CN109039600A - The method and system of consulted encryption algorithm in a kind of passive optical network - Google Patents
The method and system of consulted encryption algorithm in a kind of passive optical network Download PDFInfo
- Publication number
- CN109039600A CN109039600A CN201810778074.6A CN201810778074A CN109039600A CN 109039600 A CN109039600 A CN 109039600A CN 201810778074 A CN201810778074 A CN 201810778074A CN 109039600 A CN109039600 A CN 109039600A
- Authority
- CN
- China
- Prior art keywords
- encryption algorithm
- onu
- message
- mic value
- serial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q11/0067—Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
Abstract
The method and system of consulted encryption algorithm in a kind of passive optical network, the passive optical network being related in the communications field, OLT support multiple encryption algorithms for periodically broadcasting the Profile message of every kind of Encryption Algorithm to ONU;Each ONU chooses a kind of Profile message for receiving various Profile message, and according to the Encryption Algorithm that itself is supported, generates Serial_Number_ONU message using identical Encryption Algorithm and replys.OLT selects identical Encryption Algorithm according to the Serial_Number_ONU message of each ONU, the Encryption Algorithm negotiated as the OLT and ONU.Agreement of the present invention without increasing or modifying existing international standard, realizes support of the PON system to multiple encryption algorithms, and compatible with ONU/OLT in existing net.
Description
Technical field
The present invention relates to the passive optical networks in the communications field, and in particular to negotiates in a kind of passive optical network
The method and system of Encryption Algorithm.
Background technique
In recent years, PON (Passive Optical Network, passive optical network) accesses skill as a kind of high speed bandwidth
Art is rapidly developed.PON system is generally by OLT (Optical Line Terminal, optical line terminal), ODN (Optical
Distribution Network, Optical Distribution Network) and ONU (Optical Network Unit, optical network unit) composition.?
Data are broadcast to all ONU by ODN by down direction, OLT;In up direction, in order to avoid light conflict, then the time-division is used
The mode of multiplexing.
Since the data of downlink use broadcast mode, the data of uplink then need to be then sent through after being converged by ODN
There is stolen risk in OLT, therefore, the data of uplink and downlink.PON system related ITU international standard (such as
XGPON standard ITU-T G.987.3, NGPON2 standard ITU-T G.989.3 with XGS-PON standard ITU-T G.9807.1)
In, all introduce the function of encryption and decryption.But a kind of enciphering and deciphering algorithm is specified only in these international standards --- aes algorithm
(Advanced Encryption Standard, advanced encryption algorithm), each ONU use independent key, and periodically more
New key, to ensure the reliability encrypted.
But in practical applications, PON product is required to adapt to country variant, different regions and heterogeneous networks operator
Demand, country variant, area or network operator may require that different Encryption Algorithm can be used.And existing PON is international
In standard, there is no the supports considered to more Encryption Algorithm, therefore are not able to satisfy country variant, area or network operator couple
The demand of PON equipment requirement support multiple encryption algorithms.
In existing realization technology, such as: " the Encryption Algorithm in PON system that number of patent application is 200610078931.9
Machinery of consultation " proposes a kind of by modification OMCI (ONU management and control interface, ONU management
Control interface) management agreement method, different Encryption Algorithm, the disadvantages of this method are negotiated by modified OMCI message
It is to need to modify existing OMCI agreement.Also, support many algorithms OLT/ONU, with ONU/OLT in existing net it is incompatible or
Needing to upgrade ONU/OLT in existing net could be compatible with.
Summary of the invention
In view of the deficiencies in the prior art, the purpose of the present invention is to provide negotiate in a kind of passive optical network
The method and system of Encryption Algorithm realize that PON system calculates a variety of encryptions without increasing or modifying the agreement of existing international standard
The support of method, and it is compatible with ONU/OLT in existing net.
To achieve the above objectives, the method that the present invention takes consulted encryption algorithm in a kind of passive optical network, comprising:
Optical line terminal OLT periodically adds to identical every kind of optical network unit ONU broadcasted content according to the encryption algorithm type of support
The Profile message of close algorithm;Receive ONU Serial_Number_ONU message, Serial_Number_ONU message be by
What Encryption Algorithm obtained by a kind of Profile message of ONU selection calculated;It selects identical as Serial_Number_ONU message
Encryption Algorithm, as with send the Serial_Number_ONU message ONU negotiate Encryption Algorithm.
