CN109039600A - The method and system of consulted encryption algorithm in a kind of passive optical network - Google Patents

The method and system of consulted encryption algorithm in a kind of passive optical network Download PDF

Info

Publication number
CN109039600A
CN109039600A CN201810778074.6A CN201810778074A CN109039600A CN 109039600 A CN109039600 A CN 109039600A CN 201810778074 A CN201810778074 A CN 201810778074A CN 109039600 A CN109039600 A CN 109039600A
Authority
CN
China
Prior art keywords
encryption algorithm
onu
message
mic value
serial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810778074.6A
Other languages
Chinese (zh)
Other versions
CN109039600B (en
Inventor
李祥辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fiberhome Telecommunication Technologies Co Ltd
Wuhan Fisilink Microelectronics Technology Co Ltd
Original Assignee
Fiberhome Telecommunication Technologies Co Ltd
Wuhan Fisilink Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fiberhome Telecommunication Technologies Co Ltd, Wuhan Fisilink Microelectronics Technology Co Ltd filed Critical Fiberhome Telecommunication Technologies Co Ltd
Priority to CN201810778074.6A priority Critical patent/CN109039600B/en
Publication of CN109039600A publication Critical patent/CN109039600A/en
Priority to PCT/CN2019/070158 priority patent/WO2020015338A1/en
Application granted granted Critical
Publication of CN109039600B publication Critical patent/CN109039600B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q11/0067Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring

Abstract

The method and system of consulted encryption algorithm in a kind of passive optical network, the passive optical network being related in the communications field, OLT support multiple encryption algorithms for periodically broadcasting the Profile message of every kind of Encryption Algorithm to ONU;Each ONU chooses a kind of Profile message for receiving various Profile message, and according to the Encryption Algorithm that itself is supported, generates Serial_Number_ONU message using identical Encryption Algorithm and replys.OLT selects identical Encryption Algorithm according to the Serial_Number_ONU message of each ONU, the Encryption Algorithm negotiated as the OLT and ONU.Agreement of the present invention without increasing or modifying existing international standard, realizes support of the PON system to multiple encryption algorithms, and compatible with ONU/OLT in existing net.

