WO2007124658A1 - Procédé et système de négociation d'algorithme de cryptage dans un système de réseau optique passif - Google Patents

Procédé et système de négociation d'algorithme de cryptage dans un système de réseau optique passif Download PDF

Info

Publication number
WO2007124658A1
WO2007124658A1 PCT/CN2007/000954 CN2007000954W WO2007124658A1 WO 2007124658 A1 WO2007124658 A1 WO 2007124658A1 CN 2007000954 W CN2007000954 W CN 2007000954W WO 2007124658 A1 WO2007124658 A1 WO 2007124658A1
Authority
WO
WIPO (PCT)
Prior art keywords
optical network
algorithm
mode
unit
algorithm mode
Prior art date
Application number
PCT/CN2007/000954
Other languages
English (en)
Chinese (zh)
Inventor
Min Yang
Hai Gao
Wei Wu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007124658A1 publication Critical patent/WO2007124658A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/44Star or tree networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q11/0067Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring

Definitions

  • the present invention relates to the field of optical communication technologies, passive optical network technologies, and more particularly to a method and system for negotiating multiple encryption algorithms in a passive optical network system. Background technique
  • the optical access technology has also been vigorously developed, especially the optical access technology featuring point-to-multipoint transmission--passive optical network (PON)
  • PON point-to-multipoint transmission--passive optical network
  • the PON system is composed of three parts: an OLT (Optical Line Termination), an Optical Distribution Network (ODN), and an Optical Network Unit (ONU)/Optical Network Terminal (ONT, Optical Network Termination ).
  • OLT Optical Line Termination
  • ODN Optical Distribution Network
  • ONU Optical Network Unit
  • ONT Optical Network Termination
  • the OLT provides a Network Side Interface (SNI) for the PON system, connecting one or more ODNs.
  • the passive optical splitting device transmits the downlink data of the OLT to each ONU, and simultaneously transmits the uplink data of the multiple ONUs/ONTs to the OLT.
  • the ONU provides a user-side interface (UNI) for the PON system, and the uplink is connected to the ODN. If the ONU directly provides a user port function, such as an Ethernet user port for PC Internet access, it is called an ONT.
  • UNI user-side interface
  • the ONUs mentioned in this manual include ONU and ONT.
  • the OLT to the ONU is called downlink, and vice versa.
  • the downlink data mode is that the OLT broadcasts to each ONU.
  • the uplink data mode of the ONU is that the OLT allocates the transmission area, and the data is time-division multiplexed and then uploaded to the OLT.
  • PON technology includes Broadband Passive Optical Network (BPON), Gigabit Passive Optical Network (GPON) Etc.
  • GPON is developed on the basis of Broadband Passive Optical Network (BPON). It is the most comprehensive and mature technology in several PONs, with high line rate and perfect maintenance management. advantage.
  • Both BPON and GPON are developed by the International Telecommunications Union (ITU-T).
  • ITU-T International Telecommunications Union
  • BPON only supports the bearer of ATM cells
  • GPON supports bearer ATM cells and also supports GEM encapsulation adapted to IP data. They have similar management modes, such as using the same ONT management and control interface (OMCI) management protocol and the approximate physical layer OAM (PLOAM) message mechanism.
  • OMCI in the BPON and GPON standards are defined in G983.2 and G.984.4, respectively, where G.984.4 is an inheritance and supplement to G983.2.
  • the GPON standard protocol divides the physical medium into GPON physical media Dependent Layer (GPM layer, G-PON Physical Media Dependent Layer) and GPON transmission convergence layer (G-PON Transmission Convergence Layer).
  • the GTC is further divided into a GTC framing sub-layer and a GTC adapter sub-layer.
  • the GTC layer provides two types of service data encapsulation:
  • the ATM encapsulation method encapsulates the service data in an ATM cell, and the cell is 53 bytes in length.
  • the GEM encapsulation mode is variable-length encapsulation and supports changing according to the length of the service data frame. The length of the GEM encapsulation frame.
  • T-CONT Transmission Container
  • identifier of the T-CONT is alloc id.
  • a T-CONT can only be of the ATM or GEM type.
  • a T-CONT channel can be divided into multiple PVC channels identified by VPI and VCI.
  • GEM When GEM is encapsulated, it can be divided into multiple port channels identified by PORT id.
  • Embedded OAM Embedded Operations, Administration and Maintenance
  • the PLOAM mode provides a 13-byte fixed format message, which is inserted in the frame header when needed to implement the physical line OAM function.
  • the OMCI mode has its own message format and is carried on the channel of the specified VPI, VCI or port id. It is suitable for message transmission with low real-time performance, such as configuration messages.
  • OMCI is a master-slave management protocol
  • OLT is the master device
  • ONU is the slave device
  • OLT passes OMCI.
  • the channel controls multiple ONU devices connected under the OLT.
  • the service data and management data are respectively used as the ATM client/GEM client and the OMCI client.
  • the GTC adaptation sublayer provides the ATM, GEM, and OMCI processing interfaces to the upper layer, and encapsulates the data into ATM cells or GEM messages, that is, specifies VPI, ⁇ or 011 ⁇ (1, which determines the id of the T-CONT.
  • the GTC framing sublayer generates a GPON frame header, inserts a PLOAM message into the frame header, puts the ATM cell and the GEM 4 ⁇ text into the payload portion, assembles the GPON frame, and finally transmits it to the optical fiber through the GPM layer at the receiving end. Perform reverse processing.
  • the Embedded OAM function is done directly at the framing sublayer.
  • the ONU Since the downlink data is broadcast, although the ONU will filter out the data that is not its own according to the configured port id, it still faces the risk of data theft. Therefore, the payload part of the GPON frame needs to be encrypted. Encryption of downstream data is necessary. At present, only one encryption algorithm, the Advanced Encryption Standard (AES) algorithm, is specified in the GPON international standard. The AES algorithm is used when all downlink unicast data needs to be encrypted. Each ONU uses a separate key and continually updates the key to ensure the reliability of the encryption.
  • AES Advanced Encryption Standard
  • ONT2-G or O U2-G ME which represent the global information and capabilities of the ONU device (such as device version, whether GEM and ATM are supported).
  • ONT2-G and ONU2-G ME collectively as ONU/T2-G ME.
  • ONT-G or ONU-G ME ONT2-G or ONU2-G ME attached to ONT-G or ONU-G ME.
  • Security Capability indicates the encryption algorithm mode that ONU can support.
  • Security Mode indicates the current algorithm mode selected by OJ. However, because only one encryption algorithm is currently defined in the international standard, no choice is required.
  • This attribute indicates the advanced security mode that the ONU can support.
  • the coding format is defined as follows:
  • This attribute indicates the advanced security mode that the ONU actually uses. Note that the data in all encrypted VP/VC or GEM ports on an ONU must use the same security mode.
  • the encoding format is defined as follows:
  • AES encryption algorithm will be used for unicast traffic
  • the value of this attribute takes 0x01. (readable, writable) (forced implementation: length: l byte)
  • BPO is similar to GPON's data encryption mechanism. Currently, only one advanced encryption algorithm is defined for BPON in international standards.
  • the R&D requirements of PON products can adapt to the application needs of different countries, regions and different network operators. Different countries may use different encryption algorithms, and different network operators may use different encryption algorithms.
  • the prior art scheme only considers a data encryption algorithm mode, and does not provide a multi-algorithm mode negotiation process in the configuration phase where the ONU is connected to the OLT, and lacks compatibility with multiple encryption algorithms. Processing, can not meet the needs of multi-country, multi-regional and multi-network operators to support multiple encryption algorithms for PON equipment. Summary of the invention
  • Embodiments of the present invention provide a method and system for encrypting an encryption algorithm in a passive optical network PON system, so as to implement support for multiple encryption algorithms by the PON device.
  • the embodiment of the invention provides a method for negotiating an encryption algorithm in a passive optical network system, which includes the following steps:
  • the algorithm mode is selected according to an algorithm mode allowed by the preset policy
  • the selected algorithm mode is set and used on an optical network unit or an optical network terminal.
  • An embodiment of the present invention further provides an encryption algorithm negotiation system in a passive optical network, including: an acquiring unit, configured to acquire an algorithm mode supported by an optical network unit or an optical network terminal; and a selecting unit, selected according to an algorithm mode allowed by a predetermined policy Algorithm mode
  • a setting unit configured to be set and used on the optical network unit or the optical network terminal according to the algorithm mode selected by the selecting unit.
  • the algorithm mode supported by the ONU is first acquired, and then the algorithm mode selected according to the preset policy is set to the ONU, thereby implementing algorithm negotiation supporting multiple encryption algorithm modes. process.
  • the invention improves the compatibility of products by improving existing protocols and realizing the application requirements of multiple encryption algorithms.
  • FIG. 1 is a connection diagram of a prior art PON system
  • FIG. 3 is a flowchart of a method for negotiating an encryption algorithm according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of a method for negotiating an encryption algorithm according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a method for negotiating an encryption algorithm according to another embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of an encryption algorithm negotiation system provided in an embodiment of the present invention.
  • an encryption algorithm negotiation method in a PON system is provided, which is applied to a configuration phase after the ONU is connected to the OLT.
  • FIG. 3 is a flowchart of a method for negotiating an encryption algorithm in an embodiment of the present invention.
  • the method process includes the following steps:
  • the optical line terminal acquires an algorithm mode supported by the optical network unit.
  • the optical line terminal sets the optical network unit to use the selected algorithm mode.
  • the boot process is divided into the link layer registration phase and the OMCI Set the two parts of the stage.
  • the device uses the PLOAM message to complete the link establishment, including configuring the optical path physical layer to make it properly connected, and the ONU registration process to the OLT.
  • the main part of the registration process is that the ONU reports its own serial number (the serial number, the global unique number of the ONU device) to the OLT.
  • the OLT assigns the ONU id to the ONU.
  • the ONU id is unique among all ONUs connected by an optical interface of the OLT.
  • the OLT uses the PLOAM message to create the first T-CONT on the OJ, and establishes a port or pvc channel in the T-CONT for OMCI message interaction, and then enters the OMCI configuration phase, which is completed by the OMCI channel. Subsequent startup operations such as service channel establishment and configuration data delivery. After the entire startup process is completed, the PLOAM message also needs to handle the maintenance of the link between the OLT and the ONU, and handle other underlying related information and command interactions, such as alarm notification of link failure indication, channel encryption function activation, and the like.
  • the OMCI protocol abstracts various data of the OLT management O U into a protocol-independent MIB (Management Information Base).
  • the basic information unit of the management information base is a management entity (ME).
  • ME management entity
  • OMCI defines various MEs for the OLT to control the ONUs.
  • the ONUs implement various ME configuration management functions under the control of the OLT.
  • the ME consists of attributes ( Attributes ) that can be read and written by the OLT. Some MEs are created automatically by the ONU, and some MEs are created by the OLT.
  • the technical solution utilizes the attribute definition in the existing ONU/T2-G ME.
  • This method adds a process definition of multi-algorithm mode negotiation in the OMCI configuration phase in which the ONU is connected to the OLT boot process.
  • ONU/TG is the root node of all other MEs.
  • the ONU/TG and ONU/T2-G ME are in the OMCI configuration process. Created before you start.
  • the configuration process of the existing encryption function is used when the encryption algorithm has been selected. Therefore, the new negotiation process of the present invention is before the original encryption process, and the negotiation process belongs to the specific service configuration phase of the OMCI.
  • FIG. 4 it is a schematic diagram of a method for negotiating an encryption algorithm according to an embodiment of the present invention.
  • an OLT obtains a supported encryption algorithm mode by using a Get command.
  • the encryption algorithm negotiation process of this technical solution is as follows: 5401.
  • the OLT uses the Get command to read the value of the security capability attribute in the ONU/T2-G ME on the ONU.
  • the ONU responds to the Get command and reports the encryption algorithm mode supported by itself.
  • the OLT determines the algorithm mode that should be used according to a static or dynamically configured policy.
  • different algorithm modes are allowed according to usage standards of different countries, different regions, or different network operators, and it is determined whether the allowed algorithm mode and the algorithm mode supported by the optical network unit are the same.
  • the algorithm mode if yes, selects the algorithm mode from the same algorithm mode, otherwise, it is treated as a negotiation failure.
  • the above negotiation failure processing may be to select an algorithm mode from the allowed algorithm modes.
  • the above negotiation failure processing may also be an invalid algorithm pattern that does not represent any actual algorithm, the invalid algorithm pattern being represented by a specific form of value.
  • the OLT uses the Set command to set the Security mode attribute of the ONU/T2-G ME on the ONU to the value of the selected algorithm mode.
  • the ONU receiving the request independently generates a key of the AES algorithm, sends it to the OLT, and retains the key locally for decryption;
  • the OLT After receiving the key, the OLT issues a key switching command to the relevant ONU, and starts using the key at a determined time.
  • Steps 1) and 4 after the OLT command is sent, the ONU needs to respond to the confirmation message. Steps 2) to 4) related to key switching are also used for old and new replacement control of the key.
  • the present invention augments the two parameter value definitions while maintaining the meaning of the Security capability and Security mode attributes.
  • security capability uses continuous values to represent the algorithmic modes that the ONU can support. , including combination options that support multiple algorithm modes at the same time, for example:
  • This attribute indicates the advanced security mode that the ONU can support.
  • the coding format is defined as follows:
  • the above continuous values can be: Natural values or integers including 0.
  • security mode can be the same as the security capability. Usually, only the value of a single algorithm mode is needed. When the negotiation fails, a specific form of value can be used to represent the invalid algorithm. For example: Use 255 to indicate invalid algorithm. Examples are as follows:
  • This attribute indicates the advanced security mode that the ONU actually uses. Note that the data in all encrypted VP/VC or GEM ports on an ONU must use the same security mode.
  • the encoding format is defined as follows:
  • FIG. 5 is a schematic diagram of Embodiment 2 of an encryption algorithm negotiation method according to the present invention.
  • an ONU reports an supported encryption algorithm mode by using an AVC (Attribute Value Change) message.
  • AVC Attribute Value Change
  • This embodiment starts from the ONU connected to the OLT, and then to the startup phase OMCI configuration
  • the ONU/T2-G ME is created on the ONU
  • the ONU uses the AVC function to report the value of the security capability attribute, that is, the capability that the ONU actually supports.
  • This method uses the AVC report of the ONU to replace the OLT in the first embodiment. operating.
  • the security capability attribute belongs to ONU/T2-G ME, which is created at the beginning of the OMCI configuration process.
  • the ONU is powered on, and the ONU does not have an MIB.
  • the ONT data ME stores the MIB synchronization status parameter, which is used to check the synchronization status between the MIB on the ONU and the corresponding MIB saved on the OLT.
  • the MIB synchronization status parameter is a sequence number that increases when the ONU MIB changes.
  • the OLT maintains an image of the ONU MIB locally, and checks the value to determine whether the local MIB needs to be updated.
  • the OLT sends the ONTData MIBReset cmd command, and the ONU clears its own MIB after receiving the command, so that only the default ME is left in the MIB on the ONU.
  • the default ME indicates basic hardware and software information of the device, including ONU/TG and ONU. /T2-G, ONT data and other necessary MEs.
  • the ONU responds to the ONTData MIBReset rsp, indicating that the MIB reset is successful.
  • the OLT locally creates an MIB corresponding to the ONU, including ONU/T-G, ONU/T2-G, ONT data, and other necessary MEs.
  • the ME attributes created on the ONU and the OLT are default values, which do not necessarily match the actual situation of the O J.
  • the value of the Security Capability attribute does not correctly represent the actual capability of the ONU. Therefore, in this step, the O U updates the attribute values of the O U/T-G and the ONU/T2-G ME according to the actual device information in the memory, and the refreshed value is automatically reported to the OLT through the AVC message.
  • the OLT obtains the changed attribute value (including the value of the reported Security Capability attribute) from the received AVC message, refreshes the MIB image data on the OLT, and determines an algorithm mode to be used according to a static or dynamically configured policy in advance. .
  • the algorithm mode if yes, selects the algorithm mode from the same algorithm mode, otherwise, it is treated as a negotiation failure.
  • the above negotiation failure processing process may be a direct interruption encryption algorithm configuration process.
  • the OLT uses the Set command to set the attribute of the Security mode in the ONU/T2-G ME on the ONU to the value of the selected algorithm mode.
  • the present invention uses another way to define the values of the Security capability and Security mode attributes.
  • the security capability indicates an algorithm mode supported by the ONU by using the field bit bit. Several bit values are valid at the same time to support several algorithm modes at the same time. Examples are as follows: Security Capability: This attribute indicates the advanced security mode that the ONU can support.
  • the coding format is defined as follows:
  • bitO 1 means support for encryption algorithm A, 0 means no support;
  • Bitl 1 means support for encryption algorithm B, 0 means no support;
  • Bit2 1 means support for encryption algorithm C, 0 means no support;
  • Bit3..bit7 Reserved for future use.
  • the security mode's ear value is defined as the same security capability. When a valid algorithm is selected, only one algorithm mode is valid at the same time, indicating the selected algorithm; when the negotiation fails, a specific form of value can be used to represent the invalid algorithm, for example: using bit7 or simultaneously making multiple algorithm modes valid Indicates an invalid algorithm. Examples are as follows:
  • This attribute indicates the advanced security mode that the ONU actually uses. Note that the data in all encrypted VP/VC or GEM ports on an ONU must use the same security mode.
  • the encoding format is defined as follows:
  • bitO 1 means the encryption algorithm A will be used, otherwise 0;
  • Bitl : 1 means the encryption algorithm B will be used, otherwise 0;
  • Bit2: 1 means the encryption algorithm C will be used, otherwise 0;
  • Bit3..bit6 Reserved for future use.
  • Bit7: 1 means invalid algorithm, otherwise 0.
  • bit bit (readable, writable) (mandatory) (length: 1 byte)
  • the above bit bit can be: a binary count value consisting of several bits.
  • the combination of the algorithm mode and the algorithm mode is defined by using continuous values or bit bits, and the expression capabilities of the two parameters of the security capability and the security mode are expanded, and the security capability and the security mode attribute are available.
  • the length of the field is extended, and other MEs are added or used, thereby making the selection of multiple encryption algorithms flexible.
  • an embodiment of the present invention further provides an encryption algorithm negotiation system in a passive optical network, including:
  • An acquiring unit 601, configured to acquire an algorithm mode supported by the optical network unit
  • the selecting unit 602 selects an algorithm mode according to an algorithm mode allowed by the preset policy; and the setting unit 603 is configured to be used and used on the optical network unit according to the selected algorithm mode.
  • the obtaining unit 601, the selecting unit 602, and the setting unit 603 may be centralized on the optical line terminal, or may be centralizedly implemented on other devices that manage the optical network unit, and may also be distributed and implemented on different devices, such as optical line terminals.
  • the function of the unit 603 is set, and the selection unit is implemented on other devices.
  • the selecting unit determines whether the algorithm mode allowed by the predetermined policy and the algorithm mode supported by the optical network unit or the optical network terminal have the same algorithm mode, and if yes, the selecting unit is from the same algorithm mode The algorithm mode is selected.
  • the setting unit sends a setting command including the selected algorithm mode to the optical network unit or the optical network terminal, and receives the setting result fed back by the optical network unit or the optical network terminal.
  • the preset policies include:

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

Un procédé et système de négociation d'algorithme de cryptage dans un système de réseau optique passif. Le procédé comprend les opérations suivantes: acquisition des modes d'algorithme acceptés par l'unité de réseau optique; sélection du mode d'algorithme en fonction des modes d'algorithme autorisés par la stratégie de pré-paramétrage; paramétrage de l'unité de réseau optique pour utiliser ledit mode d'algorithme sélectionné. La présente invention peut proposer un procédé d'un traitement de négociation d'algorithme pour plusieurs modes d'algorithme de cryptage pendant la configuration du système, met en oeuvre les besoins d'application des différents algorithmes de cryptage existant en même temps en améliorant les protocoles existants, et améliore la compatibilité des produits.
PCT/CN2007/000954 2006-04-27 2007-03-26 Procédé et système de négociation d'algorithme de cryptage dans un système de réseau optique passif WO2007124658A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610078931.9 2006-04-27
CNA2006100789319A CN101064719A (zh) 2006-04-27 2006-04-27 Pon系统中加密算法协商方法

Publications (1)

Publication Number Publication Date
WO2007124658A1 true WO2007124658A1 (fr) 2007-11-08

Family

ID=38655054

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/000954 WO2007124658A1 (fr) 2006-04-27 2007-03-26 Procédé et système de négociation d'algorithme de cryptage dans un système de réseau optique passif

Country Status (2)

Country Link
CN (1) CN101064719A (fr)
WO (1) WO2007124658A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902664A (zh) * 2009-05-26 2010-12-01 中兴通讯股份有限公司 一种提高无源光网络加解密速度的方法和系统
US20110029773A1 (en) * 2009-07-31 2011-02-03 Futurewei Technologies, Inc. Optical Network Terminal Management Control Interface-Based Passive Optical Network Security Enhancement
US11228589B2 (en) 2017-02-01 2022-01-18 Huawei International Pte. Ltd. System and method for efficient and secure communications between devices
CN114143051A (zh) * 2021-11-19 2022-03-04 江苏林洋能源股份有限公司 一种智能电表基于性能调整tls协议选择的方法
CN114302269A (zh) * 2021-12-17 2022-04-08 博为科技有限公司 Onu接入方法、装置、存储介质及电子设备

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101605324B (zh) * 2008-06-13 2011-06-01 华为技术有限公司 算法协商的方法、装置及系统
CN101729358B (zh) * 2008-10-31 2012-04-04 华为技术有限公司 一种信息传递和接收方法、系统和装置
CN101540933B (zh) * 2009-04-30 2012-04-25 殷爱菡 可编程动态带宽分配方法及装置
US20100278338A1 (en) * 2009-05-04 2010-11-04 Mediatek Singapore Pte. Ltd. Coding device and method with reconfigurable and scalable encryption/decryption modules
CN102291246A (zh) * 2010-06-21 2011-12-21 中兴通讯股份有限公司 一种onu管理维护方式的选择方法和系统
CN102664887A (zh) * 2012-04-19 2012-09-12 江汉大学 输入信息保护方法、装置和系统
CN103516515B (zh) * 2012-06-28 2018-03-02 中兴通讯股份有限公司 Gpon系统中加解密无缝切换的实现方法、olt和onu
CN103384171B (zh) * 2013-05-30 2016-08-31 上海斐讯数据通信技术有限公司 Olt设备及其下发onu配置的方法
CN107302428B (zh) * 2017-05-26 2020-06-30 北京中电普华信息技术有限公司 一种配电网中数据传送业务的密码算法的协商方法
CN107508707B (zh) * 2017-08-25 2020-03-03 中国联合网络通信集团有限公司 一种注册认证方法、装置及网络系统
CN111356038B (zh) * 2018-12-24 2023-08-08 深圳市中兴微电子技术有限公司 一种pon中实现通道自适应的方法及相关设备
CN114125600A (zh) * 2021-12-14 2022-03-01 王建军 一种基于时隙分组的单纤多网安全接入设备及方法
CN117579182B (zh) * 2024-01-17 2024-05-03 中兴通讯股份有限公司 无源光网络系统的业务加密方法、电子设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1426185A (zh) * 2001-12-13 2003-06-25 华为技术有限公司 一种自主选择加密算法实现保密通信的方法
JP2004032502A (ja) * 2002-06-27 2004-01-29 Hitachi Communication Technologies Ltd 暗号化通信装置
CN1503504A (zh) * 2002-10-31 2004-06-09 ���µ�����ҵ��ʽ���� 通信装置、通信系统和算法选择方法
US20050198490A1 (en) * 2004-03-02 2005-09-08 Microsoft Corporation Dynamic negotiation of encryption protocols

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1426185A (zh) * 2001-12-13 2003-06-25 华为技术有限公司 一种自主选择加密算法实现保密通信的方法
JP2004032502A (ja) * 2002-06-27 2004-01-29 Hitachi Communication Technologies Ltd 暗号化通信装置
CN1503504A (zh) * 2002-10-31 2004-06-09 ���µ�����ҵ��ʽ���� 通信装置、通信系统和算法选择方法
US20050198490A1 (en) * 2004-03-02 2005-09-08 Microsoft Corporation Dynamic negotiation of encryption protocols

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902664A (zh) * 2009-05-26 2010-12-01 中兴通讯股份有限公司 一种提高无源光网络加解密速度的方法和系统
US8850197B2 (en) 2009-07-31 2014-09-30 Futurewei Technologies, Inc. Optical network terminal management control interface-based passive optical network security enhancement
US20120128155A1 (en) * 2009-07-31 2012-05-24 Futurewei Technologies, Inc. Method and apparatus for providing security in a passive optical network
US8442229B2 (en) * 2009-07-31 2013-05-14 Futurewei Technologies, Inc. Method and apparatus for providing security in a passive optical network
RU2507691C2 (ru) * 2009-07-31 2014-02-20 Хуавэй Текнолоджиз Ко., Лтд. Улучшение безопасности пассивной оптической сети, основанной на интерфейсе административного управления терминалом оптической сети
KR101370272B1 (ko) 2009-07-31 2014-03-25 후아웨이 테크놀러지 컴퍼니 리미티드 광 네트워크 단말 관리 제어 인터페이스에 기초한 수동 광 네트워크 보안성 강화
US20110029773A1 (en) * 2009-07-31 2011-02-03 Futurewei Technologies, Inc. Optical Network Terminal Management Control Interface-Based Passive Optical Network Security Enhancement
US9032209B2 (en) 2009-07-31 2015-05-12 Futurewei Technologies, Inc. Optical network terminal management control interface-based passive optical network security enhancement
EP3125465B1 (fr) * 2009-07-31 2021-09-01 Huawei Technologies Co., Ltd. Amélioration de la sécurité de réseau optique passif basée sur une interface de commande de gestion du terminal de réseau optique
US11228589B2 (en) 2017-02-01 2022-01-18 Huawei International Pte. Ltd. System and method for efficient and secure communications between devices
CN114143051A (zh) * 2021-11-19 2022-03-04 江苏林洋能源股份有限公司 一种智能电表基于性能调整tls协议选择的方法
CN114143051B (zh) * 2021-11-19 2024-02-23 江苏林洋能源股份有限公司 一种智能电表基于性能调整tls协议选择的方法
CN114302269A (zh) * 2021-12-17 2022-04-08 博为科技有限公司 Onu接入方法、装置、存储介质及电子设备
CN114302269B (zh) * 2021-12-17 2024-04-09 博为科技有限公司 Onu接入方法、装置、存储介质及电子设备

Also Published As

Publication number Publication date
CN101064719A (zh) 2007-10-31

Similar Documents

Publication Publication Date Title
WO2007124658A1 (fr) Procédé et système de négociation d'algorithme de cryptage dans un système de réseau optique passif
KR100594028B1 (ko) Gpon에서의 ont 관리 제어 정보 전송을 위한gtc 프레임 구조와 그 전송 방법
JP4398317B2 (ja) ギガビット受動型光加入者網のgemモードにおけるマルチキャスト転送方法及びそのフレーム処理方法
KR100724875B1 (ko) 이더넷 수동 광가입자망 시스템
EP2348691B1 (fr) Procédé de transmission de service et appareil de transmission de service
WO2011035602A1 (fr) Procédé et système de mise en oeuvre de flux d'enregistrement d'un réseau optique passif de l'ordre du gigabit
WO2009121275A1 (fr) Procédé, équipement et système de traitement de transmission pour réseau optique
WO2009052757A1 (fr) Procédé, système et dispositif pour une configuration de terminal de réseau optique
CN105991318B (zh) 一种配置数据分发方法及装置
WO2007076671A1 (fr) Procédé de régulation du flux multidiffusion, dispositif et système d'un réseau optique passif
US9948457B2 (en) Extending data over cable service interface specification (DOCSIS) provisioning of ethernet passive optical network (EPON) (DPoE) to EPON over coax (EPoC) multicast key management
WO2009039791A1 (fr) Système de communication à diffusion de groupe de réseau optique passif, procédé de gestion de diffusion de groupe et dispositif correspondant
KR20040062336A (ko) 이더넷 수동형광가입자망에서 루프백 절차 제어 방법
AU2012381695A1 (en) Optical network terminal management control interface message transmission method and system, and corresponding device
CN105610590B (zh) 一种组播报文传输方法和装置
WO2016188184A1 (fr) Procédé et dispositif de transmission de données
US20190319709A1 (en) Method for managing optical network unit onu, apparatus, and system
JP4685659B2 (ja) 局側装置、加入者側装置およびponシステム
WO2009155832A1 (fr) Système d'accès optique point à multipoint et ses procédé et dispositif de transmission de données
EP2091187B1 (fr) Procédé, dispositif et système de contrôle d'accès multidiffusion dans un réseau optique passif
WO2011020376A1 (fr) Procédé de traitement dans un réseau optique passif, système et élément de réseau pour réseau optique passif
JP2002101132A (ja) Atm−ponにおいて粒度を改良するマルチテーブルベースグラント発生器
WO2011160382A1 (fr) Procédé et système de sélection de mode de gestion et de maintenance d'unité de réseau optique
WO2008141506A1 (fr) Procédé de protection de supports hétérogènes destinés à un réseau optique passif
WO2010054587A1 (fr) Procédé, dispositif et système de gestion d’une branche de réseau optique passif gigabits (gpon) dans un réseau de transfert multi-service

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720528

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720528

Country of ref document: EP

Kind code of ref document: A1