CN101064719A - Cryptographic algorithm negotiating method in PON system - Google Patents
Cryptographic algorithm negotiating method in PON system Download PDFInfo
- Publication number
- CN101064719A CN101064719A CNA2006100789319A CN200610078931A CN101064719A CN 101064719 A CN101064719 A CN 101064719A CN A2006100789319 A CNA2006100789319 A CN A2006100789319A CN 200610078931 A CN200610078931 A CN 200610078931A CN 101064719 A CN101064719 A CN 101064719A
- Authority
- CN
- China
- Prior art keywords
- algorithm pattern
- algorithm
- optical network
- network unit
- onu
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/44—Star or tree networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q11/0067—Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
Abstract
The invention discloses an encrypting arithmetic arranging method in PON system, the method includes following steps: obtaining the arithmetic mode supported by optic network unit; selecting the arithmetic mode according to arithmetic mode permitted by preset strategy; setting the optic network unit uses said selected arithmetic mode. The invention can provide arithmetic arranging method of multiple encrypting arithmetic modes during the course of distributing system, by improving current protocol, the application demand with multiple encrypting arithmetic can be realized, compatibility of product is improved.
Description
Technical field
The present invention relates to optical communication field passive optical network technique, relate in particular to the method for multiple encryption algorithms negotiations process in the PON system.
Background technology
The Access Network field is when DSL is full-blown at present, the light access technology also obtains vigorous growth, especially to put the light access technology that multicast communication is a feature---PON (Passive Optical Network, EPON) is subjected to attracting attention of industry once more.Insert with point-to-point light and to compare, the PON local side is with an optical fiber, can be divided into tens of even multi-channel optical fibre connection user more, reduces the networking cost greatly.
Please refer to Fig. 1, the PON system is made up of three parts: OLT (Optical Line Termination, optical line terminal), ODN (Optical Distribution Network, light distributed network) and ONU/ONT (Optical Network Unit, optical network unit/Optical Network Termination, Optical Network Terminal).
OLT connects one or more ODN for the PON system provides network side interface (SNI).The passive optical splitters part, the data that OLT is descending are transferred to each ONU along separate routes, the upstream data of a plurality of ONU/ONT are gathered to be transferred to OLT simultaneously.ONU provides user side interface (UNI) for the PON system, uply links to each other with ODN, if ONU directly provides User Port Function, the ethernet user's port as PC online usefulness then is called ONT.
The ONU that no specified otherwise, this specification are mentioned comprises ONU and ONT.
In the PON system, from OLT to ONU, be called descending, otherwise be up.The downlink data mode is that OLT is broadcast to each ONU, and the upstream data mode of ONU is to be distributed between the sending area by OLT, and data upload to OLT after time division multiplexing.
The PON technology comprises BPON (Broadband Passive Optical Network, broadband passive optical network), GPON (Gigabit Passive Optical Network, the Gbit EPON) etc., GPON is at BPON (Broadband Passive Optical Network, broadband passive optical network) inheritance and development on the basis is the most comprehensive, the mature technique of technology among current several PON, has advantages such as line speed height, maintenance management be perfect.BPON and GPON are formulated by International Telecommunications Union (ITU-T).BPON only supports the carrying of ATM cell, and GPON supports the carrying ATM cell, also supports to be adapted to the GEM encapsulation of IP data.They have similar management mode, for example use same OMCI (ONT management and controlinterface, ONT manages control interface) management agreement and approximate PLOAM (Physical Layer OAM, physical layer OAM) message mechanism.OMCI in BPON and GPON standard definition at G983.2 and G.984.4 respectively, wherein G984.4 is to the succession of G983.2 and replenishes.
Please refer to Fig. 2, is the GPON protocol stack model.The GPON standard agreement will be divided into GPM layer (G-PON Physical Media Dependent Layer, GPON physical medium relevant layers) and GTC layer (G-PON Transmission Convergence Layer, GPON transmission convergence layer) more than the physical medium.GTC is further divided into framing sublayer (GTC framing sub-layer) and the adaptive sublayer of TC (GTC adaptersub-layer).The GTC layer provides the packaged type of two kinds of business datums: the ATM packaged type is encapsulated in business datum in the ATM cell and transmits, and cell is length 53 bytes; The GEM packaged type is elongated encapsulation, supports to change according to the length of business data frame the length of GEM encapsulated frame.
Transfer of data between OLT and the ONU is based on T-CONT (Transmission Container, transmission container), and the sign of T-CONT is allocid.A T-CONT can only be ATM or GEM type, can be divided into a plurality of PVC passages that identified by VPI, VCI in the T-CONT passage, can be divided into a plurality of port passages of PORT id sign when GEM encapsulates.
The management maintenance of GPON has 3 kinds of modes.Embedded OAM mode (EmbeddedOperations, Administration and Maintenance, administer and maintain embedding operation) is carried in the respective fields of frame head, and is real-time, realizes as functions such as upstream bandwidth mandates.The PLOAM mode provides 13 byte fixed format information, inserts in frame head when needing, and realizes the physical circuit OAM(Operation Administration Maintenance).The OMCI mode has oneself message format, is carried on the passage of specifying VPI, VCI or port id, and the transmission of messages that suitable real-time is not strong is as configuration messages.OMCI is the master-slave mode management agreement, and OLT is a main equipment, and ONU is a slave unit, a plurality of ONU equipment that OLT connects below by OMCI passage control OLT.
Business datum and management data are respectively as ATM client/GEM client and OMCI client.The adaptive sublayer of GTC provides ATM, GEM and OMCI Processing Interface to the upper strata, and data encapsulation is become ATM cell or GEM message, has promptly specified VPI, VCI or port id, has also just determined the id of T-CONT.GTC framing sublayer generates the GPON frame head, inserts PLOAM message in frame head, and ATM cell and GEM message are put into payload part, is assembled into the GPON frame., carry out contrary the processing at receiving terminal after the GPM layer is sent on the optical fiber.The Embedded OAM(Operation Administration Maintenance) is directly finished in the framing sublayer.
Because downlink data is broadcasted, lose not one's own data though on ONU, can filter according to the port id of configuration, still face the stolen risk of data, so the payload part of GPON frame is needed to encrypt.The encryption of downlink data is very necessary.Only stipulated a kind of cryptographic algorithm in the GPON international standard at present---aes algorithm (Advanced Encryption Standard, Advanced Encryption Standard), all descending unicast datas all use aes algorithm in the time of need encrypting.Each ONU uses independently key, and brings in constant renewal in key, guarantees the reliability of encrypting.
In the OMCI current mechanism with encrypt relevant definition and have only two attributes, be arranged in the ONT2-G or the ONU2-G ME of the information of overall importance of expression ONU equipment and ability (as device version, whether support GEM and ATM etc.).For convenience, this specification is collectively referred to as ONU/T2-G ME with ONT2-G and ONU2-G ME.Represent the ONT-G or the ONU-G ME in addition of same information, ONT2-G or ONU2-G ME are attached to ONT-G or ONU-G ME.The cryptographic algorithm pattern that security capabilities (Security Capability) expression ONU can support, the algorithm pattern that the current ONU of safe mode (Security Mode) expression selects for use.But because only defined a cryptographic algorithm at present in the international standard, do not need to carry out any selection, so when definition ONU created ME in the safe mode attribute, the direct value of this attribute was 1, the AES cryptographic algorithm is adopted in expression.These two parameters in the OMCI layoutprocedure, use less than, encryption configuration is realized by PLOAM message fully.Below be the definition of prior art to Security Capability and Security Mode:
Security Capability: the advanced security pattern that this attribute representation ONU can support.Coded format is defined as follows:
0: use after being left;
1: support AES cryptographic algorithm to descending payload;
2..255: use after being left.
(read-only) (forcing to realize) (length: 1byte)
Security Mode: the actual advanced security pattern of selecting for use of this attribute representation ONU.Note, no matter when, the VP/VC of last all encryptions of ONU or the data of GEM port must be used identical safe mode.Coded format is defined as follows:
0: use after being left;
1: will use the AES cryptographic algorithm to unicast traffic;
2..255: use after being left.
When ONU created the example of this ME automatically, the value of this attribute was got 0x01. (readable, as can to write) (forcing to realize) (length: 1byte)
BPON is similar to the data encryption mechanism of GPON, in the international standard BPON has only been defined a kind of superencipherment algorithm at present.
The research and development requirement of PON product can adapt to the application need of country variant, different regions and heterogeneous networks operator, and country variant may use different cryptographic algorithm, and heterogeneous networks operator also may use different cryptographic algorithm.
From above introduction to the PON international standard as can be seen, the prior art scheme has only been considered a kind of DEA pattern, the configuration phase that does not have to be connected to OLT at ONU provides the negotiations process of many algorithm patterns, shortage is to the compatible processing of multiple encryption algorithms, can not satisfy multinational family, many areas and many Virtual network operators are supported the demand of multiple encryption algorithms to the PON equipment requirements.
Summary of the invention
The technical problem to be solved in the present invention provides cryptographic algorithm negotiating method in a kind of PON system, and this machinery of consultation can realize the support of PON equipment to multiple encryption algorithms.
For solving the problems of the technologies described above, the present invention is achieved by the following technical solutions:
Cryptographic algorithm negotiating method in the PON system is characterized in that, comprises step: 1) obtain the algorithm pattern that optical network unit is supported; 2) according to presetting the algorithm pattern selected algorithm pattern that strategy allows; 3) optical network unit is set and uses described selected algorithm pattern.
Preferably, the process obtained of described step 1) comprises: 11) send and obtain to support the order of algorithm pattern to optical network unit; 12) algorithm pattern of optical network unit feedback support.
Preferably, the process that described step 1) is obtained comprises: when the optical network unit property value changed, described optical network unit changed the algorithm pattern that the AVC information reporting is supported by property value.
Preferably, described optical network unit reports before the algorithm pattern of support, comprising: c1) send reset command to optical network unit; C2) optical network unit responds the result that resets.
Preferably, the described strategy that presets comprises: the difference that adopts according to country variant, different regions or heterogeneous networks operator is used standard.
Preferably, described step 2) Xuan Ding process comprises: judge whether the algorithm pattern of described permission and the algorithm pattern of described optical network unit support have identical algorithm pattern, if, selected algorithm pattern from described identical algorithm pattern, otherwise, handle as consulting failure.
Preferably, described negotiation failure processing procedure comprises: selected algorithm pattern from the algorithm pattern of described permission; Or the invalid algorithm pattern that will not represent any actual algorithm is as selected algorithm pattern, and described invalid algorithm pattern uses the value representation of particular form.
Preferably, the process of described step 3) setting comprises: 31) send comprise described selected algorithm pattern order is set to optical network unit; 32) optical network unit is responded the result is set.
Preferably, it is characterized in that, use continuous value or bit bit to represent described algorithm pattern.
As can be seen from the above technical solutions, the present invention at first obtains the algorithm pattern that ONU supports at the ONU configuration phase, then foundation is preset the selected algorithm pattern of strategy and be set on the ONU, thereby the negotiating algorithm process of multiple encryption algorithms pattern is supported in realization.The present invention realizes multiple encryption algorithms and the application demand of depositing by improving existing protocol, improves the compatibility of product.
Further, the present invention also provides by using continuous value or using bit bit definition algorithm pattern, has expanded the ability to express of security capabilities and two parameters of safe mode, makes selecting for use of multiple encryption algorithms have flexibility.
Description of drawings
Fig. 1 is a PON system connection layout;
Fig. 2 is the GPON protocol stack model;
Fig. 3 is a cryptographic algorithm negotiating method flow chart of the present invention;
Fig. 4 is cryptographic algorithm negotiating method embodiment one schematic diagram of the present invention;
Fig. 5 is cryptographic algorithm negotiating method embodiment two schematic diagrames of the present invention.
Embodiment
The invention provides cryptographic algorithm negotiating method in the PON system, be applied to the configuration phase after ONU is connected to OLT.
Please refer to Fig. 3, is cryptographic algorithm negotiating method flow chart of the present invention.This method flow may further comprise the steps:
P1) optical line terminal obtains the algorithm pattern that optical network unit is supported;
P2) optical line terminal is according to presetting the selected algorithm pattern that uses of algorithm pattern that strategy allows;
P3) optical line terminal is provided with optical network unit and uses described selected algorithm pattern.
For the ease of further understanding the present invention, below in conjunction with specific embodiment the present invention is described in detail, two embodiment described below are based on the GPON system.
After ONU was connected to OLT, start-up course was divided into link layer registration phase and OMCI configuration phase two parts.At the link layer registration phase, equipment uses PLOAM message to finish link establishment, comprise that configuration light path physical layer makes its correct connection, and ONU is to the registration process of OLT.To be ONU report oneself string number (serial number, the globally unique numbering of ONU equipment) to OLT to the registration process key link, and OLT distributes ONU id for this ONU, and ONU id is unique in all ONU that optical interface of OLT connects.Behind the registration link setup, OLT uses first T-CONT on the PLOAM message establishing ONU again, and sets up port or pvc passage in this T-CONT, is used for the OMCI interacting message, enter the OMCI configuration phase then, finish follow-up start-up operations such as service channel is set up, configuration data issues by the OMCI passage.After whole starting process was finished, PLOAM message also needed to handle the maintenance of link between OLT and the ONU, and handled other bottom relevant information and command interaction, enabled as alarm reception and registration, the passage encryption function of link failure indication etc.
The OMCI agreement becomes agreement to manage information bank (protocol-independent Management Information Base independently the various data abstractions that OLT manages ONU, be called for short MIB), the basic information unit (BIU) of management information bank is management entity (manage entity is called for short ME).According to various types of configuration datas of ONU, OMCI has defined the various ME that are used for OLT control ONU, and ONU realizes the configuration management function of various ME under the control of OLT.ME is made up of attribute (Attributes), and attribute can be read and write by OLT.The ME that has is created automatically by ONU, and the ME that has is created by the OLT transmitting order to lower levels.
The technical program has been utilized the attribute definition among the existing ONU/T2-G ME, and this method is connected in the OMCI configuration phase of OLT start-up course at ONU, has increased the procedure definition that algorithm pattern more than is consulted.
In the management entity of ONU, ONU/T-G is the root node of other all ME, after the ME of expression basic equipment information creates, just can carry out concrete professional configuration, so ONU/T-G and ONU/T2-G ME have just created before the OMCI layoutprocedure begins.The layoutprocedure of existing encryption function is used in the selected situation of cryptographic algorithm, so the negotiations process that the present invention increases newly is positioned at before original ciphering process, this negotiations process belongs to the concrete business configuration stage of OMCI.
See also Fig. 4, for being cryptographic algorithm negotiating method embodiment one schematic diagram of the present invention, in the present embodiment, OLT obtains the cryptographic algorithm pattern of support by using the Get order.
The cryptographic algorithm negotiations process of the technical program is as follows:
A1) OLT uses the Get order, reads the value that ONU goes up security capability attribute among the ONU/T2-G ME.
A2) ONU response Get order reports the cryptographic algorithm pattern of self supporting.
A3) after OLT receives, the algorithm pattern that decision should be used according to the strategy of prior static state or dynamic-configuration.
Concrete, before algorithm pattern is used in decision, use standard according to country variant, different regions or heterogeneous networks operator allows different algorithm patterns, judge whether the algorithm pattern of described permission and the algorithm pattern of described optical network unit support have identical algorithm pattern, if, selected algorithm pattern from described identical algorithm pattern, otherwise, handle as consulting failure.
Above-mentioned negotiation failure processing procedure can be selected algorithm pattern from the algorithm pattern that allows.
Above-mentioned negotiation failure processing procedure also can be will not represent any actual algorithm invalid algorithm pattern as selected algorithm pattern, the value representation of described invalid algorithm pattern use particular form.
A4) OLT uses the Set order, ONU is set goes up the algorithm pattern value of Security mode attribute for selecting among the ONU/T2-G ME.
A5) after the ONU configuration is finished, response OLT, expression Set operating result.
A6) system start-up encryption flow.
Start-up course when below downlink data being encrypted for the use aes algorithm:
1) encrypt PLOAM message with passage and issue encrypted command to the port passage that needs is arranged, the passage that generally is used for unicast data all should be encrypted;
2) OLT encrypts the key of usefulness to the ONU request;
3) receive that the ONU of request independently generates the key of an aes algorithm, deliver OLT, and keep this key, be used for deciphering in this locality;
4) after OLT receives key, relevant ONU is issued the key switching command, bring into use this key in the moment of determining.
For step 1), 4), after the OLT order issues, need ONU to respond acknowledge message.
Switch relevant step 2 with key) to step 4), also be used for the new and old replacement control of key.
In order to support many algorithm patterns, on the meaning basis of invariable that keeps Security capability and Security mode attribute, the present invention expands these two parameter value definition.
1) security capability uses continuous value to represent the algorithm pattern that ONU can support, comprises the combination option of supporting multiple algorithm pattern simultaneously, is exemplified below:
Security Capability: the advanced security pattern that this attribute representation ONU can support.Coded format is defined as follows:
0: only support cryptographic algorithm A;
1: only support cryptographic algorithm B;
2: only support cryptographic algorithm C;
3: support cryptographic algorithm A and B simultaneously;
4: support cryptographic algorithm B and C simultaneously;
5..255: use after being left.
(read-only) (forcing to realize) (length: 1byte)
Above-mentioned continuous value can be: comprise 0 at interior natural numerical value or integer.
Be understandable that, more than for combination option example, all syntagmatics of ergodic algorithm not necessarily.Be not precluded within the application and derive other combined methods according to the principle of the invention.
2) definition of the value of security mode can be identical with security capability, only needs the value of the single algorithm pattern of expression usually; When consulting failure, can use the invalid algorithm of value representation of particular form, such as: use the invalid algorithm of 255 expressions.Be exemplified below:
Security Mode: the actual advanced security pattern of selecting for use of this attribute representation ONU.Note, no matter when, the VP/VC of last all encryptions of ONU or the data of GEM port must be used identical safe mode.Coded format is defined as follows:
0: will use cryptographic algorithm A;
1: will use cryptographic algorithm B;
2: will use cryptographic algorithm C;
3..254: use after being left;
255: represent invalid algorithm.
(readable, as can to write) (forcing to realize) (length: 1byte)
See also Fig. 5, for cryptographic algorithm negotiating method embodiment two schematic diagrames of the present invention, in this enforcement, the cryptographic algorithm pattern that ONU supports by AVC (Attribute Value Change, property value changes) information reporting.
Present embodiment is connected to OLT from ONU, then to the startup stage OMCI layoutprocedure, after creating ONU/T2-G ME on the ONU, ONU uses the AVC function to report the numerical value of security capability attribute, be the ability of the actual support of ONU, the Get that this method is used the AVC of ONU to report and replaced the OLT among first kind of embodiment operates.The security capabilities attribute belongs to ONU/T2-G ME, and this ME creates when being the beginning of OMCI layoutprocedure.
B1) ONU electrifying startup, ONU does not also have mib, creates ONU/T-G, ONU/T2-G and ONT data ME earlier.ONT data ME preserves mib synchronous regime parameter, is used to check that last mib of ONU and OLT go up the synchronous regime between the corresponding mib that preserves.Mib synchronous regime parameter is a sequence number, and this value increases when ONU mib changes.OLT keeps the map to ONU mib in this locality, by checking this value to judge whether to need to upgrade local mib.
B2) OLT issues ONTData MIBReset cmd order, ONU receives this order back and removes the mib of self, make the only remaining default ME of mib on the ONU, the basic software and hardware information of default ME indication equipment comprises ONU/T-G, ONU/T2-G, ONT data and other necessary ME.
B3) ONU responds ONTData MIBReset rsp, the expression mib success that resets.
B4) the local mib that creates corresponding this ONU of OLT comprises ONU/T-G, ONU/T2-G, ONTdata and other necessary ME.
B5) at this moment, it all is default value that ONU and OLT go up the ME attribute of creating, and not necessarily meets the ONU actual conditions, for example the ability of the incorrect expression ONU of the value of Security Capability attribute reality.So in this step, ONU is according to the physical device information updating ONU/T-G in the internal memory, the property value of ONU/T2-GME, the value after refreshing initiatively reports OLT by AVC message.
B6) property value (comprising the value that reports the SecurityCapability attribute) after OLT obtains changing from the AVC message of receiving refreshes the mib map data on the OLT, and the algorithm pattern that decision should be used according to the strategy of prior static state or dynamic-configuration.
Concrete, before algorithm pattern is used in decision, use standard according to country variant, different regions or heterogeneous networks operator allows different algorithm patterns, judge whether the algorithm pattern of described permission and the algorithm pattern of described optical network unit support have identical algorithm pattern, if, selected algorithm pattern from described identical algorithm pattern, otherwise, handle as consulting failure.
Above-mentioned negotiation failure processing procedure can be direct interruption cryptographic algorithm layoutprocedure.
B7) OLT uses the Set order, and the algorithm pattern value of attribute for selecting that ONU goes up Security mode among the ONU/T2-G ME is set.
B8) after the ONU configuration is finished, response OLT, expression Set operating result.
B9) system start-up ciphering process.
In the present embodiment, the present invention has used another kind of mode to define to the value of Security capability and Security mode attribute.
1) security capability represents a kind of algorithm pattern that ONU supports by using field bit bit, and several algorithm patterns are supported in the simultaneously effective expression of several bit values simultaneously.Be exemplified below:
Security Capability: the advanced security pattern that this attribute representation ONU can support.Coded format is defined as follows:
Bit0: being 1 to express support for cryptographic algorithm A, is that 0 expression is not supported;
Bit1: being 1 to express support for cryptographic algorithm B, is that 0 expression is not supported;
Bit2: being 1 to express support for cryptographic algorithm C, is that 0 expression is not supported;
Bit3..bit7: use after being left.
(read-only) (forcing to realize) (length: 1byte)
2) definition of the value of security mode is with security capabilty.When having selected efficient algorithm, the same time has only an algorithm pattern effective, the algorithm that expression is selected for use; When consulting failure, can use the invalid algorithm of value representation of particular form, such as: use bit7 or make the simultaneously effective form of polyalgorithm pattern represent invalid algorithm simultaneously.Be exemplified below:
Security Mode: the actual advanced security pattern of selecting for use of this attribute representation ONU.Note, no matter when, the VP/VC of last all encryptions of ONU or the data of GEM port must be used identical safe mode.Coded format is defined as follows:
Bit0: be that 1 expression will be used cryptographic algorithm A, otherwise be 0;
Bit1: be that 1 expression will be used cryptographic algorithm B, otherwise be 0;
Bit2: be that 1 expression will be used cryptographic algorithm C, otherwise be 0;
Bit3..bit6: use after being left.
Bit7: be the invalid algorithm of 1 expression, otherwise be 0.
(readable, as can to write) (forcing to realize) (length: 1byte)
Above-mentioned bit bit can be: the binary counting value of being made up of several bit.
Be understandable that, in above two embodiment, the present invention uses the combination of continuous value or bit bit definition algorithm pattern and algorithm pattern, expanded the ability to express of security capabilities and two parameters of safe mode, do not get rid of the possibility that the length of security capabilities and safe mode attribute field is expanded, and the possibility that changes affiliated ME after the extension length.
Need to prove that because the BPON system uses the OMCI agreement identical with the GPON system, above-mentioned two many negotiating algorithms process thinkings based on the GPON system embodiment can be used in the BPON system equally.Be understandable that, do not get rid of other PON technology and use the technical program principle to realize many negotiating algorithms.
More than cryptographic algorithm negotiating method in a kind of PON provided by the present invention system is described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (10)
1.PON cryptographic algorithm negotiating method in the system is characterized in that, comprises step:
1) obtains the algorithm pattern that optical network unit is supported;
2) according to presetting the algorithm pattern selected algorithm pattern that strategy allows;
3) optical network unit is set and uses described selected algorithm pattern.
2. method according to claim 1 is characterized in that, the process that described step 1) is obtained comprises:
11) send the order that obtains the support algorithm pattern and arrive optical network unit;
12) algorithm pattern of optical network unit feedback support.
3. method according to claim 1 is characterized in that, the process that described step 1) is obtained comprises:
When the optical network unit property value changed, described optical network unit changed the algorithm pattern that the AVC information reporting is supported by property value.
4. method according to claim 3 is characterized in that, described optical network unit reports before the algorithm pattern of support, comprising:
C1) send reset command to optical network unit;
C2) optical network unit responds the result that resets.
5. method according to claim 1 is characterized in that, the described strategy that presets comprises: the difference that adopts according to country variant, different regions or heterogeneous networks operator is used standard.
6. method according to claim 1, it is characterized in that, described step 2) Xuan Ding process comprises: judge whether the algorithm pattern of described permission and the algorithm pattern of described optical network unit support have identical algorithm pattern, if, selected algorithm pattern from described identical algorithm pattern, otherwise, handle as consulting failure.
7. method according to claim 6 is characterized in that, described negotiation failure processing procedure comprises: selected algorithm pattern from the algorithm pattern of described permission; Or the invalid algorithm pattern that will not represent any actual algorithm is as selected algorithm pattern, and described invalid algorithm pattern uses the value representation of particular form.
8. method according to claim 1 is characterized in that, the process of described step 3) setting comprises:
31) send comprise described selected algorithm pattern order is set to optical network unit;
32) optical network unit is responded the result is set.
9. according to one of them described method of claim 1~8, it is characterized in that, use continuous value to represent described algorithm pattern.
10. according to one of them described method of claim 1~8, it is characterized in that, use bit bit to represent described algorithm pattern.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100789319A CN101064719A (en) | 2006-04-27 | 2006-04-27 | Cryptographic algorithm negotiating method in PON system |
| PCT/CN2007/000954 WO2007124658A1 (en) | 2006-04-27 | 2007-03-26 | A method and system for negotiating encryption algorithm in passive optical network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100789319A CN101064719A (en) | 2006-04-27 | 2006-04-27 | Cryptographic algorithm negotiating method in PON system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101064719A true CN101064719A (en) | 2007-10-31 |
Family
ID=38655054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006100789319A Pending CN101064719A (en) | 2006-04-27 | 2006-04-27 | Cryptographic algorithm negotiating method in PON system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101064719A (en) |
| WO (1) | WO2007124658A1 (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009149666A1 (en) * | 2008-06-13 | 2009-12-17 | 华为技术有限公司 | Method, device and system for negotiating algorithm |
| WO2010048897A1 (en) * | 2008-10-31 | 2010-05-06 | 华为技术有限公司 | Method, system and devices for message transmission and receiving |
| CN101882993A (en) * | 2009-05-04 | 2010-11-10 | 联发科技(新加坡)私人有限公司 | Cryptographic system and cryptographic methods |
| WO2011012092A1 (en) * | 2009-07-31 | 2011-02-03 | Huawei Technologies Co., Ltd. | Optical network terminal management control interface-based passive optical network security enhancement |
| CN102291246A (en) * | 2010-06-21 | 2011-12-21 | 中兴通讯股份有限公司 | Selection method and system of optical network unit (ONU) management maintenance mode |
| CN101540933B (en) * | 2009-04-30 | 2012-04-25 | 殷爱菡 | Programmable dynamic bandwidth distribution method and device |
| CN102664887A (en) * | 2012-04-19 | 2012-09-12 | 江汉大学 | Input information protecting method, device and system |
| CN103384171A (en) * | 2013-05-30 | 2013-11-06 | 上海斐讯数据通信技术有限公司 | OLT device and ONU configuration issuing method thereof |
| CN103516515A (en) * | 2012-06-28 | 2014-01-15 | 中兴通讯股份有限公司 | Encryption/decryption seamless switch achieving method, OLT and ONU in GPON system |
| CN107302428A (en) * | 2017-05-26 | 2017-10-27 | 北京国电通网络技术有限公司 | The machinery of consultation of the cryptographic algorithm of data transport services in a kind of power distribution network |
| CN107508707A (en) * | 2017-08-25 | 2017-12-22 | 中国联合网络通信集团有限公司 | A kind of authentication registration method, apparatus and network system |
| CN111356038A (en) * | 2018-12-24 | 2020-06-30 | 深圳市中兴微电子技术有限公司 | Method for realizing channel self-adaption in PON and related equipment |
| CN114125600A (en) * | 2021-12-14 | 2022-03-01 | 王建军 | Single-fiber multi-network safety access equipment and method based on time slot grouping |
| CN117579182A (en) * | 2024-01-17 | 2024-02-20 | 中兴通讯股份有限公司 | Service encryption method of passive optical network system, electronic equipment and storage medium |
| CN117579182B (en) * | 2024-01-17 | 2024-05-03 | 中兴通讯股份有限公司 | Service encryption method of passive optical network system, electronic equipment and storage medium |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101902664A (en) * | 2009-05-26 | 2010-12-01 | 中兴通讯股份有限公司 | Method and system for improving encryption/decryption speed of passive optical network |
| SG10201700811VA (en) | 2017-02-01 | 2018-09-27 | Huawei Int Pte Ltd | System and method for efficient and secure communications between devices |
| CN114143051B (en) * | 2021-11-19 | 2024-02-23 | 江苏林洋能源股份有限公司 | Method for intelligent ammeter to select TLS protocol based on performance adjustment |
| CN114302269B (en) * | 2021-12-17 | 2024-04-09 | 博为科技有限公司 | ONU access method and device, storage medium and electronic equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1172469C (en) * | 2001-12-13 | 2004-10-20 | 华为技术有限公司 | Method for realizing secrete communication by autonomously selecting enciphered algorithm |
| JP4043860B2 (en) * | 2002-06-27 | 2008-02-06 | 株式会社日立コミュニケーションテクノロジー | Encrypted communication device |
| KR100949420B1 (en) * | 2002-10-31 | 2010-03-24 | 파나소닉 주식회사 | Communication device, communication system, and algorithm selection method |
| US7591012B2 (en) * | 2004-03-02 | 2009-09-15 | Microsoft Corporation | Dynamic negotiation of encryption protocols |
-
2006
- 2006-04-27 CN CNA2006100789319A patent/CN101064719A/en active Pending
-
2007
- 2007-03-26 WO PCT/CN2007/000954 patent/WO2007124658A1/en active Application Filing
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009149666A1 (en) * | 2008-06-13 | 2009-12-17 | 华为技术有限公司 | Method, device and system for negotiating algorithm |
| CN101605324B (en) * | 2008-06-13 | 2011-06-01 | 华为技术有限公司 | Method, device and system for negotiating algorithm |
| CN101729358B (en) * | 2008-10-31 | 2012-04-04 | 华为技术有限公司 | Method, system and device for transferring and receiving information |
| WO2010048897A1 (en) * | 2008-10-31 | 2010-05-06 | 华为技术有限公司 | Method, system and devices for message transmission and receiving |
| US8559819B2 (en) | 2008-10-31 | 2013-10-15 | Huawei Technologies Co., Ltd. | Information transfer and receiving method, system, and device |
| CN101540933B (en) * | 2009-04-30 | 2012-04-25 | 殷爱菡 | Programmable dynamic bandwidth distribution method and device |
| CN101882993A (en) * | 2009-05-04 | 2010-11-10 | 联发科技(新加坡)私人有限公司 | Cryptographic system and cryptographic methods |
| US9032209B2 (en) | 2009-07-31 | 2015-05-12 | Futurewei Technologies, Inc. | Optical network terminal management control interface-based passive optical network security enhancement |
| CN102656838A (en) * | 2009-07-31 | 2012-09-05 | 华为技术有限公司 | Optical network terminal management control interface-based passive optical network security enhancement |
| CN102656838B (en) * | 2009-07-31 | 2015-06-17 | 华为技术有限公司 | Optical network terminal management control interface-based passive optical network security enhancement |
| JP2013501389A (en) * | 2009-07-31 | 2013-01-10 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | Passive optical network security enhancement based on optical network terminator management control interface |
| US8442229B2 (en) | 2009-07-31 | 2013-05-14 | Futurewei Technologies, Inc. | Method and apparatus for providing security in a passive optical network |
| WO2011012092A1 (en) * | 2009-07-31 | 2011-02-03 | Huawei Technologies Co., Ltd. | Optical network terminal management control interface-based passive optical network security enhancement |
| EP2882134A1 (en) * | 2009-07-31 | 2015-06-10 | Huawei Technologies Co., Ltd. | Optical network terminal management control interface-based passive optical network security enhancement |
| US8850197B2 (en) | 2009-07-31 | 2014-09-30 | Futurewei Technologies, Inc. | Optical network terminal management control interface-based passive optical network security enhancement |
| WO2011160382A1 (en) * | 2010-06-21 | 2011-12-29 | 中兴通讯股份有限公司 | Method and system for selecting optical network unit management and maintenance manner |
| CN102291246A (en) * | 2010-06-21 | 2011-12-21 | 中兴通讯股份有限公司 | Selection method and system of optical network unit (ONU) management maintenance mode |
| CN102664887A (en) * | 2012-04-19 | 2012-09-12 | 江汉大学 | Input information protecting method, device and system |
| CN103516515A (en) * | 2012-06-28 | 2014-01-15 | 中兴通讯股份有限公司 | Encryption/decryption seamless switch achieving method, OLT and ONU in GPON system |
| CN103516515B (en) * | 2012-06-28 | 2018-03-02 | 中兴通讯股份有限公司 | The implementation method of encryption and decryption seamless switching, OLT and ONU in GPON systems |
| CN103384171A (en) * | 2013-05-30 | 2013-11-06 | 上海斐讯数据通信技术有限公司 | OLT device and ONU configuration issuing method thereof |
| CN103384171B (en) * | 2013-05-30 | 2016-08-31 | 上海斐讯数据通信技术有限公司 | OLT device and the method issuing ONU configuration thereof |
| CN107302428A (en) * | 2017-05-26 | 2017-10-27 | 北京国电通网络技术有限公司 | The machinery of consultation of the cryptographic algorithm of data transport services in a kind of power distribution network |
| CN107508707A (en) * | 2017-08-25 | 2017-12-22 | 中国联合网络通信集团有限公司 | A kind of authentication registration method, apparatus and network system |
| CN107508707B (en) * | 2017-08-25 | 2020-03-03 | 中国联合网络通信集团有限公司 | Registration authentication method, device and network system |
| CN111356038A (en) * | 2018-12-24 | 2020-06-30 | 深圳市中兴微电子技术有限公司 | Method for realizing channel self-adaption in PON and related equipment |
| CN111356038B (en) * | 2018-12-24 | 2023-08-08 | 深圳市中兴微电子技术有限公司 | Method for realizing channel self-adaption in PON and related equipment |
| CN114125600A (en) * | 2021-12-14 | 2022-03-01 | 王建军 | Single-fiber multi-network safety access equipment and method based on time slot grouping |
| CN117579182A (en) * | 2024-01-17 | 2024-02-20 | 中兴通讯股份有限公司 | Service encryption method of passive optical network system, electronic equipment and storage medium |
| CN117579182B (en) * | 2024-01-17 | 2024-05-03 | 中兴通讯股份有限公司 | Service encryption method of passive optical network system, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2007124658A1 (en) | 2007-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101064719A (en) | Cryptographic algorithm negotiating method in PON system | |
| CN102739514B (en) | Coaxial cable media converter and traffic switching method | |
| CA2769226C (en) | Optical network terminal management control interface-based passive optical network security enhancement | |
| KR100594028B1 (en) | GTC Frame Structure for Transmitting OMCI in GPON and Transmitting Method | |
| CN101047450B (en) | Method for sending zero configuration service to optical fibre access terminal equipment | |
| CN104378225B (en) | GPON systems and the method for configuring ustomer premises access equipment business | |
| EP2355374A1 (en) | Method, system and optical line terminal for message transmission in an optical communication system | |
| CN101047470A (en) | Allocation method for forward error correction function in passive optical network | |
| JP6064048B2 (en) | Method for supporting transfer of optical network units between passive optical networks | |
| WO2009121275A1 (en) | A transmission processing method, equipment and system for optical network | |
| WO2011017986A1 (en) | Transmission method and assembling method for physical layer operations, administration and maintenance (ploam) message in a passive optical network | |
| TWI555348B (en) | Energy efficient ethernet power management via siepon protocol | |
| US20100272259A1 (en) | Method for filtering of abnormal ont with same serial number in a gpon system | |
| JP7314403B2 (en) | Service setting method and device | |
| CN105991318B (en) | Configuration data distribution method and device | |
| CN101102152A (en) | Method for guaranteeing data security in passive optical network | |
| CN101079801A (en) | Method for transmitting uplink control packet in Gbit passive optical network system | |
| CN1852218A (en) | Method for configurating VLANtag | |
| JP4685659B2 (en) | Station side device, subscriber side device and PON system | |
| WO2020015338A1 (en) | Method and system for negotiating encryption algorithm in passive optical network system | |
| ATE340453T1 (en) | METHOD AND DEVICE FOR MANAGING A TELECOMMUNICATIONS NETWORK | |
| CN105790986A (en) | Method, apparatus and system for managing optical network unit DPU device | |
| CN101873221A (en) | Management method and system of optical network unit | |
| WO2017215438A1 (en) | Service activating method, device and system, and storage medium | |
| CN101047454A (en) | Flow mapping method in passive optical network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20071031 |