CN109039600B - Method and system for negotiating encryption algorithm in passive optical network system - Google Patents
Method and system for negotiating encryption algorithm in passive optical network system Download PDFInfo
- Publication number
- CN109039600B CN109039600B CN201810778074.6A CN201810778074A CN109039600B CN 109039600 B CN109039600 B CN 109039600B CN 201810778074 A CN201810778074 A CN 201810778074A CN 109039600 B CN109039600 B CN 109039600B
- Authority
- CN
- China
- Prior art keywords
- encryption algorithm
- onu
- message
- mic value
- serial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q11/0067—Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
Abstract
A method and system for negotiating encryption algorithm in passive optical network system relates to passive optical network system in communication field, OLT supports multiple encryption algorithms for periodically broadcasting Profile message of each encryption algorithm to ONU; each ONU is used for receiving various Profile messages, selecting one Profile message according to an encryption algorithm supported by the ONU, generating a Serial _ Number _ ONU message by adopting the same encryption algorithm and replying. And the OLT selects the same encryption algorithm as the encryption algorithm negotiated by the OLT and the ONU according to the Serial _ Number _ ONU message of each ONU. The invention realizes the support of the PON system to various encryption algorithms without adding or modifying the existing international standard protocol, and is compatible with the ONU/OLT in the current network.
Description
Technical Field
The invention relates to a passive optical network system in the field of communication, in particular to a method and a system for negotiating an encryption algorithm in the passive optical network system.
Background
In recent years, PON (Passive Optical Network) has been rapidly developed as a high-speed bandwidth access technology. A PON system generally includes an OLT (Optical Line Terminal), an ODN (Optical distribution Network), and an ONU (Optical Network Unit). In the downlink direction, the OLT broadcasts data to all the ONUs through the ODN; in the uplink direction, time division multiplexing is used to avoid optical collision.
Because the downlink data is broadcast, and the uplink data needs to be gathered by the ODN and then sent to the OLT, the uplink and downlink data are both stolen. Encryption and decryption functions are introduced in relevant ITU international standards of PON systems (e.g. XGPON standard ITU-T G.987.3, NGPON2 standard ITU-T G.989.3, and XGS-PON standard ITU-T G.9807.1). However, only one Encryption and decryption algorithm, namely an Advanced Encryption Standard (AES) algorithm, is specified in the international standards, and each ONU uses an independent key and periodically updates the key to ensure the reliability of Encryption.
However, in practical applications, the PON product needs to be able to meet the requirements of different countries, different regions and different network operators, which may require different encryption algorithms to be used. In the existing PON international standard, the support of multiple encryption algorithms is not considered, so that the requirement of different countries, regions or network operators for supporting multiple encryption algorithms on PON equipment cannot be met.
In the existing implementation techniques, for example: the patent application No. 200610078931.9, "encryption algorithm negotiation method in PON system", proposes a method for negotiating different encryption algorithms by modifying OMCI (ONU management and control interface) management protocol, and the method has a disadvantage that the existing OMCI protocol needs to be modified. And the OLT/ONU supporting various algorithms is not compatible with the ONU/OLT in the current network or can be compatible only by upgrading the ONU/OLT in the current network.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a method and a system for negotiating an encryption algorithm in a passive optical network system, which do not need to add or modify the existing international standard protocol, realize the support of the PON system on various encryption algorithms and are compatible with ONU/OLT in the current network.
In order to achieve the above object, the present invention provides a method for negotiating an encryption algorithm in a passive optical network system, comprising: the optical line terminal OLT periodically broadcasts Profile messages of each encryption algorithm with the same content to the optical network units ONU according to the supported encryption algorithm types; receiving a Serial _ Number _ ONU message of the ONU, wherein the Serial _ Number _ ONU message is calculated by an encryption algorithm obtained by one Profile message selected by the ONU; the same encryption algorithm as the Serial _ Number _ ONU message is selected as the encryption algorithm negotiated with the ONU that sent the Serial _ Number _ ONU message.
On the basis of the technical scheme, the Profile message and the Serial _ Number _ ONU message of each encryption algorithm both carry a message integrity check MIC value, and the MIC value is generated according to a secret key in each encryption algorithm.
On the basis of the above technical solution, the selecting an encryption algorithm the same as the Serial _ Number _ ONU message includes: and checking the MIC value in the received Serial _ Number _ ONU message through a key of each encryption algorithm, and selecting the encryption algorithm type adopted by the Serial _ Number _ ONU message with the MIC value passing the check.
On the basis of the technical scheme, when the encryption algorithm is the encryption algorithm of the non-ITU standard, a default key or other non-zero keys specified by the international standard are adopted.
On the basis of the technical scheme, the non-ITU standard encryption algorithm comprises a national encryption standard algorithm SM 4.
The invention also provides a method for negotiating the encryption algorithm in the passive optical network system, which comprises the following steps: the ONU periodically receives the Profile message of each encryption algorithm which is broadcasted by the OLT and has the same content, selects the Profile message of one encryption algorithm which is supported by the ONU, generates a Serial _ Number _ ONU message by adopting the same encryption algorithm and sends the Serial _ Number _ ONU message to the OLT, so that the OLT selects the encryption algorithm which is the same as the Serial _ Number _ ONU message as a negotiation encryption algorithm.
On the basis of the technical scheme, the Profile message of each encryption algorithm broadcasted by the OLT contains an MIC value, and the MIC value is generated according to a secret key in each encryption algorithm; the Serial _ Number _ ONU messages have the same MIC value for the same key generation.
On the basis of the above technical solution, the selecting a Profile message of an encryption algorithm supported by itself includes: and verifying the MIC value in each received Profile message through a key supporting an encryption algorithm, and selecting the Profile message passing the MIC value verification.
On the basis of the technical scheme, when the Profile message of the encryption algorithm supported by the user is selected, if the MIC values of a plurality of Profile messages pass the verification, one Profile message is selected according to a preset rule, a random rule or a sequence.
On the basis of the technical scheme, when the encryption algorithm adopts the encryption algorithm of the non-ITU standard, a default key or other non-zero keys specified by the international standard are adopted.
On the basis of the technical scheme, the non-ITU standard encryption algorithm comprises a national encryption standard algorithm SM 4.
The invention also provides a system for negotiating the encryption algorithm in the passive optical network system, which comprises an OLT and a plurality of ONUs, wherein the OLT supports a plurality of encryption algorithms and is used for periodically broadcasting the Profile message of each encryption algorithm to the ONUs; the OLT is also used for selecting the same encryption algorithm as the encryption algorithm negotiated by the OLT and the ONU according to the Serial _ Number _ ONU message of each ONU; each ONU is used for receiving various Profile messages, selecting one Profile message according to an encryption algorithm supported by the ONU, and generating and replying a Serial _ Number _ ONU message by adopting the same encryption algorithm.
On the basis of the above technical solution, the Profile message and the Serial _ Number _ ONU message both contain MIC values, and the OLT includes:
a first MIC value generation module for generating the MIC value in the Profile message according to the key in each encryption algorithm;
the first MIC value checking module is used for respectively checking the MIC value in each Serial _ Number _ ONU message according to the key of each encryption algorithm;
and the first selection module is used for selecting the Serial _ Number _ ONU information which passes the MIC value verification according to the verification result of the first MIC value verification module to obtain a corresponding encryption algorithm.
On the basis of the above technical solution, each ONU comprises:
the second MIC value checking module is used for respectively checking the MIC value in each Profile message according to the key of each encryption algorithm;
the second selection module is used for selecting a Profile message passing the MIC value verification according to the verification result of the second MIC value verification module;
the second MIC value generation module is used for calculating the MIC value in the message by adopting the key of the same encryption algorithm according to the Profile message selected by the second selection module;
and the message generation module is used for generating a Serial _ Number _ ONU message by adopting the same encryption algorithm according to the MIC value calculated by the second MIC value generation module.
On the basis of the above technical scheme, in the second MIC value checking module, when the MIC values of the multiple Profile messages pass the checking, the second selecting module selects one of the Profile messages according to a preconfigured rule, a random rule or a sequence.
On the basis of the technical scheme, when the encryption algorithm adopts the encryption algorithm of the non-ITU standard, a default key or other non-zero keys specified by the international standard are adopted, and the encryption algorithm of the non-ITU standard comprises a national secret standard algorithm SM 4.
The invention has the beneficial effects that: the PON system can support various encryption algorithms without adding or modifying the existing international standard protocol, such as an OMCI protocol or a PLOAM (Physical Layer OAM) protocol of an ITU (International telecommunication Union) international standard.
The optical network unit can support OLT/ONU of various encryption algorithms, and directly intercommunicate with ONU/OLT which only supports AES in the current network, without updating or upgrading the software and hardware of ONU/OLT in the current network.
Drawings
Fig. 1 is a flowchart of a method for negotiating an encryption algorithm in a passive optical network system according to a fifth embodiment;
fig. 2 is a system diagram illustrating negotiation of an encryption algorithm in a passive optical network system according to an eighth embodiment.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
First embodiment
The method for negotiating the encryption algorithm in the passive optical network system in the embodiment comprises the following steps:
the OLT periodically broadcasts Profile messages of each encryption algorithm to the ONU according to the supported encryption algorithm types, and the message content of each encryption algorithm is the same.
And the OLT receives a Serial _ Number _ ONU message replied by the ONU, wherein the Serial _ Number _ ONU message is generated after the ONU calculates through an encryption algorithm, and the encryption algorithm is the same as the encryption algorithm of one Profile message selected by the ONU.
The OLT selects the same encryption algorithm as the Serial _ Number _ ONU message as the encryption algorithm negotiated with the ONU that sent the Serial _ Number _ ONU message.
Second embodiment
On the basis of the first embodiment, both the Profile message and the Serial _ Number _ ONU message of each encryption algorithm carry MIC (message integrity check) values, and the MIC values are generated according to keys in each encryption algorithm. Therefore, although the content of the Profile message of each encryption algorithm broadcasted by the OLT is the same, the MIC value of the Profile message of each encryption algorithm is different.
In this embodiment, the OLT verifies the MIC value in the received Serial _ Number _ ONU message by using the key of each encryption algorithm, and discards the Serial _ Number _ ONU message whose MIC value does not pass the verification. And selecting the encryption algorithm type adopted by the Serial _ Number _ ONU message passing the MIC value verification as the encryption algorithm negotiated with the ONU sending the Serial _ Number _ ONU message.
Preferably, when the encryption algorithm is a non-ITU standard encryption algorithm, a default key or other non-zero keys specified by international standards are used for generating the MIC value; the non-ITU standard encryption algorithm in the present embodiment refers to any symmetric encryption algorithm except AES, such as the SM4(GB/T32907-2016) cryptographic standard algorithm.
Third embodiment
The method for negotiating the encryption algorithm in the source optical network system in this embodiment includes:
the ONU periodically receives the Profile message of each encryption algorithm broadcasted by the OLT, and the content of each Profile message is the same. And the ONU selects one Profile message according to the encryption algorithm supported by the ONU in the received Profile messages, generates a Serial _ Number _ ONU message by adopting the same encryption algorithm and sends the Serial _ Number _ ONU message to the OLT, so that the OLT selects the encryption algorithm which is the same as the Serial _ Number _ ONU message as a negotiation encryption algorithm.
Fourth embodiment
In this embodiment, on the basis of the third embodiment, the Profile message of each encryption algorithm broadcast by the OLT includes a MIC value, and the MIC value is generated according to a key in each encryption algorithm. The Serial _ Number _ ONU message generated by the ONU also contains a MIC value, which is generated according to the same key in the same encryption algorithm of the selected Profile message, and is the same as the MIC value in the Profile message.
The ONU specifically selects a Profile message, including verifying the MIC value in each received Profile message through a key supporting an encryption algorithm, discarding the Profile messages which are not verified to pass by the MIC value verification, and selecting the Profile messages which pass by the MIC value verification. If the MIC values of a plurality of Profile messages pass the verification, one Profile message can be selected according to a preset rule, or one Profile message can be selected according to a random rule or a sequence.
Preferably, when the encryption algorithm is an encryption algorithm of a non-ITU standard, a default key or other non-zero keys specified by an international standard are used for generating a MIC value in a Serial _ Number _ ONU message; the non-ITU standard encryption algorithm in the present embodiment refers to any symmetric encryption algorithm except AES, such as the SM4(GB/T32907-2016) cryptographic standard algorithm.
Fifth embodiment
As shown in fig. 1, the method for negotiating an encryption algorithm in a passive optical network system of this embodiment specifically includes the following steps:
and S101, the OLT calculates the MIC value of each algorithm Profile message according to the supported encryption algorithm type, and periodically broadcasts the Profile message of each encryption algorithm.
The contents of Profile messages of each encryption algorithm are consistent, but the MIC value is different in each Profile message because the MIC value is generated according to the key in each encryption algorithm. In addition, when a non-ITU standard encryption algorithm is used, a default key or other non-zero key specified by the international standard is used, and the non-ITU standard encryption algorithm in the present embodiment refers to any symmetric encryption algorithm other than AES, for example, the national secret standard algorithm SM4 (GB/T32907-2016).
S102, the ONU receives various Profile messages, checks MIC values in the various Profile messages according to the encryption algorithm types supported by the ONU, judges whether the check is passed or not, and enters S103 if the check is passed; if not, the process proceeds to S104.
S103, discarding the Profile message which fails in MIC value verification, and finishing the verification in the current round.
And S104, selecting the Profile message passing the MIC value check. If the MIC values of a plurality of Profile messages pass the verification, one Profile message can be selected according to a preset rule, a random rule or the sequence.
And S105, the ONU adopts the same encryption algorithm as the selected Profile message, calculates the MIC value of the Serial _ Number _ ONU message through the key of the encryption algorithm, and replies the Serial _ Number _ ONU message to the OLT.
And S106. after receiving the Serial _ Number _ ONU message, the OLT verifies the MIC value carried by the Serial _ Number _ ONU message by adopting keys of different encryption algorithms, selects the encryption algorithm corresponding to the key passing the MIC value verification as the encryption algorithm negotiated with the ONU corresponding to the Serial _ Number _ ONU message, namely the OLT and the ONU adopt the same encryption algorithm.
Sixth embodiment
The present embodiment is based on the fifth embodiment, and is a method for implementing direct intercommunication without updating or upgrading software and hardware of an ONU/OLT in an existing network on the premise that the existing network only supports the ONU/OLT of AES, and specifically includes:
when the OLT supporting various encryption algorithms accesses the existing network, the downlink working mode is unchanged. The ONU of the existing network only supports the AES algorithm, and among various Profile messages broadcast by the OLT, only the Profile message adopting the AES algorithm can pass the verification at the ONU side. And the ONU selects an AES algorithm and calculates the MIC value by adopting the AES algorithm in the replied Serial _ Number _ ONU message. After receiving the Serial _ Number _ ONU message, the OLT only passes the MIC check of the AES algorithm, and the result negotiated by the OLT and the ONU key algorithm is the AES which is consistent with the requirement of the current network, thereby directly realizing intercommunication.
When the ONU supporting various encryption algorithms accesses the existing network, the OLT can only broadcast Profile information for calculating the MIC value by adopting the AES, the ONU carries out MIC check, only the MIC check of the AES can pass, the ONU adopts the AES algorithm to calculate the MIC value of the Serial _ Number _ ONU information and replies the information, the OLT adopts the AES algorithm to carry out MIC check after receiving the Serial _ Number _ ONU information, and if the check passes, the result negotiated by the OLT and the ONU key algorithm is the AES and is consistent with the requirements of the existing network.
Seventh embodiment
The system for negotiating the encryption algorithm in the passive optical network system in the embodiment includes an OLT and a plurality of ONUs, wherein:
the OLT supports a plurality of encryption algorithms, and is used for periodically broadcasting the Profile message of each encryption algorithm to each ONU, and the content of the Profile message of each encryption algorithm is the same. The OLT is also used for selecting the same encryption algorithm according to the Serial _ Number _ ONU message of each ONU as the encryption algorithm negotiated by the OLT and the ONU.
Each ONU is used for receiving various Profile messages and selecting one Profile message according to an encryption algorithm supported by the ONU. The ONU is also used for generating a Serial _ Number _ ONU message by adopting the same encryption algorithm and replying the message to the OLT.
Eighth embodiment
This embodiment is based on the seventh embodiment, and both the Profile message and the Serial _ Number _ ONU message contain MIC values. As shown in fig. 2, the OLT and the internal modules of one ONU are explained in detail. The OLT comprises a first MIC value generation module, a first MIC value verification module and a first selection module. Each ONU comprises a second MIC value checking module, a second selecting module, a second MIC value generating module and a message generating module.
And the first MIC value generation module is used for generating the MIC value in the Profile message according to the key in each encryption algorithm.
And the second MIC value checking module is used for respectively checking the MIC value in each Profile message according to the key of each encryption algorithm.
And the second selection module is used for selecting a Profile message passing MIC value verification according to the verification result of the second MIC value verification module. When the MIC values of the plurality of Profile messages pass the verification, the second selection module selects one of the Profile messages according to a preset rule, a random rule or a sequence.
And the second MIC value generation module is used for calculating the MIC value in the message by adopting the key of the same encryption algorithm according to the Profile message selected by the second selection module.
And the message generation module is used for generating a Serial _ Number _ ONU message by adopting the same encryption algorithm according to the MIC value calculated by the second MIC value generation module and replying the Serial _ Number _ ONU message to the OLT.
And the first MIC value checking module is used for respectively checking the MIC value in each Serial _ Number _ ONU message according to the key of each encryption algorithm.
And the first selection module is used for selecting the Serial _ Number _ ONU information which passes the MIC value verification according to the verification result of the first MIC value verification module to obtain a corresponding encryption algorithm. The encryption algorithm is a negotiation encryption algorithm in the passive optical network system.
When the encryption algorithm adopts the encryption algorithm of the non-ITU standard, a default key or other non-zero keys specified by the international standard are adopted, and the encryption algorithm of the non-ITU standard comprises a national secret standard algorithm SM 4.
The present invention is not limited to the above-described embodiments, and it will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements are also considered to be within the scope of the present invention. Those not described in detail in this specification are within the skill of the art.
Claims (10)
1. A method for negotiating an encryption algorithm in a passive optical network system, comprising:
the optical line terminal OLT periodically broadcasts Profile messages of each encryption algorithm with the same content to the optical network units ONU according to the supported encryption algorithm types;
receiving a Serial _ Number _ ONU message of the ONU, wherein the Serial _ Number _ ONU message is calculated by an encryption algorithm obtained by one Profile message selected by the ONU;
selecting the same encryption algorithm as the Serial _ Number _ ONU message as the encryption algorithm negotiated with the ONU which transmits the Serial _ Number _ ONU message;
the Profile message and the Serial _ Number _ ONU message of each encryption algorithm both carry a Message Integrity Check (MIC) value, and the MIC value is generated according to a secret key in each encryption algorithm;
the selecting the same encryption algorithm as the Serial _ Number _ ONU message comprises:
and checking the MIC value in the received Serial _ Number _ ONU message through a key of each encryption algorithm, and selecting the encryption algorithm type adopted by the Serial _ Number _ ONU message with the MIC value passing the check.
2. The method of negotiating an encryption algorithm in a passive optical network system as set forth in claim 1, wherein: and when the encryption algorithm is the encryption algorithm of the non-ITU standard, a default key or other non-zero keys specified by the international standard are adopted.
3. The method of negotiating an encryption algorithm in a passive optical network system as set forth in claim 2, wherein: the non-ITU standard encryption algorithm includes the national encryption standard algorithm SM 4.
4. A method for negotiating an encryption algorithm in a passive optical network system, comprising: the ONU periodically receives the Profile message of each encryption algorithm which is broadcasted by the OLT and has the same content, selects the Profile message of the encryption algorithm supported by the ONU, generates a Serial _ Number _ ONU message by adopting the same encryption algorithm and sends the Serial _ Number _ ONU message to the OLT, so that the OLT selects the encryption algorithm which is the same as the Serial _ Number _ ONU message as a negotiation encryption algorithm;
the Profile message of each encryption algorithm broadcasted by the OLT contains an MIC value, and the MIC value is generated according to a secret key in each encryption algorithm; the Serial _ Number _ ONU messages have the same MIC value generated by the same key;
the selecting a Profile message of an own supported encryption algorithm includes:
and verifying the MIC value in each received Profile message through a key supporting an encryption algorithm, and selecting the Profile message passing the MIC value verification.
5. The method of negotiating an encryption algorithm in a passive optical network system according to claim 4, wherein: and when the Profile message of the encryption algorithm supported by the user is selected, if the MIC values of a plurality of Profile messages pass the verification, selecting one Profile message according to a preset rule, a random rule or a sequence.
6. A method of negotiating an encryption algorithm in a passive optical network system according to claim 4 or 5, characterized in that: and when the encryption algorithm adopts the encryption algorithm of the non-ITU standard, a default key or other non-zero keys specified by the international standard are adopted.
7. The method of negotiating an encryption algorithm in a passive optical network system as set forth in claim 6, wherein: the non-ITU standard encryption algorithm includes the national encryption standard algorithm SM 4.
8. A system for negotiating encryption algorithm in passive optical network system includes OLT and multiple ONU, its character lies in:
the OLT supports a plurality of encryption algorithms and is used for periodically broadcasting the Profile message of each encryption algorithm to the ONU; the OLT is also used for selecting the same encryption algorithm as the encryption algorithm negotiated by the OLT and the ONU according to the Serial _ Number _ ONU message of each ONU;
each ONU is used for receiving various Profile messages, selecting one Profile message according to an encryption algorithm supported by the ONU, and generating and replying a Serial _ Number _ ONU message by adopting the same encryption algorithm;
the Profile message and the Serial _ Number _ ONU message each contain a MIC value, and the OLT includes:
a first MIC value generation module for generating the MIC value in the Profile message according to the key in each encryption algorithm;
the first MIC value checking module is used for respectively checking the MIC value in each Serial _ Number _ ONU message according to the key of each encryption algorithm;
the first selection module is used for selecting a Serial _ Number _ ONU message passing the MIC value verification according to the verification result of the first MIC value verification module to obtain a corresponding encryption algorithm;
each ONU comprises:
the second MIC value checking module is used for respectively checking the MIC value in each Profile message according to the key of each encryption algorithm;
the second selection module is used for selecting a Profile message passing the MIC value verification according to the verification result of the second MIC value verification module;
the second MIC value generation module is used for calculating the MIC value in the message by adopting the key of the same encryption algorithm according to the Profile message selected by the second selection module;
and the message generation module is used for generating a Serial _ Number _ ONU message by adopting the same encryption algorithm according to the MIC value calculated by the second MIC value generation module.
9. The system for negotiating an encryption algorithm in a passive optical network system according to claim 8, wherein: in the second MIC value checking module, when the MIC values of the plurality of Profile messages pass the checking, the second selecting module selects one of the Profile messages according to a preset rule, a random rule or a sequence.
10. A system for negotiating an encryption algorithm in a passive optical network system as claimed in claim 8 or 9, characterized in that: when the encryption algorithm adopts the encryption algorithm of the non-ITU standard, a default key or other non-zero keys specified by the international standard are adopted, and the encryption algorithm of the non-ITU standard comprises a national secret standard algorithm SM 4.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810778074.6A CN109039600B (en) | 2018-07-16 | 2018-07-16 | Method and system for negotiating encryption algorithm in passive optical network system |
| PCT/CN2019/070158 WO2020015338A1 (en) | 2018-07-16 | 2019-01-03 | Method and system for negotiating encryption algorithm in passive optical network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810778074.6A CN109039600B (en) | 2018-07-16 | 2018-07-16 | Method and system for negotiating encryption algorithm in passive optical network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109039600A CN109039600A (en) | 2018-12-18 |
| CN109039600B true CN109039600B (en) | 2020-01-07 |
Family
ID=64642563
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810778074.6A Active CN109039600B (en) | 2018-07-16 | 2018-07-16 | Method and system for negotiating encryption algorithm in passive optical network system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109039600B (en) |
| WO (1) | WO2020015338A1 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109039600B (en) * | 2018-07-16 | 2020-01-07 | 烽火通信科技股份有限公司 | Method and system for negotiating encryption algorithm in passive optical network system |
| CN110620792A (en) * | 2019-10-24 | 2019-12-27 | 福建星网视易信息系统有限公司 | Communication encryption method, communication device, system, and computer-readable storage medium |
| CN116074413A (en) * | 2023-01-28 | 2023-05-05 | 天津科谱技术有限公司 | Message transmission method, device, equipment and storage medium of communication network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102656838A (en) * | 2009-07-31 | 2012-09-05 | 华为技术有限公司 | Optical network terminal management control interface-based passive optical network security enhancement |
| CN103955654A (en) * | 2014-04-02 | 2014-07-30 | 西北工业大学 | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system |
| CN107566125A (en) * | 2017-09-01 | 2018-01-09 | 捷德(中国)信息科技有限公司 | The safety certifying method that a kind of more algorithms combine |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100523357B1 (en) * | 2003-07-09 | 2005-10-25 | 한국전자통신연구원 | Key management device and method for providing security service in epon |
| CN109039600B (en) * | 2018-07-16 | 2020-01-07 | 烽火通信科技股份有限公司 | Method and system for negotiating encryption algorithm in passive optical network system |
-
2018
- 2018-07-16 CN CN201810778074.6A patent/CN109039600B/en active Active
-
2019
- 2019-01-03 WO PCT/CN2019/070158 patent/WO2020015338A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102656838A (en) * | 2009-07-31 | 2012-09-05 | 华为技术有限公司 | Optical network terminal management control interface-based passive optical network security enhancement |
| CN103955654A (en) * | 2014-04-02 | 2014-07-30 | 西北工业大学 | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system |
| CN107566125A (en) * | 2017-09-01 | 2018-01-09 | 捷德(中国)信息科技有限公司 | The safety certifying method that a kind of more algorithms combine |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020015338A1 (en) | 2020-01-23 |
| CN109039600A (en) | 2018-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102223586B (en) | Registration activation method and system for optical network unit | |
| CA2769226C (en) | Optical network terminal management control interface-based passive optical network security enhancement | |
| US8948401B2 (en) | Method for filtering of abnormal ONT with same serial number in a GPON system | |
| CN109039600B (en) | Method and system for negotiating encryption algorithm in passive optical network system | |
| CN101902662B (en) | Optical network unit (ONU) registration activating method and system | |
| CN105027482A (en) | Authentication and initial key exchange in ethernet passive optical network over coaxial network | |
| KR20050006613A (en) | Key management device and method for providing security service in epon | |
| US20080013728A1 (en) | Method and Device for Ensuring Data Security in Passive Optical Network | |
| CN103051983A (en) | Method and device for processing uplink data exception | |
| CN103391486A (en) | Method for wave length adjustment, optical line terminal and optical network unit | |
| CN102082976A (en) | Method and system for sending data in passive optical network (PON) | |
| KR20140083160A (en) | An optical line terminal and method for registrating optical network terminals thereof | |
| US8942378B2 (en) | Method and device for encrypting multicast service in passive optical network system | |
| CN101778311A (en) | Distribution method of optical network unit marks and optical line terminal | |
| CN111885436B (en) | Distribution network automatic communication system based on EPON technology | |
| CN101499898A (en) | Method and apparatus for cipher key interaction | |
| CN101998180B (en) | Method and system for supporting version compatibility between optical line terminal and optical network unit | |
| CN102055583B (en) | Method, system and equipment for safely distributing multicast key | |
| US20230231728A1 (en) | Secure communication method and apparatus in passive optical network | |
| CN101998188A (en) | Encryption/decryption method and system for passive optical network | |
| CN117579182A (en) | Service encryption method of passive optical network system, electronic equipment and storage medium | |
| CN115913369A (en) | Communication method and apparatus in passive optical network and computer readable medium | |
| CN102036128A (en) | Method and system for realizing information interaction security in Gigabit-capable passive optical network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |