CN203251308U - Passive optical network - Google Patents
Passive optical network Download PDFInfo
- Publication number
- CN203251308U CN203251308U CN 201220666777 CN201220666777U CN203251308U CN 203251308 U CN203251308 U CN 203251308U CN 201220666777 CN201220666777 CN 201220666777 CN 201220666777 U CN201220666777 U CN 201220666777U CN 203251308 U CN203251308 U CN 203251308U
- Authority
- CN
- China
- Prior art keywords
- optical
- quantum key
- network
- key
- quantum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Optical Communication System (AREA)
- Small-Scale Networks (AREA)
Abstract
The utility model discloses a passive optical network. An optical distribution network is connected between an optical line terminal and optical network terminals, the optical line terminal is corresponding to a quantum key distribution device, and the optical line terminal encrypts and decrypts communication data through a quantum cryptography. Each optical network terminal is corresponding to one quantum key distribution device, and the optical network terminals encrypt and decrypt communication data through a quantum cryptography. By means of quantum mechanics characteristics, the transmission process of a quantum key cannot be broken through; even though the transmission process of the quantum key is attacked from outside, the attack is easy to discover; the data are encrypted by employing the quantum key, a one-time pad encryption mode is employed, and the absolute safety of the data is guaranteed.
Description
Technical field
The present invention relates to the network at EPON enforcement quantum key of communication field, relate in particular to a kind of EPON.
Background technology
EPON (Passive Optical Network, PON) by the optical line terminal that is positioned at local side (Optical Line Terminal, OLT) and be positioned at optical network unit (the Optical Network Unit of far-end, ONU) and/or Optical Network Terminal (Optical Network Terminal, ONT) form, and be connected to form a point-to-multipoint network by Optical Distribution Network (Optical Distribution Network, ODN).OLT is positioned at root node, links to each other with each ONU/ONT by ODN.
The PON technology starts from early 1980s, and PON product in the market mainly is divided into ATM PON/ broadband P ON(APON/BPON by the technology that adopts), Ethernet PON(EPON) and gigabit PON(GPON) several.Along with the deployment of EPON (Passive Optical Network, PON), more and more higher to the requirement of PON security of system reliability.Wherein can effectively take precautions against the disabled user to the PON system is intercepted, service theft and malicious attack have become the PON system a critical function.
From up direction, PON is the system of a point-to-point, and from down direction, PON is a point-to-multipoint broadcast system, OLT and ONT be by key request/obtain, data encryption, effectively taken precautions against the intercepting of disabled user on the up-downlink direction, service theft and malicious attack.At present, the key that traditional for no reason at all optical-fiber network uses is to use internet information exchange (IKE) scheme, employed key all is to carry out information exchange by calculating at traditional network, traditional netkey exchange process is easy to suffer extraneous attack, has very large risk in safety; The IKE system is to be based upon on the basis of computational complexity in addition, and this computational complexity is theoretically to confirm being to be perfectly safe reliably, when being attacked, has possibility that is broken, so exists very large potential safety hazard.
The number of fibers of considering the present PON system free time is many, in existing PON system, implement quantum key distribution by means of idle fiber channel and need not to change present network configuration and network line, easy to implement and can also utilize more fully existing PON system resource, more be conducive to ensure the safe transmission of data.
Summary of the invention
Technical scheme to be solved by this invention is for the deficiency of the employed key of above-mentioned EPON cipher key system of the prior art at secure context, and a kind of EPON is provided.EPON of the present invention can guaranteed discharge sub-key being perfectly safe in transmission course.
For solving the problems of the technologies described above, the technical scheme that the present invention takes is: a kind of EPON comprises optical line terminal and Optical Network Terminal; Be connected with Optical Distribution Network between described optical line terminal and the Optical Network Terminal; It is characterized in that: also comprise for the quantum key distribution equipment to optical line terminal and/or Optical Network Terminal dispensed amount sub-key; Described optical line terminal is corresponding with a quantum key distribution equipment, quantum key distribution equipment is connected with optical line terminal with Optical Distribution Network respectively by optical fiber, form optical link quantum key fetch channel, optical line terminal by optical link quantum key fetch channel amount to obtain sub-key and by the quantum cryptography obtained to being encrypted at the communication data that EPON transmits and deciphering; Each Optical Network Terminal is corresponding with a quantum key distribution equipment respectively, each quantum key distribution equipment is connected with Optical Network Terminal with Optical Distribution Network by optical fiber respectively, form optical-fiber network quantum key fetch channel, Optical Network Terminal by optical-fiber network quantum key fetch channel amount to obtain sub-key and by the quantum cryptography obtained to being encrypted at the communication data that EPON transmits and deciphering.
As further improved technical scheme of the present invention, described optical fiber is connected with Optical Distribution Network by network interface, USB interface or Serial interface.
The invention has the beneficial effects as follows, on can be on the utilizing existing EPON idle optical fiber in the addition quantum key distribution equipment, guarantee communication data being perfectly safe in transmission course, recruitment quantum key distribution equipment in traditional EPON only, simple in structure, and fully effectively utilized existing vacant fiber resource, the present invention is applicable to various application scenarios and ATM PON/ broadband P ON-APON/BPON, Ethernet PON-EPON and the gigabit PON-GPON of PON system, has improved the reliability of PON system.
Description of drawings
Fig. 1 is the system construction drawing of using existing EPON of the present invention.
Fig. 2 is the system construction drawing at EPON.
Fig. 3 be among Fig. 2 optical line terminal how throughput quantum key distribution equipment obtain the work sequence figure of key.
Fig. 4 be among Fig. 2 Optical Network Terminal how throughput quantum key distribution equipment obtain the work sequence figure of key.
Fig. 5 is during for optical line terminal among Fig. 3 and Optical Network Terminal amount to obtain sub-key, and quantum key distribution equipment cooperates optical line terminal and Optical Network Terminal to be used to complete the work sequence figure of key management, renewal, use.
Below in conjunction with accompanying drawing, by the specific embodiment of the present invention is described further.
Embodiment
Embodiment 1
Referring to Fig. 2, Fig. 3, Fig. 4 and Fig. 5, this EPON comprises optical line terminal and Optical Network Terminal; Be connected with Optical Distribution Network between described optical line terminal and the Optical Network Terminal; Also comprise for the quantum key distribution equipment to optical line terminal and/or Optical Network Terminal dispensed amount sub-key; Described optical line terminal is corresponding with a quantum key distribution equipment, quantum key distribution equipment is connected with optical line terminal with Optical Distribution Network respectively by optical fiber, form optical link quantum key fetch channel, optical line terminal by optical link quantum key fetch channel amount to obtain sub-key and by the quantum cryptography obtained to being encrypted at the communication data that EPON transmits and deciphering; Each Optical Network Terminal is corresponding with a quantum key distribution equipment respectively, each quantum key distribution equipment is connected with Optical Network Terminal with Optical Distribution Network by optical fiber respectively, form optical-fiber network quantum key fetch channel, Optical Network Terminal by optical-fiber network quantum key fetch channel amount to obtain sub-key and by the quantum cryptography obtained to being encrypted at the communication data that EPON transmits and deciphering.Described optical fiber is connected with Optical Distribution Network by network interface, USB interface or Serial interface.
Operation principle explanation and the course of work of present embodiment 1 are as follows:
In the present embodiment, EPON also claims PON, and optical line terminal also claims OLT, and Optical Distribution Network also claims ODN, and quantum key distribution equipment also claims QKD, and Optical Network Terminal also claims ONT; Fig. 1 is the block diagram that the structure of EPON of the present invention is used in diagram.PON has point-to-multipoint tree structure, i.e. the P2MP structure.Yet PON does not have network configuration.In logic, although it physically has the P2MP structure, PON only has point-to-point topology, i.e. the P2P structure.In other words, all Optical Network Terminal, namely ONT1 is connected to single optical line terminal, i.e. OLT to ONTN.So ONT1 need to set up a passage to each Optical Network Terminal among the ONTN and communicate by letter with OLT.
Fig. 2 is the system construction drawing of implementing quantum key distribution at EPON.Need to set up a passage in conjunction with the described ONT1 of Fig. 1 to each Optical Network Terminal among the ONTN and come to communicate by letter with optical line terminal, so just can be in the situation that does not change original system configuration addition quantum key distribution equipment.The structure of implementing the system of quantum key distribution at PON comprises optical line terminal, Optical Distribution Network, also comprises Optical Network Terminal, and namely ONT1 links to each other by the optical fiber tunnel between them to ONTN; Also comprise accordingly and quantum key distribution equipment, be that QKD1 is to QKDNN+1, link to each other with Optical Distribution Network respectively by optical fiber between the QKD, OLT links to each other with QKD1 by network interface, USB interface, Serial interface or other interfaces that can be used for transfer of data, to set up optical link quantum key fetch channel; ONT1 links to each other to QKDN+1 with QKD2 respectively by network interface, USB interface, Serial interface or other interfaces that can be used for transfer of data to ONTN, to set up optical-fiber network quantum key fetch channel.Optical link middle-end and Optical Network Terminal are encrypted employed quantum key and are obtained to QKDN from quantum key distribution equipment QKD1 being encrypted at the communication data that PON transmits.In the communication data transmission course, according to the quantum mechanics characteristic, key is safe and reliable, can't be stolen by the third party.
In Fig. 2, Fig. 3 and Fig. 4, optical line terminal links to each other with quantum key distribution equipment by any interfaces that can carry out data communication such as network interface, USB interface, Serial interfaces with Optical Network Terminal, set up optical link quantum key fetch channel and optical-fiber network quantum key fetch channel, then transmit the quantum key that QKD produces at optical link quantum key fetch channel and optical-fiber network quantum key fetch channel respectively.OLT connects to the request of QKD1 traffic volume sub-key, from QKD1 amount to obtain sub-key, ONT1, ONT2 or ONTN connect to QKD2, QKD3 or the request of QKDN+1 traffic volume sub-key, obtain key from QKD2, QKD3 or QKDN+1, it is synchronous that OLT and ONT1, ONT2 or ONTN+1 carry out quantum key, determine that the quantum key that obtains is identical quantum key pair, if correct synchronously, EPON is encrypted, deciphers communication data with the quantum key that obtains.
As shown in Figure 5, QKD1 is when receiving the quantum key request, according to the key management algorithm, distribute suitable quantum key, if available quantum key is arranged, with regard to the traffic volume sub-key to optical line terminal, in the process that quantum key obtains, optical line terminal still continues to keep optical line terminal work with old quantum key when consulting new quantum key, newly quantum key is to finish in the escape way that old quantum key is set up synchronously.The quantum key of OLT needs periodic the replacing, optical line terminal is when the quantum key replacement cycle arrives, need the renewal amount sub-key, optical line terminal is sent out the quantum key request to QKD1, behind correct amount to obtain sub-key, optical line terminal is told Optical Network Terminal with the quantum key serial number and the Md5 check value that obtain, Optical Network Terminal reads quantum key according to the serial number and the Md5 check value that receive to QKD2, after reading quantum key, the Md5 value of the quantum key that relatively reads with receive whether consistent, if consistent, Optical Network Terminal is responded and is confirmed that quantum key obtains successfully, shows that current quantum key upgrades to obtain successfully; Otherwise respond quantum key and obtain failure.
Implement optical line terminal and the one or more Optical Network Terminal that quantum key distribution needs EPON at EPON, link to each other by Optical Distribution Network between OLT and the ONT, also comprise one to one or the quantum key distribution equipment of one-to-many, be that QKD1, QKD2 are until QKDN+1 is continuous by optical fiber between the quantum key distribution equipment.
In the present embodiment, to be throughput quantum key distribution equipment produced and be transferred to the opposing party by a side quantum key, and the passage of quantum key distribution device transmission key is optical fiber.Optical line terminal and Optical Network Terminal are to the request of quantum key distribution equipment traffic volume sub-key, and behind quantum key distribution equipment acquisition quantum key, OLT, that ONT both sides carry out quantum key is synchronous, determine whether the quantum key that obtains is consistent, if correct synchronously, with the quantum key that obtains communication data be encrypted, decipher; If incorrect synchronously, again ask federal quantum key.
Quantum key distribution equipment according to the quantum key management algorithm, distributes suitable quantum key when the quantum key request of receiving optical line terminal, if available quantum key is arranged, to OLT, in the process that quantum key obtains, OLT needs and QKD sets up a session with regard to the traffic volume sub-key.OLT still continues maintenance work with old quantum key when consulting new quantum key, newly quantum key is to finish in the escape way of old Key Establishing synchronously.The quantum key of OLT needs periodic the replacing, OLT is when the quantum key replacement cycle arrives, just need the renewal amount sub-key, OLT is to the request of QKD traffic volume sub-key, behind correct amount to obtain sub-key, OLT tells Optical Network Terminal with the quantum key serial number and the Md5 check value that obtain, ONT reads quantum key according to the serial number that receives to QKD, the Md5 value that reads the quantum key that relatively reads behind the quantum key with receive whether consistent, if consistent, ONT respond to confirm that quantum key obtains successfully (OK), represents that current quantum key upgrades to obtain successfully; If inconsistent, OLT is different from the quantum key that ONT obtains in expression, needs again request amount sub-key.
Similarly, quantum key distribution equipment is when the quantum key request of receiving Optical Network Terminal, according to the quantum key management algorithm, distribute suitable quantum key, if available quantum key is arranged, to ONT, in the process that quantum key obtains, ONT needs and QKD sets up a session with regard to the traffic volume sub-key.ONT still continues maintenance work with old quantum key when consulting new quantum key, newly quantum key is to finish in the escape way that old quantum key is set up synchronously.The quantum key of ONT needs periodic the replacing, ONT is when the quantum key replacement cycle arrives, just need the renewal amount sub-key, ONT is to the request of QKD traffic volume sub-key, behind correct amount to obtain sub-key, ONT tells optical line terminal with the quantum key serial number and the Md5 check value that obtain, OLT reads quantum key according to the serial number that receives to QKD, the Md5 value that reads the quantum key that relatively reads behind the quantum key with receive whether consistent, if consistent, ONT respond to confirm that quantum key obtains successfully, represents that current quantum key upgrades to obtain successfully; If inconsistent, OLT is different from the quantum key that ONT obtains in expression, needs again request amount sub-key.
After successfully getting access to quantum key, adopt quantum key that the communication data of transmission is encrypted, and carry out the cipher mode of one-time pad or grouping, ensure being perfectly safe of communication data.
Further, in the process of quantum key transmission, according to the quantum mechanics characteristic, the quantum key transmission course can't be broken, even suffer external attack, attack also is easy to just be found.Therefore it all is impossible having adopted after the quantum key distribution technology any third party to want to intercept and capture quantum key.In the EPON of implementing quantum key distribution, replace traditional key obtain manner, it is that throughput quantum key distribution equipment is transferred to the opposing party by a side that quantum key obtains, and the passage of quantum key distribution device transmission quantum key is optical fiber.Implementing quantum key distribution at EPON is to do some changes on original EPON basis, be included in original EPON system, addition sub-key injection module, this quantum key injection module is responsible for reading key from quantum key distribution equipment, and carry out the cipher mode of one-time pad or grouping, quantum key be can't be stolen by the third party and decode fully, thereby ensure being perfectly safe of data.
Claims (2)
1. an EPON comprises optical line terminal and Optical Network Terminal; Be connected with Optical Distribution Network between described optical line terminal and the Optical Network Terminal; It is characterized in that:
Also comprise for the quantum key distribution equipment to optical line terminal and/or Optical Network Terminal dispensed amount sub-key;
Described optical line terminal is corresponding with a quantum key distribution equipment, quantum key distribution equipment is connected with optical line terminal with Optical Distribution Network respectively by optical fiber, form optical link quantum key fetch channel, optical line terminal by optical link quantum key fetch channel amount to obtain sub-key and by the quantum cryptography obtained to being encrypted at the communication data that EPON transmits and deciphering;
Each Optical Network Terminal is corresponding with a quantum key distribution equipment respectively, each quantum key distribution equipment is connected with Optical Network Terminal with Optical Distribution Network by optical fiber respectively, form optical-fiber network quantum key fetch channel, Optical Network Terminal by optical-fiber network quantum key fetch channel amount to obtain sub-key and by the quantum cryptography obtained to being encrypted at the communication data that EPON transmits and deciphering.
2. EPON according to claim 1 is characterized in that: described optical fiber is connected with Optical Distribution Network by network interface, USB interface or Serial interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201220666777 CN203251308U (en) | 2012-12-07 | 2012-12-07 | Passive optical network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201220666777 CN203251308U (en) | 2012-12-07 | 2012-12-07 | Passive optical network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN203251308U true CN203251308U (en) | 2013-10-23 |
Family
ID=49377720
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201220666777 Expired - Lifetime CN203251308U (en) | 2012-12-07 | 2012-12-07 | Passive optical network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN203251308U (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023579A (en) * | 2012-12-07 | 2013-04-03 | 安徽问天量子科技股份有限公司 | Method for conducting quantum secret key distribution on passive optical network and passive optical network |
| CN104980228A (en) * | 2015-06-29 | 2015-10-14 | 工业和信息化部电信研究院 | Optical signal transmission method and device |
| CN106878006A (en) * | 2016-12-31 | 2017-06-20 | 北京邮电大学 | Quantum key channel transmission method and system based on optical time division multiplexing |
| CN107204812A (en) * | 2016-03-18 | 2017-09-26 | 国科量子通信网络有限公司 | Quantum key distribution and the method and device of passive optical access network fusion |
| WO2018086333A1 (en) * | 2016-11-11 | 2018-05-17 | 华为技术有限公司 | Encryption and decryption method and device |
| CN108667526A (en) * | 2018-03-14 | 2018-10-16 | 北京邮电大学 | Multiple services safety transfer method, device and equipment in a kind of optical transfer network |
-
2012
- 2012-12-07 CN CN 201220666777 patent/CN203251308U/en not_active Expired - Lifetime
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023579A (en) * | 2012-12-07 | 2013-04-03 | 安徽问天量子科技股份有限公司 | Method for conducting quantum secret key distribution on passive optical network and passive optical network |
| CN104980228A (en) * | 2015-06-29 | 2015-10-14 | 工业和信息化部电信研究院 | Optical signal transmission method and device |
| CN104980228B (en) * | 2015-06-29 | 2017-08-08 | 工业和信息化部电信研究院 | A kind of optical signal transmission method and device |
| CN107204812A (en) * | 2016-03-18 | 2017-09-26 | 国科量子通信网络有限公司 | Quantum key distribution and the method and device of passive optical access network fusion |
| CN107204812B (en) * | 2016-03-18 | 2019-07-16 | 国科量子通信网络有限公司 | The method and device of quantum key distribution and passive optical access network fusion |
| WO2018086333A1 (en) * | 2016-11-11 | 2018-05-17 | 华为技术有限公司 | Encryption and decryption method and device |
| EP3531614A4 (en) * | 2016-11-11 | 2019-11-13 | Huawei Technologies Co., Ltd. | Encryption and decryption method and device |
| CN106878006A (en) * | 2016-12-31 | 2017-06-20 | 北京邮电大学 | Quantum key channel transmission method and system based on optical time division multiplexing |
| CN106878006B (en) * | 2016-12-31 | 2019-11-05 | 北京邮电大学 | Quantum key channel transmission method and system based on Optical Time Division Multiplexing |
| CN108667526A (en) * | 2018-03-14 | 2018-10-16 | 北京邮电大学 | Multiple services safety transfer method, device and equipment in a kind of optical transfer network |
| CN108667526B (en) * | 2018-03-14 | 2020-06-19 | 北京邮电大学 | Multi-service safe transmission method, device and equipment in optical transport network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103023579A (en) | Method for conducting quantum secret key distribution on passive optical network and passive optical network | |
| CN203251308U (en) | Passive optical network | |
| CA2769226C (en) | Optical network terminal management control interface-based passive optical network security enhancement | |
| CN100596060C (en) | A method, system and device for preventing optical network unit in passive optical network from being counterfeiting | |
| CN201830272U (en) | Network encryption machine based on quantum keys | |
| CN103763099A (en) | Electric power security communication network based on quantum key distribution technology | |
| CN203851153U (en) | Electric power security communication network based on quantum key distribution technology | |
| CN101197663B (en) | Protection method for Gigabit passive optical network encryption service | |
| CN101998193B (en) | The cryptographic key protection method of EPON and system | |
| CN102045601B (en) | Optical network unit (ONU) activating method and system in gigabit passive optical network (GPON) system | |
| EP2439871B1 (en) | Method and device for encrypting multicast service in passive optical network system | |
| CN101247220B (en) | Method for cryptographic key exchange of passive optical network system | |
| CN101778311A (en) | Distribution method of optical network unit marks and optical line terminal | |
| CN101998180B (en) | Method and system for supporting version compatibility between optical line terminal and optical network unit | |
| CN101902664A (en) | Method and system for improving encryption/decryption speed of passive optical network | |
| CN101072094B (en) | Key agreement method and system for PON system | |
| CN102237999B (en) | Message treatment method and message dispensing device | |
| Jun-Suo | A security communication scheme for Real-Time EPON | |
| CN117748480A (en) | Quantum-safe power load management system | |
| Sun et al. | Key Establishment Scheme for Distribution Automation System Using Logical Key Hierarchy Approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP02 | Change in the address of a patent holder |
Address after: 241003 No. 12, Zhanghe Road, hi tech Zone, Anhui, Wuhu Patentee after: ANHUI ASKY QUANTUM TECHNOLOGY Co.,Ltd. Address before: 241002 Anhui science and technology innovation public service center, Wuhu national hi tech Zone, Yijiang Patentee before: ANHUI ASKY QUANTUM TECHNOLOGY Co.,Ltd. |
|
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20131023 |