Based on the above technical solution, the Profile message of every kind of Encryption Algorithm and the Serial_
Message integrity check MIC value is carried in Number_ONU message, MIC value is generated according to the key in every kind of Encryption Algorithm.
Based on the above technical solution, selection Encryption Algorithm identical with Serial_Number_ONU message
Include: in the received Serial_Number_ONU message of key pair by every kind of Encryption Algorithm MIC value verified, select
Encryption algorithm type used by the Serial_Number_ONU message that MIC value verification passes through.
Based on the above technical solution, it when the Encryption Algorithm is the Encryption Algorithm of non-ITU standard, is marked using the world
Default key as defined in standard or other non-zero keys.
Based on the above technical solution, the Encryption Algorithm of the non-ITU standard includes state Data Encryption Standard algorithm SM4.
The present invention also provides a kind of methods of consulted encryption algorithm in passive optical network, comprising: ONU periodically connects
The Profile message for receiving OLT broadcast and the identical every kind of Encryption Algorithm of content selects itself supported Encryption Algorithm of one kind
Profile message, and Serial_Number_ONU message is generated using identical Encryption Algorithm and is sent to OLT, so that OLT is selected
Encryption Algorithm identical with Serial_Number_ONU message is selected as consulted encryption algorithm.
Based on the above technical solution, include in the Profile message of every kind of Encryption Algorithm of the OLT broadcast
MIC value, MIC value are generated according to the key in every kind of Encryption Algorithm;Have in the Serial_Number_ONU message identical close
The identical MIC value that key generates.
Based on the above technical solution, the Profile message package for selecting itself a kind of supported Encryption Algorithm
Include: MIC value is verified in the received every kind of Profile message of key pair by supporting Encryption Algorithm, selects MIC value verification
By Profile message.
Based on the above technical solution, when the Profile message for selecting itself supported Encryption Algorithm, if depositing
Pass through in the MIC value verification of multiple Profile message, is then chosen according to preconfigured rule, random rule or sequencing
A kind of Profile message.
Based on the above technical solution, when the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, using the world
Default key as defined in standard or other non-zero keys.
Based on the above technical solution, the Encryption Algorithm of the non-ITU standard includes state Data Encryption Standard algorithm SM4.
The present invention also provides a kind of system of consulted encryption algorithm in passive optical network, including OLT and multiple ONU,
The OLT supports multiple encryption algorithms, is used to periodically broadcast the Profile message of every kind of Encryption Algorithm to ONU;It is also used to
According to the Serial_Number_ONU message of each ONU, identical Encryption Algorithm is selected, is added as what the OLT and ONU negotiated
Close algorithm;Each ONU chooses a kind of Profile for receiving various Profile message, and according to the Encryption Algorithm that itself is supported
Message is also used to generate Serial_Number_ONU message using identical Encryption Algorithm and reply.
Based on the above technical solution, the Profile message and Serial_Number_ONU message include
MIC value, the OLT include:
First MIC value generation module is used to be generated in Profile message according to the key in every kind of Encryption Algorithm
MIC value;
First MIC value correction verification module is used to verify each Serial_ respectively according to the key of every kind of Encryption Algorithm
MIC value in Number_ONU message;
First choice module is used for the check results according to the first MIC value correction verification module, and MIC value verification is selected to pass through
Serial_Number_ONU message, obtain corresponding Encryption Algorithm.
Based on the above technical solution, each ONU includes:
Second MIC value correction verification module is used to verify each Profile message respectively according to the key of every kind of Encryption Algorithm
In MIC value;
Second selecting module is used for the check results according to the second MIC value correction verification module, and a kind of MIC value is selected to verify
By Profile message;
Second MIC value generation module is used for the Profile message selected according to the second selecting module, is added using identical
MIC value in the cipher key calculation outbound message of close algorithm;
Message generating module is used for the MIC value calculated according to the second MIC value generation module, using identical Encryption Algorithm
Generate Serial_Number_ONU message.
Based on the above technical solution, in the second MIC value correction verification module, as the MIC of multiple Profile message
When value verification passes through, the second selecting module chooses a kind of Profile according to preconfigured rule, random rule or sequencing
Message.
Based on the above technical solution, when the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, using the world
Default key as defined in standard or other non-zero keys, the Encryption Algorithm of the non-ITU standard include state's Data Encryption Standard algorithm
SM4。
The beneficial effects of the present invention are: without increasing or modifying existing international standard protocol, such as ITU international standard
OMCI agreement or PLOAM (Physical Layer OAM, physical layer OAM) agreement realize PON system to multiple encryption algorithms
Support.
It can support the OLT/ONU of multiple encryption algorithms, and support the direct intercommunication of ONU/OLT of AES in existing net,
It does not need update or upgrades the software and hardware of ONU/OLT in existing net.
Detailed description of the invention
Fig. 1 is the method flow diagram of consulted encryption algorithm in the 5th embodiment passive optical network;
Fig. 2 is the system schematic of consulted encryption algorithm in the 8th embodiment passive optical network.
Specific embodiment
Invention is further described in detail with reference to the accompanying drawings and embodiments.
First embodiment
In the present embodiment in passive optical network consulted encryption algorithm method, comprising:
OLT periodically broadcasts the Profile message of every kind of Encryption Algorithm according to the encryption algorithm type of support to ONU, and
And the message content of every kind of Encryption Algorithm is identical.
OLT receives the Serial_Number_ONU message that ONU is replied, and Serial_Number_ONU message is led to by ONU
It crosses after Encryption Algorithm calculates and generates, the Encryption Algorithm is identical as the Encryption Algorithm of a kind of Profile message that ONU is selected.
OLT selects identical with Serial_Number_ONU message Encryption Algorithm, as with the transmission Serial_
The Encryption Algorithm that the ONU of Number_ONU message negotiates.
Second embodiment
On the basis of first embodiment, the Profile message of every kind of Encryption Algorithm and the Serial_Number_ONU
In message, all carrying MIC (message integrity check, message integrity check) value, MIC value are encrypted according to every kind
Key in algorithm generates.Therefore, although the Profile message content of every kind of Encryption Algorithm of OLT broadcast is identical, every kind
The MIC value of the Profile message of Encryption Algorithm is different.
In the present embodiment, OLT is by the key of every kind of Encryption Algorithm, in received Serial_Number_ONU message
MIC value is verified, and abandons MIC value not over the Serial_Number_ONU message of verification.Selection MIC value verification passes through
Serial_Number_ONU message used by encryption algorithm type, as with send the Serial_Number_ONU message
ONU negotiate Encryption Algorithm.
Preferably, when Encryption Algorithm be non-ITU standard Encryption Algorithm when, adopt international standards as defined in default key or
Other non-zero keys of person, for generating MIC value;The Encryption Algorithm of non-ITU standard refers to any in addition to AES in the present embodiment
Symmetric encipherment algorithm, such as state Data Encryption Standard algorithm SM4 (GB/T 32907-2016).
3rd embodiment
In the present embodiment in the optical network system of source consulted encryption algorithm method, comprising:
ONU periodically receives the Profile message of every kind of Encryption Algorithm of OLT broadcast, every kind of Profile message it is interior
Hold identical.ONU selects a kind of Profile message in received Profile message, according to itself supported Encryption Algorithm, and
Serial_Number_ONU message is generated using identical Encryption Algorithm and is sent to OLT, so that OLT selection and Serial_
The identical Encryption Algorithm of Number_ONU message is as consulted encryption algorithm.
Fourth embodiment
The present embodiment wraps in the Profile message of every kind of Encryption Algorithm of OLT broadcast on the basis of 3rd embodiment
Containing MIC value, MIC value is generated according to the key in every kind of Encryption Algorithm.ONU is generated also to be wrapped in Serial_Number_ONU message
Containing MIC value, it is the MIC value that same key generates in the identical Encryption Algorithm according to selected Profile message, disappears with Profile
MIC value is identical in breath.
ONU selects a kind of Profile message to specifically include, by supporting the key of Encryption Algorithm, to every kind received
MIC value is verified in Profile message, abandon MIC value school do not test by Profile message, select MIC value school to pass through
Profile message.MIC value verification if there is multiple Profile message passes through, then can be according to preconfigured rule
A kind of Profile message is chosen, a kind of Profile message can also be chosen by random rule either sequencing.
Preferably, when Encryption Algorithm be non-ITU standard Encryption Algorithm when, adopt international standards as defined in default key or
Other non-zero keys of person, for generating the MIC value in Serial_Number_ONU message;Non- ITU standard adds in the present embodiment
Close algorithm refers to any symmetric encipherment algorithm in addition to AES, such as state Data Encryption Standard algorithm SM4 (GB/T 32907-2016).
5th embodiment
As shown in Figure 1, in the present embodiment passive optical network consulted encryption algorithm method, specifically include following step
It is rapid:
S101.OLT calculates the MIC value of every kind of algorithm Profile message, and period according to the encryption algorithm type of support
Property broadcasts the Profile message of every kind of Encryption Algorithm.
Wherein, the Profile message content of every kind of Encryption Algorithm is consistent, but since MIC value is according in every kind of Encryption Algorithm
Key generate, therefore MIC value is different in every kind of Profile message.Also, it when using the Encryption Algorithm of non-ITU standard, uses
Default key as defined in international standard or other non-zero keys, the Encryption Algorithm of non-ITU standard refers to except AES in the present embodiment
Except any symmetric encipherment algorithm, such as state Data Encryption Standard algorithm SM4 (GB/T32907-2016).
S102.ONU receives various Profile message, according to the encryption algorithm type that the ONU is supported, to various Profile
MIC value is verified in message, and judges whether verification passes through, if so, into S103;If not, into S104.
S103. it abandons MIC value and verifies unsanctioned Profile message, epicycle verification terminates.
S104. selection MIC value verifies the Profile message passed through.Wherein, if there is the MIC of multiple Profile message
Value verification passes through, and disappears then can choose a kind of Profile according to preconfigured rule, random rule either sequencing
Breath.
S105.ONU uses Encryption Algorithm identical with selected Profile message, passes through the cipher key calculation of the Encryption Algorithm
The MIC value of Serial_Number_ONU message, and Serial_Number_ONU message is replied to OLT.
After S106.OLT receives Serial_Number_ONU message, using the key pair Serial_ of different Encryption Algorithm
The MIC value that Number_ONU message carries is verified, and Encryption Algorithm corresponding to the key for selecting MIC value verification to pass through is made
For a kind of Encryption Algorithm that ONU corresponding with the Serial_Number_ONU message negotiates, i.e. the OLT and ONU is using consistent
Encryption Algorithm.
Sixth embodiment
The present embodiment be based on the 5th embodiment, be under the premise of existing net only supports the ONU/OLT of AES, without update or
ONU/OLT software and hardware in the existing net of upgrading, the method for realizing direct intercommunication specifically include:
When supporting the OLT access of multiple encryption algorithms now to net, downlink working mode is constant.The ONU now netted is only supported
Aes algorithm, OLT are broadcasted in various Profile message, only can pass through school in the side ONU using the Profile message of aes algorithm
It tests.ONU selects aes algorithm, and calculates MIC value using aes algorithm in the Serial_Number_ONU message of reply.OLT exists
After receiving Serial_Number_ONU message, the MIC verification of only aes algorithm can pass through, OLT and ONU key algorithm is negotiated
Result be AES, required with existing net consistent, be directly realized by intercommunication.
When supporting the ONU access of multiple encryption algorithms now to net, OLT, which can be broadcasted only, calculates MIC value using AES
Profile message, ONU carry out MIC verification, and the MIC verification of only aes algorithm can pass through, and ONU is calculated using aes algorithm
Serial_Number_ONU message MIC value simultaneously replys the message, and OLT is adopted after receiving Serial_Number_ONU message
MIC verification is carried out with aes algorithm, if verification passes through, the result that OLT and ONU key algorithm is negotiated is AES, requires one with existing net
It causes.
7th embodiment
In the present embodiment in passive optical network consulted encryption algorithm system, including OLT and multiple ONU, in which:
OLT supports multiple encryption algorithms, is used to periodically broadcast the Profile message of every kind of Encryption Algorithm to each ONU,
The Profile message content of every kind of Encryption Algorithm is identical.OLT is also used to be disappeared according to the Serial_Number_ONU of each ONU
Breath, selects identical Encryption Algorithm, the Encryption Algorithm negotiated as the OLT and ONU.
Each ONU chooses one kind for receiving various Profile message, and according to the Encryption Algorithm that itself is supported
Profile message.ONU is also used to generate Serial_Number_ONU message using identical Encryption Algorithm and replies to OLT.
8th embodiment
The present embodiment is based on the 7th embodiment, and Profile message and Serial_Number_ONU message include MIC value.
As shown in Fig. 2, being described in detail with the internal module of OLT and ONU.OLT includes the first MIC value generation module, first
MIC value correction verification module and first choice module.Each ONU includes the second MIC value correction verification module, the second selecting module, the 2nd MIC
It is worth generation module and message generating module.
First MIC value generation module, for generating the MIC in Profile message according to the key in every kind of Encryption Algorithm
Value.
Second MIC value correction verification module, is used for the key according to every kind of Encryption Algorithm, verifies every kind of Profile respectively and disappears
MIC value in breath.
Second selecting module is used for the check results according to the second MIC value correction verification module, and a kind of MIC value is selected to verify
By Profile message.Wherein, when the verification of the MIC value of multiple Profile message passes through, the second selecting module is according to pre-
Rule, random rule or the sequencing first configured chooses a kind of Profile message.
Second MIC value generation module is used for the Profile message selected according to the second selecting module, is added using identical
MIC value in the cipher key calculation outbound message of close algorithm.
Message generating module is used for the MIC value calculated according to the second MIC value generation module, using identical Encryption Algorithm
Serial_Number_ONU message is generated, and replies to OLT.
First MIC value correction verification module is used to verify each Serial_ respectively according to the key of every kind of Encryption Algorithm
MIC value in Number_ONU message.
First choice module is used for the check results according to the first MIC value correction verification module, and MIC value verification is selected to pass through
Serial_Number_ONU message, obtain corresponding Encryption Algorithm.The Encryption Algorithm is to negotiate in passive optical network
Encryption Algorithm.
Wherein, when the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, defined default key of adopting international standards
Or other non-zero keys, the Encryption Algorithm of the non-ITU standard include state Data Encryption Standard algorithm SM4.
The present invention is not limited to the above-described embodiments, for those skilled in the art, is not departing from
Under the premise of the principle of the invention, several improvements and modifications can also be made, these improvements and modifications are also considered as protection of the invention
Within the scope of.The content being not described in detail in this specification belongs to the prior art well known to professional and technical personnel in the field.
Claims (16)
1. a kind of method of consulted encryption algorithm in passive optical network characterized by comprising
Optical line terminal OLT is periodically identical every to optical network unit ONU broadcasted content according to the encryption algorithm type of support
The Profile message of kind Encryption Algorithm;
The Serial_Number_ONU message of ONU is received, Serial_Number_ONU message is the one kind selected by ONU
What Encryption Algorithm obtained by Profile message calculated;
Encryption Algorithm identical with Serial_Number_ONU message is selected, is disappeared as the Serial_Number_ONU with transmission
The Encryption Algorithm that the ONU of breath negotiates.
2. the method for consulted encryption algorithm in passive optical network as described in claim 1, it is characterised in that: every kind described
Message integrity check MIC value is carried in the Profile message of Encryption Algorithm and the Serial_Number_ONU message,
MIC value is generated according to the key in every kind of Encryption Algorithm.
3. the method for consulted encryption algorithm in passive optical network as claimed in claim 2, which is characterized in that the selection
Encryption Algorithm identical with Serial_Number_ONU message includes:
It is verified, is selected by MIC value in the received Serial_Number_ONU message of the key pair of every kind of Encryption Algorithm
Encryption algorithm type used by the Serial_Number_ONU message that MIC value verification passes through.
4. the method for consulted encryption algorithm in passive optical network as claimed in claim 2 or claim 3, it is characterised in that: described
When Encryption Algorithm is the Encryption Algorithm of non-ITU standard, adopt international standards defined default key or other non-zero keys.
5. the method for consulted encryption algorithm in passive optical network as claimed in claim 4, it is characterised in that: described non-
The Encryption Algorithm of ITU standard includes state Data Encryption Standard algorithm SM4.
6. a kind of method of consulted encryption algorithm in passive optical network characterized by comprising ONU is periodically received
The Profile message of OLT broadcast and the identical every kind of Encryption Algorithm of content selects itself supported Encryption Algorithm of one kind
Profile message, and Serial_Number_ONU message is generated using identical Encryption Algorithm and is sent to OLT, so that OLT is selected
Encryption Algorithm identical with Serial_Number_ONU message is selected as consulted encryption algorithm.
7. the method for consulted encryption algorithm in passive optical network as claimed in claim 6, it is characterised in that: the OLT
It include MIC value in the Profile message of every kind of Encryption Algorithm of broadcast, MIC value is raw according to the key in every kind of Encryption Algorithm
At;The identical MIC value generated in the Serial_Number_ONU message with same key.
8. the method for consulted encryption algorithm in passive optical network as claimed in claim 7, which is characterized in that the selection
A kind of Profile message of itself supported Encryption Algorithm includes:
MIC value is verified in the received every kind of Profile message of key pair by supporting Encryption Algorithm, selects MIC value school
Test by Profile message.
9. the method for consulted encryption algorithm in passive optical network as claimed in claim 8, it is characterised in that: the selection
When the Profile message of itself supported Encryption Algorithm, the MIC value verification of multiple Profile message passes through if it exists, then basis
Preconfigured rule, random rule or sequencing choose a kind of Profile message.
10. such as the method for consulted encryption algorithm in the described in any item passive optical networks of claim 7-9, feature exists
When: the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, adopt international standards as defined in default key or other are non-
Zero key.
11. the method for consulted encryption algorithm in passive optical network as claimed in claim 10, it is characterised in that: described non-
The Encryption Algorithm of ITU standard includes state Data Encryption Standard algorithm SM4.
12. the system of consulted encryption algorithm in a kind of passive optical network, including OLT and multiple ONU, it is characterised in that:
The OLT supports multiple encryption algorithms, is used to periodically broadcast the Profile message of every kind of Encryption Algorithm to ONU;Also
For the Serial_Number_ONU message according to each ONU, identical Encryption Algorithm is selected, is negotiated as the OLT and ONU
Encryption Algorithm;
Each ONU chooses a kind of Profile according to the Encryption Algorithm that itself is supported and disappears for receiving various Profile message
Breath is also used to generate Serial_Number_ONU message using identical Encryption Algorithm and reply.
13. the system of consulted encryption algorithm in passive optical network as claimed in claim 12, which is characterized in that described
Profile message and Serial_Number_ONU message include MIC value, and the OLT includes:
First MIC value generation module is used to generate the MIC value in Profile message according to the key in every kind of Encryption Algorithm;
First MIC value correction verification module is used to verify each Serial_Number_ respectively according to the key of every kind of Encryption Algorithm
MIC value in ONU message;
First choice module is used for the check results according to the first MIC value correction verification module, and MIC value verification is selected to pass through
Serial_Number_ONU message obtains corresponding Encryption Algorithm.
14. the system of consulted encryption algorithm in passive optical network as claimed in claim 13, which is characterized in that each
ONU includes:
Second MIC value correction verification module is used to be verified respectively according to the key of every kind of Encryption Algorithm in each Profile message
MIC value;
Second selecting module is used for the check results according to the second MIC value correction verification module, and a kind of MIC value verification is selected to pass through
Profile message;
Second MIC value generation module is used for the Profile message selected according to the second selecting module, is calculated using identical encryption
MIC value in the cipher key calculation outbound message of method;
Message generating module is used for the MIC value calculated according to the second MIC value generation module, is generated using identical Encryption Algorithm
Serial_Number_ONU message.
15. the system of consulted encryption algorithm in passive optical network as claimed in claim 14, it is characterised in that: described
In two MIC value correction verification modules, when the verification of the MIC value of multiple Profile message passes through, the second selecting module is according to being pre-configured with
Rule, random rule or sequencing choose a kind of Profile message.
16. such as the system of consulted encryption algorithm in the described in any item passive optical networks of claim 13-15, feature exists
When: the Encryption Algorithm uses the Encryption Algorithm of non-ITU standard, adopt international standards as defined in default key or other are non-
Zero key, the Encryption Algorithm of the non-ITU standard include state Data Encryption Standard algorithm SM4.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810778074.6A CN109039600B (en) | 2018-07-16 | 2018-07-16 | Method and system for negotiating encryption algorithm in passive optical network system |
PCT/CN2019/070158 WO2020015338A1 (en) | 2018-07-16 | 2019-01-03 | Method and system for negotiating encryption algorithm in passive optical network system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810778074.6A CN109039600B (en) | 2018-07-16 | 2018-07-16 | Method and system for negotiating encryption algorithm in passive optical network system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109039600A true CN109039600A (en) | 2018-12-18 |
CN109039600B CN109039600B (en) | 2020-01-07 |
Family
ID=64642563
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810778074.6A Active CN109039600B (en) | 2018-07-16 | 2018-07-16 | Method and system for negotiating encryption algorithm in passive optical network system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109039600B (en) |
WO (1) | WO2020015338A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110620792A (en) * | 2019-10-24 | 2019-12-27 | 福建星网视易信息系统有限公司 | Communication encryption method, communication device, system, and computer-readable storage medium |
WO2020015338A1 (en) * | 2018-07-16 | 2020-01-23 | 烽火通信科技股份有限公司 | Method and system for negotiating encryption algorithm in passive optical network system |
CN116074413A (en) * | 2023-01-28 | 2023-05-05 | 天津科谱技术有限公司 | Message transmission method, device, equipment and storage medium of communication network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070201698A1 (en) * | 2003-07-09 | 2007-08-30 | Huh Jae D | Key management device and method for providing security service in Ethernet-based passive optical network |
CN102656838A (en) * | 2009-07-31 | 2012-09-05 | 华为技术有限公司 | Optical network terminal management control interface-based passive optical network security enhancement |
CN103955654A (en) * | 2014-04-02 | 2014-07-30 | 西北工业大学 | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system |
CN107566125A (en) * | 2017-09-01 | 2018-01-09 | 捷德(中国)信息科技有限公司 | The safety certifying method that a kind of more algorithms combine |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109039600B (en) * | 2018-07-16 | 2020-01-07 | 烽火通信科技股份有限公司 | Method and system for negotiating encryption algorithm in passive optical network system |
-
2018
- 2018-07-16 CN CN201810778074.6A patent/CN109039600B/en active Active
-
2019
- 2019-01-03 WO PCT/CN2019/070158 patent/WO2020015338A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070201698A1 (en) * | 2003-07-09 | 2007-08-30 | Huh Jae D | Key management device and method for providing security service in Ethernet-based passive optical network |
CN102656838A (en) * | 2009-07-31 | 2012-09-05 | 华为技术有限公司 | Optical network terminal management control interface-based passive optical network security enhancement |
CN103955654A (en) * | 2014-04-02 | 2014-07-30 | 西北工业大学 | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system |
CN107566125A (en) * | 2017-09-01 | 2018-01-09 | 捷德(中国)信息科技有限公司 | The safety certifying method that a kind of more algorithms combine |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020015338A1 (en) * | 2018-07-16 | 2020-01-23 | 烽火通信科技股份有限公司 | Method and system for negotiating encryption algorithm in passive optical network system |
CN110620792A (en) * | 2019-10-24 | 2019-12-27 | 福建星网视易信息系统有限公司 | Communication encryption method, communication device, system, and computer-readable storage medium |
CN116074413A (en) * | 2023-01-28 | 2023-05-05 | 天津科谱技术有限公司 | Message transmission method, device, equipment and storage medium of communication network |
Also Published As
Publication number | Publication date |
---|---|
CN109039600B (en) | 2020-01-07 |
WO2020015338A1 (en) | 2020-01-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105027482B (en) | Certification in Ethernet passive optical network and initial key exchange on coaxial network | |
AU2010278478B2 (en) | Optical network terminal management control interface-based passive optical network security enhancement | |
US7853801B2 (en) | System and method for providing authenticated encryption in GPON network | |
US8490159B2 (en) | Method for increasing security in a passive optical network | |
Wu et al. | An XG-PON module for the NS-3 network simulator | |
US8948401B2 (en) | Method for filtering of abnormal ONT with same serial number in a GPON system | |
CN109039600A (en) | The method and system of consulted encryption algorithm in a kind of passive optical network | |
EP2439871B1 (en) | Method and device for encrypting multicast service in passive optical network system | |
CN111885436B (en) | Distribution network automatic communication system based on EPON technology | |
CN101282177B (en) | Data transmission method and terminal | |
CN101998180B (en) | Method and system for supporting version compatibility between optical line terminal and optical network unit | |
WO2022062948A1 (en) | Secure communication method and apparatus for passive optical network | |
CN117579182A (en) | Service encryption method of passive optical network system, electronic equipment and storage medium | |
CN116743380A (en) | OTN encryption communication method and system based on quantum key distribution |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |