from Assign ONU_ID PLOAM message, selects PW, and calculating RSN=f (PW, SN), that is, ONU encrypts the SN of ONU according to described PW, encrypts the result who obtains and is RSN;
6, ONU XSN that will obtain from OLT and ONT encrypt the RSN that obtains and compare, if identical, then accept ONU_ID, enter range finding (04) state of activation.
Scheme two
1, the OLT request of transmitting Sequence Number, that is, OLT is by the SN of SN request PLOAM message request ONU;
2, ONT response sequence number request, that is, after ONU receives SN request PLOAM message, response request, and SN is sent to OLT by SN response PLOAM message;
3, OLT selects a PWn at random, and OLT calculating XSN=f (PW, SN), that is, OLT can have a plurality of shared key PW, selects PW then therein, according to described PW SN is encrypted, and encrypts the result who obtains and is XSN;
4, OLT by Assign ONU_ID PLOAM message XSN with distribute to the ONU_ID of ONU and the sequence number n of the PW of selection sends to ONU;
5, ONU is known the sequence number n that shares key from Assign ONU_ID PLOAM message, selects PW, and XSN is decrypted, and obtains SN;
6, ONU the SN that deciphering is obtained and the SN of himself storage compare, if identical, then accept ONU_ID, and enter range finding (04) state of activation.
Be that example is illustrated with an ONU in the PON system above, processing for other ONU in the PON system is the same, owing between OLT and each ONU different shared keys is set respectively, like this, ONU just can't obtain the SN of other ONU, so, the disabled user just can not get access to the SN of other ONU by the PLOAM message of monitoring ONU activation, thereby has guaranteed the fail safe of verification process in the PON system.
Recited above is to preestablish shared key between OLT and ONT, but those skilled in the art will be appreciated that the present invention except preestablishing between OLT and the ONT the key, can also produce key at random by ONU, then ONU when sending SN to OLT or before or after, key is sent to OLT, OLT encrypts according to described key, and other processing procedure is the same, just repeats no more at this.
Here, only SN is encrypted as example with OLT, be described in detail inventing described method, SN and OLT together encrypted to the ONU sign that ONU distributes but state of the art personnel should be understood that the present invention also comprises, like this, ONU is decrypted XSN according to described key, has comprised SN and ONU sign among the result that obtains of deciphering, and ONU SN that deciphering is obtained and the SN of ONU compare then, if identical, then accept described sign; The present invention can also encrypt separately to the ONU sign that ONU distributes OLT, and like this, the fail safe that described ONU is identified in the transmission course has obtained reasonable guarantee.
Below system of the present invention and equipment are elaborated.
System of the present invention comprises:
OLT key management module: according to shared key the identification information of ONU is encrypted, and the XSN as a result that will encrypt sends to ONU;
Be exactly that the OLT key management module is encrypted the identification information of ONU according to sharing key specifically, described key can preestablish in the OLT key management module, also can produce shared key at random by ONT, and when sending SN to OLT or before or after, send and share key to the OLT key management module, described OLT key management module receives described shared key, and according to key the identification information of ONU is encrypted; Described identification information comprises: the SN of ONU and/or ONU sign;
Can select single shared key in a plurality of keys in the OLT key management module, also can select a plurality of shared keys, concrete acquisition process described in the method, just repeats no more at this as mentioned;
The OLT key management module can also be encrypted simultaneously to SN and the ONU sign of ONU when encrypting, and the present invention can also encrypt separately to the ONU sign that ONU distributes OLT.
ONU authentication module:, therefrom obtain the identification information of ONU according to the result of described encryption;
Described ONU authentication module specifically comprises:
ONU key management module: the identification information of ONU is encrypted or XSN is decrypted according to described key, trigger relatively judge module then according to described key;
Be exactly specifically, if the OLT key management module is encrypted SN according to sharing key, then ONU key management module ONU encrypts the sequence number of ONU according to described key, trigger relatively judge module then, perhaps, ONU is decrypted XSN according to described key, triggers relatively judge module then;
If the OLT key management module is encrypted in the lump to SN and the ONU sign of ONU, the ONU key management module is decrypted XSN according to described key, has comprised SN and ONU sign among the result that deciphering obtains; Described ONU key management module also can be encrypted separately to the ONU sign that ONU distributes OLT.
Compare judge module: if the OLT key management module is only encrypted SN, described relatively judge module compares RSN as a result and the XSN that encryption obtains, if identical, then accepts described sign; Perhaps, SN that described relatively judge module obtains deciphering and the SN of ONU compare, if identical, then accept described sign;
If the OLT key management module is encrypted in the lump to the SN of ONU and ONU sign, SN that described relatively judge module obtains deciphering and the SN of ONU compare, if identical, then accept described sign.
The present invention also comprises the optical line terminal equipment in a kind of EPON, comprising:
ONU is given in key management module: the OLT request of transmitting Sequence Number, the request of ONU response OLT, and send SN, key management module receives the SN that ONU sends, and according to sharing key the SN of ONU and/or its are encrypted to the ONU sign that ONU distributes, and the XSN as a result that will encrypt sends to ONU.
The present invention also comprises the device of optical network unit in a kind of EPON, comprising: the ONU authentication module, and described ONU authentication module specifically comprises:
Key management module: the identification information that receives the ONU that encrypts through OLT, described identification information comprises SN and/or the ONU sign of ONU, if OLT only encrypts the SN in the identification information, described key management module is encrypted according to sharing the SN of key to ONU, obtain encrypted result RSN, or according to described shared key XSN is decrypted, obtain SN and/or the ONU sign of ONU, trigger comparison module then;
Compare judge module: RSN and XSN are compared,, then accept described sign if identical; Perhaps, SN that deciphering is obtained and the SN of ONU compare, if identical, then accept described sign.
Because light path terminal equipment of the present invention and device of optical network unit, for the explanation of system the time, be described in detail, so just repeated no more at this.
When above method of the present invention, system and equipment being set forth, all be that example describes with ONU, but those skilled in the art will be appreciated that, if ONU directly provides User Port Function, ethernet user's port as PC online usefulness, then be called ONT, the ONU described in the present invention comprises ONT.
Here, be that example describes the present invention just with the GPON standard, promptly, in the process of the distribution ONU-ID of activation, descending message is encrypted, the logical identifier (ONU-ID) that device identification (SN) by preventing ONU and/or OLT distribute to ONU is eavesdropped, thus prevent ONU by counterfeit problem.After being known by other illegal ONU by the device identification of the counterfeit ONU of being exactly, be utilized to register to OLT; But those skilled in the art will be appreciated that, the present invention is equally applicable to EPON, in the EPON standard, device identification is that MAC Address, the logical identifier of ONU is LLID (LLID), the also similar GPON of the process of the distribution LLID of ONU discovery procedure among the EPON, OLT needs to obtain the MAC Address of ONU earlier, and reallocation LLID give ONU, distributes LLID gives ONU in the message of ONU MAC Address and LLID.
In addition, the present invention is an example to share key only, the present invention has been done detailed description, if employing rivest, shamir, adelman, encryption key is different from decruption key, just takes corresponding decruption key just passable so when being decrypted, as for the detailed process of encrypting or deciphering, this is not that the present invention will be concerned about, therefore just no longer elaborates.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (8)
1, a kind ofly prevent that optical network unit be is characterized in that by counterfeit method in the passive optical network, comprising:
A, optical line terminal OLT are given optical network unit ONU assignment logic sign, utilize encryption key that the device identification of described ONU is encrypted, obtain the encrypted result of the device identification of described ONU, and encrypted result XSN and described logical identifier are sent to described ONU;
B, described 0NU are decrypted described encrypted result XSN according to decruption key, obtain device identification, and the device identification of device identification that deciphering is obtained and described ONU storage compares, if identical, then accept described logical identifier; Perhaps described ONU encrypts the device identification of described ONU storage according to the decruption key identical with described encryption key, obtains encrypted result RSN, and RSN and XSN are compared, if identical, then accepts described logical identifier.
2, according to claim 1ly a kind ofly prevent that optical network unit is by counterfeit method in the passive optical network, it is characterized in that, described steps A also comprises: at least one key of configuration is right between OLT and each ONU, and described key is to comprising encryption key and decruption key.
3, according to claim 2ly a kind ofly prevent that optical network unit be is characterized in that by counterfeit method in the passive optical network, described steps A also comprises:
OLT selects encryption keys in a plurality of cipher key pair, and the sequence number of the encryption key selected is sent to ONU, and ONU selects decruption key according to the sequence number of the encryption key of described selection.
4, according to claim 1ly a kind ofly prevent that optical network unit be is characterized in that by counterfeit method in the passive optical network, described steps A also comprises:
The encryption key that ONU is set or generates sends to OLT.
5, a kind ofly prevent that optical network unit be is characterized in that by counterfeit method in the passive optical network, comprising:
A, optical line terminal OLT are given optical network unit ONU assignment logic sign, utilize encryption key that device identification and the described logical identifier of described ONU are encrypted, obtain the encrypted result of described device identification and described logical identifier, and the encrypted result of described device identification and described logical identifier is sent to described ONU;
B, described ONU are decrypted described encrypted result according to decruption key, obtain device identification and logical identifier, and the device identification of device identification that deciphering is obtained and described ONU storage compares, if identical, then accept described logical identifier.
6, a kind ofly prevent the counterfeit system of optical network unit in the passive optical network, it is characterized in that, comprising:
The OLT key management module is used for the device identification of ONU being encrypted according to encryption key to optical network unit ONU assignment logic sign, and the XSN as a result that will encrypt and described logical identifier send to ONU;
The ONU authentication module: be used for according to decruption key described XSN being decrypted, obtain the device identification of ONU, the device identification of device identification that deciphering is obtained and described ONU storage compares, if identical, then accepts described logical identifier; Perhaps the device identification of described ONU storage is encrypted, obtain encrypted result RSN, RSN and XSN are compared,, then accept described logical identifier if identical according to the decruption key identical with described encryption key.
7, a kind ofly prevent the counterfeit system of optical network unit in the passive optical network, it is characterized in that, comprising:
The OLT key management module is used for according to encryption key device identification and the described logical identifier of ONU being encrypted, and the encrypted result of described device identification and described logical identifier being sent to ONU to optical network unit ONU assignment logic sign;
ONU authentication module: be used for being decrypted according to the encrypted result of decruption key to described device identification and described logical identifier, obtain device identification and the logical identifier of ONU, the device identification of device identification that deciphering is obtained and described ONU storage compares, if identical, then accept described logical identifier.
8, the device of optical network unit in a kind of EPON is characterized in that, comprising: the ONU authentication module, and described ONU authentication module specifically comprises:
Key management module: being used to receive from XSN as a result after the encryption of OLT and described OLT is the logical identifier that described ONU distributes, and according to decryption key described XSN is decrypted the device identification of obtaining ONU, triggers comparison module then; Perhaps be used to receive from the XSN as a result after the encryption of OLT and the logical identifier after encrypting, according to decryption key to described XSN and the logical identifier after encrypting be decrypted, obtain device identification and the logical identifier of ONU, trigger comparison module;
Judge module relatively: be used for the device identification of will obtain and the equipment of described ONU storage and compare,, then accept described logical identifier if identical.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610152218A CN100596060C (en) | 2006-09-20 | 2006-09-20 | A method, system and device for preventing optical network unit in passive optical network from being counterfeiting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610152218A CN100596060C (en) | 2006-09-20 | 2006-09-20 | A method, system and device for preventing optical network unit in passive optical network from being counterfeiting |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101150391A CN101150391A (en) | 2008-03-26 |
| CN100596060C true CN100596060C (en) | 2010-03-24 |
Family
ID=39250747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610152218A Expired - Fee Related CN100596060C (en) | 2006-09-20 | 2006-09-20 | A method, system and device for preventing optical network unit in passive optical network from being counterfeiting |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100596060C (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102246487B (en) * | 2008-11-03 | 2015-01-14 | 意大利电信股份公司 | Method for increasing security in a passive optical network |
| CN101902735A (en) * | 2009-05-25 | 2010-12-01 | 中兴通讯股份有限公司 | power line based network key sending method and device for WiMax (Worldwide Interoperability for Microwave Access) system |
| CN101902447B (en) * | 2009-05-28 | 2012-12-26 | 华为技术有限公司 | Authentication method and device in passive optical network and passive optical network |
| CN101990134B (en) * | 2009-07-30 | 2015-05-06 | 中兴通讯股份有限公司 | Method and system of dynamically managing serial number, optical line terminal and optical network unit |
| CN101998188A (en) * | 2009-08-27 | 2011-03-30 | 中兴通讯股份有限公司 | Encryption/decryption method and system for passive optical network |
| CN102036128A (en) * | 2009-09-29 | 2011-04-27 | 中兴通讯股份有限公司 | Method and system for realizing information interaction security in Gigabit-capable passive optical network |
| CN102045601B (en) * | 2009-10-22 | 2015-06-10 | 中兴通讯股份有限公司 | Optical network unit (ONU) activating method and system in gigabit passive optical network (GPON) system |
| CN102148682B (en) * | 2010-02-08 | 2016-02-10 | 中兴通讯股份有限公司 | A kind of method and system that the abnormal optical network unit of luminescence is correctly located |
| CN102237999B (en) * | 2010-04-23 | 2016-04-13 | 中兴通讯股份有限公司 | Message treatment method and message dispensing device |
| CN102055583B (en) * | 2011-01-20 | 2012-11-14 | 西安西电捷通无线网络通信股份有限公司 | Method, system and equipment for safely distributing multicast key |
| CN102571350B (en) * | 2011-12-30 | 2018-04-10 | 中兴通讯股份有限公司 | Optical network unit authentication method and device |
| CN103780398B (en) * | 2014-03-04 | 2016-10-05 | 上海交通大学 | Based on the encryption in physical layer/decryption method of ONU end time-varying key in OFDM-PON |
| CN107919917B (en) * | 2017-12-29 | 2020-09-29 | 武汉长光科技有限公司 | Method for preventing illegal ONU registration from getting online |
| CN111954098B (en) * | 2019-05-14 | 2022-08-30 | 中国移动通信有限公司研究院 | Equipment identification method, device, equipment and computer readable storage medium |
| CN111464887B (en) * | 2020-03-06 | 2022-02-01 | 烽火通信科技股份有限公司 | ONU registration authorization management method and device applied to PON system |
-
2006
- 2006-09-20 CN CN200610152218A patent/CN100596060C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101150391A (en) | 2008-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100596060C (en) | A method, system and device for preventing optical network unit in passive optical network from being counterfeiting | |
| CN102656838B (en) | Optical network terminal management control interface-based passive optical network security enhancement | |
| CN101662705B (en) | Equipment authentication method of Ethernet passive optical network (EPON) and system thereof | |
| US9698979B2 (en) | QKD key management system | |
| US20050172129A1 (en) | Random number generating and sharing system, encrypted communication apparatus, and random number generating and sharing method for use therein | |
| CN105027482A (en) | Authentication and initial key exchange in ethernet passive optical network over coaxial network | |
| CN103023579A (en) | Method for conducting quantum secret key distribution on passive optical network and passive optical network | |
| CN203251308U (en) | Passive optical network | |
| CN102239661A (en) | Method and device for exchanging key | |
| EP2439871B1 (en) | Method and device for encrypting multicast service in passive optical network system | |
| CN102045601A (en) | Optical network unit (ONU) activating method and system in gigabit passive optical network (GPON) system | |
| CN101778311A (en) | Distribution method of optical network unit marks and optical line terminal | |
| KR100594023B1 (en) | Method of encryption for gigabit ethernet passive optical network | |
| CN111245618A (en) | Internet of things secret communication system and method based on quantum key | |
| WO2006062345A1 (en) | Method of distributing keys over epon | |
| CN101998180A (en) | Method and system for supporting version compatibility between optical line terminal and optical network unit | |
| CN103684762A (en) | Method for enhancing transmission security in PON (Passive Optical Network) | |
| CN102237999A (en) | Message processing method and message transmitter | |
| CN101998188A (en) | Encryption/decryption method and system for passive optical network | |
| Jin et al. | Analysis of security vulnerabilities and countermeasures of ethernet passive optical network (EPON) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100324 Termination date: 20170920 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |