CN112787801A - Method for authentication between PON (Passive optical network) equipment based on MD5 algorithm - Google Patents
Method for authentication between PON (Passive optical network) equipment based on MD5 algorithm Download PDFInfo
- Publication number
- CN112787801A CN112787801A CN202110083179.1A CN202110083179A CN112787801A CN 112787801 A CN112787801 A CN 112787801A CN 202110083179 A CN202110083179 A CN 202110083179A CN 112787801 A CN112787801 A CN 112787801A
- Authority
- CN
- China
- Prior art keywords
- equipment
- authentication
- onu
- olt
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 230000003287 optical effect Effects 0.000 title abstract description 5
- 230000003993 interaction Effects 0.000 claims abstract description 8
- 230000008569 process Effects 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 3
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q11/0067—Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Power Engineering (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to the technical field of optical network communication, in particular to a method for authenticating PON equipment based on MD5 algorithm, which comprises the following steps: step S1: connecting OLT equipment with ONU equipment; step S2: the OLT equipment authenticates the ONU equipment; step S3: if the authentication in the step S2 is passed, the next step is carried out, otherwise, the step S2 is returned; step S4: the ONU equipment authenticates the OLT equipment; step S5: and if the authentication in the step S4 is passed, the authentication is completed, the OLT equipment and the ONU equipment enter a normal interaction state, otherwise, the step S2 is returned. The method for authentication among PON equipment based on the MD5 algorithm is relatively low in cost and universal in applicability, solves the problem of insufficient authentication safety among the PON equipment, and avoids the risks of being easy to crack and pretending to be registered.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of optical network communication, in particular to a method for authenticating PON equipment based on an MD5 algorithm.
[ background of the invention ]
Oam (operation Administration and maintenance) refers to dividing the management work of a network into 3 general categories according to the actual needs of the operator network operation: operation (Operation), management (Administration), Maintenance (Maintenance). The OAM of the EPON can quickly find out a failure link, determine the fault position and ensure the network quality; and meanwhile, the system supports the user expansion function and facilitates upper management.
The OMCI (optical network unit Management and Control Interface) is a protocol for information interaction between the OLT and the ONT defined in the GPON standard, and is used for the OLT to manage the ONT in the GPON network, including configuration Management, fault Management, performance Management, security Management, and the like.
In the two PON protocol standards, only a few plaintext authentication methods are defined, and no safer authentication method is provided, so that the risk of being easily cracked and pretending to be registered exists.
[ summary of the invention ]
In order to overcome the technical problem, the invention provides a method for authentication between PON equipment based on MD5 algorithm.
The invention provides a method for authenticating PON equipment based on MD5 algorithm, which comprises the following steps:
step S1: connecting OLT equipment with ONU equipment;
step S2: the OLT equipment authenticates the ONU equipment;
step S3: if the authentication in the step S2 is passed, the next step is carried out, otherwise, the step S2 is returned;
step S4: the ONU equipment authenticates the OLT equipment;
step S5: and if the authentication in the step S4 is passed, the authentication is completed, the OLT equipment and the ONU equipment enter a normal interaction state, otherwise, the step S2 is returned.
Preferably, the step 2 comprises the steps of:
step S21: the OLT equipment sends a get request message to the ONU equipment through a fixed OMCI private entity;
step S22: after receiving the get request, the ONU equipment calculates a first MD5 and returns the result serving as message content to the OLT equipment;
step S23: the OLT equipment calculates the first MD5 and compares the calculation result with the result returned by the ONU equipment.
Preferably, the step S3 includes the steps of:
step S31: if the result of the first MD5 calculated by the OLT device is consistent with the result returned by the ONU device, the authentication is considered to be passed, and the process proceeds to step S4;
and step S31, if the result of the first MD5 calculated by the OLT equipment is inconsistent with the result returned by the ONU equipment, the authentication is not passed, and the step S2 is returned.
Preferably, the step S4 further includes the steps of:
step S41: the ONU equipment triggers an authentication timer to limit authentication time;
step S42: the OLT equipment issues a set operation message containing a calculation result of the second MD5 through a fixed OMCI private entity;
step 43: the ONU device calculates the second MD5 and compares the result with the result in the set operation message.
Preferably, the step S5 further includes the steps of:
step S51, if the result of the ONU equipment calculating the second MD5 is consistent with the result of the OLT equipment calculating the second MD5, the certification is passed, the authentication timer is closed, and the OLT equipment and the ONU equipment enter a normal interaction state;
step S52: the result of the ONU device calculating the second MD5 is inconsistent with the result of the OLT device calculating the second MD5, and if the authentication is not completed within the authentication time, the authentication is considered not to pass, the authentication timer is turned off, and the process returns to step S2.
Compared with the prior art, the method for authentication between PON equipment based on the MD5 algorithm has the following advantages:
the method for authentication among PON equipment based on the MD5 algorithm is relatively low in cost and universal in applicability, solves the problem of insufficient authentication safety among the PON equipment, and avoids the risks of being easy to crack and pretending to be registered.
[ description of the drawings ]
Fig. 1 is a schematic view of a specific flow structure of the method for authentication between PON devices based on MD5 algorithm in the present invention.
Fig. 2 is a schematic structural flow diagram of step S2 of the method for authenticating PON devices based on MD5 algorithm according to the present invention.
Fig. 3 is a schematic structural flow diagram of step S3 of the method for authenticating PON devices based on MD5 algorithm according to the present invention.
Fig. 4 is a schematic structural flow diagram of step S4 of the method for authenticating PON devices based on MD5 algorithm according to the present invention.
Fig. 5 is a schematic structural flow diagram of step S5 of the method for authenticating PON devices based on MD5 algorithm according to the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The plaintext content of the MD5 authentication information is first defined as follows:
ONU UID+OLT/ONU Key
wherein:
ONU UID: and 5, unifying capitalization. The EPON takes the MAC reported by the ONU as a unique identifier, such as: AA, BB, CC, DD, EE, FF, and the field is AABBCCDDEEFF; the GPON takes the GPON SN reported by the ONU as a unique identifier, such as: GPON-12345678, then this field is GPON 12345678.
OLT/ONU Key: defined by the manufacturer, the OLT and the ONUs use different fields and the content is fixed. Such as: OLTKey, ONUKey.
Referring to fig. 1, the present invention provides a method for authentication between PON devices based on MD5 algorithm, including the following steps:
step S1: and connecting the OLT equipment with the ONU equipment.
Specifically, the OLT device and the ONU device are connected by an optical fiber.
Step S2: and the OLT equipment authenticates the ONU equipment.
Specifically, step S2 includes the steps of:
step S21: the OLT equipment sends a get request message to the ONU equipment through a fixed OMCI private entity;
step S22: after receiving the get request, the ONU equipment calculates a first MD5 and returns the result serving as message content to the OLT equipment;
step S23: the OLT equipment calculates the first MD5 and compares the calculation result with the result returned by the ONU equipment.
Specifically, the plaintext content of the first MD5 is ONU SN + ONU KEY, and the OLT device and the ONU device respectively calculate and compare the results for subsequent authentication.
Step S3: the authentication in step S2 is passed and the next step is proceeded to, otherwise, the process returns to step S2.
Specifically, step S3 further includes the steps of:
step S31: if the result of the first MD5 calculated by the OLT device is consistent with the result returned by the ONU device, the authentication is considered to be passed, and the process proceeds to step S4;
and step S31, if the result of the first MD5 calculated by the OLT equipment is inconsistent with the result returned by the ONU equipment, the authentication is not passed, and the step S2 is returned.
Step S4: and the ONU equipment authenticates the OLT equipment.
Specifically, step S4 further includes the steps of:
step S41: the ONU equipment triggers an authentication timer to limit authentication time;
step S42: the OLT equipment issues a set operation message containing a calculation result of the second MD5 through a fixed OMCI private entity;
step 43: the ONU device calculates the second MD5 and compares the result with the result in the set operation message.
Specifically, the plaintext content of the second MD5 is ONU SN + OLT KEY, and the OLT device and the ONU device respectively calculate and compare the results for subsequent authentication.
Step S5: and if the authentication in the step S4 is passed, the authentication is completed, the OLT equipment and the ONU equipment enter a normal interaction state, otherwise, the step S2 is returned.
Specifically, step S5 further includes the steps of:
step S51, if the result of the ONU equipment calculating the second MD5 is consistent with the result of the OLT equipment calculating the second MD5, the certification is passed, the authentication timer is closed, and the OLT equipment and the ONU equipment enter a normal interaction state;
step S52: the result of the ONU device calculating the second MD5 is inconsistent with the result of the OLT device calculating the second MD5, and if the authentication is not completed within the authentication time, the authentication is considered not to pass, the authentication timer is turned off, and the process returns to step S2.
The MD5 algorithm can calculate an input string with a certain length to obtain a fixed length and output the fixed length, and the algorithm is irreversible, so that a system administrator cannot reversely deduce a plaintext through a decryption algorithm even if the encrypted ciphertext is obtained, the password information for confirming the identity is kept secret and is not easy to crack, and the security of authentication is improved.
It can be understood that the present invention uses a GPON system as a specific embodiment, including but not limited to this, the method is also suitable for an EPON system, only the plaintext content of MD5 needs to be changed to ONU MAC + OLT/ONU KEY, and the authentication information is exchanged through OAM messages.
Compared with the prior art, the method for authentication between PON equipment based on the MD5 algorithm has the following advantages:
the method for authentication among PON equipment based on the MD5 algorithm is relatively low in cost and universal in applicability, solves the problem of insufficient authentication safety among the PON equipment, and avoids the risks of being easy to crack and pretending to be registered.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and any modifications, equivalents, improvements, etc. made within the spirit of the present invention should be included in the scope of the present invention.
Claims (5)
1. A method for authentication between PON equipment based on MD5 algorithm is characterized in that: the method for authentication among PON equipment based on the MD5 algorithm comprises the following steps:
step S1: connecting OLT equipment with ONU equipment;
step S2: the OLT equipment authenticates the ONU equipment;
step S3: if the authentication in the step S2 is passed, the next step is carried out, otherwise, the step S2 is returned;
step S4: the ONU equipment authenticates the OLT equipment;
step S5: and if the authentication in the step S4 is passed, the authentication is completed, the OLT equipment and the ONU equipment enter a normal interaction state, otherwise, the step S2 is returned.
2. The method for inter-PON-device authentication based on the MD5 algorithm of claim 1, wherein: the step 2 comprises the following steps:
step S21: the OLT equipment sends a get request message to the ONU equipment through a fixed OMCI private entity;
step S22: after receiving the get request, the ONU equipment calculates a first MD5 and returns the result serving as message content to the OLT equipment;
step S23: the OLT equipment calculates the first MD5 and compares the calculation result with the result returned by the ONU equipment.
3. The method of inter-PON-device authentication based on the MD5 algorithm of claim 2, wherein: the step S3 includes the following steps:
step S31: if the result of the first MD5 calculated by the OLT device is consistent with the result returned by the ONU device, the authentication is considered to be passed, and the process proceeds to step S4;
and step S31, if the result of the first MD5 calculated by the OLT equipment is inconsistent with the result returned by the ONU equipment, the authentication is not passed, and the step S2 is returned.
4. The method for inter-PON-device authentication based on the MD5 algorithm of claim 1, wherein: the step S4 further includes the steps of:
step S41: the ONU equipment triggers an authentication timer to limit authentication time;
step S42: the OLT equipment issues a set operation message containing a calculation result of the second MD5 through a fixed OMCI private entity;
step 43: the ONU device calculates the second MD5 and compares the result with the result in the set operation message.
5. The method of inter-PON-device authentication based on the MD5 algorithm of claim 4, wherein: the step S5 further includes the steps of:
step S51, if the result of the ONU equipment calculating the second MD5 is consistent with the result of the OLT equipment calculating the second MD5, the certification is passed, the authentication timer is closed, and the OLT equipment and the ONU equipment enter a normal interaction state;
step S52: the result of the ONU device calculating the second MD5 is inconsistent with the result of the OLT device calculating the second MD5, and if the authentication is not completed within the authentication time, the authentication is considered not to pass, the authentication timer is turned off, and the process returns to step S2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110083179.1A CN112787801A (en) | 2021-01-21 | 2021-01-21 | Method for authentication between PON (Passive optical network) equipment based on MD5 algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110083179.1A CN112787801A (en) | 2021-01-21 | 2021-01-21 | Method for authentication between PON (Passive optical network) equipment based on MD5 algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112787801A true CN112787801A (en) | 2021-05-11 |
Family
ID=75758263
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110083179.1A Pending CN112787801A (en) | 2021-01-21 | 2021-01-21 | Method for authentication between PON (Passive optical network) equipment based on MD5 algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112787801A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113825135A (en) * | 2021-09-18 | 2021-12-21 | 江苏亨鑫众联通信技术有限公司 | Micro base station architecture construction authentication method, FPGA and unit product |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060129814A1 (en) * | 2004-12-10 | 2006-06-15 | Eun Jee S | Authentication method for link protection in Ethernet Passive Optical Network |
| CN102239654A (en) * | 2009-08-14 | 2011-11-09 | 华为技术有限公司 | Authentication method and apparatus for passive optical network device |
| CN103200161A (en) * | 2012-01-10 | 2013-07-10 | 上海贝尔股份有限公司 | Optical network unit (ONU) identity authentication method in gigabit passive optical network (GPON) |
| CN111526107A (en) * | 2019-02-01 | 2020-08-11 | 中国移动通信有限公司研究院 | Network equipment authentication method, device and storage medium |
-
2021
- 2021-01-21 CN CN202110083179.1A patent/CN112787801A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060129814A1 (en) * | 2004-12-10 | 2006-06-15 | Eun Jee S | Authentication method for link protection in Ethernet Passive Optical Network |
| CN102239654A (en) * | 2009-08-14 | 2011-11-09 | 华为技术有限公司 | Authentication method and apparatus for passive optical network device |
| CN103200161A (en) * | 2012-01-10 | 2013-07-10 | 上海贝尔股份有限公司 | Optical network unit (ONU) identity authentication method in gigabit passive optical network (GPON) |
| WO2013104987A1 (en) * | 2012-01-10 | 2013-07-18 | Alcatel Lucent | Method for authenticating identity of onu in gpon network |
| CN111526107A (en) * | 2019-02-01 | 2020-08-11 | 中国移动通信有限公司研究院 | Network equipment authentication method, device and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113825135A (en) * | 2021-09-18 | 2021-12-21 | 江苏亨鑫众联通信技术有限公司 | Micro base station architecture construction authentication method, FPGA and unit product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2449718B1 (en) | Optical network terminal management control interface-based passive optical network security enhancement | |
| EP2007063A1 (en) | A user authentication method, apparatus and system for passive optical network | |
| JP3844762B2 (en) | Authentication method and authentication apparatus in EPON | |
| WO2013104987A1 (en) | Method for authenticating identity of onu in gpon network | |
| CN110460371B (en) | Optical resource checking method and system | |
| CN103210606A (en) | Method for authentication of a wireless backup system for an optical network unit | |
| WO2016191942A1 (en) | Optical network unit authentication method, optical line terminal and optical network unit | |
| WO2010031269A1 (en) | Method, system and device for realizing the user side terminal obtains a password | |
| CN102571353B (en) | The method of verifying legitimacy of home gateway in passive optical network | |
| JP4905935B2 (en) | Authentication method in network system, authentication device, and device to be authenticated | |
| CN102170421A (en) | Method and system for realizing mixed authentication | |
| CN112787801A (en) | Method for authentication between PON (Passive optical network) equipment based on MD5 algorithm | |
| CN111526107B (en) | Network equipment authentication method, device and storage medium | |
| WO2017076146A1 (en) | Network access authentication method and system | |
| WO2014101084A1 (en) | Authentication method, device and system | |
| CN116208421A (en) | Security authentication management and control method, device, medium and server | |
| CN109495481A (en) | OLT device and ONU equipment inter-authentication method and control terminal | |
| WO2008138188A1 (en) | A method for detecting the key of the gigabit passive optical network | |
| US20230231728A1 (en) | Secure communication method and apparatus in passive optical network | |
| CN117459527A (en) | External network terminal and cloud desktop secure connection system and method based on gateway access | |
| CN114143091A (en) | Method for authenticating CPE (customer premises equipment) and ACS (auto-configuration server) based on MD5 algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210511 |
|
| RJ01 | Rejection of invention patent application after publication |