Description

The method and system of consulted encryption algorithm in a kind of passive optical network
Technical field
The present invention relates to the passive optical networks in the communications field, and in particular to negotiates in a kind of passive optical network The method and system of Encryption Algorithm.
Background technique
In recent years, PON (Passive Optical Network, passive optical network) accesses skill as a kind of high speed bandwidth Art is rapidly developed.PON system is generally by OLT (Optical Line Terminal, optical line terminal), ODN (Optical Distribution Network, Optical Distribution Network) and ONU (Optical Network Unit, optical network unit) composition.? Data are broadcast to all ONU by ODN by down direction, OLT;In up direction, in order to avoid light conflict, then the time-division is used The mode of multiplexing.
Since the data of downlink use broadcast mode, the data of uplink then need to be then sent through after being converged by ODN There is stolen risk in OLT, therefore, the data of uplink and downlink.PON system related ITU international standard (such as XGPON standard ITU-T G.987.3, NGPON2 standard ITU-T G.989.3 with XGS-PON standard ITU-T G.9807.1) In, all introduce the function of encryption and decryption.But a kind of enciphering and deciphering algorithm is specified only in these international standards --- aes algorithm (Advanced Encryption Standard, advanced encryption algorithm), each ONU use independent key, and periodically more New key, to ensure the reliability encrypted.
But in practical applications, PON product is required to adapt to country variant, different regions and heterogeneous networks operator Demand, country variant, area or network operator may require that different Encryption Algorithm can be used.And existing PON is international In standard, there is no the supports considered to more Encryption Algorithm, therefore are not able to satisfy country variant, area or network operator couple The demand of PON equipment requirement support multiple encryption algorithms.
In existing realization technology, such as: " the Encryption Algorithm in PON system that number of patent application is 200610078931.9 Machinery of consultation " proposes a kind of by modification OMCI (ONU management and control interface, ONU management Control interface) management agreement method, different Encryption Algorithm, the disadvantages of this method are negotiated by modified OMCI message It is to need to modify existing OMCI agreement.Also, support many algorithms OLT/ONU, with ONU/OLT in existing net it is incompatible or Needing to upgrade ONU/OLT in existing net could be compatible with.
Summary of the invention
In view of the deficiencies in the prior art, the purpose of the present invention is to provide negotiate in a kind of passive optical network The method and system of Encryption Algorithm realize that PON system calculates a variety of encryptions without increasing or modifying the agreement of existing international standard The support of method, and it is compatible with ONU/OLT in existing net.
To achieve the above objectives, the method that the present invention takes consulted encryption algorithm in a kind of passive optical network, comprising: Optical line terminal OLT periodically adds to identical every kind of optical network unit ONU broadcasted content according to the encryption algorithm type of support The Profile message of close algorithm;Receive ONU Serial_Number_ONU message, Serial_Number_ONU message be by What Encryption Algorithm obtained by a kind of Profile message of ONU selection calculated;It selects identical as Serial_Number_ONU message Encryption Algorithm, as with send the Serial_Number_ONU message ONU negotiate Encryption Algorithm.
Based on the above technical solution, the Profile message of every kind of Encryption Algorithm and the Serial_ Message integrity check MIC value is carried in Number_ONU message, MIC value is generated according to the key in every kind of Encryption Algorithm.
Based on the above technical solution, selection Encryption Algorithm identical with Serial_Number_ONU message Include: in the received Serial_Number_ONU message of key pair by every kind of Encryption Algorithm MIC value verified, select Encryption algorithm type used by the Serial_Number_ONU message that MIC value verification passes through.
Based on the above technical solution, it when the Encryption Algorithm is the Encryption Algorithm of non-ITU standard, is marked using the world Default key as defined in standard or other non-zero keys.
Based on the above technical solution, the Encryption Algorithm of the non-ITU standard includes state Data Encryption Standard algorithm SM4.
The present invention also provides a kind of methods of consulted encryption algorithm in passive optical network, comprising: ONU periodically connects The Profile message for receiving OLT broadcast and the identical every kind of Encryption Algorithm of content selects itself supported Encryption Algorithm of one kind Profile message, and Serial_Number_ONU message is generated using identical Encryption Algorithm and is sent to OLT, so that OLT is selected Encryption Algorithm identical with Serial_Number_ONU message is selected as consulted encryption algorithm.
Based on the above technical solution, include in the Profile message of every kind of Encryption Algorithm of the OLT broadcast MIC value, MIC value are generated according to the key in every kind of Encryption Algorithm;Have in the Serial_Number_ONU message identical close The identical MIC value that key generates.
Based on the above technical solution, the Profile message package for selecting itself a kind of supported Encryption Algorithm Include: MIC value is verified in the received every kind of Profile message of key pair by supporting Encryption Algorithm, selects MIC value verification By Profile message.
Based on the above technical solution, when the Profile message for selecting itself supported Encryption Algorithm, if depositing Pass through in the MIC value verification of multiple Profile message, is then chosen according to preconfigured rule, random rule or sequencing A kind of Profile message.
Based on the above technical solution, when the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, using the world Default key as defined in standard or other non-zero keys.
Based on the above technical solution, the Encryption Algorithm of the non-ITU standard includes state Data Encryption Standard algorithm SM4.
The present invention also provides a kind of system of consulted encryption algorithm in passive optical network, including OLT and multiple ONU, The OLT supports multiple encryption algorithms, is used to periodically broadcast the Profile message of every kind of Encryption Algorithm to ONU;It is also used to According to the Serial_Number_ONU message of each ONU, identical Encryption Algorithm is selected, is added as what the OLT and ONU negotiated Close algorithm;Each ONU chooses a kind of Profile for receiving various Profile message, and according to the Encryption Algorithm that itself is supported Message is also used to generate Serial_Number_ONU message using identical Encryption Algorithm and reply.
Based on the above technical solution, the Profile message and Serial_Number_ONU message include MIC value, the OLT include:
First MIC value generation module is used to be generated in Profile message according to the key in every kind of Encryption Algorithm MIC value;
First MIC value correction verification module is used to verify each Serial_ respectively according to the key of every kind of Encryption Algorithm MIC value in Number_ONU message;
First choice module is used for the check results according to the first MIC value correction verification module, and MIC value verification is selected to pass through Serial_Number_ONU message, obtain corresponding Encryption Algorithm.
Based on the above technical solution, each ONU includes:
Second MIC value correction verification module is used to verify each Profile message respectively according to the key of every kind of Encryption Algorithm In MIC value;
Second selecting module is used for the check results according to the second MIC value correction verification module, and a kind of MIC value is selected to verify By Profile message;
Second MIC value generation module is used for the Profile message selected according to the second selecting module, is added using identical MIC value in the cipher key calculation outbound message of close algorithm;
Message generating module is used for the MIC value calculated according to the second MIC value generation module, using identical Encryption Algorithm Generate Serial_Number_ONU message.
Based on the above technical solution, in the second MIC value correction verification module, as the MIC of multiple Profile message When value verification passes through, the second selecting module chooses a kind of Profile according to preconfigured rule, random rule or sequencing Message.
Based on the above technical solution, when the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, using the world Default key as defined in standard or other non-zero keys, the Encryption Algorithm of the non-ITU standard include state's Data Encryption Standard algorithm SM4。
The beneficial effects of the present invention are: without increasing or modifying existing international standard protocol, such as ITU international standard OMCI agreement or PLOAM (Physical Layer OAM, physical layer OAM) agreement realize PON system to multiple encryption algorithms Support.
It can support the OLT/ONU of multiple encryption algorithms, and support the direct intercommunication of ONU/OLT of AES in existing net, It does not need update or upgrades the software and hardware of ONU/OLT in existing net.
Detailed description of the invention
Fig. 1 is the method flow diagram of consulted encryption algorithm in the 5th embodiment passive optical network;
Fig. 2 is the system schematic of consulted encryption algorithm in the 8th embodiment passive optical network.
Specific embodiment
Invention is further described in detail with reference to the accompanying drawings and embodiments.
First embodiment
In the present embodiment in passive optical network consulted encryption algorithm method, comprising:
OLT periodically broadcasts the Profile message of every kind of Encryption Algorithm according to the encryption algorithm type of support to ONU, and And the message content of every kind of Encryption Algorithm is identical.
OLT receives the Serial_Number_ONU message that ONU is replied, and Serial_Number_ONU message is led to by ONU It crosses after Encryption Algorithm calculates and generates, the Encryption Algorithm is identical as the Encryption Algorithm of a kind of Profile message that ONU is selected.
OLT selects identical with Serial_Number_ONU message Encryption Algorithm, as with the transmission Serial_ The Encryption Algorithm that the ONU of Number_ONU message negotiates.
Second embodiment
On the basis of first embodiment, the Profile message of every kind of Encryption Algorithm and the Serial_Number_ONU In message, all carrying MIC (message integrity check, message integrity check) value, MIC value are encrypted according to every kind Key in algorithm generates.Therefore, although the Profile message content of every kind of Encryption Algorithm of OLT broadcast is identical, every kind The MIC value of the Profile message of Encryption Algorithm is different.
In the present embodiment, OLT is by the key of every kind of Encryption Algorithm, in received Serial_Number_ONU message MIC value is verified, and abandons MIC value not over the Serial_Number_ONU message of verification.Selection MIC value verification passes through Serial_Number_ONU message used by encryption algorithm type, as with send the Serial_Number_ONU message ONU negotiate Encryption Algorithm.
Preferably, when Encryption Algorithm be non-ITU standard Encryption Algorithm when, adopt international standards as defined in default key or Other non-zero keys of person, for generating MIC value;The Encryption Algorithm of non-ITU standard refers to any in addition to AES in the present embodiment Symmetric encipherment algorithm, such as state Data Encryption Standard algorithm SM4 (GB/T 32907-2016).
3rd embodiment
In the present embodiment in the optical network system of source consulted encryption algorithm method, comprising:
ONU periodically receives the Profile message of every kind of Encryption Algorithm of OLT broadcast, every kind of Profile message it is interior Hold identical.ONU selects a kind of Profile message in received Profile message, according to itself supported Encryption Algorithm, and Serial_Number_ONU message is generated using identical Encryption Algorithm and is sent to OLT, so that OLT selection and Serial_ The identical Encryption Algorithm of Number_ONU message is as consulted encryption algorithm.
Fourth embodiment
The present embodiment wraps in the Profile message of every kind of Encryption Algorithm of OLT broadcast on the basis of 3rd embodiment Containing MIC value, MIC value is generated according to the key in every kind of Encryption Algorithm.ONU is generated also to be wrapped in Serial_Number_ONU message Containing MIC value, it is the MIC value that same key generates in the identical Encryption Algorithm according to selected Profile message, disappears with Profile MIC value is identical in breath.
ONU selects a kind of Profile message to specifically include, by supporting the key of Encryption Algorithm, to every kind received MIC value is verified in Profile message, abandon MIC value school do not test by Profile message, select MIC value school to pass through Profile message.MIC value verification if there is multiple Profile message passes through, then can be according to preconfigured rule A kind of Profile message is chosen, a kind of Profile message can also be chosen by random rule either sequencing.
Preferably, when Encryption Algorithm be non-ITU standard Encryption Algorithm when, adopt international standards as defined in default key or Other non-zero keys of person, for generating the MIC value in Serial_Number_ONU message;Non- ITU standard adds in the present embodiment Close algorithm refers to any symmetric encipherment algorithm in addition to AES, such as state Data Encryption Standard algorithm SM4 (GB/T 32907-2016).
5th embodiment
As shown in Figure 1, in the present embodiment passive optical network consulted encryption algorithm method, specifically include following step It is rapid:
S101.OLT calculates the MIC value of every kind of algorithm Profile message, and period according to the encryption algorithm type of support Property broadcasts the Profile message of every kind of Encryption Algorithm.
Wherein, the Profile message content of every kind of Encryption Algorithm is consistent, but since MIC value is according in every kind of Encryption Algorithm Key generate, therefore MIC value is different in every kind of Profile message.Also, it when using the Encryption Algorithm of non-ITU standard, uses Default key as defined in international standard or other non-zero keys, the Encryption Algorithm of non-ITU standard refers to except AES in the present embodiment Except any symmetric encipherment algorithm, such as state Data Encryption Standard algorithm SM4 (GB/T32907-2016).
S102.ONU receives various Profile message, according to the encryption algorithm type that the ONU is supported, to various Profile MIC value is verified in message, and judges whether verification passes through, if so, into S103;If not, into S104.
S103. it abandons MIC value and verifies unsanctioned Profile message, epicycle verification terminates.
S104. selection MIC value verifies the Profile message passed through.Wherein, if there is the MIC of multiple Profile message Value verification passes through, and disappears then can choose a kind of Profile according to preconfigured rule, random rule either sequencing Breath.
S105.ONU uses Encryption Algorithm identical with selected Profile message, passes through the cipher key calculation of the Encryption Algorithm The MIC value of Serial_Number_ONU message, and Serial_Number_ONU message is replied to OLT.
After S106.OLT receives Serial_Number_ONU message, using the key pair Serial_ of different Encryption Algorithm The MIC value that Number_ONU message carries is verified, and Encryption Algorithm corresponding to the key for selecting MIC value verification to pass through is made For a kind of Encryption Algorithm that ONU corresponding with the Serial_Number_ONU message negotiates, i.e. the OLT and ONU is using consistent Encryption Algorithm.
Sixth embodiment
The present embodiment be based on the 5th embodiment, be under the premise of existing net only supports the ONU/OLT of AES, without update or ONU/OLT software and hardware in the existing net of upgrading, the method for realizing direct intercommunication specifically include:
When supporting the OLT access of multiple encryption algorithms now to net, downlink working mode is constant.The ONU now netted is only supported Aes algorithm, OLT are broadcasted in various Profile message, only can pass through school in the side ONU using the Profile message of aes algorithm It tests.ONU selects aes algorithm, and calculates MIC value using aes algorithm in the Serial_Number_ONU message of reply.OLT exists After receiving Serial_Number_ONU message, the MIC verification of only aes algorithm can pass through, OLT and ONU key algorithm is negotiated Result be AES, required with existing net consistent, be directly realized by intercommunication.
When supporting the ONU access of multiple encryption algorithms now to net, OLT, which can be broadcasted only, calculates MIC value using AES Profile message, ONU carry out MIC verification, and the MIC verification of only aes algorithm can pass through, and ONU is calculated using aes algorithm Serial_Number_ONU message MIC value simultaneously replys the message, and OLT is adopted after receiving Serial_Number_ONU message MIC verification is carried out with aes algorithm, if verification passes through, the result that OLT and ONU key algorithm is negotiated is AES, requires one with existing net It causes.
7th embodiment
In the present embodiment in passive optical network consulted encryption algorithm system, including OLT and multiple ONU, in which:
OLT supports multiple encryption algorithms, is used to periodically broadcast the Profile message of every kind of Encryption Algorithm to each ONU, The Profile message content of every kind of Encryption Algorithm is identical.OLT is also used to be disappeared according to the Serial_Number_ONU of each ONU Breath, selects identical Encryption Algorithm, the Encryption Algorithm negotiated as the OLT and ONU.
Each ONU chooses one kind for receiving various Profile message, and according to the Encryption Algorithm that itself is supported Profile message.ONU is also used to generate Serial_Number_ONU message using identical Encryption Algorithm and replies to OLT.
8th embodiment
The present embodiment is based on the 7th embodiment, and Profile message and Serial_Number_ONU message include MIC value. As shown in Fig. 2, being described in detail with the internal module of OLT and ONU.OLT includes the first MIC value generation module, first MIC value correction verification module and first choice module.Each ONU includes the second MIC value correction verification module, the second selecting module, the 2nd MIC It is worth generation module and message generating module.
First MIC value generation module, for generating the MIC in Profile message according to the key in every kind of Encryption Algorithm Value.
Second MIC value correction verification module, is used for the key according to every kind of Encryption Algorithm, verifies every kind of Profile respectively and disappears MIC value in breath.
Second selecting module is used for the check results according to the second MIC value correction verification module, and a kind of MIC value is selected to verify By Profile message.Wherein, when the verification of the MIC value of multiple Profile message passes through, the second selecting module is according to pre- Rule, random rule or the sequencing first configured chooses a kind of Profile message.
Second MIC value generation module is used for the Profile message selected according to the second selecting module, is added using identical MIC value in the cipher key calculation outbound message of close algorithm.
Message generating module is used for the MIC value calculated according to the second MIC value generation module, using identical Encryption Algorithm Serial_Number_ONU message is generated, and replies to OLT.
First MIC value correction verification module is used to verify each Serial_ respectively according to the key of every kind of Encryption Algorithm MIC value in Number_ONU message.
First choice module is used for the check results according to the first MIC value correction verification module, and MIC value verification is selected to pass through Serial_Number_ONU message, obtain corresponding Encryption Algorithm.The Encryption Algorithm is to negotiate in passive optical network Encryption Algorithm.
Wherein, when the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, defined default key of adopting international standards Or other non-zero keys, the Encryption Algorithm of the non-ITU standard include state Data Encryption Standard algorithm SM4.
The present invention is not limited to the above-described embodiments, for those skilled in the art, is not departing from Under the premise of the principle of the invention, several improvements and modifications can also be made, these improvements and modifications are also considered as protection of the invention Within the scope of.The content being not described in detail in this specification belongs to the prior art well known to professional and technical personnel in the field.

Claims (16)

1. a kind of method of consulted encryption algorithm in passive optical network characterized by comprising
Optical line terminal OLT is periodically identical every to optical network unit ONU broadcasted content according to the encryption algorithm type of support The Profile message of kind Encryption Algorithm;
The Serial_Number_ONU message of ONU is received, Serial_Number_ONU message is the one kind selected by ONU What Encryption Algorithm obtained by Profile message calculated;
Encryption Algorithm identical with Serial_Number_ONU message is selected, is disappeared as the Serial_Number_ONU with transmission The Encryption Algorithm that the ONU of breath negotiates.
2. the method for consulted encryption algorithm in passive optical network as described in claim 1, it is characterised in that: every kind described Message integrity check MIC value is carried in the Profile message of Encryption Algorithm and the Serial_Number_ONU message, MIC value is generated according to the key in every kind of Encryption Algorithm.
3. the method for consulted encryption algorithm in passive optical network as claimed in claim 2, which is characterized in that the selection Encryption Algorithm identical with Serial_Number_ONU message includes:
It is verified, is selected by MIC value in the received Serial_Number_ONU message of the key pair of every kind of Encryption Algorithm Encryption algorithm type used by the Serial_Number_ONU message that MIC value verification passes through.
4. the method for consulted encryption algorithm in passive optical network as claimed in claim 2 or claim 3, it is characterised in that: described When Encryption Algorithm is the Encryption Algorithm of non-ITU standard, adopt international standards defined default key or other non-zero keys.
5. the method for consulted encryption algorithm in passive optical network as claimed in claim 4, it is characterised in that: described non- The Encryption Algorithm of ITU standard includes state Data Encryption Standard algorithm SM4.
6. a kind of method of consulted encryption algorithm in passive optical network characterized by comprising ONU is periodically received The Profile message of OLT broadcast and the identical every kind of Encryption Algorithm of content selects itself supported Encryption Algorithm of one kind Profile message, and Serial_Number_ONU message is generated using identical Encryption Algorithm and is sent to OLT, so that OLT is selected Encryption Algorithm identical with Serial_Number_ONU message is selected as consulted encryption algorithm.
7. the method for consulted encryption algorithm in passive optical network as claimed in claim 6, it is characterised in that: the OLT It include MIC value in the Profile message of every kind of Encryption Algorithm of broadcast, MIC value is raw according to the key in every kind of Encryption Algorithm At;The identical MIC value generated in the Serial_Number_ONU message with same key.
8. the method for consulted encryption algorithm in passive optical network as claimed in claim 7, which is characterized in that the selection A kind of Profile message of itself supported Encryption Algorithm includes:
MIC value is verified in the received every kind of Profile message of key pair by supporting Encryption Algorithm, selects MIC value school Test by Profile message.
9. the method for consulted encryption algorithm in passive optical network as claimed in claim 8, it is characterised in that: the selection When the Profile message of itself supported Encryption Algorithm, the MIC value verification of multiple Profile message passes through if it exists, then basis Preconfigured rule, random rule or sequencing choose a kind of Profile message.
10. such as the method for consulted encryption algorithm in the described in any item passive optical networks of claim 7-9, feature exists When: the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, adopt international standards as defined in default key or other are non- Zero key.
11. the method for consulted encryption algorithm in passive optical network as claimed in claim 10, it is characterised in that: described non- The Encryption Algorithm of ITU standard includes state Data Encryption Standard algorithm SM4.
12. the system of consulted encryption algorithm in a kind of passive optical network, including OLT and multiple ONU, it is characterised in that:
The OLT supports multiple encryption algorithms, is used to periodically broadcast the Profile message of every kind of Encryption Algorithm to ONU;Also For the Serial_Number_ONU message according to each ONU, identical Encryption Algorithm is selected, is negotiated as the OLT and ONU Encryption Algorithm;
Each ONU chooses a kind of Profile according to the Encryption Algorithm that itself is supported and disappears for receiving various Profile message Breath is also used to generate Serial_Number_ONU message using identical Encryption Algorithm and reply.
13. the system of consulted encryption algorithm in passive optical network as claimed in claim 12, which is characterized in that described Profile message and Serial_Number_ONU message include MIC value, and the OLT includes:
First MIC value generation module is used to generate the MIC value in Profile message according to the key in every kind of Encryption Algorithm;
First MIC value correction verification module is used to verify each Serial_Number_ respectively according to the key of every kind of Encryption Algorithm MIC value in ONU message;
First choice module is used for the check results according to the first MIC value correction verification module, and MIC value verification is selected to pass through Serial_Number_ONU message obtains corresponding Encryption Algorithm.
14. the system of consulted encryption algorithm in passive optical network as claimed in claim 13, which is characterized in that each ONU includes:
Second MIC value correction verification module is used to be verified respectively according to the key of every kind of Encryption Algorithm in each Profile message MIC value;
Second selecting module is used for the check results according to the second MIC value correction verification module, and a kind of MIC value verification is selected to pass through Profile message;
Second MIC value generation module is used for the Profile message selected according to the second selecting module, is calculated using identical encryption MIC value in the cipher key calculation outbound message of method;
Message generating module is used for the MIC value calculated according to the second MIC value generation module, is generated using identical Encryption Algorithm Serial_Number_ONU message.
15. the system of consulted encryption algorithm in passive optical network as claimed in claim 14, it is characterised in that: described In two MIC value correction verification modules, when the verification of the MIC value of multiple Profile message passes through, the second selecting module is according to being pre-configured with Rule, random rule or sequencing choose a kind of Profile message.
16. such as the system of consulted encryption algorithm in the described in any item passive optical networks of claim 13-15, feature exists When: the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, adopt international standards as defined in default key or other are non- Zero key, the Encryption Algorithm of the non-ITU standard include state Data Encryption Standard algorithm SM4.
CN201810778074.6A 2018-07-16 2018-07-16 Method and system for negotiating encryption algorithm in passive optical network system Active CN109039600B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810778074.6A CN109039600B (en) 2018-07-16 2018-07-16 Method and system for negotiating encryption algorithm in passive optical network system
PCT/CN2019/070158 WO2020015338A1 (en) 2018-07-16 2019-01-03 Method and system for negotiating encryption algorithm in passive optical network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810778074.6A CN109039600B (en) 2018-07-16 2018-07-16 Method and system for negotiating encryption algorithm in passive optical network system

Publications (2)

Publication Number Publication Date
CN109039600A true CN109039600A (en) 2018-12-18
CN109039600B CN109039600B (en) 2020-01-07

Family

ID=64642563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810778074.6A Active CN109039600B (en) 2018-07-16 2018-07-16 Method and system for negotiating encryption algorithm in passive optical network system

Country Status (2)

Country Link
CN (1) CN109039600B (en)
WO (1) WO2020015338A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110620792A (en) * 2019-10-24 2019-12-27 福建星网视易信息系统有限公司 Communication encryption method, communication device, system, and computer-readable storage medium
WO2020015338A1 (en) * 2018-07-16 2020-01-23 烽火通信科技股份有限公司 Method and system for negotiating encryption algorithm in passive optical network system
CN116074413A (en) * 2023-01-28 2023-05-05 天津科谱技术有限公司 Message transmission method, device, equipment and storage medium of communication network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070201698A1 (en) * 2003-07-09 2007-08-30 Huh Jae D Key management device and method for providing security service in Ethernet-based passive optical network
CN102656838A (en) * 2009-07-31 2012-09-05 华为技术有限公司 Optical network terminal management control interface-based passive optical network security enhancement
CN103955654A (en) * 2014-04-02 2014-07-30 西北工业大学 USB (Universal Serial Bus) flash disk secure storage method based on virtual file system
CN107566125A (en) * 2017-09-01 2018-01-09 捷德(中国)信息科技有限公司 The safety certifying method that a kind of more algorithms combine

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039600B (en) * 2018-07-16 2020-01-07 烽火通信科技股份有限公司 Method and system for negotiating encryption algorithm in passive optical network system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070201698A1 (en) * 2003-07-09 2007-08-30 Huh Jae D Key management device and method for providing security service in Ethernet-based passive optical network
CN102656838A (en) * 2009-07-31 2012-09-05 华为技术有限公司 Optical network terminal management control interface-based passive optical network security enhancement
CN103955654A (en) * 2014-04-02 2014-07-30 西北工业大学 USB (Universal Serial Bus) flash disk secure storage method based on virtual file system
CN107566125A (en) * 2017-09-01 2018-01-09 捷德(中国)信息科技有限公司 The safety certifying method that a kind of more algorithms combine

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020015338A1 (en) * 2018-07-16 2020-01-23 烽火通信科技股份有限公司 Method and system for negotiating encryption algorithm in passive optical network system
CN110620792A (en) * 2019-10-24 2019-12-27 福建星网视易信息系统有限公司 Communication encryption method, communication device, system, and computer-readable storage medium
CN116074413A (en) * 2023-01-28 2023-05-05 天津科谱技术有限公司 Message transmission method, device, equipment and storage medium of communication network

Also Published As

Publication number Publication date
CN109039600B (en) 2020-01-07
WO2020015338A1 (en) 2020-01-23

Similar Documents

Publication Publication Date Title
CN105027482B (en) Certification in Ethernet passive optical network and initial key exchange on coaxial network
AU2010278478B2 (en) Optical network terminal management control interface-based passive optical network security enhancement
US7853801B2 (en) System and method for providing authenticated encryption in GPON network
US8490159B2 (en) Method for increasing security in a passive optical network
Wu et al. An XG-PON module for the NS-3 network simulator
US8948401B2 (en) Method for filtering of abnormal ONT with same serial number in a GPON system
CN109039600A (en) The method and system of consulted encryption algorithm in a kind of passive optical network
EP2439871B1 (en) Method and device for encrypting multicast service in passive optical network system
CN111885436B (en) Distribution network automatic communication system based on EPON technology
CN101282177B (en) Data transmission method and terminal
CN101998180B (en) Method and system for supporting version compatibility between optical line terminal and optical network unit
WO2022062948A1 (en) Secure communication method and apparatus for passive optical network
CN117579182A (en) Service encryption method of passive optical network system, electronic equipment and storage medium
CN116743380A (en) OTN encryption communication method and system based on quantum key distribution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant