CN101388765A - Ciphering mode switching method for G bit passive optical fiber network system - Google Patents
Ciphering mode switching method for G bit passive optical fiber network system Download PDFInfo
- Publication number
- CN101388765A CN101388765A CNA2007101515185A CN200710151518A CN101388765A CN 101388765 A CN101388765 A CN 101388765A CN A2007101515185 A CNA2007101515185 A CN A2007101515185A CN 200710151518 A CN200710151518 A CN 200710151518A CN 101388765 A CN101388765 A CN 101388765A
- Authority
- CN
- China
- Prior art keywords
- network unit
- transmission line
- line terminal
- key
- optical network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for switching an encrypting mode in a gigabit passive fiber-optical network system, which comprises the following steps: informing a light network unit to change the encrypting mode by a light transmission line terminal, carrying out the key updating to a light transmission line terminal and the light network unit, and generating multi-frame numbers, switching the encrypting mode on multi-frames which are corresponding to the multi-frame numbers, by the light transmission line terminal and the light network unit. The encrypting mode switching mechanism of the invention can synchronously switch the encrypting mode of an OLT and an ONU through matching with the key updating process, and can prevent possible loss of down-bound information.
Description
Technical field
The present invention relates to a kind of broadband optical access technology, relate in particular to the ciphering mode switching method in a kind of G bit passive optical fiber network system.
Background technology
At gigabit passive optical network (GPON, Gigabit Passive Optical Network) in the system, an optical transmission line terminal (OLT) can connect a plurality of optical network units (ONU) down, OLT is to send in the mode of broadcasting to the downstream message of ONU, consider fail safe, the downstream message between OLT and the ONU can be encrypted.
In encryption mode change process, OLT revises encryption mode (encrypt or do not encrypt) by sending PLOAM (physical layer OAM) notice ONU, OLT, ONU carry out the encryption mode switching separately then, promptly switch to from encryption and do not encrypt, and perhaps never encrypt and switch to encryption.
But, in existing G.984.3 standard, there is not the encryption mode handover mechanism, how OLT, ONU carry out the encryption mode switching is not described, asynchronous if the encryption mode of OLT, ONU switches, and then may cause correctly receiving unit downstream message of ONU.
Summary of the invention
Technical problem solved by the invention provides a kind of ciphering mode switching method of G bit passive optical fiber network system, has avoided possible downstream message to lose.
Technical scheme is as follows:
Ciphering mode switching method in a kind of G bit passive optical fiber network system, step comprises:
(1) optical transmission line terminal notice optical network unit changes encryption mode;
(2) described optical transmission line terminal and optical network unit carry out key updating, and produce multiple frame number;
(3) described optical transmission line terminal and optical network unit carry out the encryption mode switching at the multi-frame of described multiple frame number correspondence.
Further, step (1) comprising:
(11) described optical transmission line terminal sends to described optical network unit and changes encryption mode message, notifies described optical network unit to carry out the encryption mode change;
(12) described optical network unit is to optical transmission line terminal responds acknowledge message.
Further, step (2) comprising:
(21) described optical transmission line terminal sends the request key message to optical network unit, notifies described optical network unit to produce new key;
(22) described optical network unit sends newly-generated described key to the optical transmission line terminal;
(23) described optical transmission line terminal sends key switching message to optical network unit, carries multiple frame number in the described key switching message, notifies described optical network unit handover key when corresponding multi-frame begins by described multiple frame number;
Further, in the step (3), when never encryption changed to encryption, described optical transmission line terminal and optical network unit switched encryption mode when the multi-frame of described multiple frame number correspondence arrives, simultaneously, and handover key; When changing to from encryption when not encrypting, described optical transmission line terminal and optical network unit switch encryption mode when the multi-frame of described multiple frame number correspondence arrives.
Encryption mode handover mechanism of the present invention makes the encryption mode of OLT, ONU to switch synchronously by cooperating with key updating process, has avoided possible downstream message to lose.
Description of drawings
Fig. 1 is the flow chart of the ciphering mode switching method in the GPON system;
Fig. 2 is the concrete flow chart of using of the ciphering mode switching method in the GPON system.
Embodiment
With reference to the accompanying drawings, the preferred embodiments of the present invention are described in detail.
With reference to shown in Figure 1, the ciphering mode switching method in the GPON system is described in detail.
Ciphering mode switching method in the GPON system combines with key updating process, and step comprises:
Step S101:OLT notice ONU changes encryption mode;
Step S102:OLT and ONU carry out key updating process;
Step S103:OLT and ONU carry out encryption mode according to the multi-frame in the key updating process and switch.
With reference to shown in Figure 2, the present invention is described in detail in conjunction with concrete application scenarios.
Application scenarios one is never encrypted and is changed to encryption, and concrete implementation step is as follows:
1, OLT notice ONU changes encryption mode.
Step S201:OLT sends Encrypted_VPI/Port-ID message (changing encryption mode message) to ONU, and the GPON standard is G.984.3), notice ONU carries out the encryption mode change.
Step S202:ONU replys Acknowledge message (acknowledge message) to OLT.
2, OLT and ONU carry out key updating process.
Step S203:OLT sends Request_Key (request key) message to ONU, and notice ONU produces new key.
Step S204:ONU sends Encryption_Key message twice to OLT, Encryption_Key message is used to carry new key, each Encryption_Key message is carried the part of new key, the synthetic complete new key of the set of cipher key that twice Encryption_Key message is carried.
Step S205:OLT sends Key_Switching_Time message (key switching message) to ONU, carries multiple frame number N in the Key_Switching_Time message, by this multiple frame number N notice ONU handover key when corresponding multi-frame begins.
3, OLT and ONU carry out encryption mode at the multi-frame of answering frame number N correspondence and switch according to the multiple frame number N in the key updating process.
When step S206:OLT and ONU arrive at the multi-frame of corresponding frame number N correspondence again, switch and enable new encryption mode, handover key simultaneously.
Application scenarios two changes to from encryption and not to encrypt, and concrete implementation step is as follows:
A, OLT notice ONU changes encryption mode.
Step S201:OLT sends Encrypted_VPI/Port-ID message to ONU, and notice ONU carries out the encryption mode change.
Step S202:ONU replys Acknowledge message to OLT.
B, OLT and ONU carry out key updating process.
Step S203:OLT sends Request_Key (request key) message to ONU, and notice ONU produces new key.
Step S204:ONU sends Encryption_Key message twice to OLT, Encryption_Key message is used to carry new key, each Encryption_Key message is carried the part of new key, the synthetic complete new key of the set of cipher key that twice Encryption_Key message is carried.
Step S205:OLT sends Key_Switching_Time message to ONU, carries multiple frame number N in the Key_Switching_Time message.
C, OLT and ONU carry out encryption mode at the multi-frame of answering frame number N correspondence and switch according to the multiple frame number N in the key updating process.
When step S206:OLT and ONU arrive at the multi-frame of corresponding frame number N correspondence again, switch encryption mode, enable new encryption mode.
Claims (4)
1, the ciphering mode switching method in a kind of G bit passive optical fiber network system, step comprises:
(1) optical transmission line terminal notice optical network unit changes encryption mode;
(2) described optical transmission line terminal and optical network unit carry out key updating, and produce multiple frame number;
(3) described optical transmission line terminal and optical network unit carry out the encryption mode switching at the multi-frame of described multiple frame number correspondence.
2, the ciphering mode switching method in the G bit passive optical fiber network system according to claim 1 is characterized in that, step (1) comprising:
(11) described optical transmission line terminal sends to described optical network unit and changes encryption mode message, notifies described optical network unit to carry out the encryption mode change;
(12) described optical network unit is to optical transmission line terminal responds acknowledge message.
3, the ciphering mode switching method in the G bit passive optical fiber network system according to claim 1 is characterized in that, step (2) comprising:
(21) described optical transmission line terminal sends the request key message to optical network unit, notifies described optical network unit to produce new key;
(22) described optical network unit sends newly-generated described key to the optical transmission line terminal;
(23) described optical transmission line terminal sends key switching message to optical network unit, carries multiple frame number in the described key switching message, notifies described optical network unit handover key when corresponding multi-frame begins by described multiple frame number;
4, the ciphering mode switching method in the G bit passive optical fiber network system according to claim 1, it is characterized in that, in the step (3), when never encryption changes to encryption, described optical transmission line terminal and optical network unit switch encryption mode when the multi-frame of described multiple frame number correspondence arrives, simultaneously, handover key; When changing to from encryption when not encrypting, described optical transmission line terminal and optical network unit switch encryption mode when the multi-frame of described multiple frame number correspondence arrives.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101515185A CN101388765B (en) | 2007-09-14 | 2007-09-14 | Ciphering mode switching method for G bit passive optical fiber network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101515185A CN101388765B (en) | 2007-09-14 | 2007-09-14 | Ciphering mode switching method for G bit passive optical fiber network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101388765A true CN101388765A (en) | 2009-03-18 |
| CN101388765B CN101388765B (en) | 2011-03-16 |
Family
ID=40477961
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101515185A Expired - Fee Related CN101388765B (en) | 2007-09-14 | 2007-09-14 | Ciphering mode switching method for G bit passive optical fiber network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101388765B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010145116A1 (en) * | 2009-06-18 | 2010-12-23 | 中兴通讯股份有限公司 | Method for key updating in gigabit-capable passive optical network and optical line terminal thereof |
| WO2016184238A1 (en) * | 2015-05-18 | 2016-11-24 | 中兴通讯股份有限公司 | Key update method, apparatus and system based on optical transport network (otn) |
| CN112929324A (en) * | 2019-12-06 | 2021-06-08 | 中兴通讯股份有限公司 | Encryption and non-encryption switching method, device, equipment and storage medium |
-
2007
- 2007-09-14 CN CN2007101515185A patent/CN101388765B/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010145116A1 (en) * | 2009-06-18 | 2010-12-23 | 中兴通讯股份有限公司 | Method for key updating in gigabit-capable passive optical network and optical line terminal thereof |
| WO2016184238A1 (en) * | 2015-05-18 | 2016-11-24 | 中兴通讯股份有限公司 | Key update method, apparatus and system based on optical transport network (otn) |
| CN106301768A (en) * | 2015-05-18 | 2017-01-04 | 中兴通讯股份有限公司 | A kind of methods, devices and systems of key updating based on Optical Transmission Network OTN OTN |
| CN106301768B (en) * | 2015-05-18 | 2020-04-28 | 中兴通讯股份有限公司 | Method, device and system for updating key based on optical transport network OTN |
| CN112929324A (en) * | 2019-12-06 | 2021-06-08 | 中兴通讯股份有限公司 | Encryption and non-encryption switching method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101388765B (en) | 2011-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101102152B (en) | Method for guaranteeing data security in passive optical network | |
| US8442229B2 (en) | Method and apparatus for providing security in a passive optical network | |
| WO2005112336A1 (en) | Pon system having encryption function and encryption method of the pon system | |
| CN101183934A (en) | Cipher key updating method in passive optical network | |
| CN101998193B (en) | The cryptographic key protection method of EPON and system | |
| CN101247220B (en) | Method for cryptographic key exchange of passive optical network system | |
| CN101388765B (en) | Ciphering mode switching method for G bit passive optical fiber network system | |
| CN102035642B (en) | Selection and synchronization method for counter in block cipher counter running mode | |
| CN101499898A (en) | Method and apparatus for cipher key interaction | |
| CN103166758A (en) | Method and system for gigabit-capable passive optical network (GPON) uplink advanced encryption standard (AES) encryption key updating | |
| CN101388806B (en) | Cipher consistency detection method and apparatus | |
| JP5368519B2 (en) | Optical line termination device and key switching method | |
| CN103516515A (en) | Encryption/decryption seamless switch achieving method, OLT and ONU in GPON system | |
| CN101394265B (en) | Ciphering mode switching method for G bit passive optical fiber network system | |
| CN103684762A (en) | Method for enhancing transmission security in PON (Passive Optical Network) | |
| CN103138918A (en) | Method, device and system of avoiding gigabit passive optical network (GPON) system encryption enabling instant packet loss | |
| CN113382317B (en) | Optical communication method, system, OLT and ONU | |
| KR100789383B1 (en) | Apparatus and method for transmitting gem frame in olt of gigabit capable passive optical network | |
| CN101800914B (en) | Key switching method and system | |
| KR100611902B1 (en) | Apparatus For OLT Churning Processing In ATM PON System | |
| CN101547088A (en) | Method and equipment for key management and passive optical network | |
| CN103684704A (en) | Method and device for port ID encryption and decryption enable switching of optical network transmission system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110316 Termination date: 20170914 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |