CN101064599A - Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit - Google Patents
Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit Download PDFInfo
- Publication number
- CN101064599A CN101064599A CN 200610075732 CN200610075732A CN101064599A CN 101064599 A CN101064599 A CN 101064599A CN 200610075732 CN200610075732 CN 200610075732 CN 200610075732 A CN200610075732 A CN 200610075732A CN 101064599 A CN101064599 A CN 101064599A
- Authority
- CN
- China
- Prior art keywords
- random number
- onu
- olt
- enciphered data
- optical network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention provides a method and system, key negotiatory method, system and optical line terminal and optical network unit for authentication of optical network unit, said authentication method for optical network unit includes: sending the message of require authentication, OLE and ONU generates the encrypted data according to the share seed key and random number separately; and comparing the generated encrypted data consistent or not, if yes, then pass the authentication, if else then the authentication fail. Said key negotiatory method includes: OLT and ONU send requirement to refresh the information of encrypted key, OLE and ONU generates the encrypted data according to the share seed key and random number separately, said encrypted data is the encrypted key, OLT or ONU sends the requirement to start the information of encrypted key, and finish the key negotiation. The invention also provides the system for authentication of optical network unit and the system for key negotiation, and rebuilds the optical line terminal and optical network unit in said two systems.
Description
Technical field
The present invention relates to the Access Network field, relate in particular in the EPON the method and system of optical network unit authentication, method and system and the optical line terminal and the optical network unit of key agreement.
Background technology
At present the Access Network field is after Digital Subscriber Line fully develops, and light inserts especially that EPON (PON) also is surging forward.PON has some the feature to multiple spot, inserts with point-to-point light and compares, and the PON local side utilizes an optical fiber, can be divided into tens of in addition more multi-channel optical fibre insert the user, greatly reduce the networking cost.
The PON system generally is made up of optical line terminal (OLT), optical distributed network (ODN) and optical network unit (ONU) as shown in Figure 1.OLT inserts one or more ODN for the PON system provides the network side interface, descendingly links to each other with ONU by ODN.ODN is the passive optical splitters part, inserts one or more ONU, is used for the data that OLT is descending and is transferred to each ONU along separate routes, and the upstream data with ONU is aggregated into OLT simultaneously.ONU provides user side interface for the PON system.
In the PON system, data from OLT send to ONU be called descending, otherwise be called up.Downlink data is because the characteristic of light is broadcast on each ONU, and the upstream data of each ONU sends by OLT and distributes between the sending area time division multiplexing.
In ONU activation, OLT usually needs ONU is carried out device authentication.Prior art to the main flow process that ONU authenticates is: when OLT authenticates certain ONU at needs, send the request code message by down link to it; ONU receives the request code message, and the password of sharing with OLT of this locality configuration is sent password by up link to OLT; OLT judges whether the password of receiving is identical with the ONU password that self stores correspondence, if then authentication is passed through, otherwise not by authentication.
In addition, in the PON system, because the downlink information of OLT is that broadcast transmission arrives ONU, all ONU can receive that OLT sends to the information of other ONU in the network.For this reason, prior art has adopted the scheme of using key that the downlink information that sends is encrypted.Specifically realize by the following method: OLT upgrades key message to the request of ONU broadcast transmission, after ONU receives this message, generate and preserve new key, and this key sent to OLT, OLT receives back preservation key, enable time of new key with ONU agreement, in agreement constantly, downlink information is enabled new key.
Above-mentioned prior art defective to the ONU Authentication and Key Agreement is: ONU directly sends password and key to OLT by network, and password and key key are leaked easily, causes the fail safe of Authentication and Key Agreement process relatively poor.
Summary of the invention
The invention provides the method and system of optical network unit authentication, method and system and the optical line terminal and the optical network unit of key agreement, to reach the purpose that safely ONU is authenticated and carry out key agreement between ONU and OLT safely.
For solving the problems of the technologies described above, the invention provides following technical scheme:
A kind of method to the optical network unit authentication, this method comprises:
A, send request authentication message to optical network unit ONU, optical line terminal OLT generates an enciphered data according to sharing seed key and random number, and ONU generates an enciphered data according to sharing seed key and random number;
Whether two enciphered datas of B, relatively generation are consistent, if then by authentication, otherwise authentification failure.
Wherein, generating enciphered data in the steps A comprises before:
OLT generates and preserves random number;
OLT sends random number to ONU, and ONU obtains random number.
Wherein, generating enciphered data in the steps A comprises before:
ONU generates and preserves random number;
ONU sends random number to OLT, and OLT obtains random number.
Wherein, generating enciphered data in the steps A specifically comprises: utilize cryptographic algorithm or hash algorithm to generate enciphered data.
Wherein, specifically comprise at step B:
B1, ONU send the response message that has enciphered data to OLT;
B2, OLT judge whether the enciphered data that receives is consistent with the enciphered data that OLT generates, if then by authentication, otherwise authentification failure.
Wherein, step B1 is described is sent as: response message is divided into transmission more than at least two.
Wherein, described transmission response message is: response message sends more than at least twice.
A kind of system to the optical network unit authentication, this system comprises:
Optical line terminal OLT is used to obtain random number, generates enciphered data according to shared seed key and random number, is used to also to judge that whether enciphered data that enciphered data that optical network unit ONU generates and OLT generate one show and realize authenticating;
Optical network unit ONU is used to obtain random number, generates enciphered data according to shared seed key and random number, also is used for sending the enciphered data that generates to OLT;
The random number generation unit is used to generate random number, also is used to send random number.
Wherein, described random number generation unit is embedded in OLT or ONU.
A kind of method of key agreement, described method comprises:
X, optical line terminal OLT or optical network unit ONU send request and upgrade encryption key message, and OLT and ONU generate enciphered data according to sharing seed key and random number respectively, and described enciphered data is as encryption key;
Y, OLT or ONU send request cnable encryption key message, finish key agreement.
Wherein, generating enciphered data among the step X comprises before:
OLT generates and preserves random number;
OLT sends random number to ONU, and ONU obtains random number.
Wherein, generating enciphered data among the step X comprises before:
ONU generates and preserves random number;
ONU sends random number to OLT, and OLT obtains random number.
Wherein, generating enciphered data among the step X specifically comprises: utilize cryptographic algorithm or hash algorithm to generate enciphered data.
A kind of system of key agreement, described system comprises:
Optical line terminal OLT is used to receive the random number that the random number unit generates; Also be used for according to generating enciphered data, as encryption key with optical network unit ONU seed key of sharing and the random number of receiving;
ONU is used to receive the random number that the random number unit generates; Also be used for generating enciphered data, as encryption key according to sharing seed key and random number;
The random number generation unit is used to generate random number, also is used to send random number;
Message sending unit is used for sending request and upgrades encryption key message and request cnable encryption key message.
Wherein, described random number generation unit or message sending unit are embedded in OLT or ONU.
A kind of optical line terminal, this optical line terminal further comprises: computing unit, be used to obtain random number, also be used for generating enciphered data according to sharing seed key and random number.
Wherein, this optical line terminal also comprises: the random number generation unit, be used to generate random number, and also be used to send random number.
Wherein, this optical line terminal also comprises: comparing unit or message sending unit; Comparing unit is used to receive enciphered data, and by judging that whether two enciphered datas one show and realize authentication; Message sending unit is used for sending request and upgrades encryption key message and request cnable encryption key message.
A kind of optical network unit, this optical network unit further comprises:
Computing unit is used to obtain random number, also is used for generating enciphered data according to sharing seed key and random number.
Wherein, this optical network unit also comprises: the random number generation unit, be used to generate random number, and also be used to send random number.
Wherein, this optical network unit also comprises: data transmission unit or message sending unit; Data transmission unit is used to send the enciphered data that computing unit generates; Message sending unit is used for sending request and upgrades encryption key message and request cnable encryption key message.
As can be seen from the above technical solutions, the present invention has the following advantages:
1, in the method that ONU is authenticated of the present invention, OLT or ONU generate random number, preserve and send random number; After generating enciphered data, concentrate OLT to go up relatively two enciphered datas.From whole authentication process, password is not carried out plaintext transmission between OLT and the ONU, but the enciphered data by transmitting random number and generating with random number, thereby the fail safe that has improved verification process greatly.
2, key agreement of the present invention is to generate enciphered data local according to sharing seed key and random number by OLT and ONU, as encryption key, because sharing seed key is pre-configured among OLT and the ONU, thereby only need transmit random number in the overall negotiation process, even the listener-in has obtained random number, can't not obtain encryption key because know to share seed key yet, directly transmit clear text key with prior art by network and compare, improved the fail safe of cipher key agreement process greatly.
3, the present invention compares with prior art, and what more pay close attention to transmission is random number or enciphered data, rather than clear-text passwords, and is smaller to basic flow process change, helps the promotion and application of safety certification scheme and key agreement scheme.
4, because to generate the algorithm of enciphered data or key can be that any cryptographic algorithm or other have complicated algorithm, in actual applications, can suitable algorithm be set as the case may be, improve compatibility.
5, in the present invention, the random number of transmission or response message are to adopt the mode that repeatedly sends behind the burst to carry out, and data fragmentation is sent can effectively improve safety of data transmission, and adopt repeatedly send mode can improve reliability of data transmission.
Description of drawings
Fig. 1 is the PON system construction drawing.
Fig. 2 realizes the main flow chart of information security transmission for the present invention.
Fig. 3 is embodiment one flow chart of the present invention to the optical network unit authentication method.
Fig. 4 is embodiment two flow charts of the present invention to the optical network unit authentication method.
Fig. 5 is embodiment one structure chart of the present invention to the optical network unit Verification System.
Fig. 6 is embodiment two structure charts of the present invention to the optical network unit Verification System.
Fig. 7 is embodiment one flow chart of cryptographic key negotiation method of the present invention.
Fig. 8 is embodiment two flow charts of cryptographic key negotiation method of the present invention.
Fig. 9 is the structure chart of key agreement of the present invention system.
Embodiment
The present invention is directed to and adopt the clear-text passwords transmission in EPON (PON) system, the problem that causes password to leak easily, the basic fundamental that has proposed to address this problem is conceived, see also Fig. 2, the main flow process of the technology of the present invention design is: generate random number, for optical line terminal (OLT) distributes an identical random number with optical network unit (ONU), OLT and ONU generate enciphered data according to sharing seed key and random number respectively, have avoided transmitting in network clear-text passwords.According to this design, realize safely the authentication of ONU and carry out key agreement safely.
The present invention realizes that the basic ideas that safely optical network unit authenticated are: generate random number also for OLT distributes identical random number with ONU, OLT is to ONU transmission request authentication message; OLT and ONU generate enciphered data according to sharing seed key and random number respectively; OLT judges whether two enciphered datas that generate equate, if then by authentication, otherwise authentification failure.
See also Fig. 3, the present invention may further comprise the steps the embodiment one of optical network unit authentication method:
Wherein, shared seed key is when the ONU connecting system and OLT sets in advance, and different shared seed keys are corresponding to different ONU.
Wherein, the algorithm that generates enciphered data can be that any cryptographic algorithm or other have the algorithm of complexity, such as hash algorithm.The advantage of hash algorithm is to have diversity and irreversibility, is not easy to be separated brokenly the requirement that the field of encryption data of can coincideing well generate.
Wherein, when ONU sends response message to OLT, response message is divided into three, every message sends three times, to guarantee to send the reliability of message.Response message can certainly be divided into more than two or three, response message can also be sent more than twice or three times.
In embodiment one, random number generates on OLT, and random number can also generate on ONU.See also Fig. 4, embodiment two may further comprise the steps:
Wherein, shared seed key is when the ONU connecting system and OLT sets in advance, and different shared seed keys are stored in OLT corresponding to different ONU.
Wherein, the algorithm that generates enciphered data can be that any cryptographic algorithm or other have the algorithm of complexity, such as hash algorithm.Hash algorithm has the advantage of diversity and irreversibility, is not easy to be separated brokenly, and data generate in the field of encryption requirement has well coincide.
The PON system generally is made up of OLT, light distributed network (ODN) and ONU.
OLT inserts one or more ODN for the PON system provides the network side interface, links to each other with ONU by ODN again.
ODN is the passive optical splitters part, is mainly used in to connect OLT and ONU.ODN inserts one or more ONU, is used for the data that OLT is descending and is transferred to each ONU along separate routes, and the upstream data with ONU is aggregated into OLT simultaneously.
ONU provides user side interface for the PON system, uply is connected with OLT by OND.When ONU directly provides user port, be called Optical Network Terminal.
In the system to optical network unit authentication provided by the invention, OLT links to each other with ONU by ODN, corresponding to the embodiment one of method, when the random number generation unit is on OLT, sees also Fig. 5, and the embodiment one of ONU Verification System is comprised:
OLT is used to generate random number, and random number is preserved, and sends random number to ONU, guarantees that the random number that ONU is used to generate enciphered data is the same; When needs authenticate ONU, send authentication challenge (challenge) to ONU; Also be used for generating enciphered data according to sharing seed key and random number; Also be used to judge when the enciphered data of receiving from ONU is consistent with the enciphered data that self generates, by authentication.
In OLT, the process that generates and send random number is carried out on the random number generation unit; The process that generates enciphered data is carried out on computing unit; The process of judging is carried out on comparing unit.
ONU is used to receive the random number that OLT sends over; Be used for generating enciphered data according to sharing seed key and random number; The enciphered data that also is used for generating sends to OLT, to carry out authentication.
In ONU, the process of random number and generation enciphered data of obtaining is carried out on computing unit.The process that sends enciphered data is carried out on data transmission unit.
Because OLT is the same with the used algorithm of ONU, and the random number of shared seed key and input also is identical, and the enciphered data of Sheng Chenging also should be identical so.According to such principle, if relatively draw two enciphered data unanimities, can think that then this ONU identity is legal, should pass through authentication, otherwise authentification failure.
Corresponding to the embodiment two of method, when the random number generation unit is on ONU, see also Fig. 6, the system embodiment two that ONU is authenticated comprises:
OLT is used to receive the random number that ONU sends over; When ONU authenticates, send authentication challenge (challenge) at needs to ONU; Also be used for generating enciphered data according to sharing seed key and random number; Also be used to judge when enciphered data of receiving from ONU and the enciphered data that self generates are consistent, by authenticating.
In OLT, the process of random number and generation enciphered data of obtaining is carried out on computing unit; The process of judging is carried out on comparing unit.
Wherein store corresponding shared seed key on the OLT, on the ONU identical shared seed key is arranged also certainly with each ONU.
ONU is used to generate random number, and random number is preserved, and sends random number to OLT, to guarantee that the random number that ONU is used to generate enciphered data is the same; Be used for generating enciphered data according to sharing seed key and random number; The enciphered data that also is used for generating sends to OLT, to carry out authentication.
In ONU, the process that generates and send random number is carried out on the random number generation unit; The process that generates enciphered data is carried out on computing unit.The process that sends enciphered data is carried out on data transmission unit.
Because OLT is the same with the used algorithm of ONU, and the random number of shared seed key and input also is identical, and the enciphered data of Sheng Chenging also should be identical so.According to such principle, if relatively draw two enciphered data unanimities, can think that then this ONU identity is legal, should pass through authentication, otherwise authentification failure.
The present invention realizes that carrying out the key agreement basic thought safely is: OLT or ONU send request and upgrade encryption key message, OLT and ONU generate enciphered data according to sharing seed key and random number respectively, described enciphered data is as encryption key, OLT or ONU send request cnable encryption key message, finish key agreement.
Below in conjunction with Fig. 7, the embodiment one of cryptographic key negotiation method provided by the invention is described, the specific implementation step is as follows:
After step 703, ONU receive the renewal encryption key requests that OLT sends, produce random number,, utilize predetermined key generating function to generate enciphered data according to this random number and pre-configured shared seed key, as encryption key, this encryption key is put into the shadow register; And this random number sent to OLT.Wherein, can send to OLT by up channel by pre-determined number with behind this random number burst.
Wherein, the algorithm that generates enciphered data can be that any cryptographic algorithm or other have the algorithm of complexity, such as hash algorithm.Hash algorithm has the advantage of diversity and irreversibility, is not easy to be separated brokenly, and data generate in the field of encryption requirement has well coincide.
Wherein, if ONU with burst repeatedly mode send random number, if OLT has arbitrary burst to take defeat when receiving random number at every turn, encryption key message is upgraded in the request that then resends; If request is upgraded the encryption key number of times greater than predetermined request renewal encryption key number of times continuously, declare that then key synchronization loses.
In the above-described embodiments, OLT and ONU have the shared seed key that presets, the key refresh request that ONU response OLT sends, produce random number, and send to OLT by up link, OLT just has identical random number and seed key with ONU like this, and OLT and ONU generate the identical enciphered data as encryption key according to random number and seed key by identical algorithm.
The present invention can also produce random number by OLT, sends to ONU by down channel, generates enciphered data by OLT and ONU according to random number and seed key again, as encryption key.Below in conjunction with Fig. 8, another embodiment of cryptographic key negotiation method is described, the specific implementation step is as follows:
Wherein, the algorithm that generates enciphered data can be that any cryptographic algorithm or other have the algorithm of complexity, such as hash algorithm.Hash algorithm has the advantage of diversity and irreversibility, is not easy to be separated brokenly, and data generate in the field of encryption requirement has well coincide.
Wherein, if OLT with burst repeatedly mode send random number, if ONU has arbitrary burst to take defeat when receiving random number at every turn, encryption key message is upgraded in the request that then resends; If request is upgraded the encryption key number of times greater than predetermined request renewal encryption key number of times continuously, declare that then key synchronization loses.
Certainly, in above-mentioned two embodiment that carry out key agreement, also can send request and upgrade encryption key message by ONU, be specially: ONU produces random number, send the message that encryption key request is upgraded by up channel to OLT, and send the random number that generates.Also can send request cnable encryption key message by ONU, be specially: ONU sends request cnable encryption key message to OLT, and OLT returns response message after receiving this message, and expression has received the message of sending.
With reference to shown in Figure 9, the system that carries out key agreement provided by the invention is made up of OLT, ONU, message sending unit and random number generation unit.
OLT is used to obtain random number; Also be used for utilizing the key generating function to generate enciphered data, as encryption key, so that all ONU can only decipher the information that sends to oneself according to seed key and the random number of obtaining shared with ONU.
ONU is used to obtain random number, also is used for the random number that generates according to the seed key of sharing with OLT and random number generation unit, utilizes the key generating function to generate enciphered data, as encryption key.Encryption key corresponding with it among the encryption key of each ONU and the OLT is identical, therefore can utilize this encryption key to decipher OLT and send to the information of controlling oneself.
Message sending unit is used for sending request and upgrades encryption key message and request cnable encryption key message.Message sending unit can be embedded in OLT or ONU.
The random number generation unit is used to produce random number, and the random number that produces is distributed to OLT and ONU to generate enciphered data, as encryption key.The random number generation unit can be embedded in OLT or ONU.
Particularly, the present invention improves the optical line terminal (OLT) in ONU Verification System and the key agreement system above-mentioned, and after the improvement, OLT comprises:
Computing unit is used to obtain random number.The approach that this unit obtains random number has two kinds: obtain OLT self and generate random number and preserve the random number of getting off then; Perhaps receive ONU and generate the random number that sends over then.Also be used to generate enciphered data.Store in the computing unit and each ONU corresponding algorithm and shared seed key,, generate enciphered data by the input random number.The characteristics of computing unit are: by identical seed key, random number, the enciphered data of utilizing identical algorithms to generate out is identical.
OLT also comprises the random number generation unit, is used to generate random number, also is used to send random number.
In system to ONU authentication, also comprise comparing unit, realize authentication by judging that two enciphered datas are whether consistent.In verification process, OLT self generates an enciphered data, and ONU provides another enciphered data, if two enciphered data unanimities according to principle recited above, think that this ONU is legal ONU, should pass through authentication, otherwise authentification failure.
In carrying out the key agreement system, OLT also comprises message sending unit, is used for sending request and upgrades encryption key message and request cnable encryption key message.
Particularly, the present invention also improves the optical network unit (ONU) in ONU Verification System and the key agreement system above-mentioned, and after the improvement, ONU comprises:
Computing unit is used to obtain random number.The approach that this unit obtains random number has two kinds: obtain ONU self and generate random number and preserve the random number of getting off then; Perhaps receive OLT and generate the random number that sends over then.Also be used to generate enciphered data.Store in the computing unit and each ONU corresponding algorithm and shared seed key,, generate enciphered data by the input random number.The characteristics of computing unit are: by identical seed key, random number, utilize identical algorithms, it is identical generating the enciphered data of coming out.
ONU also comprises the random number generation unit, is used to generate random number, also is used to send random number.
In system to the ONU authentication, also comprise data transmission unit, be used to send the enciphered data that computing unit generates.
In carrying out the key agreement system, OLT also comprises message sending unit, is used for sending request and upgrades encryption key message and request cnable encryption key message.
More than the method and system of the method and system to optical network unit authentication provided by the present invention, key agreement and optical line terminal and optical network unit are described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (21)
1, a kind of method to the optical network unit authentication is characterized in that this method comprises:
A, send request authentication message to optical network unit ONU, optical line terminal OLT generates an enciphered data according to sharing seed key and random number, and ONU generates an enciphered data according to sharing seed key and random number;
Whether two enciphered datas of B, relatively generation are consistent, if then by authentication, otherwise authentification failure.
2, the method to the optical network unit authentication as claimed in claim 1 is characterized in that, generates enciphered data in the steps A and comprises before:
OLT generates and preserves random number;
OLT sends random number to ONU, and ONU obtains random number.
3, the method to the optical network unit authentication as claimed in claim 1 is characterized in that, generates enciphered data in the steps A and comprises before:
ONU generates and preserves random number;
ONU sends random number to OLT, and OLT obtains random number.
4, the method to the optical network unit authentication as claimed in claim 1 is characterized in that, generates enciphered data in the steps A and specifically comprises: utilize cryptographic algorithm or hash algorithm to generate enciphered data.
5, the method to the optical network unit authentication as claimed in claim 1 is characterized in that B specifically comprises in step:
B1, ONU send the response message that has enciphered data to OLT;
B2, OLT judge whether the enciphered data that receives is consistent with the enciphered data that OLT generates, if then by authentication, otherwise authentification failure.
6, the method to the optical network unit authentication as claimed in claim 5 is characterized in that step B1 is described to be sent as: response message is divided into transmission more than at least two.
7, as claim 5 or 6 described methods to the optical network unit authentication, it is characterized in that described transmission response message is: response message sends more than at least twice.
8, a kind of system to the optical network unit authentication is characterized in that this system comprises:
Optical line terminal OLT is used to obtain random number, generates enciphered data according to shared seed key and random number, is used to also to judge that whether enciphered data that enciphered data that optical network unit ONU generates and OLT generate one show and realize authenticating;
Optical network unit ONU is used to obtain random number, generates enciphered data according to shared seed key and random number, also is used for sending the enciphered data that generates to OLT;
The random number generation unit is used to generate random number, also is used to send random number.
9, the system to the optical network unit authentication as claimed in claim 8 is characterized in that described random number generation unit is embedded in OLT or ONU.
10, a kind of method of key agreement is characterized in that, described method comprises:
X, optical line terminal OLT or optical network unit ONU send request and upgrade encryption key message, and OLT and ONU generate enciphered data according to sharing seed key and random number respectively, and described enciphered data is as encryption key;
Y, OLT or ONU send request cnable encryption key message, finish key agreement.
11, the method for key agreement as claimed in claim 10 is characterized in that, generates enciphered data among the step X and comprises before:
OLT generates and preserves random number;
OLT sends random number to ONU, and ONU obtains random number.
12, the method for key agreement as claimed in claim 10 is characterized in that, generates enciphered data among the step X and comprises before:
ONU generates and preserves random number;
ONU sends random number to OLT, and OLT obtains random number.
13, the method for key agreement as claimed in claim 10 is characterized in that, generates enciphered data among the step X and specifically comprises: utilize cryptographic algorithm or hash algorithm to generate enciphered data.
14, a kind of system of key agreement is characterized in that, described system comprises:
Optical line terminal OLT is used to receive the random number that the random number unit generates; Also be used for according to generating enciphered data, as encryption key with optical network unit ONU seed key of sharing and the random number of receiving;
ONU is used to receive the random number that the random number unit generates; Also be used for generating enciphered data, as encryption key according to sharing seed key and random number;
The random number generation unit is used to generate random number, also is used to send random number;
Message sending unit is used for sending request and upgrades encryption key message and request cnable encryption key message.
15, the system of key agreement as claimed in claim 14 is characterized in that, described random number generation unit or message sending unit are embedded in OLT or ONU.
16, a kind of optical line terminal is characterized in that, this optical line terminal further comprises: computing unit, be used to obtain random number, and also be used for generating enciphered data according to sharing seed key and random number.
17, optical line terminal as claimed in claim 16 is characterized in that, this optical line terminal also comprises: the random number generation unit, be used to generate random number, and also be used to send random number.
18, as claim 16 or 17 described optical line terminals, it is characterized in that this optical line terminal also comprises: comparing unit or message sending unit; Comparing unit is used to receive enciphered data, and by judging that whether two enciphered datas one show and realize authentication; Message sending unit is used for sending request and upgrades encryption key message and request cnable encryption key message.
19, a kind of optical network unit is characterized in that, this optical network unit further comprises:
Computing unit is used to obtain random number, also is used for generating enciphered data according to sharing seed key and random number.
20, optical network unit as claimed in claim 19 is characterized in that, this optical network unit also comprises: the random number generation unit, be used to generate random number, and also be used to send random number.
21, as claim 19 or 20 described optical network units, it is characterized in that this optical network unit also comprises: data transmission unit or message sending unit; Data transmission unit is used to send the enciphered data that computing unit generates; Message sending unit is used for sending request and upgrades encryption key message and request cnable encryption key message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610075732 CN101064599A (en) | 2006-04-26 | 2006-04-26 | Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610075732 CN101064599A (en) | 2006-04-26 | 2006-04-26 | Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101064599A true CN101064599A (en) | 2007-10-31 |
Family
ID=38965349
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610075732 Pending CN101064599A (en) | 2006-04-26 | 2006-04-26 | Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101064599A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102223309A (en) * | 2011-07-07 | 2011-10-19 | 谢海春 | Safe communication system and implementation method based on message load segmentation, encryption and reorder |
| CN102239654A (en) * | 2009-08-14 | 2011-11-09 | 华为技术有限公司 | Authentication method and apparatus for passive optical network device |
| CN102571350A (en) * | 2011-12-30 | 2012-07-11 | 中兴通讯股份有限公司 | Authentication method and device for optical network unit |
| CN103595533A (en) * | 2013-10-23 | 2014-02-19 | 港蓉国信科技(北京)有限责任公司 | Fingerprint signature device, manufacturing method of fingerprint signature device and fingerprint signature processing method |
| CN103873962A (en) * | 2014-04-09 | 2014-06-18 | 上海斐讯数据通信技术有限公司 | ONU authentication method and system based on single task management |
| WO2016023155A1 (en) * | 2014-08-11 | 2016-02-18 | 华为技术有限公司 | Encryption key authentication method, optical line terminal and coax media converter |
| CN106992986A (en) * | 2010-02-25 | 2017-07-28 | 中兴通讯股份有限公司 | A kind of method and system of hybrid authentication |
| CN107979461A (en) * | 2017-10-27 | 2018-05-01 | 财付通支付科技有限公司 | Secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium |
| CN108184176A (en) * | 2017-12-30 | 2018-06-19 | 武汉长光科技有限公司 | A kind of method for preventing illegal optical module access OLT |
| CN109688135A (en) * | 2018-12-27 | 2019-04-26 | 东软集团股份有限公司 | Data transmission method, Vehicle Controller and the readable storage medium storing program for executing of Vehicle Controller |
| CN110708311A (en) * | 2019-09-30 | 2020-01-17 | 上海移为通信技术股份有限公司 | Download permission authorization method and device and server |
| CN113993013A (en) * | 2021-11-19 | 2022-01-28 | 北京邮电大学 | PON identity authentication method based on fiber channel characteristics and neural network |
-
2006
- 2006-04-26 CN CN 200610075732 patent/CN101064599A/en active Pending
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102239654A (en) * | 2009-08-14 | 2011-11-09 | 华为技术有限公司 | Authentication method and apparatus for passive optical network device |
| CN106992986A (en) * | 2010-02-25 | 2017-07-28 | 中兴通讯股份有限公司 | A kind of method and system of hybrid authentication |
| CN102223309A (en) * | 2011-07-07 | 2011-10-19 | 谢海春 | Safe communication system and implementation method based on message load segmentation, encryption and reorder |
| CN102571350A (en) * | 2011-12-30 | 2012-07-11 | 中兴通讯股份有限公司 | Authentication method and device for optical network unit |
| CN102571350B (en) * | 2011-12-30 | 2018-04-10 | 中兴通讯股份有限公司 | Optical network unit authentication method and device |
| CN103595533B (en) * | 2013-10-23 | 2017-04-05 | 港蓉国信科技(北京)有限责任公司 | Fingerprint signature equipment and its manufacture method and fingerprint signature processing method |
| CN103595533A (en) * | 2013-10-23 | 2014-02-19 | 港蓉国信科技(北京)有限责任公司 | Fingerprint signature device, manufacturing method of fingerprint signature device and fingerprint signature processing method |
| CN103873962A (en) * | 2014-04-09 | 2014-06-18 | 上海斐讯数据通信技术有限公司 | ONU authentication method and system based on single task management |
| CN103873962B (en) * | 2014-04-09 | 2018-01-16 | 上海斐讯数据通信技术有限公司 | ONU authentication methods and system based on single task management |
| CN105594153A (en) * | 2014-08-11 | 2016-05-18 | 华为技术有限公司 | Encryption key authentication method, optical line terminal and coax media converter |
| WO2016023155A1 (en) * | 2014-08-11 | 2016-02-18 | 华为技术有限公司 | Encryption key authentication method, optical line terminal and coax media converter |
| CN105594153B (en) * | 2014-08-11 | 2019-10-18 | 华为技术有限公司 | Key authentication method, optical line terminal and coaxial medium converter |
| CN107979461A (en) * | 2017-10-27 | 2018-05-01 | 财付通支付科技有限公司 | Secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium |
| CN108184176A (en) * | 2017-12-30 | 2018-06-19 | 武汉长光科技有限公司 | A kind of method for preventing illegal optical module access OLT |
| CN109688135A (en) * | 2018-12-27 | 2019-04-26 | 东软集团股份有限公司 | Data transmission method, Vehicle Controller and the readable storage medium storing program for executing of Vehicle Controller |
| CN110708311A (en) * | 2019-09-30 | 2020-01-17 | 上海移为通信技术股份有限公司 | Download permission authorization method and device and server |
| CN113993013A (en) * | 2021-11-19 | 2022-01-28 | 北京邮电大学 | PON identity authentication method based on fiber channel characteristics and neural network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101064599A (en) | Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit | |
| CN100350774C (en) | Mobile node, an ad hoc network routing controlling method | |
| CN1929371A (en) | Method for negotiating key share between user and peripheral apparatus | |
| CN100346249C (en) | Method for generating digital certificate and applying the generated digital certificate | |
| CN1315268C (en) | Method for authenticating users | |
| CN1668005A (en) | An access authentication method suitable for wired and wireless network | |
| US8811609B2 (en) | Information protection system and method | |
| CN101056171A (en) | An encryption communication method and device | |
| CN1758595A (en) | The method of using broadcast cryptography that device is authenticated | |
| CN1897523A (en) | System and method for realizing single-point login | |
| CN1883176A (en) | System and method for provisioning and authenticating via a network | |
| CN101052033A (en) | Certifying and key consulting method and its device based on TTP | |
| CN1794128A (en) | Method and system of adding region and obtaining authority object of mobile terminal | |
| CN101047505A (en) | Method and system for setting safety connection in network application PUSH service | |
| CN1941695A (en) | Method and system for generating and distributing key during initial access network process | |
| CN1547142A (en) | A dynamic identity certification method and system | |
| CN1941701A (en) | Apparatus and method for executing security function using smart card | |
| CN101043328A (en) | Cipher key updating method of universal leading frame | |
| CN1977559A (en) | Method and system for protecting information exchanged during communication between users | |
| CN1658547A (en) | Crytographic keys distribution method | |
| CN1708018A (en) | Method for switching in radio local-area network mobile terminal | |
| CN1801705A (en) | Pre-authentication method | |
| CN101039181A (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN1794682A (en) | Method of establishing safety channel in radio access network | |
| CN1885770A (en) | Authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |